New Technologies Give Government Ample Means to Track Suspects, Study Finds
WASHINGTON — For more than two years the F.B.I. and intelligence agencies have warned that encrypted communications are creating a “going dark” crisis that will keep them from tracking terrorists and kidnappers.
Now, a study in which current and former intelligence officials participated concludes that the warning is wildly overblown, and that a raft of new technologies — like television sets with microphones and web-connected cars — are creating ample opportunities for the government to track suspects, many of them worrying.
“ ‘Going dark’ does not aptly describe the long-term landscape for government surveillance,” concludes the study, to be published Monday by the Berkman Center for Internet and Society at Harvard.
The study argues that the phrase ignores the flood of new technologies “being packed with sensors and wireless connectivity” that are expected to become the subject of court orders and subpoenas, and are already the target of the National Security Agency as it places “implants” into networks around the world to monitor communications abroad.
The products, ranging from “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” will give the government increasing opportunities to track suspects and in many cases reconstruct communications and meetings.
The study, titled, “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” is among the sharpest counterpoints yet to the contentions of James B. Comey, the F.B.I. director, and other Justice Department officials, mostly by arguing that they have defined the issue too narrowly.
Over the past year, they have repeatedly told Congress that the move by Apple to automatically encrypt data on its iPhone, and similar steps by Google and Microsoft, are choking off critical abilities to track suspects, even with a court order.
President Obama, however, concluded last fall that any effort to legislate a government “back door” into encrypted communications would probably create a pathway for hackers — including those working for foreign governments like Russia, China and Iran — to gain access as well, and create a precedent for authoritarian governments demanding similar access.
Most Republican candidates for president have demanded that technology companies create a way for investigators to unlock encrypted communications, and on the Democratic side, Hillary Clinton has taken a tough line on Silicon Valley companies, urging them to join the fight against the Islamic State.
Apple’s chief executive, Timothy D. Cook, has led the charge on the other side. He recently told a group of White House officials seeking technology companies’ voluntary help to counter the Islamic State that the government’s efforts to get the keys to encrypted communications would be a boon for hackers and put legitimate business transactions, financial data and personal communications at greater risk.
The Harvard study, funded by the Hewlett Foundation, was unusual because it involved technical experts, civil libertarians and officials who are, or have been, on the forefront of counterterrorism. Larry Kramer, the former dean of Stanford Law School, who heads the foundation, noted Friday that until now “the policy debate has been impeded by gaps in trust — chasms, really — between academia, civil society, the private sector and the intelligence community” that have impeded the evolution of a “safe, open and resilient Internet.”
Among the chief authors of the report is Matthew G. Olsen, who was a director of the National Counterterrorism Center under Mr. Obama and a general counsel of the National Security Agency.
Two current senior officials of the N.S.A. — John DeLong, the head of the agency’s Commercial Solutions Center, and Anne Neuberger, the agency’s chief risk officer — are described in the report as “core members” of the group, but did not sign the report because they could not act on behalf of the agency or the United States government in endorsing its conclusions, government officials said.
“Encryption is a real problem, and the F.B.I. and intelligence agencies are right to raise it,” Mr. Olsen said Sunday. But he noted that in their testimony officials had not described the other technological breaks that are falling their way, nor had they highlighted cases in which they were able to exploit mistakes made by suspects in applying encryption to their messages.
He noted that in the current stalemate there was little discussion of the “ever-expanding ‘Internet of things,’ where telemetry from teakettles, televisions and light bulbs might prove surprisingly, and worryingly, amenable to subpoena from governments around the world.”
Those technologies are already being exploited: The government frequently seeks location data from devices like cellphones and EZ Passes to track suspects.
The study notes that such opportunities are expanding rapidly. A Samsung “smart” television contains a microphone meant to relay back to Samsung voice instructions to the TV — “I want to see the last three ‘Star Wars’ movies” — and a Hello, Barbie brought out by Mattel last year records children’s conversations with the doll, processes them over the Internet and sends back a response.
The history of technology shows that what is invented for convenience can soon become a target of surveillance. “Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” the report said.
