Agency claims it didn't know of flaw until public disclosure
As reports of the severity of the Heartbleed OpenSSL bug has spread, so have the rumors. A report from Bloomberg has claimed that the US National Security Agency exploited the flaw for years. In its own defense, the NSA issued an unusually specific statement saying that not only did it not use the exploit, but it didn't even know about it until news of it went public a few days ago.
Huawei servers allegedly penetrated by NSA, possibility of hardware compromise
In an interesting reversal, Snowden-leaked documents are pointing to a pervasive infiltration of Chinese electronics manufacturer Huawei's servers. The NSA's "Operation Shotgiant" allegedly probed connections between Huawei and the Chinese army, but also aimed to attack technology manufactured by the company and use the compromised technology for worldwide surveillance.
Sysadmins, with the keys to networks, lynchpin of NSA plans
More Snowden document leaks have shed light on the US National Security Agency's initiative to compromise system administrators in its quest to gather intelligence on American citizens and potential enemies both foreign and domestic. The documents lay out the NSA's plan to build a network of system administrators, personnel associated with access to networks that the agency wants to implant spyware and other malware.
Meeting scheduled for 4PM, no specific attendees known
President Obama is slated to meet with Facebook CEO Mark Zuckerberg and undisclosed tech company executives later today, according to the White House schedule. On the agenda are further discussions with the executives about recent NSA revelations, and a continuation of the president's "dialogue with them on the issues of privacy, technology, and intelligence."
First Comcast transparency report details government requests for customer data
Comcast received a total of 24,698 requests for customer data from law enforcement officials in 2013, the company has revealed in its first transparency report. The telecommunications provider is joining a number of other technology companies, including competitor Verizon, in providing summary figures to reveal how much data the US government is requesting about its subscribers.
Chief defends Facebook initiatives to protect users from surveillance
Facebook's Chief Security Officer Joe Sullivan claims that the alleged NSA ability to intercept traffic to and from the social network and masquerade as an official Facebook server is "not viable." The executive pointed to the company's shift to SSL data encryption for all Facebook traffic last summer as the primary method of defense against intelligence-gathering agency surveillance.
NSA denies claims of far-reaching blanket spyware installation
As news has spread of the possibility that the US National Security Agency (NSA) was using wide-scale malware in its intelligence-gathering efforts, so have the responses. Over the last two days, Facebook founder Mark Zuckerberg has penned a harshly-worded response, including making a call to President Barack Obama. Additionally, the NSA has refuted the claim, saying that all it is doing is supporting "lawful and appropriate foreign intelligence operations" in accordance with US law.
NSA shifting from personal hack to 'industrial scale' widespread attacks
Recently-examined Snowden-leaked documents have shown that the NSA is looking at significantly growing its ability to install malware on a large scale, using automated systems and falsified websites. The documents detail efforts to fake a Facebook server, with the targeted population infected upon visitation of the spoof site.
Whistleblower addresses US cyber defense weakness, need for privacy
Despite US officials' protestations, NSA whistleblower Edward Snowden addressed a packed venue at SXSW today, by way of a Google Hangout routed through no less than seven proxies. In his hour-long moderated conversation, Snowden said that end-to-end encryption with readily-accessible tools are the keys to privacy. Additionally, he cited NSA leadership and intrusive surveillance as a reason for the onslaught of digital intrusion by hostile powers, caused by weakening of US cyber defenses.
Automated facial recognition performed on webcam stills by UK security agency
The British security intelligence agency GCHQ secured millions of photographs from webcams used with Yahoo's chat services, a report alleges. The agency is claimed to have captured and stored images from more than 1.8 million users in one six month period in 2008 alone, with the surveillance activities said to have continued from 2008 to 2010, though it is possible the program continued for years afterward.
No plan currently agreed upon, shutdown still possible
As directed by the Obama administration, a cadre of federal lawyers have developed a quartet of plans to restructure the National Security Agency (NSA) phone monitoring program. The proposals run the range from officially running operations through the telephone companies with full approval and support, all the way to completely shutting the program down, according to people familiar with the matter.
Agrees to measures requiring court approval for NSA metadata searches
The Foreign Intelligence Surveillance Court has given its approval to changes President Barack Obama has requested as part of a surveillance reforms speech last month. Two measures in the reforms have been accepted by the court, which will affect the way the National Security Agency (NSA) searches its phone records database in the future.
Denial of Service attacks employed against hacking groups by UK intelligence agency
A spy unit under the control of the United Kingdom's intelligence services was used to attack the Anonymous and LulzSec hacking groups, according to GCHQ documents leaked by Edward Snowden. The Government Communications Headquarters (GCHQ) used the unit to deploy distributed denial of service (DDOS) attacks against the groups, a similar strategy employed by the hackers themselves.
