Editorial: The cyber defense crisis by Editorial Board
- Get link
- X
- Other Apps
Editorial: The cyber defense crisis by Editorial Board
US Condemns Attack on Somalia Hotelsby webdesk@voanews.com (VOA News)
The United States says it strongly condemns the recent al-Shabab attack on two hotels and an African Union force position in the Somali capital, Mogadishu. At least 16 people were killed in the attacks on the Weheliye and Siyad hotels on Friday. Mortar rounds were also fired Friday at Mogadishu's former football stadium, which now serves as a key AU base. No casualties were reported in that attack. A U.S. State Department statement Sunday said "al-Shabab once again has...
WARNING GRAPHIC CONTENT: Islamic State fanatics have released one of their most sickening videos yet - new footage of of last year's notorious Speicher massacre in Tikrit, Iraq.
Greece appears to have conceded to pressure from European creditors, accepting a significant number of reforms which it had previously criticised.
Psychologist accused of enabling US torture backed by former FBI chief by Spencer Ackerman in New York
Louis Freeh calls report that preceded Stephen Behnke’s ousting from the American Psychological Association leadership a ‘gross mischaracterization’
A prominent psychologist ousted from the leadership of the the US’s largest professional psychological association for his alleged role in enabling and covering up torture has enlisted a former FBI director to fight back.
Continue reading...
Tranquilized bear falls from tree on Colorado campus but misses the mat. Report by Jennifer Cordingley.
Historic deal to curb Islamic Republic's atomic program in return for sanctions relief could be announced officially on Monday, diplomats say
Next Page of Stories
Loading...
Page 2
The House Speaker talked to "Face the Nation" about nuclear negotiations, Hillary's Benghazi and Bernie woes, and Pope Francis
Pope Francis delivered yet another biting critique of contemporary capitalism on Saturday, saying the poor are often sacrificed on the "altar of money" and accusing the wealthy of worshipping a new "golden calf."
 New York Times |
Donald Trump Defiantly Rallies a New 'Silent Majority' in a Visit to Arizona
New York Times PHOENIX — Donald Trump, the real estate mogul and reality television star who has taken center stage in the race for the Republican presidential nomination this week, delivered a rambling monologue on Saturday, dismissing a long list of critics ... Trump 2016 campaign is ugly, but for Republican Party it could also be fatalSydney Morning Herald Donald Trump Outdoes Himself In Defiant Phoenix SpeechTIME Trump draws thousands in Phoenix, continues immigration themeCNN Washington Post -New York Daily News- ABC News all 1,076 news articles » |
Police: Officer Dies After Fall During Robbery Arrest
New York Times SCRANTON, Pa. — A police officer is dead after suffering a head injury in a fall while trying to capture three teenage robbery suspects. Scranton police say 29-year-old Patrolman John Wilding died Sunday morning. Police chief Carl Graziano says ... and more » |
 Chicago Tribune |
Police officer in Pennsylvania dies after falling during foot chase
Chicago Tribune Police officers observe a moment of silence as they pray for police Officer John Wilding, who died after suffering injuries while helping to apprehend robbery suspects in Scranton, Pa., on July 11, 2015. Police officers observe a moment of silence as ... Police: Officer Pennsylvania Officer, Father of 2, Dies After Fall From Fence During Police...NBC 10 Philadelphia Police: Scranton officer dies after fall during robbery arrest STLtoday.com Police officer, 29, dies after falling while chasing robbery suspectsPennLive.com all 47 news articles » |
 BBC News |
Is this the moment of truth for an Iran deal?
BBC News It's been called the last mile, the last, most difficult stretch of scaling the highest peak, even the last chance. As hard as it is, nobody wants to be the first to walk away from the best hope in many years to secure a long-term deal with Iran on its ... Khamenei: despite nuclear talks, 'we will continue campaign against arrogant US'Jerusalem Post Israel News Iran Leader Ayatollah Ali Khamenei Calls US 'Embodiment of Arrogance'Wall Street Journal Discussions Shift to Endgames as Nuclear Negotiations Drag OnNew York Times Business Standard -Daily News & Analysis -Tehran Times all 924 news articles » |
Next Page of Stories
Loading...
