The CEO of the world's biggest telecommunications equipment maker, which for years has been labeled by U.S. officials as a proxy for Chinese military and intelligence agencies, says he's giving up on America.
In a rare interview on Nov. 25 with French journalists, Ren Zhengfei, the 69-year-old founder and CEO of China-based Huawei, said he would no longer look for business in the United States, in the wake of accusations from lawmakers and government officials that the company is a de facto arm of the Chinese authorities. "If Huawei gets in the middle of U.S-China relations," and causes problems, "it's not worth it," Ren reportedly said, according to a Chinese transcript of the interview. "Therefore, we have decided to exit the U.S. market, and not stay in the middle."
It wasn't immediately clear what Ren meant by "exit" the market, but for the company, the U.S. market could easily be described as hostile. Lawmakers have exhorted U.S. firms to stop doing business with Huawei, and federal regulators have tried to block the spread of the company's equipment in the United States
William Plummer, a Huawei vice president and the company's point person in Washington, told Foreign Policy, "It is true that Huawei has adjusted our priority focus to markets that welcome competition and investment, like Europe," adding that Ren is "making a comment on the current market environment." The company's overseas business is thriving. It has offices in 18 countries and has invested billions of dollars building communications networks in Africa.
The U.S. Navy's widening scandal involving prostitutes, cash bribes and the fat-cat defense contractor who allegedly supplied them for sensitive military information just expanded to colossal proportions. The Navy announced Friday night that it has suspended access to classified information for two senior intelligence officers, effectively relieving them from duty. It's all part of the ongoing investigation into global defense Glenn Defense Marine Asia.
And the Pentagon is warning that more officers are likely to be implicated in this scandal, the Navy's biggest in decades.
Vice Adm. Ted Branch, pictured above, and Rear Adm. Bruce Loveless -- the service's director of naval intelligence and director of intelligence operations, respectively -- have not been charged with any crimes. But the suspension "was deemed prudent given the sensitive nature [of] their current duties and to protect and support the integrity of the investigative process," said Rear Adm. John Kirby, the Navy's top spokesman, in a statement.
The allegations against Admirals Branch and Loveless "involve inappropriate conduct prior to their current assignments and flag officer rank," Kirby said. Intelligence officers need to maintain high standards in their personal lives because they're such tempting targets for blackmail by a hostile spy service. The military frequently pulls personnel from vital intelligence jobs if it believes their credibility could be compromised. Any association with a scandal involving prostitutes and bribery would certainly count as a reputational threat. At the moment, however, "there is no indication, nor do the allegations suggest, that in either case there was any breach of classified information," Kirby added.
The announcement takes a growing scandal and expands it to the most senior levels of the U.S. military. The Navy has not seen a scandal this large since dozens of naval officers were accused of sexually assaulting about 80 women and a handful of men at the Tailhook Association Symposium in Las Vegas in 1991. That incident ultimately ruined or harmed the careers of more than a dozen admirals.
In May, the White House leaked word that it would start shifting drone operations from the shadows of the CIA to the relative sunlight of the Defense Department in an effort to be more transparent about the controversial targeted killing program. But six months later, the so-called migration of those operations has stalled, and it is now unlikely to happen anytime soon, Foreign Policy has learned.
The anonymous series of announcements coincided with remarks President Obama made on counterterrorism policy at National Defense University in which he called for "transparency and debate on this issue." A classified Presidential Policy Guidance on the matter, issued at the same time, caught some in government by surprise, triggering a scramble at the Pentagon and at CIA to achieve a White House objective. The transfer was never expected to happen overnight. But it is now clear the complexity of the issue, the distinct operational and cultural differences between the Pentagon and CIA and the bureaucratic politics of it all has forced officials on all sides to recognize transferring drone operations from the Agency to the Defense Department represents, for now, an unattainable goal.
"The physics of making this happen quickly are remarkably difficult," one U.S. official told FP. "The goal remains the same, but the reality has set in."
Another U.S. official emphasized that the transfer is still continuing. "This is the policy, and we're moving toward that policy, but it will take some time," the official said. "The notion that there has been some sort of policy reversal is just not accurate. I think from the moment the policy was announced it was clear it was not something that would occur overnight or immediately."
The official noted that all involved are mindful not to disrupt the drone program just for the sake of completing the transfer from the CIA to the military. "While we work jointly towards this transition, we also want to ensure that we maintain capabilities."
Officials at the CIA and the Defense Department are loathe to try and fix a program that they don't think is broken, even if it has become a political liability for Obama, who has faced constant pressure from human rights activists, his political base, and a growing chorus of libertarian Republicans to scale back the program and subject it to greater public scrutiny. But the pitfalls of transferring operations reside in more practical concerns. The U.S. official said that while the platforms and the capabilities are common to either the Agency or the Pentagon, there remain distinctly different approaches to "finding, fixing and finishing" terrorist targets. The two organizations also use different approaches to producing the "intelligence feeds" upon which drone operations rely. Perhaps more importantly, after years of conducting drone strikes, the CIA has developed an expertise and a taste for them. The DOD's appetite to take over that mission may not run very deep.
The military operates its own drones, of course, and has launched hundreds of lethal strikes in Iraq and Afghanistan. But the CIA is more "agile," another former official said, and has a longer track record of being able to sending drones into places where U.S. combat forces cannot go.
"The agency can do it much more efficiently and at lower cost than the military can," said one former intelligence official. Another former official with extensive experience in intelligence and military operations said it takes the military longer to deploy drones -- in part because the military uses a larger support staff to operate the aircraft.
U.S. Air Force
Networks of unmanned submarines. Subsonic cruise missiles with intercontinental range. Radios powered by decaying plutonium. Those are just a few of the technologies that the Pentagon's top scientific advisory panel wants to see in troops' hands by 2030.
Most of the technology already exists in some form, largely experimental or conceptual. Networked unmanned submarines is not a new idea - defense companies will happily sell you one of a dozen unmanned underwater vehicles (UUVs), the key is to make them bigger, more advanced, and digitally tie them together instead of sending them off one at a time on short-range missions. Likewise, cruise missiles already exist, but tripling their range would allow a ship in Norfolk harbor to strike targets off Alaska. Plutonium-powered electronics are occasionally used by NASA to power spacecraft on long-distance missions, but nobody's bothered to build them in quantity.
Moving troops faster is another crucial action where technology efforts are already ongoing. The Army is running the Future Vertical Lift program to find replacements for the aging traditional helicopters it uses now. Four contenders have stepped forward using more effective versions of tiltrotors like Bell's V-280 and pusher-propellers like Sikorsky's S-97. A Defense Advanced Research Projects Agency (DARPA) program has begun to search for something brand-new, that can fly more efficiently than an aircraft and hover more efficiently than a helicopter, dramatically increasing range and speed. But even that's not enough for the Defense Science Board. In a recently-released report (.pdf), panelists say that they want to build on those concepts, doubling the range and speed of those still-notional projects.
On Monday, the news broke that the National Security Agency has been actively intercepting French telephone calls and email traffic -- collecting over 70 million French calls in a single month, according to Le Monde.
Turns out this is only the latest surveillance operation in a long, long history of America spying on France. A newly declassified intelligence document reveals that the NSA and its antecedents have been intercepting French communications and breaking French codes and ciphers for more than 70 years.
Monday's Le Monde report may have generated enormous controversy in France, leading the French foreign minister to call in the U.S. ambassador and read him the riot act. But it's hardly a new development. American eavesdroppers began listening on France during World War II. They continued doing so during the Cold War. The NSA even spied on France during the run-up to the 2003 invasion of Iraq.
You might think that Gen. Keith Alexander, the director of the National Security Agency, would be looking to lower his agency's profile after a stream of embarrassing leaks about its surveillance activities. Instead, he's doubling down, asking for new powers to secure the U.S. financial industry -- and using some rather suspect arguments to support his demands.