FISA requests detailed in agreement with US government
A group of tech companies have released more information about government requests from the NSA and other agencies for user information, as part of their transparency reporting programs. Google, Facebook, LinkedIn, Yahoo, and Microsoft have all posted more statistics online for these Foreign Intelligence Surveillance Act (FISA) requests, following an agreement between the companies and the US Department of Justice (DoJ).
Suggests third-party app networks may be entry point
Angry Birds developer Rovio has issued a new official statement, denying collaborating with the NSA, GCHQ, or any other government agency It emerged yesterday that the NSA and GCHQ have been using the "leaky" nature of some smartphone apps to collect data about individuals. Rovio suggests that the spy agencies may be gathering data from third-party ad networks without its consent. "If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance," the company comments.
NSA,GCHQ allegedly claimed to collect information on individuals from mobile advertising
Intelligence agencies in the United States and the United Kingdom are allegedly taking advantage of smartphone apps to collect a wealth of information about individuals, in new spying allegations. The National Security Agency (NSA) and the UK's Government Communications Headquarters (GCHQ) are able to use the "leaky" nature of popular mobile phone apps to extract information about an individual, according to new leaked documents.
Truth of statement difficult to verify
ABC has released another clip from its interview with Tim Cook and other Apple executives. In the new piece, Cook discuses the National Security Agency's domestic spying operations, and whether or not the agency has direct access to Apple servers, as it does at some other corporations like AT&T. "I've been pushing very, very hard to open the books and be totally transparent," he says. "Much of what has been said isn't true; there is no back door. The government doesn't have access to our servers. They would have to cart us out in a box for that. And that just will not happen. We feel that - strongly about it. But I do want to be transparent, because I think transparency would help put everything in perspective."
Collection programs such as Prism is illegal according to review board
An independent federal watchdog has decided that the National Security Agency's (NSA) phone call logging and collection activity is illegal. The Privacy and Civil Liberties Oversight Board advises that the call log collection provided "minimal" benefits to current counter-terrorism operations and should be stopped, in a 238-page report set to be released today.
Carrier receives over 1K national security letters
Amid increased scrutiny over privacy regulations, Verizon has released its first transparency report detailing the number and type of government requests for customer data. The carrier was asked to respond to over 320,000 requests from federal, state or local law-enforcement agencies in the US during 2013. Notably, nearly 1,500 of the requests resulted in wiretaps and between 1,000 and 2,000 National Security Letters were included in the numbers.
Collected data to be handed to third party, judicial findings required for access
The United States government will reform the way it uses surveillance data, President Barack Obama has announced. Addressing concerns over the National Security Agency (NSA) and the various programs employed to monitor potential threats, Obama outlined a number of changes in how the data will be accessed by security agencies as he attempts to ease the concerns of US citizens.
New program gathers data for trend analysis, profiling of selectees
The revelations of the NSA surveillance first broken by Edward Snowden continue. The NSA is accused of building the "Dishfire" surveillance network, which targets 200 million text messages per day for collection and analysis. Information collected by the program allegedly includes names, phone numbers, and images.
Says it has 'never worked with the NSA'
Apple has never worked to install backdoors in any of its products for the National Security Agency, and was unaware of a program specifically targeting the iPhone, the company claims in a new statement. Yesterday, German publication Der Spiegel revealed that the NSA has methods of gaining backdoor access to virtually any hardware. One program, codenamed "DROPOUTJEEP," involves planting software on an iPhone to track location, send and receive files, steal text messages, contact lists and voicemail, and even turn on the microphone and camera. Leaked documents from 2008 indicate that the NSA requires "close access," meaning physical access to an iPhone it wants to spy on.
German mag says NSA diverts retail orders to secretly add tracking software, devices
The National Security Agency (NSA) has the ability to bug computers and peripherals being shipped to customers from retail, says a new report allegedly laying out more of the agency's surveillance activities. Some orders for electronics can apparently get redirected to the Tailored Access Operations (TAO) group, run by the NSA, which can secretly add hardware devices and malware to the unit before resealing and forwarding it on to the customer.
RSA blog states no payment from NSA for number generator backdoor
RSA Security has struck out against claims that the company was paid by the National Security Agency (NSA) to sell flawed encryption software that was vulnerable to surveillance. A blog post states that it has never entered into a "secret contract" with the NSA, and that any collaboration between it and the agency has been openly publicized.
Agency pushes vulnerable encryption standard
The National Security Agency has been accused of paying computer-security company RSA $10 million to sell encryption software vulnerable to surveillance, unnamed sources have told Reuters. The agency's role in promoting a crackable encryption standard was exposed earlier this year in documents leaked by former NSA contractor Edward Snowden, however the latest report is the first to detail a formal contract and monetary compensation for compliance.