Page 3
Joaquin "El Chapo" Guzman built the world's most powerful drug trafficking organization by digging-- quietly, efficiently, patiently.While he used his money and corrupting influence to burrow into the highest reaches of Mexico's government, Guzman deployed engineering brigades and construction crews to develop the perfect smuggling system: the drug tunnel.Read full article >>
Read the whole story
· ·
Scuffles break out at a rally in Arizona as the billionaire launches a fresh attack against the Mexican government.
An armed standoff between government forces and the group entered its second day after a confrontation between Pravy Sektor and men loyal to a local MP critical of the group turned violent
Read the whole story
· · ·
The Egyptian film legend died two days earlier from a heart attack at the age of 83
Read the whole story
· ·
Pope Wraps up South America Tourby webdesk@voanews.com (Associated Press)
Pope Francis is celebrating the last Mass of his three-nation South America tour on a very special altar. It was made in honor of Paraguay's native Guarani and out of respect for Mother Earth. It is composed of 40,000 ears of corn, 200,000 coconuts and adorned with 1,000 squash gourds. The altar was created by the artist Koki Ruiz, who also included an image of St. Francis of Assisi, the patron saint of the natural world and the pope's namesake. Also...
Pope Francis continued his anti-poverty campaign in Paraguay on Saturday, delivering some choice words for what capitalism has meant for the poor.
“Certainly every culture needs economic growth and the creation of wealth,” the Pope told a gathering of civic leaders, in remarks reported by CNN. But he harshly criticized the gap between the wealthy and the impoverished, saying: “I ask them not to yield to an economic model which is idolatrous, which needs to sacrifice human lives on the altar of money and profit.”
Pope Francis did not mince words, CNN reports, comparing corrupt governments who persecuted political opponents to Hitler and Stalin. He went so far as to compare capitalism to an ancient practice in paganism of worshipping golden calves, saying the practice had “returned in a new and ruthless guise in the idolatry of money and the dictatorship of an impersonal economy.”
The Pope’s message continued from his previous stop in Bolivia, where he advocated for a revolution against the “new colonialism” of austerity programs, citing their inordinate effect on the poor and their “sacred rights” of housing, work, and land.
“Putting bread on the table, putting a roof over the heads of one’s children, giving them health and an education, these are essential for human dignity,” he said.
[CNN]
Next Page of Stories
Loading...
Page 4
Soviet WWII Legend Of Panfilov Guardsmen Debunked As 'Fiction' by support@pangea-cms.com (Tom Balmforth)
The legend of a group of Soviet soldiers hailed as heroes after they died resisting an onslaught of Nazi tanks bearing down on Moscow in 1941 has been exposed by Russian state archivists as fiction.
Mexico: Drug lord 'El Chapo' Guzman escapes through tunnelby By E. EDUARDO CASTILLO and KATHERINE CORCORAN
MEXICO CITY (AP) -- Top drug lord Joaquin "El Chapo" Guzman escaped through a 1.5-kilometer (1 mile) tunnel that opened into the shower area of his cell, Mexico's top security official announced Sunday....
MEXICO CITY (Reuters) - Mexico's most notorious drug lord Joaquin "El Chapo" Guzman has escaped from his high security prison in central Mexico, the country's national security commission (CNS) said on Sunday.
Read the whole story
· ·
BRUSSELS (Reuters) - Skeptical euro zone finance ministers demanded on Saturday that Greece go beyond painful austerity measures accepted by Prime Minister Alexis Tsipras if he wants them to open negotiations on a third bailout for his bankrupt country to keep it in the euro.
Read the whole story
· ·
Rival Republican Blasts Donald Trump as a 'Wrecking Ball'
TIME-49 minutes ago
South Carolina Sen. Lindsey Graham on Sunday denounced fellow GOP presidential candidateDonald Trump as “a wrecking ball for the future ...
Donald Trump didn't let up on immigration comments at his latest rally
Opinion-The Week Magazine-1 hour ago
Opinion-The Week Magazine-1 hour ago
'The Silent Majority Is Back!': Donald Trump Criticizes Border Policy ...
In-Depth-<a href="http://TheBlaze.com" rel="nofollow">TheBlaze.com</a>-15 hours ago
In-Depth-<a href="http://TheBlaze.com" rel="nofollow">TheBlaze.com</a>-15 hours ago
Trump Rally With Sheriff Joe Arpaio Will Be Single Most Anti ...
