• No results found

NSA Surveillance, National Security and Privacy

N/A
N/A
Protected

Academic year: 2021

Share "NSA Surveillance, National Security and Privacy"

Copied!
52
0
0

Loading.... (view fulltext now)

Full text

(1)

NSA Surveillance,

National Security and Privacy

Ir Roy Ko

Former HKCERT Manager

20 August 2014 HKIE Veneree Club

1

(2)

Agenda

 Background

Edward Snowden

National Security Agency (NSA)

 What NSA has done

PRISM

XKeyScore

Tailored Access Operations

Other Tools & Activities

 US National Cybersecurity Strategy

 State-sponsored Surveillance & Attacks

 What’s Next

2

(3)

Background

3

(4)

Edward Snowden

4

(5)

Edward Snowden

 Worker of Dell – posted to CIA & NSA

 Worker of Booz Allen Hamilton – posted to NSA (in Hawaii)

 System Administrator, Infrastructure Analyst

5

(6)

Timeline

20-May-13 Snowden boraded plane to Hong Kong 5-June-13 The Guardian announced massive leak

6-June-13 The Washington Post disclosed PRISM program 8-June-13 Boundless Informant program & NSA tools

9-June-13 The Guardian published interview video with Snowden

12-June-13 US defended - "Terrorist events prevented"

13-June-13 SCMP published interview with Snowden

17-June-13 Microsoft, Apple, Facebook published number of requests from NSA

21-June-13 Tempora program - direct tap into cable

23-June-13 Snowden flew to Moscow 6

(7)

Timeline

31-July-13 XKeyScore program (email, IP address) 1-August-13 One year temporary renewable Asylum 2-September-13 NSA build malware, man-in-the-middle

attack, break encryption 25-November-13 TAO tools

18-December-13 Letter from Snowden 10-March-14 Snowden's talk

April-14 Glenn's book - No Place to Hide 7-August-14 3 year residency permit of Russia

13-August-14 Interview with WIRED (MonsterMind)

7

(8)

Motive For

Leaking the Documents

 "to inform the public as to that which is done in their name and that which is done against

them."

8

(9)

National Security Agency (NSA)

9

(10)

NSA

 The core missions are to protect U.S. national security systems and to produce foreign signals intelligence information.

global monitoring, collection, decoding,

translation and analysis of information and data for foreign intelligence and counterintelligence purposes.

 Surveillance Activities disclosed:

Tapping into communications

Installing malicious software

Acquiring information from other parties

10

(11)

US Law Governing Surveillance

 Foreign Intelligence Surveillance Act (FISA)

Allow secret surveillance of foreign entities to protect national security (warrantless

surveillance)

A Foreign Intelligence Surveillance Court (FISC) to oversee requests for surveillance warrants

Amended in 2001 according to the Patriot Act – to include terrorist groups not under any foreign government – “lone wolf”

 Executive Order 12333 – target to non-US

citizens only

11

(12)

The Documents

 50,000 to 200,000 documents downloaded (over 1 million documents touched) – July 2013

 In addition to U.S. federal documents, there were documents from the "Five Eyes" network

About 1.7 million U.S. intelligence files

At least 58,000 British intelligence files

At least 15,000 Australian intelligence files

Glenn Greenwald, journalist at The Guardian

Laura Poitras, filmmaker

Barton Gellman, journalist at The Washington Post

12

(13)

Washington Post Analysis of Intercepted Data

13

(14)

What NSA has done

14

(15)

The NSA Programs

 PRISM

 Boundless Informant

 Xkeyscore

 Tailored Access Operations

 Other Tools & Activities

15

(16)

PRISM

 Collects stored Internet communications

requested from Internet companies such as Google.

 Section 702 of the FISA Amendments Act -

companies to turn over any data that match the requirements (search criteria)

16

(17)

PRISM

17

(18)

PRISM

18

(19)

PRISM

19

(20)

PRISM

20

(21)

PRISM

 Metadata

Header, date/time, duration, persons

 Information collected not just non-US citizens

 Information

shared with Five Eyes

passed to other “partners”

21

(22)

Information requested by NSA

 During Second Half of 2012

Microsoft had been requested for approximately 31,000 customers

Facebook received between 9,000 and 10,000 requests covering 19,000 accounts

 From 1 December 2012 to 31 May 2013

Apple received 4,000 to 5,000 requests, covering 9,000 to 10,000 devices

22

(23)

XKEYSCORE

 A computer system used to search and analyze Internet data it collects worldwide every day.

23

(24)

XKeyscore

24

(25)

25

(26)

26

(27)

NSA Data Centre in Utah

 Completed in late 2013

27

(28)

Boundless Informant

 A data analysis and visualization tool used to summarize the data collected

28

One month from March 8, 2013 (telephone calls & email)

(29)

29

(30)

Tailored Access Operations (TAO)

 A cyber-warfare intelligence-gathering unit

 “computer network exploitation”

 NSA ANT catalog

List of technology available to aid in cyber surveillance

49 items disclosed

30

(31)

COTTONMOUTH

 Modified USB and Ethernet connectors that can be used to install Trojan, providing covert

remote access to the target machine.

31

(32)

PICASSO

 Software that can collect mobile phone location date, call metadata, access the phone’s

microphone to eavesdrop on nearby conversations.