Meeting originally to have discussed both NSA and healthcare reform
Contrary to many media reports, the gathering of tech executives called to a meeting with President Obama were invited to weigh in on the US' digital surveillance policies and programs, and the topic dominated the two-hour meeting while still touching on other topics, such as the government's Healthcare.gov website and general Internet topics. The tech CEOs and representatives urged the government to adopt stricter rules over various NSA-related programs.
Surfing habits, location tracking claimed performed by security agencies
The National Security Agency (NSA) may have been using cookies from web advertisements in order to track individuals, according to a report. A PREF cookie, a unique identifier typically used in Google's advertising system, has apparently been used by the NSA alongside location data, in order to locate individuals of interest to the agency.
Agents infiltrate World of Warcraft
Eight tech giants, including industry competitors Apple, Google and Microsoft, have joined forces to demand reforms to the US government's surveillance tactics. In an open letter sent to President Barack Obama and members of Congress, the companies argue that current surveillance practices, as detailed in ongoing leaks from former National Security Agency staffer Edward Snowden, have created an imbalance "too far in favor of the state and away from the rights of the individual-rights that are enshrined in our Constitution."
Commission blasts US data-collection methods
The European Commission has called on the US to change its data-collection policies to "restore trust" that has been eroded by recent revelations detailing the National Security Agency's foreign spying programs. The Commission has outlined several recommendations, including an EU-US data protection "umbrella" agreement that would give European citizens the right to legally challenge the US government whenever their personal data is intercepted in the US.
Users will have more encryption options in Q1
Yahoo has announced plans to encrypt all information that moves between its data centers, in an attempt to prevent unauthorized access by the National Security Agency or other government agencies. The company is also preparing to add new encryption options for users, enabling all data to be encrypted on its way to and from Yahoo's servers.
Suggests Apple may be complying with PRISM
Apple's data on requests by law enforcement indicates that the company is relying on a practice known as a "warrant canary," ArsTechnica observes. The concept involves publishing a notice that a warrant hasn't been served, and simply omitting/pulling the notice if the opposite is true. This can be a way of getting around gag orders that prevent organizations from disclosing their compliance with government surveillance.
Search giant registers complaints with NSA, Obama
Google executive chairman Eric Schmidt has spoken out against the National Security Agency, arguing that spying activities on data centers are "outrageous" and "not OK," according to an interview with the Wall Street Journal (sub. required). The executive further suggests that collecting phone records on 320 million people in an attempt to identify "roughly 300 people" is also "bad public policy ... and perhaps illegal."
Spying scandal forces UK government to take caution with mobile devices
The British government is combating the overreaching electronic surveillance by intelligence agencies by banning tablets from closed door meetings, according to reports. A number of iPads used during a presentation to the Cabinet were allegedly seized shortly after it had concluded, for fear that they may be used to listen in on private and secret governmental conversations.
Possible acquisition of Vodafone a politically difficult feat
AT&T's plan to acquire a carrier and operate in Europe may have to be put on hold for a long time, thanks to the National Security Agency (NSA). The revelations of national and international surveillance by the agency is now forcing European officials to scrutinize any attempt by AT&T or any other carrier to purchase a mobile phone network on the continent.
Customers able to download data blocked after company shutdown
Encrypted e-mail service Lavabit has temporarily reopened, to allow customers to retrieve their stored data after the service's shutdown. Customers will be able to change their account password on the service for a 72-hour period starting at 7pm Central Time today, with personal account data being made available to download from Friday for a limited time.
Government considers banning information sharing
Luxembourg's data-protection commissioner has reportedly opened an investigation into connections between Skype and the National Security Agency's PRISM surveillance program, according to a Guardian report. The commissioner is said to be looking into potential violations of the country's data-protection and privacy laws, which could lead to fines or other sanctions.
Request to monitor e-mail escalated to threats of fines, jail time
Encrypted e-mail service Lavabit was pressured by the FBI to provide private SSL keys for all of its traffic, according to unsealed court documents that provide more details about the service's shutdown. The Texas e-mail provider's refusal to provide details about one specific account, believed to be that of NSA whistleblower Edward Snowden, forced the courts to threaten daily fines and possible imprisonment if it continued to disobey the FBI's order.
Laws would only offer more precision in reporting gov't. requests
Apple, Google, Microsoft, Facebook, and Yahoo are among the companies that have signed a new Center for Democracy and Technology letter asking the US Congress to pass Rep. Zoe Lofgren's (D-CA) Surveillance Order Reporting Act of 2013, and Sen. Al Franken's (D-MN) Surveillance Transparency Act of 2013. The bills were first introduced in August, and would let companies be more precise about when and how often they receive national security-related requests and hand data over to the government.