Blog-Slate Magazine (blog)-9 hours ago
Blog-Slate Magazine (blog)-9 hours ago
Kenyan leaders’ warnings to President Obama not to raise the issue of gay rights on his visit remind us that, globally, the war for LGBTI rights is far from won
One of the most striking images of last month was a White House lit up in rainbow colours to mark the US supreme court’s historic ruling on the legalisation of same-sex marriage; 26 million Facebook users joined the celebration by overlaying their profile picture with a rainbow filter. It was a momentous victory for the movement for same-sex marriage, now legal in 20 countries around the world.
The positive shift in social attitudes towards homosexuality across much of North America, western Europe and Latin America in the past two decades has been remarkable, all the more so in light of the fact that just 60 years ago, homosexuality was almost universally illegal.
This must be seen as an agenda led by African activists, championing African, not western, liberal values
Continue reading...
Read the whole story
· ·
Next Page of Stories
Loading...
Page 5
Times of India |
Italian cyber-security firm suspects foreign government was behind mass attack ...
Reuters ROME Italian cyber-security firm Hacking Team said a government might have been behind a massive hack of its systems and warned that the subsequent leaking of its computer codes could prove a field day for criminals. Unknown hackers last week ... Vocal Republic – Italian cyber-security firm suspects foreign government was...Vocal Republic all 127 news articles » |
Washington Times |
Anti-American sentiment surges in Russia -- and the feeling is mutual
Washington Times Moscow | Anti-Americanism is on the rise in Russia, and the consequences are sometimes lethal. Late last week, a 45-year-old Russian beat an acquaintance to death with his fists after a drinking session in Yaroslavl, a city some 160 miles from Moscow. Attitudes toward the US have never been worse in post-Soviet RussiaBusinessinsider India all 4 news articles » |
Eurasia Review |
American Views On Europe's Geopolitical Clout - Analysis - Eurasia Review
Eurasia Review Roosevelt saw the world as a quasi-unipolar one in which the USA controlled international politics, nominally within the United Nations framework, together with China, Russia and the UK, but in reality as the unquestionably dominant actor. .... The ... and more » |
XKEYSCORE: NSA’s Google for the World’s Private Communications by Morgan Marquis-Boire
Illustrationsby Blue Delliquanti and David Axe for The Intercept
One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Interceptis publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.
The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.
These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”
XKEYSCORE also collects and processes Internet traffic from Americans, though NSA analysts are taught to avoid querying the system in ways that might result in spying on U.S. data. Experts and privacy activists, however, have long doubted that such exclusions are effective in preventing large amounts of American data from being swept up. One document The Intercept is publishing today suggests that FISA warrants have authorized “full-take” collection of traffic from at least some U.S. web forums.
The system is not limited to collecting web traffic. The 2013 document, “VoIP Configuration and Forwarding Read Me,” details how to forward VoIP data from XKEYSCORE into NUCLEON, NSA’s repository for voice intercepts, facsimile, video and “pre-released transcription.” At the time, it supported more than 8,000 users globally and was made up of 75 servers absorbing 700,000 voice, fax, video and tag files per day.
The reach and potency of XKEYSCORE as a surveillance instrument is astonishing. The Guardianreport noted that NSA itself refers to the program as its “widest reaching” system. In February of this year, The Intercept reported that NSA and GCHQ hacked into the internal network of Gemalto, the world’s largest provider of cell phone SIM cards, in order to steal millions of encryption keys used to protect the privacy of cell phone communication. XKEYSCORE played a vital role in the spies’ hacking by providing government hackers access to the email accounts of Gemalto employees.
Numerous key NSA partners, including Canada, New Zealand and the U.K., have access to the mass surveillance databases of XKEYSCORE. In March, the New Zealand Herald, in partnership with The Intercept, revealed that the New Zealand government used XKEYSCORE to spy on candidates for the position of World Trade Organization director general and also members of the Solomon Islands government.
These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.
Bulk collection and population surveillance
XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.
