Comprehensive details from Electronic Frontier Foundations website devoted to knowledge of NSA spying
I cover the NSA all the time. I feel it one of or maybe the most important issue facing the US and the rest of the world moving forward. I could argue that income disparity is right there as well. Electronic Frontier Foundation has done an excellent job fighting for and keeping track of virtually every aspect of NSA programs and how they are done.
The US government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001. Since this was first reported on by the press and discovered by the public in late 2005, EFF has been at the forefront of the effort to stop it and bring government surveillance programs back within the law and the Constitution.
History of NSA Spying Information since 2005
(See EFF’s full timeline of events here)
News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americans’ phone calls and Internet communications. Those news reports, combined with a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of American’s telephone and other communications records. All of these surveillance activities are in violation of the privacy safeguards established by Congress and the US Constitution.
In early 2006, EFF obtained whistleblower evidence (.pdf) from former AT&T technician Mark Klein showing that AT&T is cooperating with the illegal surveillance. The undisputed documents show that AT&T installed a fiberoptic splitter at its facility at 611 Folsom Street in San Francisco that makes copies of all emails web browsing and other Internet traffic to and from AT&T customers and provides those copies to the NSA. This copying includes both domestic and international Internet activities of AT&T customers. As one expert observed, “this isn’t a wiretap, it’s a country-tap.” Secret government documents, published by the media in 2013, confirm the NSA obtains full copies of everything that is carried along major domestic fiber optic cable networks.
In June 2013, the media, led by the Guardian and Washington Post started publishing a series of articles, along with full government documents, that have confirmed much of what was reported in 2005 and 2006 and then some. The reports showed – and the government later admitted – that the government is mass collecting phone metadata of all US customers under the guise of the Patriot Act. Moreover, the media reports confirm that the government is collecting and analyzing the content of communications of foreigners talking to persons inside the United States, as well as collecting collecting much more, without a probable cause warrant. Finally, the media reports confirm the “upstream” collection off of the fiberoptic cables that Mr. Klein first revealed in 2006.
(See EFF’s How It Works page here for more)
EFF Fights Back in the Courts
EFF is fighting these illegal activities in the courts. Currently, EFF is representing victims of the illegal surveillance program in Jewel v. NSA, a lawsuit filed in September 2008 seeking to stop the warrantless wiretapping and hold the government and government officials behind the program accountable. In July 2013, a federal judge ruled that the government could not rely on the controversial ‘state secrets’ privilege to block our challenge to the constitutionality of the program. This case is being heard in conjunction with Shubert v. Obama, which raises similar claims.
Also in July, 2013, EFF filed another lawsuit, First Unitarian v. NSA, based on the recently published FISA court order demanding Verizon turn over all customer phone records including who is talking to whom, when and for how long — to the NSA. This so-called “metadata,” especially when collected in bulk and aggregated, allows the government to track the associations of various political and religious organizations. The Director of National Intelligence has since confirmed that the collection of Verizon call records is part of a broader program. In addition to making the same arguments we made in Jewel, we argue in Unitarian First Unitarian v. NSA that this type of collection violates the First Amendment right to association.
Previously, in Hepting v. AT&T, EFF filed the first case against a cooperating telecom for violating its customers’ privacy. After Congress expressly intervened and passed the FISA Amendments Act to allow the Executive to require dismissal of the case, Hepting was ultimately dismissed by the US Supreme Court.
.pdf file covering AT&Ts dragnet surveillance of its customers
Ing In SAn FRAnCISCo AT&T’s internet traffic in San Francisco runs through fiber-optic cables at an AT&T facility located at 611 Folsom Street in San Francisco. Using a device called a “splitter” a complete copy of the internet traffic that AT&T receives – email, web browsing requests, and other electronic communications sent to or from the customers of AT&T’s WorldNet Internet service from people who use another internet service provider – is diverted onto a separate fiber-optic cable which is connected to a room, known as the SG-3 room, which is controlled by the NSA. The other copy of the traffic continues onto the internet to its destination. The SG-3 room was created under the supervision of the NSA, and contains powerful computer equipment connecting to separate networks. This equipment is designed to analyze communications at high speed, and can be programmed to review and select out the contents and traffic patterns of communications according to user-defined rules. Only personnel with NSA clearances – people assisting or acting on behalf of the NSA – have access to this room. Intercepting Communications atAT&T Folsom Street FacilityAT&T Facility611 Folsom Street San FranciscoGovernmentSecretNetworkMillions of communications fromordinary Americans (AT&T customers)Millions of communications fromordinary AmericansABCDAABCDBCDNSA-controlledRoom (641A)S AT&T’s deployment of NSA-controlled surveillance capability apparently involves considerably more locations than would be required to catch only international traffic. The evidence of the San Francisco room is consistent with an overall national AT&T deployment to from 15 to 20 similar sites, possibly more. This implies that a substantial fraction, probably well over half, of AT&T’s purely domestic traffic was diverted to the NSA. At the same time, the equipment in the room is well suited to the capture and analysis of large volumes of data for purposes of surveillance. This is a brief summary of the testimony of Mark Klein, a former AT&T technician, and of expert witness J.