2010 slideshow identifies 38 different ways of tracking iPhone users
A National Security Agency presentation from 2010, leaked to Germany's Der Spiegel by Edward Snowden, calls former Apple CEO Steve Jobs "Big Brother" and iPhone customers his "zombies." The presentation is titled Exploring Current Trends, Targets and Techniques, and as a whole discusses NSA efforts to hack into iOS, Android, and BlackBerry devices. Slides on iPhone location services make reference to Apple's own famous "1984" Macintosh ad, and by extension George Orwell's novel warning about government surveillance and the manipulation of history.
Activist group fights for transparency
The Electronic Frontier Foundation has reportedly won a Freedom of Information Act lawsuit against the Justice Department, forcing the agency to make public "hundreds of pages" of documents. The activist group requested material relevant to the government's previously secret interpretation of Section 215 of the Patriot Act, which covers collection of "tangible things" related to investigations.
NSA has obtained encryption keys both legally, and through extra-legal means
More information provided by intelligence agency document leaker Edward Snowden points to the insecurity of commonly used Internet encryption protocols. Reports circulating today suggest that the NSA can completely decrypt the HTTPS and SSL encryption protocols used in most email clients and other secured Internet services, such as online banking, and e-commerce.
Legal blog shuts down due to lack of privacy in e-mail
Legal blog Groklaw has shut down, citing the potential monitoring of e-mail by the NSA and other government organizations. The closure by founder Pamela Jones makes Groklaw the latest site to close its doors in the wake of the ongoing domestic surveillance scandal, following behind encrypted e-mail service provider Silent Circle and Lavabit.
Company 'sees writing on the wall,' ceases email before legal problems
Following in the footsteps of Lavabit, another encrypted email provider has closed its doors. Silent Circle has announced that it is closing its Silent Mail service, effective immediately, fearing US government legal reprisal. The company says that it can "see the writing on the wall" and has decided that it is in the best interest of the company and its customers to cease the service's operation.
Edward Snowden's use of the service attracted federal and NSA attention
Encrypted email service Lavabit has shut down, reportedly due to pressure from the US Federal government. Citing legal fallout from National Security Agency leaker Edward Snowden's use of the service during his confinement in the Moscow airport, founder Ladar Levison closed the service -- saying that a Congressional gag order prevents him from disclosing more details about what specifically led to his decision to close.
Overseas companies react to NSA program
The National Security Agency's PRISM surveillance program is reportedly driving business away from cloud service providers based in the US, according to a survey published by Cloud Security Alliance. The industry organization found that more than half of non-US respondents claimed to be less likely to use US-based cloud providers due to the surveillance revelations, while 10 percent claimed to have already canceled an existing project plan to use US-based cloud providers.
Slides showing data collection workflow accompanied by embassy spying claims
The NSA has the ability to receive updates for a person's online activities as part of real-time surveillance through PRISM, according to newly-released information. Four new slides from a presentation state that the NSA could get "live notifications when a target logs on or sends an e-mail" depending on the source, and could also monitor "text, or voice chat as it happens."
Joins open letter to US Congress to halt spying program
The Wikimedia Foundation has not been compromised under the PRISM spying program, and has not been asked to collect data on behalf of the National Security Agency (NSA), according to a statement released over the weekend. The foundation is also asking for feedback about what it should do about the threat to the privacy of its users and contributors.
Quiet on passive 'backdoor' surveillance
Apple has issued a rare follow-up public statement on the ongoing crisis over the National Security Agency's PRISM spying program. Reports revealed that the NSA is using PRISM to collect communications data from internal servers at major technology companies such as Apple, Facebook, Google, and Microsoft. All of the companies have denied providing a government backdoor; Apple in particular was quick to claim that it had "never heard of PRISM," even though the Washington Post says the company fought against joining PRISM for five years before finally participating. Apple added that it doesn't "provide any government agency with direct access to our servers -- and any government agency requesting customer data must get a court order."
Group seeks deletion of records, admission of constitutional violation
The American Civil Liberties Union, in conjunction with the New York Civil Liberties Union, is suing the US government. The suit alleges that the National Security Agency's phone monitoring program violates the groups' first and fourth amendment Constitutional rights violating freedom of speech, freedom of press, as well as unreasonable search and seizure. Both groups are Verizon customers, and the belief is that the groups' rights are being violated by the sweeping nature of the monitoring program.
Leaked documents allegedly cover PRISM, supporting systems
More documents allegedly related to the National Security Agency (NSA) and its data harvesting activities has surfaced, courtesy of hacking collective Anonymous. The group released a total of 13 documents that it claims "prove that the NSA is spying on you," and that its spying activities are not just covering Americans, but also people in over 35 different countries.