32

(33)

RAGEMASTER

 A device that taps the video signal from a

target's computer's VGA signal output so the NSA can see what is on the monitor

33

(34)

NIGHTSTAND

 Portable system that wirelessly installs

Microsoft Windows exploits from a

distance of up to eight miles.

34

(35)

TAO Tools

 Surveillance – passive, data collection

 Intrusive

remote control

change of configuration, system behavior

 remotely install an exploit in one of the core routers at a major Internet service provider in Syria

35

(36)

MonsterMind

 A program that would automate the hunting for the original source of a foreign cyberattack.

 It could automatically fire back, with no human involvement.

 How can it be done?!

This is what the researchers around the world have tried to achieve for years!!

36

(37)

MonsterMind

– potential problems

 Handling of Spoofed attacks

 False positive & auto-fire

 Collateral damage - disabling critical civilian infrastructure

 Massive data storage and analysis

37

(38)

Dishfire

 A massive database that collects hundreds of millions of text messages on a daily basis

 Data received & stored each day:

Geolocation data of more than 76,000 text messages and other travel information

110,000+ names from electronic business cards

800,000+ financial transactions from text-to-text payments or credit cards to phone users

Details of 1.6 million border crossings based on the interception of network roaming alerts

Over 5 million missed call alerts

200 million text messages from around the world

38

(39)

Concerns on Privacy

 Gathering information from Internet providers &

backbone

 Metadata

 Metadata or More?

 Use of the information

Can create “personal vulnerabilities” of an individual

 Legality

 National Security Vs Privacy

39

(40)

Other Agencies conducting surveillance in US

 Department of Defense (DoD)

 Federal Bureau of Investigation (FBI)

 Central Intelligence Agency (CIA)

 Department of Homeland Security (DHS)

40

(41)

US National

Cybersecurity Strategy

41

(42)

Survey Conducted on Surveillance

42

Very

Concerned

Somewhat Concerned

Not too concerned

Not at all concerned

No Opinion

The government’s ability to “tap” into a suspect’s computer and follow their Internet Usage

October 2013 35 29 20 15 1

September 2000 47 26 16 11

Software which allows the government to tap into all Internet email, searching for incriminating evidence of any kind

October 2013 51 26 14 8 1

September 2000 63 23 9 5

(43)

Before 911

 End of Cold War

 Development of Internet, Networked Society

 Morris Worm, Computer Emergency Response Team

 Kevin Mitnick

 Open & Free Environment

43

(44)

Before 911

 1994, 1999 – President National Security Strategy Report

 National Defense Panel, Dec 1997

 Presidential Decision Directive 63 (PDD 63), 1998

44

(45)

Before 911

 Defense Objective – Open Communication

 Information Classification

 Critical Infrastructure Protection

 Security Advisory Council

 National Security Agency

 Department of Defense

45

(46)

After 911

 Strengthen

Preventive Measures

Intelligence Gathering

 National Security Strategy to protect cyberspace

46

(47)

After 911

 Patriot Act – to collect anti-terrorism infomation

 Department of Homeland Security

Computer Emergency Readiness (Response) Team – US-CERT

 From Open to Control Environment

47

(48)

48

Cyber Security Strategy in United States

 Leading from the Top

 Sharing Responsibility for CyberSecurity

private sector & government

international community

 Information Sharing and Incident Response

incident response framework

information sharing & capability improvement

improve cybersecurity for all infrastructure

 Encouraging Innovation

 Action Plans

(49)

State-sponsored Cyber Attacks

 From surveillance to attack

 Outage of Critical Infrastructure

 Disruption of Government/Business

 Examples

Stuxnet Worm & its variants

Internet Outage of Syria

49

(50)

What’s Next

50

(51)

 NSA Reform Bill passed – control over bulk data collection

 More leaked documents

 More leakers – controls in NSA are still weak

 How About Other Countries

 Cyberwar

Cyber Army

51

(52)

52

Thank You

[email protected]

References

Related documents

actual departure rates and implicit cumulative departures under the 1982 window plan, based on 1980 parameter estimates, and 1981 actual rates: dynamic programming model 2

The distinction between low, middle and high unemployment regions additionally shows that national variables tend to increase differences between those types of regions,

Temel kurguyu oluşturan model parametreleri kullanılarak risksiz getiri oranının ideal yatırım zamanlaması üzerine olan etkisi incelendiğinde (Şekil 4); opsiyon

Teachers. Avaliable: http:// www. Building Classroom Discipline. New York: Longman, Cituar nga Reed, D. Disruptive Students in the Classroom: A Review of the Literature.. Nxënësit me

Enable your bond and find long term properties in burnie tasmania, restaurants in burnie is a review is a review of others make your property?. Agreement is committed to find

Questions I aimed to address were (1) what is the relationship between landscape composition, configuration and connectivity and relative bat activity?; (2) do patterns of

Cirque du Soleil&&'he (igh&!ire Act of uilding Sustainable )artnerships. Cirque du Soleil at a Glance. *SC Cruises partners +ith Cirque du Soleil for entertainment at

allegedly tarnishing use is a non-vulgar parody or generally does not relate in any way to sex or the illegal use of drugs, the dilution plaintiff is less likely to