In public remarks in Washington on Tuesday, Alexander said that eventually, and likely in the midst of a crisis, policymakers will have to decide under what conditions the NSA can take action to stop a major cyberattack on U.S. businesses or critical sectors of the economy.
"That's where we're going to end up at some point," he said. Using the financial services sector as an example, Alexander said, "You have to have the rules set up so you can defend Wall Street."
Drawing an analogy to how the military detects an incoming missile with radar and other sensors, Alexander imagined the NSA being able to spot "a cyberpacket that's about to destroy Wall Street." In an ideal world, he said, the agency would be getting real-time information from the banks themselves, as well as from the NSA's traditional channels of intelligence, and have the power to take action before a cyberattack caused major damage.
The analogy was a stretch.
Mark Wilson / Getty Images News
The mysterious "conference call" of al Qaeda leaders that led the United States to close its embassies around the Middle East in August was deciphered by a low-ranking enlisted man in the Air Force, who alerted his senior officers after finding clues about the ominous communication in the course of his regular duties.
"The warning that prompted that action [the embassy closures] came from the 70th ISR Wing, and specifically from a senior airman," Lt. Gen. Robert Otto, the Air Force chief of Intelligence Surveillance and Reconnaissance, said at the Air Force's annual conference in Washington.
The individual analyst being credited with the key discovery that alerted officials to a possible terrorist attack is a "cryptologic linguist" with the rank of senior airman who leads a team of electronic data analysts in one of the Air Force's premier signals intelligence units, Lt. Gen. Otto said. A senior airman in the Air Force is equivalent in rank to a corporal in the Army.
"Part of his job is just sifting through troves of data and determining what's relevant and then translating that data into useful information to our decision makers," Otto said.
That "senior airman is leading a team of people, he's the one that checks their work to make sure it's right, and there's just volumes of material in a language that at most one or two people in this room could read or speak," Otto said. "With so much information, we had to trust him to get it right, no one's checking his work."
"That happened to be a day when he was in the right place at the right time, doing his job perfectly," the three-star general said. "He alerted his leadership and the alert ran its way all the way to the Secretary of State, to the President of the United States. They didn't know the name of the senior airman who put two and two together, but thank you to that senior airman."
Otto did not reveal the type of communications channel the airman was eavesdropping on, and he didn't give the airman's name.
There was much debate in the press last month as to whether or not the embassies were closed due to information gleaned from a simple telephone conference call, something many experts believed al Qaeda leaders would be smart enough to avoid using. Some journalists speculated that the call itself was fabricated.
The National Security Agency has managed to defeat the powerful commercial encryption technology that, for nearly two decades, individuals, corporations, activists, and governments around the world have used to keep their communications safe from the prying eyes of digital spies and intelligence organizations.
In short, this means that the NSA, the largest intelligence agency in the U.S. government, has the power to read huge troves of email and other encrypted communications that once would have appeared as a digital scramble, useless to government spies.
Citing classified documents provided by former NSA contractor Edward Snowden, the New York Times reported on Thursday that the agency has used "supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age."
In what amounts to a multi-front campaign against encryption technology and the people who develop and use it, "The NSA hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world's most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world," the Times reported.
Developers and experts had long assumed that the NSA was attempting to foil the strong encryption technology that has proliferated on the web in recent years. But some were still stunned by the scale and scope of the effort.
"All the things we thought were worst-case scenario are actually happening," said Nadim Kobeissi, the developer of Cryptocat, a web-based encrypted chat program. "There's no way it could get worse than this."
He was particularly alarmed to learn that, according to documents reported by the Times, the NSA is spending $250 million on a "Sigint Enabling Project," which "actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" to make them "exploitable."
Kobeissi said that experts had believed that governments were working covertly to insert back doors and holes into systems to make them crackable by intelligence agencies. The Times revelations appear to confirm this is true.
Kobeissi also noted that, according to classified budget information recently leaked by Snowden, the U.S. government employs 35,000 people focused on cryptology, and spends $11 billion a year making and breaking codes.
On the other side of that effort are people like Kobeissi and a few dozen experts and researchers who comprise a community of coders trying to build open-source, open-access technology to protect private communications. Kobeissi admitted that they are outmatched by the NSA.
Mike Janke, the CEO and co-founder of the encrypted communications firm Silent Circle, said the new revelations show that the NSA has been successful at cracking "lower-level, low-hanging fruit" encryption like virtual private networks and Secure Socket Layer, two ubiquitous technologies. Janke said that stronger encryption systems, like the one his company uses, are still safe.
But this doesn't mean that stronger encryption can foil the NSA, Janke cautioned. The agency "has moved more to compromising platforms and hardware, instead of trying to break more sophisticated encryption schemes," he said. "That is why it is so important that we inform people that their platforms are the weakest link."
Documents previously released by Snowden show that the NSA has the authority to keep all the encrypted messages it collects for five years, until the agency can determine if the sender was an American citizen (and therefore afforded greater privacy protection under law), and until analysts can figure out whether the content of the message has any intelligence value.[[LATEST]]
The NSA has had to build a huge new facility in the Utah desert to store all the information it is collecting. What this latest revelation shows is a comparably massive effort to decrypt what's coming into the NSA's systems.
Intelligence officials asked the Times and ProPublica, which also received the documents, not to publish their stores because it could alert foreign governments to switch to new forms of encryption that are harder to collect and read, the Times reported.
This shows that while the NSA may have the upper hand in terms of money and manpower, the encryption battle is not entirely one-sided. Developers can always make stronger codes and more secure systems -- and they will.
"It is a constant race," Janke said. "Always improve the crypto and implementation of it to stay ahead of their billions of dollars of resources."
For three years, NSA promised a secret surveillance court that it was collecting "discrete" Internet communications about terrorists and spies, and not snooping on ordinary Americans. That turned out to be untrue, a newly declassified opinion revealed on Wednesday. In fact, the NSA was scooping up tens of thousands of Americans' emails, while assuring the court no such thing could possibly be happening.
The NSA made its guarantees because it was confident that the agency's systems could tell good guys from bad guys in the digital ether. They couldn't. And now, the myth of the National Security Agency's electronic omnipotence -- the myth that undergirds its massive power to pry into every aspect of our digital lives -- has taken another hit.[[LATEST]]
"Tens of thousands of wholly domestic communications" were inadvertently scooped up in NSA's digital dragnets, the court found, a tiny fraction of the total haul, but nonetheless a significant violation of the rules for handling Americans' private information.
"For the first time, the government has now advised the Court that the volume and nature of the information it has been collecting is fundamentally different from what the Court had been led to believe," wrote Judge John Bates of the Foreign Intelligence Surveillance Court in 2011. His opinion was declassified Wednesday amid increasing pressure for the Obama administration to reveal more about how and when the NSA monitors Americans' communications.
The problem was that the NSA was grabbing what the agency described as whole "transactions," or bundles or emails that were neither to, from, nor about the intended target. The NSA estimates it was collecting 56,000 communications per year in this manner for three years before officials discovered the problem and notified their overseers.
"That revelation fundamentally alters the Court's understanding of the scope of [NSA's] collection... and requires careful reexamination of many of the assessments and assumptions underlying its prior approvals," Bates wrote.
The U.S. military is betting they can stop the next Edward Snowden by putting nearly all of their data onto a massive -- and more easily secured -- cloud computing network. There's just one small hitch: the Pentagon has no idea how long it will take to do this, what it will cost, or even what this so-called "Joint Information Environment" will look like when it's done.