These communications, too, may one day be encrypted. But Google’s business model depends on picking out key words from emails to tailor advertisements for specific users of Gmail, the popular email service. Apple users routinely back up the contents of their phones to iCloud — a service that is not encrypted and now is almost a routine target for investigators or intelligence agencies. So are the tracking and mapping systems for cars that rely on transmitted global positioning data.
“I think what this report shows is that the world today is like living in a big field that is more illuminated than ever before,” said Joseph Nye, a Harvard government professor and former head of the National Intelligence Council. “There will be dark spots — there always will be. But it’s easy to forget that there is far more data available to governments now than ever before.”
Hackers Allegedly Hijack Drone After Massive Breach at NASA
Members of the AnonSec hacking group have released more than 276GB of data after allegedly spending months inside NASA’s internal network.
The collection of files, provided to Infowars by AnonSec admin Dêfãult Vírüsa prior to being made public Sunday, include 631 videos from aircraft and weather radars, 2,143 flight logs as well as the names, email addresses and phone numbers of 2,414 NASA employees.A “zine,” or self-published paper detailing the hack, dubbed “OpNasaDrones,” reveals everything from AnonSec’s motives to the specific technical vulnerabilities that enabled the extensive breach.
“NASA has been breached more times than most people can honestly remember… However, this hack into NASA wasn’t initially focused on drones [sic] data and upper atmosphere chemical samples. In fact the original breach into NASA systems wasn’t even planned, it was caught up in a gozi virus spread,” the hackers write, referring to an infamous Trojan that has infected more than 1 million computers to date.
The Hack
After purchasing an “initial foothold” from a hacker with knowledge of NASA servers over two years ago, the group says it began testing how many machines it could “break into” and “root” – a term referring to an account with complete control over a computer or network.
Brute forcing an administrator’s SSH password, which reportedly only took “0.32” seconds due to the credentials being left as default, AnonSec gained further access inside – allowing them to grab even more login data with a hidden packet sniffer (tcpdump).
The hackers say while some members mapped the network, others analyzed the “different missions, airbases and aircraft” listed by the agency. Public missions like “OIB – Operation Ice Bridge” and drones such as the “Global Hawk“ were among those mentioned.
Deleting records of their presence as they hacked deeper into the agency’s system, AnonSec, who even hacked security cameras and uncovered the schematics to one base’s camera layout, then infiltrated the networks at “Glenn Research Center, Goddard Space Flight Center and Dryden Flight Research Center.”
Once inside, the group says it began noticing numerous systems and networked devices “popping up in scans that were not previously visible…”
After sniffing a password belonging to the system administrator, the hackers say they were eventually able to gain full root access to three network-attached storage (NAS) devices tasked with compiling backups of aircraft flight logs.
“Now we had all 3 NAS devices automatically making copies of the logs as they are uploaded from the drones and renaming them to look like semi ordinary index files,” the group writes, mocking the system administrator responsible for protecting the data.
Hackers Attempt to Crash Drone into Pacific Ocean
As the information began flowing unsuspectingly to an AnonSec-controlled server outside of the NASA network, analysis of the data yielded what the hackers described as “weird traffic.”
According to the group, the traffic consisted of “pre-planned route option” files which allow NASA to upload specific flight paths prior to take off.
After protest from several hackers, the group says it decided to carry out a man-in-the-middle (MiTM) attack several months later that replaced the drone route file with one of their own in an attempt to crash the aircraft into the ocean.
“Several members were in disagreement on this because if it worked, we would be labeled terrorists for possibly crashing a $222.7 million US Drone… but we continued anyways lol,” the zine states.
A screenshot from the hackers shows their intended flight path, which they say was cut short after drone pilots on the ground likely noticed the aircraft’s unusual behavior, forcing NASA to restore manual control.
“This recreated flight is from our attempt to crash the GlobalHawk [sic] into the Pacific Ocean but seemed to have been taken off of the malicious pre-planned route and was controlled via SatCom [sic] by a pilot once GroundControl [sic] realized,” the hackers write.
Soon after the alleged drone episode, the group says it was completely shut out from NASA’s networks.
“Whether it was the high amount of traffic sending drone logs across their compromised network or the attempted crashing of a GlowbalHawk [sic] that caused them to FINALLY inspect their networks, we don’t know. But it went down for a while soon after.”
“When they came back up several days later, we had completely lost access.”
