NSA Surveillance,
National Security and Privacy
Ir Roy Ko
Former HKCERT Manager
20 August 2014 HKIE Veneree Club
1
Agenda
Background
Edward Snowden
National Security Agency (NSA)
What NSA has done
PRISM
XKeyScore
Tailored Access Operations
Other Tools & Activities
US National Cybersecurity Strategy
State-sponsored Surveillance & Attacks
What’s Next
2
Background
3
Edward Snowden
4
Edward Snowden
Worker of Dell – posted to CIA & NSA
Worker of Booz Allen Hamilton – posted to NSA (in Hawaii)
System Administrator, Infrastructure Analyst
5
Timeline
20-May-13 Snowden boraded plane to Hong Kong 5-June-13 The Guardian announced massive leak
6-June-13 The Washington Post disclosed PRISM program 8-June-13 Boundless Informant program & NSA tools
9-June-13 The Guardian published interview video with Snowden
12-June-13 US defended - "Terrorist events prevented"
13-June-13 SCMP published interview with Snowden
17-June-13 Microsoft, Apple, Facebook published number of requests from NSA
21-June-13 Tempora program - direct tap into cable
23-June-13 Snowden flew to Moscow 6
Timeline
31-July-13 XKeyScore program (email, IP address) 1-August-13 One year temporary renewable Asylum 2-September-13 NSA build malware, man-in-the-middle
attack, break encryption 25-November-13 TAO tools
18-December-13 Letter from Snowden 10-March-14 Snowden's talk
April-14 Glenn's book - No Place to Hide 7-August-14 3 year residency permit of Russia
13-August-14 Interview with WIRED (MonsterMind)
7
Motive For
Leaking the Documents
"to inform the public as to that which is done in their name and that which is done against
them."
8
National Security Agency (NSA)
9
NSA
The core missions are to protect U.S. national security systems and to produce foreign signals intelligence information.
global monitoring, collection, decoding,
translation and analysis of information and data for foreign intelligence and counterintelligence purposes.
Surveillance Activities disclosed:
Tapping into communications
Installing malicious software
Acquiring information from other parties
10US Law Governing Surveillance
Foreign Intelligence Surveillance Act (FISA)
Allow secret surveillance of foreign entities to protect national security (warrantless
surveillance)
A Foreign Intelligence Surveillance Court (FISC) to oversee requests for surveillance warrants
Amended in 2001 according to the Patriot Act – to include terrorist groups not under any foreign government – “lone wolf”
Executive Order 12333 – target to non-US
citizens only
11The Documents
50,000 to 200,000 documents downloaded (over 1 million documents touched) – July 2013
In addition to U.S. federal documents, there were documents from the "Five Eyes" network
About 1.7 million U.S. intelligence files
At least 58,000 British intelligence files
At least 15,000 Australian intelligence files
Glenn Greenwald, journalist at The Guardian
Laura Poitras, filmmaker
Barton Gellman, journalist at The Washington Post
12
Washington Post Analysis of Intercepted Data
13
What NSA has done
14
The NSA Programs
PRISM
Boundless Informant
Xkeyscore
Tailored Access Operations
Other Tools & Activities
15
PRISM
Collects stored Internet communications
requested from Internet companies such as Google.
Section 702 of the FISA Amendments Act -
companies to turn over any data that match the requirements (search criteria)
16
PRISM
17
PRISM
18
PRISM
19
PRISM
20
PRISM
Metadata
Header, date/time, duration, persons
Information collected not just non-US citizens
Information
shared with Five Eyes
passed to other “partners”
21
Information requested by NSA
During Second Half of 2012
Microsoft had been requested for approximately 31,000 customers
Facebook received between 9,000 and 10,000 requests covering 19,000 accounts
From 1 December 2012 to 31 May 2013
Apple received 4,000 to 5,000 requests, covering 9,000 to 10,000 devices
22
XKEYSCORE
A computer system used to search and analyze Internet data it collects worldwide every day.
