Announcement

Collapse
No announcement yet.

PRISM

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PRISM

    So the news is out now that the NSA can spy on every email, phone call, and Google/Facebook/Apple have all been cooperating, knowingly or not. In case you missed the news:

    http://www.guardian.co.uk/world/2013...iants-nsa-data

    Yea so this is big. A few thoughts:

    In their favor, we do put information out there in public for all to see. There is even a cute video on YouTube, by the Onion I think, saying that Mark Zuckerberg is a CIA Agent who created the program to get Americans to supply information on themselves in the first place. Turns out they were closer to the truth than anyone thought. And we have always supplied a small amount of data to the government in the form of tax returns, licensing boards, background checks, heck I just renewed my dog's license and I'm rather surprised they wanted so much information on a dog afraid to leave the house. No one says I need a dog license. And no one says you need to file taxes. And you may just scoot by under the radar.

    But this is huge. Nixon fell because he tapped a hotel room. While I was never for the PATRIOT ACT I don't think this was ever envisioned. I wonder about all the staff involved in it and if they ever wondered about its legalities or not (Part of me still wonders if the whole thing is a hoax, but I think that would have come out already).

    The press remains a faithful lapdog to the Administration, unless of course this can be blamed on a former Administration. The chips have not yet fallen.

    Remember the picture of the kid who licked the stack of shells at Taco Bell the other day? Well we are the shells and the NSA is the guy. And we're taking it.

    At DC20 the Director of the NSA stood up in front of the Defcon attendees and said right out that we have no worries about being spied on, that there simply is not enough staff too watch every American. I recall him saying something along the lines of even watching everyone in the room at the time would be an tough task. So either the General is lying to thousands of us right to our faces, or he is ignorant to a program of this magnitude (which is possible, but that means there are even bigger programs under his control, and PRISM is a fly speck).

    We still have time for some enterprising vendors to come out with t-shirts, software, or other products for DC21. I'm very interested to hear what .gov has to say about all this. And if they have stopped a hundred 9/11s as a result of PRISM, they need to tell us about it.

    My two cents.

  • #2
    Re: PRISM

    Wow, nobody responded to this? I guess the forums are a ghost town? :(

    I've mostly been concerned with another program of the NSA's revealed under another whistleblower, William Binney. This program is called Stellar Wind:

    http://en.wikipedia.org/wiki/Stellar_Wind_(code_name)

    It's hard to tell how related the two programs are. I haven't seen William Binney speak to that directly. But it generally sounds like "big data" style modelling on the social networks of Americans, attempting to pick out the bad apples by scouring asstons of data.

    William Binney claims the datacenter they're building in Utah will eventually have "yottabyte" capacity, which is basically unfathomable right now.

    This belies the fact that they have taps on at least 10 tier 1-ish facilites around the country, which lets them consume an awful lot of traffic. Who knows what they're looking for... they certainly won't tell us. But at least they have a gigantic ass datacenter to put all the raw data in.

    Here's the really scary part: they can grab your ciphertexts, wait 10 years (or 20 years, etc) until a quantum computer is developed, then use Shor's algorithm to break all your TLS sessions, GPG encrypted communications, and anything else protected by public key cryptography. This will continue to be a problem until we switch away from pubkey ciphers like RSA and ECC to "post-quantum" ciphers like McEliece and McBits, and digital signatures like Lamport signature schemes.

    Scary shit. You might want to avoid sending anything in plaintext over the Internet that you wouldn't mind shouting on a megaphone in a crowded park
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

    Comment


    • #3
      Re: PRISM

      Don't forget that stuff is shrinking. Moore's Law is being challenged as we grow better than exponentially. We'll have a Yottabyte in an iPod before you think. I may not live to see it, but some will. Remember the picture of a 5MB drive being loaded onto an airplane with a forklift? Yea, like that.

      So maybe by the time the datacenter is completed on the outside it only need be 1/10th the size originally expected. Or it can hold ten times more. The examples online also use 1TB drives and we are up to 4TB at Best Buy and you know what they say, by the time you and I can afford it, it's already antiquated.

      When I was a kid we were told that one day all the data in the world will eventually fit in a cube the size of a cube of sugar. That was easier to believe than the TVs that will hang on the walls like pictures. Yet here we are.

      Were we ever watched this much in the past? I mean, in relation to the technology available at the time? Is this really anything new? Was it worse when you were supposed to spy on your neighbor and report if they were a commie sympathizer? Or if we go back a few centuries, report that they were a witch?

      As we abdicate personal responsibility and allow the government to be our master, whether voluntarily (Welfare) or involuntarily (Social Security contributions), the way we'd maintain ourselves is now no longer of our concern. The intent of the federal government is to give the citizens a secure area to frolic and thrive. Like a shepherd providing the fence (border security) and sheepdog (internal security) for the sheep. And if it works right, the sheep will never know either exist as they go along their happy way. Sort of like how we want our young kids to feel. Let them believe in the magical before they grow up and learn how hard life really is.