The Pentagon started the push long before Snowden began spilling secrets about the NSA. But the massive leak has reinforced the need to consolidate its tens of thousands of networks down to about 3,000 -- and its hundreds of data centers to 14 to 17 sites around the globe. These new networks will be easier to operate, upgrade and monitor for data theft, Pentagon officials promise.
However, "we don't really know what the up-front cost is yet, because we're still getting the plans in place," DOD Chief Information Officer Teri Takai told Killer Apps. "We'll need to shift some monies up front but, over the course of the [next five years] -- and we're still trying to figure out how long it's going to take -- we believe that we're going to recover that up front cost and then have significant savings."
These data centers and mini networks "will be connected on a [cloud] network that is secure," Takai added. U.S. Cyber Command -- the National Security Agency's military twin -- "will be able to see into that network," said Takai.
(One of Cyber Command's central missions is to defend DOD networks from cyber attack. To do this, it must be able to monitor the these networks for malicious activity in real time, Cyber Command and NSA chief Gen. Keith Alexander has repeatedly said.)
DOD's current collection of networks were built up over last few decades on an ad hoc basis. However, many of these separate networks connect to each other, meaning that poor security on one of these small networks can allow a hacker to access the rest with relative ease. Making matters worse it that it's very hard to quickly monitor them for cyber attacks due to the sheer volume of networks, many of which have their own individual configurations.
This chaotic digital infrastructure also makes it way too easy for someone on the inside to steal information. Case in point: Edward Snowden, the NSA contract systems administrator who lifted highly classified files from agency servers using nothing but a thumb drive. When Snowden took the files, NSA systems administrators had special authorization to pull data off of agency servers using thumb drives in order to transfer information to another network or backup data. The problem is, no one was monitoring to see what data the systems administrators were pulling.
The data divers at the Defense Department know better than most how to track down someone just by looking at his phone records. Now they want to know if America's enemies could cause a fiscal meltdown or a massive cyber attack by combing through Netflix queues, Uber accounts, and Twitter feeds.
The doomsday thinkers over at DARPA are looking for researchers to "investigate the national security threat posed by public data available either for purchase or through open sources." The question is, could a determined data miner use only publicly available information -- culled from Web pages and social media or from a consumer data broker -- to cause "nation-state type effects." Forget identify theft. DARPA appears to be talking about outing undercover intelligence officers; revealing military war plans; giving hackers a playbook for taking down a bank; or creating maps of sensitive government facilities. [[LATEST]]
The irony is delicious. At the time government officials are assuring Americans they have nothing to fear from the National Security Agency poring through their personal records, the military is worried that Russia or al Qaeda is going to wreak nationwide havoc after combing through people's personal records.
As timely as this new DARPA project is, it wasn't NSA snooping that piqued the agency's interest. It was Brokeback Mountain. In 2009, Netflix sponsored a contest to improve its movie recommendation algorithm. Things went off the rails when a pair of researchers used supposedly anonymous information provided by the company to identify Netflix customers, by comparing their film reviews with reviews posted on the Internet Movie Database. A closeted lesbian who had watched the award-winning gay cowboy flick sued Netflix, alleging her privacy was violated because the company had made it possible for her to be outed.
DARPA's requests for research proposals points to the Netflix debacle, and the lawsuit, as a cautionary tale. Part of the research is aimed at identifying which potentially dangerous databases and computing tools are out there.
And in a second bit of irony, DARPA suggests a few, including "low-cost big data analytic capabilities" like Amazon's cloud service. That's the service that the CIA wants to use to build a $600-million cloud for the intelligence community. Could a tool meant to serve the spies' computing needs end up being used against them? Researchers who think they have the answer may submit their proposals starting Aug. 26.
The White House is promising to find new ways to declassify cybersecurity secrets -- even as the Obama administration continues to go after leakers with a vengeance.
"There is absolutely a shift toward doing that and we're working quite hard at that," said Andy Ozment, senior director for cybersecurity at the White House told Killer Apps today. "We have to change our culture and accept more risk to our [cyber intelligence] information in order to share it more aggressively."
While the administration has made a seemingly aggressive push for secrecy, prosecuting record numbers of alleged secret-spillers, the opposite is true when it comes to fighting cyber attacks on networks largely owned and operated by the private sector.
All of this was laid out in last February's cybersecurity executive order through which the White House is trying to dramatically increase the amount of network intelligence government shares with businesses.
"It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities," reads the order.
Ozment said his shop is trying to carry out that order, "and declassifying information or creating unclassified versions of information is a key part of that."
"Let's say we have a piece of information that we collected through intelligence that may be useful to protect a company. The goal would be to exert ourselves and say, ‘let's identify another way we could have found this information that would not have been through intelligence'," Ozment added.
In other words, the government might share secrets -- without telling anyone they're secrets.
"In other cases it will be, ‘we found this through intelligence, but we think the threat is [so] significant we'd rather lose the source and protect our infrastructure,'" said Ozment. "That's just a straight calculation."
Still, the government has work to do when it comes to quickly sharing information with the private sector. Companies routinely complain about supplying info to the government - and getting nothing back.
For a long time now there's been a chorus of experts saying that over-classification prevents intelligence from reaching businesses in time for it to be useful against network attacks. More broadly, the heavy blanket of secrecy is thrown over so much information, these experts say, that it actually encourages the kind of massive leaks we've seen from Edward Snowden and Bradley Manning. The ridiculousness of the classification system encourages certain leakers to ignore it altogether.
Just last week, we reported that the Government Accountability Office is kicking off its first-ever investigation into over-classification on a variety of topics at the request of California Republican Rep. Duncan Hunter.
This flies in the face of conventional Intelligence Community wisdom -- especially when it comes to cybersecurity. The traditional notion has been that the discovery of a software flaw should be kept secret so that the government can exploit it and deploy its own malware on enemy networks.
"Back in the pre-cyber world we had a pretty well worn rut in the road as to where that line [favoring offense over defense] is," former CIA and NSA director Michael Hayden told representatives from the electrical power industry in Washington on Aug. 6. "That line may now be in the wrong place."
Keeping security flaws secret from industry has resulted in tactical successes for U.S. government hackers but these come at the cost of causing "a real strategic problem [in] that industry is not aware of vulnerabilities out there," said the former spymaster.
He echoed the sentiments of the White House that when it comes to cyber, the emphasis must be placed on defense, even if it means burning some ability to conduct offensive operations.
"I think the trend line right now is in the direction of more defense even if it has to be at the expense of offense," said "Right now, what we need to do with that trend line is accelerate it."
President Obama has been taking a lot of heat for backing off some of the NSA-focused secrecy reforms he championed as a Senator and presidential candidate. (These reforms included, among other things, requiring the executive branch to routinely tell Congress how many Americans' communications information had been swept up by the government and limiting the amount of bulk electronic data the government could collect) But in the area of cybersecurity, at least, his administration is at least talking a good game about fulfilling Obama's earlier promises to open the government.
If Edward Snowden magically disappears from Russia and reappears in an American prison, the U.S. could face reprisals from hacktivists around the globe, America's former spy chief speculated Tuesday morning.
"If, and when, our government grabs Edward Snowden and brings him back her to the United States for trial, what does this group do?" asked ex CIA and NSA director Michael Hayden rhetorically about groups such as Anonymous during an Aug. 6 speech in Washington. "They may not go after the U.S. government because frankly, the dot mil stuff is one of the hardest targets in the United States. If they can't go after dot mil, who are they going after? Who, for them, are the [digital] World Trade Centers?"
That's right. The former head of the CIA just compared Anonymous - a group best-known for defacing some websites - to the world's most notorious terrorists. And that's not the only insult he hurled. Hayden also labeled such groups as "nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven't talked to the opposite sex in five or six years."
Hayden was speaking to a group of representatives from the electrical power industry, a business sector many have warned is too vulnerable to a catastrophic cyber attack.