23
XKeyscore
24
25
26
NSA Data Centre in Utah
Completed in late 2013
27
Boundless Informant
A data analysis and visualization tool used to summarize the data collected
28
One month from March 8, 2013 (telephone calls & email)
29
Tailored Access Operations (TAO)
A cyber-warfare intelligence-gathering unit
“computer network exploitation”
NSA ANT catalog
List of technology available to aid in cyber surveillance
49 items disclosed
30
COTTONMOUTH
Modified USB and Ethernet connectors that can be used to install Trojan, providing covert
remote access to the target machine.
31
PICASSO
Software that can collect mobile phone location date, call metadata, access the phone’s
microphone to eavesdrop on nearby conversations.
32
RAGEMASTER
A device that taps the video signal from a
target's computer's VGA signal output so the NSA can see what is on the monitor
33
NIGHTSTAND
Portable system that wirelessly installs
Microsoft Windows exploits from a
distance of up to eight miles.
34
TAO Tools
Surveillance – passive, data collection
Intrusive
remote control
change of configuration, system behavior
remotely install an exploit in one of the core routers at a major Internet service provider in Syria
35
MonsterMind
A program that would automate the hunting for the original source of a foreign cyberattack.
It could automatically fire back, with no human involvement.
How can it be done?!
This is what the researchers around the world have tried to achieve for years!!
36
MonsterMind
– potential problems
Handling of Spoofed attacks
False positive & auto-fire
Collateral damage - disabling critical civilian infrastructure
Massive data storage and analysis
37
Dishfire
A massive database that collects hundreds of millions of text messages on a daily basis
Data received & stored each day:
Geolocation data of more than 76,000 text messages and other travel information
110,000+ names from electronic business cards
800,000+ financial transactions from text-to-text payments or credit cards to phone users
Details of 1.6 million border crossings based on the interception of network roaming alerts
Over 5 million missed call alerts
200 million text messages from around the world
38
Concerns on Privacy
Gathering information from Internet providers &
backbone
Metadata
Metadata or More?
Use of the information
Can create “personal vulnerabilities” of an individual
Legality
National Security Vs Privacy
39
Other Agencies conducting surveillance in US
Department of Defense (DoD)
Federal Bureau of Investigation (FBI)
Central Intelligence Agency (CIA)
Department of Homeland Security (DHS)
40
US National
Cybersecurity Strategy
41
Survey Conducted on Surveillance
42
Very
Concerned
Somewhat Concerned
Not too concerned
Not at all concerned
No Opinion
The government’s ability to “tap” into a suspect’s computer and follow their Internet Usage
October 2013 35 29 20 15 1
September 2000 47 26 16 11
Software which allows the government to tap into all Internet email, searching for incriminating evidence of any kind
October 2013 51 26 14 8 1
September 2000 63 23 9 5
Before 911
End of Cold War
Development of Internet, Networked Society
Morris Worm, Computer Emergency Response Team
Kevin Mitnick
Open & Free Environment
43
Before 911
1994, 1999 – President National Security Strategy Report
National Defense Panel, Dec 1997
Presidential Decision Directive 63 (PDD 63), 1998
44
Before 911
Defense Objective – Open Communication
Information Classification
Critical Infrastructure Protection
Security Advisory Council
National Security Agency
Department of Defense
45
After 911
Strengthen
Preventive Measures
Intelligence Gathering
National Security Strategy to protect cyberspace
46
After 911
Patriot Act – to collect anti-terrorism infomation
Department of Homeland Security
Computer Emergency Readiness (Response) Team – US-CERT
From Open to Control Environment
47
48
Cyber Security Strategy in United States
Leading from the Top
Sharing Responsibility for CyberSecurity
private sector & government
international community
Information Sharing and Incident Response
incident response framework
information sharing & capability improvement
improve cybersecurity for all infrastructure
Encouraging Innovation
Action Plans
State-sponsored Cyber Attacks
From surveillance to attack
Outage of Critical Infrastructure
Disruption of Government/Business
Examples
Stuxnet Worm & its variants
Internet Outage of Syria
49
What’s Next
50
NSA Reform Bill passed – control over bulk data collection
More leaked documents
More leakers – controls in NSA are still weak
How About Other Countries
Cyberwar