      It has been a few weeks now and there is hardly a peep about all this. DuckDuckGo has received a lot of good press, and I was using them anyway. But what else? I even heard the argument that Yahoo and Google can afford to give up all free email and stuff because of the data we happily surrender that turns into gold for them. So it's all about freedom of choice. And the freedom to no longer choose freedom.

      Comment


      • #4
        Re: PRISM

        FWIW just got the new WIRED magazine with General Alexander and the NSA as the cover story. Good read if you have access to it.

        Comment


        • #5
          Re: PRISM

          How PRISM works: Feds obtain a warrant, in a court, against a named foreign person deemed to be of intelligence interest, according to the foreign intelligence requirements of a government democratically elected by, and ultimately answerable to the citizens of the United States.

          The feds then issue said warrant to Google/Yahoo/whoever, and in response that company uploads the relevant data to an SFTP drop box. The data then makes it way through the great SIGINT machine to intel analysts.

          There's nothing newsworthy about PRISM.

          The wholesale collection of CDRs, including those for local calls is an infinitely more interesting topic, and a completely separate issue. This is the issue that has attracted some long overdue debate.

          Comment


          • #6
            Re: PRISM

            Originally posted by taclane View Post
            How PRISM works: Feds obtain a warrant, in a court, against a named foreign person deemed to be of intelligence interest, according to the foreign intelligence requirements of a government democratically elected by, and ultimately answerable to the citizens of the United States.

            The feds then issue said warrant to Google/Yahoo/whoever, and in response that company uploads the relevant data to an SFTP drop box. The data then makes it way through the great SIGINT machine to intel analysts.

            There's nothing newsworthy about PRISM.

            The wholesale collection of CDRs, including those for local calls is an infinitely more interesting topic, and a completely separate issue. This is the issue that has attracted some long overdue debate.
            Um, no.

            Here's how it REALLY works:

            Feds tap Tier-1 facilities and capture/store EVERYTHING coming across the wire for an unspecified amount of time (i.e. indefinitely)

            Feds believe something is being plotted, they can then sift through the data collected to find exactly what they're looking for. If it points to emails being sent back and forth as a means of coordinating an event, they have those emails, the ip addresses they were sent from, the account login, etc but then "request" direct access to the account used from the provider to peruse as they see fit.

            From there, they build a case, and swoop in on the suspects.

            However...

            Tech like this will only remain accessible by the NSA for so long. Eventually they will hand over limited access to state and local law enforcement agencies to use. I remember some years ago it required a near act of congress for anyone to get access to text messages, tower data, and whatnot from cellphones. Now the cops regularly use it. The same will happen with PRISM.


            Think of PRISM as Netwitness/Solera at your office on mega ultra dynamo supreme steroids. Whatever you want to see, you can see it, down to the pcap.

            Comment


            • #7
              Re: PRISM

              Originally posted by parsec View Post
              Um, no.

              Here's how it REALLY works:

              Feds tap Tier-1 facilities and capture/store EVERYTHING coming across the wire for an unspecified amount of time (i.e. indefinitely)
              The cable interception stuff is not news (2007 called, it wants its news story about Room 641A back.) It's a completely separate issue.

              The cable interception capability is not PRISM. That may be (one of many) methods of identifying potential targets that then later go on to be targeted by PRISM, but it's not PRISM and it's not directly relevant to PRISM.
              Last edited by taclane; July 11, 2013, 18:39.

              Comment


              • #8
                Re: PRISM

                Originally posted by taclane View Post
                The cable interception stuff is not news (2007 called, it wants its news story about Room 641A back.) It's a completely separate issue.

                The cable interception capability is not PRISM. That may be (one of many) methods of identifying potential targets that then later go on to be targeted by PRISM, but it's not PRISM and it's not directly relevant to PRISM.
                I don't think you get it.

                They're running full captures off the wire and storing that data indefinitely. It's like my day job on a far larger scale. I watch the data coming through Netwitness. If there's anything that piques my interest, I can zero in on it down to the pcap. PRISM allows for this to happen (what do you think they're doing out there in Utah?) but adds the ability to go into email accounts and decrypt chat between individuals from US based service providers. While digging through accounts and whatnot supposedly requires authorization from the FISA courts (jokes... I know), the captures themselves apparently don't. Those still happen without a court order.

                Comment


                • #9
                  Opt out of global data surveillance programs!

                  Originally posted by parsec View Post
                  They're running full captures off the wire and storing that data indefinitely. It's like my day job on a far larger scale. I watch the data coming through Netwitness. If there's anything that piques my interest, I can zero in on it down to the pcap. PRISM allows for this to happen (what do you think they're doing out there in Utah?) but adds the ability to go into email accounts and decrypt chat between individuals from US based service providers. While digging through accounts and whatnot supposedly requires authorization from the FISA courts (jokes... I know), the captures themselves apparently don't. Those still happen without a court order.
                  I cannot believe that this discussion here has stopped in December 2013 although it's still so important! Let me add some valuable news for everyone who wonders which open-source tools to use on different Operating Systems and Devices to fight back against all this creepy surveillance - check out one of my favourite sites: PRISM-BREAK! Feel welcome to add your own tools and other open-source recommendations to improve it on their PRISM-BREAK GitHub.

                  Comment

                  Working...
                  X