He admitted that his comments are "purely speculative" but pointed out that Snowden has large backings around the globe among the hacker community.
"Certainly, Mr. Snowden has created quite a stir among those folks who are committed to transparency and global transparency and the global web ungoverned and free," said Hayden. "I don't know that there's a logic behind trying to punish America or American institutions for his arrest, but I hold open the possibility."
Now, positing that some information-freedom-loving collective will retaliate if Edward Snowden is snatched by the CIA is stating the obvious.
Anonymous and the affiliated group LulzSec have defaced or taken down plenty of websites and released private information on thousands of people in the past as retaliation for the U.S. government's treatment of Bradley Manning, the Army Private convicted of leaking mountains of classified government documents to Wikileaks. (Their most serious attacks -- on the databases of AT&T and the Arizona Department of Public Safety -- were done while one of their leaders was secretly serving as an FBI informant.)
Still, it's incredibly unlikely that hacktivist groups would execute lethal cyber attacks roughly equivalent to the digital 9/11 that Hayden referred to.
While the high-end hacking ability of non-state actors is growing every day -- made easier by the black market in digital weapons -- it's worth pointing out that a truly devastating cyber attack on the U.S. would probably backfire against the group that did it.
If American institutions do face reprisals, they're likely to be more of an inconvenience -- albeit a possibly costly one in terms of dollars -- rather than a catastrophe. Think websites being defaced and taken offline or personal information leaked; not the energy grid going down for weeks or trains flying off the tracks. That's the stuff groups like al Qaeda or rogue nations are interested in. Call me old fashioned, but the information freedom hacking groups I'm familiar with may love causing chaos and breaking laws in the name of vigilante justice, but they don't seem too interested in killing lots of people.
If three of the National Security Agency's most vocal critics have their way, the secretive Foreign Intelligence Surveillance Court will look a lot more like a traditional court, with arguments being presented on both sides and a chance to oppose the government's interpretation of surveillance law.
Sens. Richard Blumenthal, Ron Wyden, and Tom Udall introduced a pair of bills today that would significantly alter proceedings before the court and the manner in which its members are chosen.
The first of the two bills would require that the court, which authorizes surveillance by the NSA, hear arguments from government attorneys and an appointed "special advocate" whenever surveillance requests "raise novel issues of law." [[LATEST]]
Under current proceedings, the court only hears from the government's attorneys when deciding whether to authorize surveillance and when interpreting surveillance law. The new special advocate would act as a counterweight and argue in favor of narrower interpretations, with an eye towards enhancing privacy protections.
The advocate would be chosen for a five-year term by the presiding judge of the FISA Court of Review, which acts as an appellate body to the main court and has rarely met in its three-decade history. The presiding judge would choose from a panel of candidates nominated by the Privacy and Civil Liberties Oversight Board, an independent body. The advocate would be empowered to appeal the court's decisions to the review court.
The bill would also shed some light on the court's closed-door proceedings. It would require any FISA court opinions that involve "significant legal interpretations" to be disclosed publicly. The Attorney General would have to ensure that the decision revealed enough information to make clear what the legal debate at issue was and how it was resolved.
A first-of-its-kind review by the Government Accountability Office will examine whether security agencies are keeping too many secrets and how officials decide what information to deem classified and what to release to the public.
Lawmakers and security experts have long complained that the government makes too much information classified and routinely keeps information from public view that poses no risk to national security. But one member of Congress is also concerned that by making so much information secret, the government is increasing the number of people who have security clearances--more than 5 million government employees and contractors today--who could one day decide to reveal classified information without authorization. In effect, the study is asking whether by keeping so many secrets, the government is making leaks more likely.
[[LATEST]] "There's a real problem with over-classification in the national security arena," Rep. Duncan Hunter, who first requested the study from the GAO, Congress' investigative arm, told Foreign Policy. "There's real classification inflation that puts information that should be available to the public out of view and creates a degree of exposure by widening access to sensitive information that should otherwise be limited. In the end, it's about protecting information that truly needs to be withheld for security reasons and ensuring both process and protocol prevent unauthorized disclosures or incorrect identifications."
The GAO has examined aspects of the classification system, but there has never been a comprehensive study of how the government makes security information a secret.
Specifically, the report will review the guidance and processes that the Defense Department uses to determine what information should be classified or remain unclassified, according to a member of Hunter's staff. The GAO also will examine to what extent the DOD has internal controls to review classification decisions to ensure they're being made appropriately. It will also study what effect "inappropriate classification" has on information sharing and how effective the process is for declassifying information, the staff member said.
Forget the shady middlemen; never mind the students just a little too eager to find out the particulars of engines and warheads. Today, when foreign spies want to acquire America's latest weapons technology, they just hack into networks and steal the digital designs. 2012 marked the the first time, overseas intelligence agencies used cyber espionage - rather than the old-fashioned kind -- as their number one way to pilfer information on U.S. weapons.
That's according to a new report by one of Pentagon branches responsible for preventing such spying. Not coincidentally, perhaps, half of all successful incidents in 2012 of espionage against American defense contractors originated in Asia, up from 43 percent the previous year. THis report higlights what plenty of us have come to grasp intuitively, cyber attacks are steadliy replacing -- or at least complementing -- attempts to flat-out purchase U.S. defense technology or simply ask for more information about it as the top MO of industrial intelligence operators.
This shift from overt attempts at collecting information on U.S. weapons to cyber theft means that it may become more difficult to detect when a rival is trying to gain access to America's defense secrets. It also shows why the Obama administration has been in such a tizzy of China's alleged industrial espionage.
According to the report from the Defense Security Service, these spies were particularly interested in gathering information on U.S. electronics; worldwide collection attempts in this sector spiked 94 percent from the year before.
A "substantial" number of those electronics were radiation-resistant electronics that can be used in nuclear weapons, ballistic missiles, aerospace and space programs, according to the report.
"Foreign entities, especially those linked to countries with mature missile programs, increasingly focuses collection efforts on U.S. missile technology, usually aimed at particular missile subsystems," reads the report.
Why are nations with mature missile programs trying to steal secrets about American missile parts? To make their missiles even more deadly, of course.
"After a country masters the chemistry and physics required to launch a missiles, scientists and engineers can focus on accuracy and lethality, the desired characteristics of modern missiles," the report notes.
Getting their hands on U.S. missile parts will also help these countries defend against American weapons.
"Reverse-engineering would probably give East Asia and the Pacific scientists and engineers a better understanding of the capabilities of the targeted and acquired technology to develop countermeasures to U.S. weapons systems," reads the document.
Overall, foreign spies' top four American targets were "information systems; electronics; lasers, optics and sensors; and aeronautic systems technologies," according to the report.
All of these are crucial parts of the weapons that have given the U.S. a clear advantage on battlefields for the last 20 years. Information systems are how the US military passes massive amounts of intelligence and communications data. Meanwhile optics, lasers and sensors are key technologies that help American drones spy on enemies and that guide its smart weapons onto targets. Aeronautic systems technologies, as you know, are the parts that make up the Pentagon's next-generation rockets, stealth drones and fighters -- exactly the types of weapons that nations like China are trying to replicate.
The report doesn't specifically call out China as the home of these spies. But let's be honest, the vast majority of espionage attempts originating from Asia are likely coming from China.
"DSS continues to take the politically correct route and hide China within the ‘East Asia and Pacific' category, disappointing," Richard Bejtlich, chief security officer of the cybersecurity firm Mandiant, told Killer Apps after reading the report.
The Defense Security Service document was published on July 17, two days before David Shedd, deputy director of the Defense Intelligence Agency told Killer Apps that his agency is constantly finding new attempts by foreign government to install spyware on U.S. weapon systems. (In 2011, a Senate investigation found that tons of counterfeit electronic parts made in China were making their way into U.S. weapons; these parts could hide spyware or ‘back doors' allowing enemies to take over or disable the weapons.)
