New Snowden Documents Reveal US Spying Has Actually Expanded

Uploaded on 2015-06-21 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

U.S Surveillance of international Internet traffic is expanding in the search for evidence of malicious computer hacking.

For anyone still in doubt about the impact of Edward Snowden’s revelations, it might be instructive to review what has been going on in the US Congress over the last few months, with legislators grappling with bills aimed at curbing the surveillance capabilities of the NSA and other federal agencies. In the end, in a classic congressional farce, there was a brief intermission in the NSA’s data-gathering capabilities, after which the Senate passed a bill to end the agency’s bulk collection of the phone records of millions of Americans.

Without public notice or debate, the Obama administration has expanded the National Security Agency's warrantless surveillance of Americans' international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.

In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad—including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

The Justice Department allowed the agency to monitor only addresses and "cyber signatures"—patterns associated with computer intrusions—that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers.

The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses, and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.
While the Senate passed legislation this week limiting some of the NSA's authority, it involved provisions in the USA Patriot Act and did not apply to the warrantless wiretapping program.

Government officials defended the NSA's monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate.

The government can also gather significant volumes of Americans' information—anything from private e-mails to trade secrets and business dealings—through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it.

The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans' rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations.
In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims' data acquired during investigations but also said it continually reviewed its policies "to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes."

None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change.
"The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it," Obama said.

Going Back in Citizen Spy History

In 1946, peace was less than a year old. Labour was in power and the wartime signals intelligence service had been renamed as GCHQ. Building on their wartime collaboration, Britain and America signed an agreement that was to prove crucial to the so-called "special relationship".

They agreed to share intelligence on foreign countries but not to spy on each other's citizens. Later that was extended to five English-speaking countries, and is known as the "five eyes" agreement. This means Australia, Canada, New Zealand and of course the US and UK can spy on their own citizens.

Between 2004 and 2007 the Labour government gave the US National Security Agency permission to use information on innocent British people collected in the process of spying on actual targets.

The Five Eyes agencies have found ways to infiltrate all aspects of modern communications networks: forcing companies to hand over their customers’ data under secret orders, and secretly tapping fibre optic cables between the same companies’ data centres anyway; accessing sensitive financial data through SWIFT, the world’s financial messaging system; spending years negotiating an international agreement to regulate access to the data through a democratic and accountable process, and then hacking the networks to get direct access; threatening politicians with trumped-up threats of impending cyber war while conducting intrusion operations that weaken the security of networks globally; and sabotaging encryption standards and standards bodies, thereby undermining the ability of internet users to secure information.

Ars Technica:       Channel 4:      Giswatch

« Understand Mobile Deep Linking
Magnitude Exploit Kit Adobe Flash Player Vulnerability »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Police CyberAlarm

Police CyberAlarm

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.