Are cyberwarfare claims overblown?
I personally think it is the next stage of warfare and we will see increasing use of it in the next 20-30 years. As systems become more advanced so do the ways to defeat these systems. This article from MIT makes a compelling argument that we might be making a huge deal about not much as of yet.
Like the atomic bomb in the waning days of World War II, the computer virus known as Stuxnet, discovered in 2010, seemed to usher in a new era of warfare. In the era of cyberwar, experts warned, silent, software-based attacks will take the place of explosive ordinance, tanks, and machine guns, or at least set the stage for them.
Or maybe not. Almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyberweapon ever known to have been deployed. Now some experts in cybersecurity and critical infrastructure want to know why. Are there fewer realistic targets than suspected? Are such weapons more difficult to construct than realized? Or is the current generation of cyberweapons simply too well hid?
Such questions were on the minds of the world’s top experts in the security of industrial control systems last week at the annual S4 conference outside Miami. S4 gathers the world’s top experts on the security of nuclear reactors, power grids, and assembly lines.
At S4 there was broad agreement that—long after Stuxnet’s name has faded from the headlines—industrial control systems like the Siemens Programmable Logic Controllers are still vulnerable.
Eireann Leverett, a security researcher at the firm IOActive, told attendees at the conference that commonplace security practices in the world of enterprise information technology are still uncommon among vendors who develop industrial control systems (see “Protecting Power Grids from Hackers Is a Huge Challenge”). Leverett noted that modern industrial control systems, which sell for thousands of dollars per unit, often ship with software that lacks basic security controls like user authentication, code signing to prevent unauthorized software updates, or event logging to allow customers to track changes to the device.
It is also clear that, in the years since Stuxnet came to light, developed and developing nations alike have seized on cyber operations as a fruitful new avenue for research and development (see “Welcome to the Malware Industrial Complex”). Laura Galante, a former U.S. Department of Defense intelligence analyst who now works for the firm Mandiant, said that the U.S. isn’t just tracking the activities of nations like Russia and China, but also Syria and Stuxnet’s target of choice: Iran. Galante said cyberweapons give smaller, poorer nations a way to leverage asymmetric force against much larger foes.
Even so, truly effective cyberweapons require extraordinary expertise. Ralph Langner, perhaps the world’s top authority on the Stuxnet worm, argues that the mere hacking of critical systems doesn’t count as cyberwarfare. For example, Stuxnet made headlines for using four exploits for “zero day” (or previously undiscovered) holes in the Windows operating system. But Langner said the metallurgic expertise needed to understand the construction of Iran’s centrifuges was far more impressive. Those who created Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country’s uranium enrichment operation.
Concentrating on software-based tools that can cause physical harm sets a much higher bar for discussions of cyberweapons, Langner argues. By that standard, Stuxnet was a true cyberweapon, but the 2012 Shamoon attack against the oil giant Saudi Aramco and other oil companies was not, even though it erased the hard drives of the computers it infected.
Some argue that the conditions for using such a destructive cyberweapon simply haven’t arisen again—and aren’t likely to for a while. Operations like Stuxnet—stealth projects designed to slowly degrade Iran’s enrichment capability over years—are the exception rather than the rule, said Thomas Rid of the Department of War Studies at Kings College in London. “There are not too many targets that would lend themselves to a covert campaign as Stuxnet did,” Rid said.
I personally remember reading about other Cyberweapons being used around the same time as Stuxnet. I am not sure how accurate the article is to discount anything but Stuxnet.
Flame for Example
I do believe any major war in the future will involve conventional warfare with an increasing use of Cyberwarfare elements.