Far East countries -- who accounted for 54 percent of the interest in American missile tech -- targeted everything from the Standard Missiles and Ground Based Interceptors used for missile defense to TOW antitank missiles, Trident Submarine launched nuclear missiles, Tomahawk cruise missiles and Patriot anti-aircraft missiles and Harpoon anti-ship missiles.
Unlike overall trends in espionage, spies kept things old fashioned when going after missile tech, trying to either buy it outright or simply requesting information about such technology.
Interestingly, DSS found that successful attempts to get information on missile technology via cyber means are "relatively low." However, because digital espionage allows spies to be even sneakier than outright attempts to steal information, such efforts may go unnoticed.
When cyber espionage "goes unrecognized or unreported by cleared contractors, industry does not generate a report, making such instances unavailable for analysis in this data set," reads the DSS report.
The DSS report largely confirms what any casual news reader has seen over the last few years -- the Far East, led by China, is pushing to build military technology rivaling the U.S.'s by any means necessary.
It's bad enough that U.S. intelligence officials are constantly discovering new plans to insert spyware and back doors into the Defense Department's supply chain. But what may be worse is that American analysts are only discovering indirect evidence of this infiltration, according to a senior DOD intelligence official. The back doors themselves remain maddeningly hard to find.
"Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt" U.S. military operations, said David Shedd, deputy director of the Defense Intelligence Agency during a speech at the Aspen Security Forum in Colorado on July 19.
DIA is finding more and more plots to deliver these parts through front companies that are "the instrument of the hostile service that's guiding and directing them," Shedd told Killer Apps during the forum.
"My concern is that our adversaries -- and they're multiple in the supply chain context -- have been very active for a very long time," David Shedd, deputy director of the Defense Intelligence Agency told Killer Apps at the Aspen Security Forum in Colorado. "We're finding things, not in the supply chain itself but plans and intentions through" front companies posing as legitimate DOD parts suppliers.
This is hardly a new threat. (Yours truly has written about the epidemic of counterfeit parts poisoning DOD supply chains since 2008.) A 2011 Senate investigation discovered an unbelievable amount of fake semiconductors in brand new DOD weapons such as the Navy's P-8 Poseidon sub-killing plane and anti-ICBM missiles used by the Missile Defense Agency. Perhaps unsurprisingly, the vast majority of the parts were found to come from China.
Representatives from the United States' intelligence community will meet with European Commission officials July 22 in Brussels to discuss the extent to which the National Security Agency conducted internet surveillance on European networks under the now famous programs leaked by Edward Snowden.[[LATEST]]
"We want to learn more about this system, how does it work, what does it do, and then make a sort of assessment and we'll see where all this leads," Gilles de Kerchove, the European Union's counterterrorism coordinator told Killer Apps at the Aspen Security Forum in Colorado.
"What we would like to have . . . is reassurance that these programs [have] limits, safeguards, are proportional, that they are for counter terrorism only and not economic intelligence," said de Kerchove during a speech on July 19 at the forum. "We want to see if there is room for improvement, we don't reject" the idea of the program. Instead, the EU wants to make sure the information is collected lawfully and is held in a secure manner so there are no more large scale leaks. He then referred to the now joint US-EU effort called the Terrorist Finance Tracking Program (TFTP) as an example of intelligence collaboration between the two sides of the Atlantic.
TFTP started as an American intelligence program aimed at monitoring the Brussels-based bank information-sharing organization, SWIFT, with the intent of tracking terrorists' financial transactions around the world. TFTP program was expanded to a joint operation after it was publicly revealed that the US was obtaining information on European bank transactions.
While Monday's meeting is meant merely to inform EU officials about the extent to which the United States is spying on their networks, it might -- might -- lead to more information sharing between the U.S. and Europe, according to de Kerchove.
While the two sides "will not enter into negotiation on a formal arrangement" on transatlantic sharing of information contained in the NSA's PRISM database, part of the goal of the talks for European officials is to make sure that the US will share intelligence gathered under its Internet spying programs, according to de Kerchove.
EU officials want to make sure that "if, through PRISM, the US intelligence community gets some relevant information -- which, together with satellite interception, human source or some other program -- leads to something that is meaningful for one member state in Europe, they will share it," de Kerchove told Killer Apps.
Just yesterday, German newspaper Der Spiegel revealed a "prolific" and growing partnership between German intelligence agencies and the NSA in the gathering and sharing of electronic intelligence, including Internet data such as search engine queries.
de Kerchove acknowledged during his speech that most European government officials, "in the back of their mind, know that the US is collecting a lot of data . . .and we know that a lot of information that has helped us foil [terrorist] plots was provided by the Americans."
So much for all the anger expressed by continental leaders when, in the non-news of the year, the NSA was revealed to be spying on Europe.
(Still, de Kerchove's speech came the same day the EU announced an increased push to ensure that European Internet data is held to European privacy standards even when it is handled by US-based companies.)
At the end of the day, it looks like all of the sturm und drang over the NSA's Internet spying programs might be set to invoke greater intelligence sharing between the US and Europe.
The intelligence community's top lawyer mounted a full-throated defense of the National Security Agency's global surveillance programs in a speech on Friday, insisting that the agency goes to great lengths -- unique among most nations -- to ensure that it's not inappropriately monitoring the communications of Americans. But after the prepared remarks were over, Robert Litt undermined his own case a bit when he admitted that he wasn't completely sure how, technically, the NSA kept Americans out of the surveillance dragnet. [[LATEST]]
In a speech at the Brookings Insitution in Washington, Litt said that when the NSA wants to monitor an individual's email account under a program he described as one of the most valuable tools for detecting terrorist plots, analysts first determine whether the sender is a U.S. citizen or legal resident, and whether he is located inside the United States. If he meets either of those criteria, the government is supposed to obtain a warrant before reading the email.
But this is no easy task. The NSA has a very difficult time knowing whether an email sender is, in fact, a U.S. person, and therefore afforded additional privacy protection under the law. Asked to elaborate on how the NSA makes this determination, Litt acknowledged that the process is "technically very difficult." But he said he was not at liberty to divulge "NSA analytic tradecraft."
Litt did offer that analysts have a variety of other databases that they can consult, separate from those that contain data collected through the PRISM system and the bulk collection of telephone records, the two programs that Litt addressed in his remarks.
But when asked what information that was, Litt said the he didn't know. "I do not know what's in every one of NSA's databases."
The acknowledgement by the intelligence community's top lawyer that he doesn't know what data the NSA is using to make a crucial legal determination undermines assurances that the agency's spying is robustly monitored and that privacy abuses hadn't occurred.
Exactly what's in the NSA's many electronic repositories -- most of which are still classified -- is at the heart of the debate over whether the agency has gone too far in collecting and storing unprecedented amounts of personal details on millions of people.
Yes, Litt is a lawyer, and not a technical expert. But he's the lawyer who's supposed to oversee the NSA's surveillance work. He's one of the lawyers who defended that surveillance in front of Congress. Previously a senior official at the Justice Department, his office is today partly responsible overseeing applications to the Foreign Intelligence Surveillance Court, which authorizes the NSA's collection of electronic communications. Those applications are approved by the Director of National Intelligence, Litt's boss, and the Attorney General.
JIM WATSON/AFP/Getty Images
ASPEN, CO. -- NSA chief Gen. Keith Alexander today said that his agency is piloting the Defense Department's security reforms aimed at preventing systems administrators from stealing large volumes of classified data. What's that involve? In addition to requiring systems administrators to operate in pairs when accessing highly classified information, NSA will limit the number of people who can download classified data onto removable disc drives and will lock server rooms. [[LATEST]]
"Instead of allowing all systems administrators [to write data to thumb drives], drop it down to a few and use a two person rule," said Alexander during a talk at the Aspen Security Forum in Colorado this evening. "We'll close and lock server rooms so it takes two people to get in there."