Despite NASA’s ability to boot the hackers by changing passwords and patching critical vulnerabilities, vast amounts of information had already been exfiltrated.
“People might find this lack of security surprising but its [sic] pretty standard from our experience,” the group says. “Once you get past the main lines of defense, its [sic] pretty much smooth sailing propagating through a network as long as you can maintain access.”
Aircraft Footage & Flight Logs
The 631 videos siphoned out, filmed during 2012 and 2013, feature footage of weather radar readings as well as both manned and unmanned aircraft in multiple stages of flight.
One 59-minute video from May of 2012 shows one such drone taking off from a NASA runway before cutting out 30 minutes into its mission.
Other videos appear to be above large bodies of ice, likely related to the agency’s climate studies.
Flight logs which seem to coincide with some of the video files include the location of take off, aircraft model, mission name, sensor readings and GPS coordinates.
A screenshot showing a small portion of one log file, possibly from 2014, details the flight of a DC-8 involved in the public “Alternative-Fuel Effects on Contrails and Cruise EmiSSions” project.
The Dox
After examining the list of 2,414 employee names, emails and phone numbers, Infowars was able to confirm the legitimacy of several entries.
Although no calls were answered, names mentioned on each answering machine matched those listed in the hack.
At the time of publishing, Infowars did not receive calls back from any employees on the list or representatives at the Glenn Research Center, Goddard Space Flight Center, Dryden Flight Research Center and the NASA Media Room.
Infowars briefly spoke to NASA’s IT Security Division but did not receive a call back for comment.
Infowars did not receive comment from the FBI after both calling and emailing the agency.
Method Behind the Madness
AnonSec’s zine specifically cites climate engineering methods such as cloud seeding and geoengineering as the main driver behind the hack.
“One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/WeatherModification, whatever you want to call it, they all represent the same thing. NASA even has several missions dedicated to studying Aerosols [sic] and their affects on the environment and weather, so we targeted their systems.”
Cloud seeding, a weather modification method that uses silver iodide to create precipitation in clouds, was most famously used by the U.S. military under “Operation Popeye” during the Vietnam war. After seeding clouds in the northern part of the country, U.S. forces were able to thwart Viet Cong supply lines by creating heavy rain over the Ho Chi Minh Trail.
Geoengineering, according to NASA’s Erik Conway, involves “injecting sulfate particles into the upper atmosphere – essentially mimicking a large volcanic eruption,” in an attempt to reflect sunlight away from the planet.
A poll conducted by the Independent in 2009, outlined in the article “Climate scientists: it’s time for ‘Plan B,'” states that more than 50 percent of climate scientists support looking into geoengineering.
“Just over half – 54 per cent – of the 80 international specialists in climate science who took part in our survey agreed that the situation is now so dire that we need a backup plan that involves the artificial manipulation of the global climate to counter the effects of man-made emissions of greenhouse gases.”
The hackers link to several mainstream reports and patents as evidence of current weather modification programs.
A 2013 article from Slate entitled, “Climate Intelligence Agency: The CIA is now funding research into manipulating the climate,” examines a 21-month, $630,000 project carried out by The National Academy of Sciences.
“The goal of the CIA-backed NAS study is to conduct a ‘technical evaluation of a limited number of proposed geoengineering techniques,’ according to the NAS website,” the article reads. “Scientists will attempt to determine which geoengineering techniques are feasible and try to evaluate the impacts and risks of each (including ‘national security concerns’).”
Another article from The Telegraph listed by the hackers mentions how “The Chinese government covered Beijing in snow… after meteorologists seeded clouds to bring winter weather to the capital in an effort to combat a lingering drought.”
The hackers argue that if cloud seeding, geoengineering and weather modification “are all publicly acknowledged as real, why are Chemtrails [sic] discredited when its [sic] literally the same exact thing just with a different name?”
“We find it staggering how many people still dont [sic] believe the federal government is doing this when its [sic] already public knowledge that the CIA is funding studies, certain states and countries already have WeatherModification [sic] programs in place for the past several years, not to mention all the government whistleblowers,” the zine says.
AnonSec’s Dêfãult Vírüsa, who spoke with Infowars over encrypted communications, stated that no one involved in the NASA breach has been apprehended by law enforcement.
No comments:
Post a Comment