"Since this happened in our place, on our watch, we're piloting that for DOD and for the IC [Intelligence Community], we will fix this on our stuff and we have a responsibility to do that," said Alexander.
The Army four-star general was expanding on Deputy Defense Secretary Ashton Carter's comments earlier today about the security measures DOD is putting in place in the wake of NSA leaker Edward Snowden's disclosure of secret U.S. electronic intelligence efforts.
Still, Alexander the Snowden affair can't be allowed to put a freeze on the rapid sharing of actionable intelligence between intelligence agencies that has emerged in the post 9/11 era.
"We also have to ensure that we make sure that people who need information to do their job have access to information," said Alexander. "We've got to figure out how to balance this."
Doing this means NSA and other DOD agencies will need to look at limiting systems administrators' access to classified information while ensuring that analysts have rapid access to the intelligence they need, according to Alexander.
"After 9/11 we had this need to share, I think there's goodness in sharing, we've got to make sure we do it right," said Alexander.
Earlier today, Carter said that part of the reason that Snowden was successful was that too many people had access to top secret information, alluding to the culture of information sharing that has cropped up in the Intelligence Community since 9/11.
Alexander is also open to allowing tech companies to reveal the number of requests by the government to access their customer information for intelligence and law enforcement investigations.
"I think there's some logic in doing that," said Alexander. "The FBI and we are trying to figure out how to do that without hurting any of the ongoing investigations."
Alexander also said that he has seen adversaries of the U.S. changing tactics to evade NSA's intelligence-gathering techinques that were revealed by Snowden.
His comments come the same day that a number of tech companies including Google, Apple and Facebook wrote a letter to the White House asking to release more information about the number of times law enforcement or intelligence agencies ask for customer information.
ASPEN, CO. — The Defense Department has begun requiring its geeks to operate in pairs when accessing highly classified information in order to stop the next massive leak. The next step might be restricting those systems administrators from seeing some sensitive data. The step after that? Possibly rolling back at least some of the military and intelligence community's measures to swap information -- a reversal of one of the national security state's key reforms after 9/11.
The damage control procedures are being put in place anywhere in DOD where there are "systems administrators with elevated access" to highly classified intelligence, Deputy Defense Secretary Ashton Carter said Thursday. These two-person rules along with procedures calling for increased compartmentalization of sensitive intelligence will be put in place at the "huge repositories where we have all this stuff," added Carter, referring to massive amounts of classified intelligence materials being stored on DOD servers.
"Job one for us has to be defending our own networks and this is a failure to defend our networks," said the Pentagon's number two official during a speech at the Aspen Security Forum in Colorado this morning. The NSA failed to protect itself from "an insider, and everybody who has networks knows that the insider threat is an enormous one."
The DOD is now working to restrict access to highly classified information to only people who work on programs involving that information as well as requiring a buddy system for anyone accessing extremely sensitive information on DOD networks.
Carter compared this to efforts taken to keep U.S. nuclear weapons safe from sabotage or theft.
PAUL J. RICHARDS/AFP/Getty Images
The NSA's secretive electronic dragnet turns out to be bigger -- a lot bigger -- than previously realized.
In a hearing before the House Judiciary Committee on Tuesday about NSA surveillance activities, the agency's second-in-command, Chris Inglis, said that when analysts try to determine if a particular individual is engaged in terrorist activity, they will look at the communications of people who are as many as three steps removed from that original target.
In practical terms, this means that the number of people who are being caught up in the NSA's electronic nets is vastly larger than previously known -- the number could easily be in the tens of millions. Until today, we had understood that analysts only searched two "hops" beyond their target; that is, they looked at the communications of people with whom the target was communicating, as well as the people those individuals were in touch with.
Adding a third hop exponentially increases the number of innocent people that are caught up in the net whenever the NSA makes an attempt to determine if their original target is actually a terrorist or involved in terrorist activities. And every time that the search extends by one hop, the likelihood of inadvertently collecting the communications of U.S. citizens and legal residents -- who are protected under the law -- shoots up.
Mark Wilson/Getty Images
View Old USSR Listening Posts in a larger map
The world has been somewhat surprised by recent reports of the National Security Agency's massive electronic spying operations around the globe. But they're not the only ones with their ears to the proverbial ground. Just about every nation is engaged in some sort of electronic espionage. Russia, for example, still has an array of massive listening stations, ready to snoop on whoever's talking.
It's a legacy of the Soviet Union, which ran one of the largest of those electronic eavesdropping networks as it tried to gain any intel it could on the U.S. and its allies. Those old Soviet eavesdropping stations still exist. Some are rusting away in former Soviet countries. Others are still operational.
Intelligence historian Matthew Aid just got ahold of a recently declassified CIA document listing the locations of 11 KGB strategic radio interception stations throughout Russia and the rest of the old Soviet Union.
These stations "were a small but very important part of the massive [signals intelligence] intercept and processing complexes operated not only by the KGB but also by the Soviet military intelligence service, the GRU," writes Aid.
But these posts are hardly Cold War relics. Most of them are still "monitoring the communications of the U.S., Europe and virtually every other country of any significance or size around the world," he adds.
Killer Apps thought it would be fun to make it easy for you to explore these sites scattered across the old Soviet Empire by mapping them out. Click on each satellite dish for Aid's description of each site and its current status. Zoom in on each site on the map to explore its current physical state.
We already knew that the U.S. spy agencies collect all kinds on Americans, thanks to leaked documents from NSA contractor Edward Snowden. Now, in a fresh leak, we're learning that Brits are snooping on us, too -- tapping the world's telephone and Internet traffic, and sharing that info with the United States.
Government Communications Headquarters (GCHQ), Britain's version of the NSA, is allowed to tap more than 200 fiber-optic data cables running through British territory, giving the organization access massive amounts of telephone and Internet data, according to the Guardian, who revealed today that Snowden provided it with a document detailing the UK spy agencies efforts to collect phone and web data.
GCHQ cable taps allow it to gather recordings of phone calls, email content, Facebook entries and any Internet users web browsing history -- not exactly the anonymous metadata that we've been hearing about on the U.S. side of the Atlantic.
What's not surprising is that the UK shares this information with NSA. Remember, the two nations have their 70-year old "special relationship" and are the founding members of the Five-Eyes intelligence sharing agreement, formally known as the UKUSA agreement (pronounced you-kooza). The Five-Eyes are members of a special club of former British colonies that gather and share super secret signals intelligence with each other -- exactly the type of information gathered by NSA and GCHQ. Australia, Canada and New Zealand are the other three members of this little club that was established by secret treaty during World War II.
How sensitive is the information shared between members? Rumor has it that until 1973, Australian prime ministers weren't even told about the program.
The National Security Agency has promised over and over again that it only spies on foreigners, and throws out ordinary communications if they're caught in the surveillance driftnet. But a pair of newly-leaked documents appear to undermine that claim. They include provisions that let the electronic spy agency hang onto some communications of Americans for several years - and in the meantime, allow the NSA to share information about U.S. citizens and legal residents to the CIA and the FBI. And if the government suspects that an American might commit a crime or spy for a foreign power some day, those records can be kept, too.
The documents, which were approved by the Foreign Intelligence Surveillance Court in July 2009 and published Thursday by the Guardian, offer the clearest picture yet of the NSA's so-called minimization and targeting procedures. They're also sure to re-ignite a debate about the NSA's surveillance activities - just as that discussion appeared ready to die down.
The document on minimization advises NSA personnel to "exercise reasonable judgment" in deciding whether to redact information about U.S. citizens or legal residents that is inadvertently collected during searches of foreigners' communications from intelligence reports or NSA databases. However, the agency is allowed to hang onto U.S. persons' communications for a period up to five years, the document says.
Analysts "will destroy" the information at the "earliest practicable point" that it can be determined to have no foreign intelligence value (for instance, it doesn't concern a spy or a terrorist) or that it doesn't contain any information about a crime, the document says.
"The communications that may be retained include electronic communications acquired because of limitations on NSA's ability to filter communications." This appears to mean that the agency can hang onto information that it is unable to definitively determine is not foreign in nature.
To help determine whether the target of surveillance is in fact a foreigner outside the United States, the NSA is allowed to use numerous databases, including those that contain phone numbers, Internet metadata, and human intelligence reports from the CIA. The documents indicate that the NSA is using its database of all domestic phone calls, known as Mainway, as well as metadata that's obtained during searches of Internet communications through the PRISM system.
It's during those Internet searches that the communications of innocent Americans are most likely to be swept up and disseminated across the government in secret reports. But according to the NSA's minimization rules, the agency may hand over "unminimized communications" to the CIA and the FBI. Those agencies are supposed to follow their own minimization procedures, but they are not described in the NSA document.
The sharp-elbowed, ultra-connected data mining firm Palantir may be best known around Washington these days for its war with Army over its intelligence software. But the company is also making inroads in Foggy Bottom, where it's using its terror-hunting tech to help State Department fight human traffickers. And it's getting assists from unlikely allies like Google and LexisNexis.
Since 2012, Foggy Bottom's National Human Trafficking Resource Training Center and the Polaris Project, an NGO that fights human trafficking, have been using Palantir's software to analyze data they collect from victims and tipsters.
They use Palantir's software to identify patterns in information about traffickers and victims that are gathered by anti-trafficking hotlines around the globe. Basically, Palantir lets Polaris take information other anti-trafficking groups receive and put it into one large database -- making it easier to connect cases of trafficking, map trends, and create plans to combat trafficking operations in a specific area.
All of this gives non-technical people a "view of the world as discrete objects, relationships and their describing data," according to the firm's website.
Palantir isn't the only tech firm that's working with State and the Polaris Project to fight human trafficking. Google provided Polaris and similar NGOs -- Liberty Asia and La Strada International -- with $3 million to tie their hotlines together so they could use Palantir's computing power to "identify illicit patterns and provide victims with more effective support," according to a State Department announcement about its 2013 report on human trafficking, which was released today.
LexisNexis also developed a tool allowing these organizations to quickly mine news articles from 6,000 worldwide sources for information on human trafficking.
As for the company's fight with the Army, Plantir was used some troops in Afghanistan instead of the service's existing tool designed to do similar things, the Distributed Common Ground System Army (DCGS-A; pronounced dee-sigs a, seriously).
When glowing reports of Palantir's system began popping up in the Army, the backers of DCGS-A brought out the knives, even accusing the general who wanted Palantir sent to Afghanistan as having the firm ghost write his request to the Pentagon for the software. They also accused Palantir lobbyists of getting lawmakers to include cash for the software in wartime funding packages. Other Army documents knocking DCGS and insisting that Palantir should be used in Afghanistan were ordered destroyed and replaced with nearly identical documents save for the fact they don't recommend Palantir.
This fight was behind Gen. Ray Odierno's famous smackdown of Rep. Duncan Hunter during a House hearing earlier this year after the Congressman said the service was ignoring soldier complaints about DCGS. Army Secretary John McHugh said after the exchange that the service has purchased Palantir's software and is integrating it into DCGS.
Despite Palantir's reputation for providing spies with the tools they need to see everything - and clawing out the eyes of any bureaucrat that tries to stop 'em -- it looks like this is a case where Palantir's software is being used for something unmistakably good. Of course, that makes for good headlines, which can lead to more government contracts.
Cyberspies have wasted no time exploiting the release of secret document about the National Security Agency's digital surveillance methods. Just this week, a new spearphishing campaign that tries to lure its victims by sending a malware-laden email that claims to have information on PRISM, the NSA's famous program that collects information on people's Internet activities.
The best part about this email? It's designed to look like it's from Jill Kelley, the woman who played a role in revealing David Petraeus' affair with Paula Broadwell.
The email itself contains a malicious Microsoft Word document, titled Monitored List 1.doc that attempts to infect victims' machines with malware that matches that used by the Chinese hacker crew known as Red Star APT, according to Brandon Dixon, who first discovered the attack.
(Red Star APT is the team that cybersecurity firm Kaspersky Lab revealed as being behind the NetTraveler attacks that we wrote about earlier this month.)
Red Star is believed by Kaspersky to be a state-backed hacking team similar to Unit 61398 of the PLA, better known as APT1, the alleged Chinese-government hacker crew whose exploits were revealed by cybersecurity firm Mandiant in February. APT1 was found by Mandiant to be stealing "hundreds of terabytes of data" from businesses around the world whose secrets the Chinese government had a strong interest in obtaining.
"The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan," reads Mandiant's report on APT1.
The only known victim of this attack (so far) belongs to the Regional Tibet Youth Conference -- an organization the Chinese government likely has a strong interest in keeping tabs on -- another fact that makes security researchers like Dixon and the staff at Kaspersky Lab think that the Red Star APT crew are behind the attack.
The latest email is full of terribly-written English text about the Edward Snowden affair, making it seem like this particular attack was designed by one of the newer recruits to Red Star or whichever organization is behind the attack.
"Omnipotent CIA agent, was a sudden, the CIA wanted his club hunt, Spy Game Hollywood blockbuster this week staged in reality true," reads the email's first sentence.
Dixon notes that if this is Red Star -- he hasn't yet been able to find the IP address or command and control server behind the email --, they don't seem too concerned about the fact that everyone knows what they're up to.
"It's funny to note that these actors are keeping up with their same techniques and infrastructure [not all of it] despite being 100% outed," he writes in his analysis of the email. "Again, this sort of behavior shows poor operational security or a complete lack of care."
"The NetTraveler attackers have been going strong since the early 2007-2008?s and I doubt they will be stopping anytime soon," he noted.
The publication of Mandiant's report earlier this year combined with recent news about the NSA's vast overseas Internet spying operations (though neither of these were necessarily news to anyone paying attention), we might just be entering a new era in cyber conflict, where instead of operating in the shadows, state actors rifle through the world's secrets in plain view.
The Director of the National Security Agency is defending his organization's practice of collecting and storing for several years the phone records of millions of Americans, but he told a panel of lawmakers Tuesday that his agency may be willing to relinquish some control over that massive database.
Gen. Keith Alexander told the House Intelligence Committee that cellphone metadata such as phone numbers and call duration has been used in foiling "a little over" ten "potential" terrorist attacks on U.S soil. But the agency may look at asking phone companies to hold onto their call records and only turn over details on specific accounts being investigated by the government, he said.
Several lawmakers expressed concern at the hearing that the NSA was collecting and storing too much information connected to Americans, the overwhelming majority of whom could not possibly be connected to terrorism. Leaving the metadata with the phone companies, rather than copying it into NSA's databases, could alleviate some of those concerns at a time when the electronic spy is facing renewed scrutiny of its secretive intelligence-gathering efforts.
"FBI, NSA are looking at the architectural framework of how we actually do this program," Alexander said. "If you leave [telephone metadata] at the service providers, you have a separate set of issues in terms of how you actually get the information; how you have go back and get that information [from them] how you follow it down and the legal authority for how you compel them to keep that information for a certain period of time."
But Alexander cautioned that having the data in-hand at NSA allowed the agency to respond quickly to potential threats, and that going to the phone companies with repeated requests might take too long. "The concern is speed in a crisis," he said
Alexander's statement came in response to a question from Rep. Adam Schiff, a Democrat from California, who wanted to know the prospects for changing a section of the Patriot Act such that telecommunications companies would be required to retain the metadata, and only hand it over to the government when they were specifically queried.
Alexander and other officials from the intelligence community noted that while they have collected millions of Americans' phone records, they are kept in a "lockbox," as committee chairman Mike Rogers has described it. Only if NSA has "reasonable, articulable suspicion" that a phone number from outside the United States is talking to someone in the country, are NSA officials allowed to go into that lockbox and see which domestic line the outside number is communicating with. That has only happened about 300 times in the last year and only 22 NSA officials are allowed to look at the information, according to the witnesses at the hearing, which included senior officials from the Justice Department and the FBI.
The NSA is also implementing a buddy system of sorts aimed at preventing unauthorized leaks by about 1,000 fairly low-level IT systems administrators, the position held by Edward Snowden, who first disclosed a court order connected to the NSA's massive collection of cellphone metadata.
"Working with the Director of National Intelligence, what we're doing is working to come up with a two-person rule and oversight for those [individuals] and ensure we have a way of blocking people from taking information out of our system," Alexander told lawmakers. Basically, systems administrator accessing sensitive information will need someone else there to make sure they don't abscond with it.
Alexander also disclosed some more details about what kind of information Snowden was able to access on NSA's internal networks. The systems administrator did not have access to specific intelligence that was collected by the NSA, but rather only to documents that "say how we do our business," said Alexander.
"To get to any data like the business records [call-tracking data] that we're talking about, that's in an exceptionally controlled area," said Alexander. "You would have to have specific certificates to get into that. I am not aware that...Snowden, had any access to that."
However, Snowden did obtain a copy of the Foreign Intelligence Surveillance Court order directing Verizon to hand over its metadata. That happened while Snowden was attending a training session at the NSA's headquarters in Ft. Meade, Md., Alexander revealed.
"The FISA warrant was on a web server that he had access to as an analyst coming into the Threat Operations Center," said Alexander. "It was in a special classified section that as he was getting his training he went to."
Snowden found other documents such as the slides on the now famous PRISM Internet surveillance program on "open" internal forums that NSA employees could access, Alexander said. "Those are forums that help people understand how to operate NSA's collection authorities."
Alexander sought to defend the NSA's collection of huge amounts of telephone and Internet data as key tools that the government uses to disrupt or prevent terrorist attacks. All told, he said, NSA's activities have potentially disrupted more than 50 terrorist events around the globe, including at least ten inside the United States.
In 90-percent of those 50 cases, collection pursuant to section 702 of FISA contributed to the government's efforts, Alexander said. (That section governs the collection and analysis of Internet data associated with the PRISM system.) And in 50-percent of those cases, the collection authority was "critical" to stopping an attack, Alexander said.
Of the ten potential attacks in the United States, telephone metadata was used in the "vast majority" of investigations, he said. Administration officials have said the metadata is only used to determine if a foreign terrorism suspect is making contact with individuals in the United States. Alexander said that the number of cases in which metadata played a role stopping a plot was probably more than ten, but he wanted to confirm the estimate with other intelligence officials before nailing down a precise number.
FBI Deputy Director Sean Joyce described four specific terrorism cases in which officials used information collected through PRISM or the metadata system:
Whether you call him a hero or a traitor, it looks like Edward Snowden's disclosure of the NSA's gathering of phone records in bulk may in fact lead to the practice ending.
Additional reporting by Shane Harris.
National Security Agency chief Gen. Keith Alexander is set to testify before the House intelligence committee Tuesday on the NSA's vast operations to collect the phone and Internet records of millions of people.
Nothing overtly illegal has surfaced - at least not yet -- in the nearly two weeks since NSA's data-collection efforts were leaked to The Guardian and The Washington Post. But there are still all sorts of question marks surrounding the activities that America's digital spies are undertaking on U.S. soil. Here are seven questions we'd like the Representatives to ask tomorrow.
While we're at it, we'd like to ask the tech companies like Apple, how on Earth are their legal departments able to quickly analyze through the thousands of government requests to view customer data and determine how to respond? Maybe these tech company CEOs will be the next witnesses as Congress tries to untangle this vast NSA surveillance web.
Apple today joined the chorus of tech firms revealing they have given the U.S. government access to data on tens of thousands of customer "accounts and devices." But the tech giant claimed that most of those data dumps have nothing to do with NSA surveillance.
Over a five-month period between December 2012 and May 2013, the California tech giant received 4,000 to 5,000 requests by U.S. law enforcement agencies to view customer involving 9,000 to 10,000 user accounts and devices, according to a statement on its website. The "most common" requests came from police investigating crimes such as robberies, "looking for missing children, trying to locate a patient with Alzheimer's disease or hoping to prevent a suicide."
Still, Apple notes that some of these cases involve "national security matters," meaning intelligence agencies like the NSA are involved.
(The businesses on the receiving end of these government requests are barred from revealing the exact details of the volume of government request, hence the relatively broad statistics provided. Google is trying to change that.)
The disclosure by Apple -- as well as by tech giants Microsoft and Facebook -- reveals just how large the government's surveillance of people's online activities is, even when limited to a small slice of the firm's clients. Apple and the other tech companies are disclosing this information in the wake of news reports that the National Security Agency had "direct access" to customer information on the firm's servers under one such program called PRISM. Keep in mind that PRISM is just one of many NSA programs aimed at collecting all sorts of electronic information, from telephone calls to sharing "digital threat signatures" with Internet service providers around the globe -- all of which is supposed to be aimed at foreign sources not at American citizens.
However, it remains unclear how much data on Americans who are not suspected of having ties to terrorists or involved in law enforcement investigations are accidentally scooped up by agencies like the NSA and what, exactly is done to "minimize" the amount of personal information about Americans that is accidentally collected by intelligence agencies.
In the nearly two weeks since news of PRISM -- the so-called "direct access" program -- emerged, the companies listed on a slideshow provided to The Guardian and The Washington Post by former NSA contractor Edward Snowden, as participating in PRISM have denied giving the government wide-ranging access to their customers' data.
However, the firms may not know they are participating in the program if it relies on data they turn over to the government under the types of law enforcement and national security requests Apple described in its statement.
"The only access [to specific user data] is a fraction of a fraction of a percent," House intelligence committee chair and staunch defender of the National Security Agency's surveillance operations Mike Rogers told reporters last week when discussing the government's access to tech firm's user data under a number of programs designed to collect information on foreign threats to the United States. (In order to access the contents of American's email, NSA is supposed to work with the FBI and request a warrant to do so from a Foreign Intelligence Surveillance Act court.)
Apple goes on to say that it's legal team conducts an evaluation of each request, and "only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities."
It's also unclear how exactly the tech giants' legal teams manage to quickly sift through the thousands of government requests pouring in to determine which are legal and which ones they should fight.
The company insists that it doesn't "retain" data on iMessage and FaceTime conversations along with customer locations, map searches and Siri queries.
"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them" said the statement. Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."
Still, Apple (and therefore the government or a hacker) could, in theory, get to at least some of your "encrypted" data when you store it on Apple's servers. That's because Apple ultimately holds your encryption keys, according to some cryptography experts.
Apple's disclosure comes after Facebook revealed that it received between 9,000 and 10,000 government requests to view user data over the last six months of 2012. Those government requests sought to access information from 18,000 to 19,000 Facebook "user accounts."
Just like the request Apple received, these requests come from everyone from local sheriffs looking for missing children to "a national security official investigating a terrorist threat," according to a statement by Facebook's General Council Ted Ullyot on Friday.
Microsoft also on Friday revealed how much data has been requested by the federal, state and local government entities:
"For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities," said the Seattle-based firm.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.