As sites like Twitter and Facebook become increasingly significant in the world’s day-to-day communications (a Pew study shows that 71 percent of online adults in the U.S. use Facebook), they become a critical source of surveillance data. Traffic from popular social media sites is described as “a great starting point” for tracking individuals, according to an XKEYSCORE presentation titled “Tracking Targets on Online Social Networks.”
When intelligence agencies collect massive amounts of Internet traffic all over the world, they face the challenge of making sense of that data. The vast quantities collected make it difficult to connect the stored traffic to specific individuals.
Internet companies have also encountered this problem and have solved it by tracking their users with identifiers that are unique to each individual, often in the form of browser cookies. Cookies are small pieces of data that websites store in visitors’ browsers. They are used for a variety of purposes, including authenticating users (cookies make it possible to log in to websites), storing preferences, and uniquely tracking individuals even if they’re using the same IP address as many other people. Websites also embed code used by third-party services to collect analytics or host ads, which also use cookies to track users. According to one slide, “Almost all websites have cookies enabled.”
The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies.
Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users. In May of this year, CBC, in partnership with The Intercept, revealed that XKEYSCORE was used to track smartphone connections to the app marketplaces run by Samsung and Google. Surveillance agency analysts also use other types of traffic data that gets scooped into XKEYSCORE to track people, such as Windows crash reports.
In a statement to The Intercept, the NSA reiterated its position that such sweeping surveillance capabilities are needed to fight the War on Terror:
“The U.S. Government calls on its intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats. These threats include terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against the United States and our allies; and international criminal organizations.”
Indeed, one of the specific examples of XKEYSCORE applications given in the documents is spying on Shaykh Atiyatallah, an al Qaeda senior leader and Osama bin Laden confidant. A few years before his death, Atiyatallah did what many people have often done: He googled himself. He searched his various aliases, an associate and the name of his book. As he did so, all of that information was captured by XKEYSCORE.
XKEYSCORE has, however, also been used to spy on non-terrorist targets. The April 18, 2013 issue of the internal NSA publication Special Source Operations Weekly boasts that analysts were successful in using XKEYSCORE to obtain U.N. Secretary General Ban Ki-moon’s talking points prior to a meeting with President Obama.
XKEYSCORE for hacking: easily collecting user names, passwords and much more
XKEYSCORE plays a central role in how the U.S. government and its surveillance allies hack computer networks around the world. One top-secret 2009 NSA document describes how the system is used by the NSA to gather information for the Office of Tailored Access Operations, an NSA division responsible for Computer Network Exploitation (CNE) — i.e., targeted hacking.
Particularly in 2009, the hacking tactics enabled by XKEYSCORE would have yielded significant returns as use of encryption was less widespread than today. Jonathan Brossard, a security researcher and the CEO of Toucan Systems, told The Intercept: “Anyone could be trained to do this in less than one day: they simply enter the name of the server they want to hack into XKEYSCORE, type enter, and are presented login and password pairs to connect to this machine. Done. Finito.”Previous reporting by The Intercept revealed that systems administrators are a popular target of the NSA. “Who better to target than the person that already has the ‘keys to the kingdom?’” read a 2012 post on an internal NSA discussion board.
This system enables analysts to access web mail servers with remarkable ease.
The same methods are used to steal the credentials — user names and passwords — of individual users of message boards.
Hacker forums are also monitored for people selling or using exploits and other hacking tools. While the NSA is clearly monitoring to understand the capabilities developed by its adversaries, it is also monitoring locations where such capabilities can be purchased.
Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.”
Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”
These facts bolster one of Snowden’s most controversial statements, made in his first video interview published by The Guardian on June 9, 2013. “I, sitting at my desk,” said Snowden, could “wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email.”
Indeed, training documents for XKEYSCORE repeatedly highlight how user-friendly the program is: with just a few clicks, any analyst with access to it can conduct sweeping searches simply by entering a person’s email address, telephone number, name or other identifying data. There is no indication in the documents reviewed that prior approval is needed for specific searches.
In addition to login credentials and other target intelligence, XKEYSCORE collects router configuration information, which it shares with Tailored Access Operations. The office is able to exploit routers and then feed the traffic traveling through those routers into their collection infrastructure. This allows the NSA to spy on traffic from otherwise out-of-reach networks. XKEYSCORE documents reference router configurations, and a document previously published byDer Spiegel shows that “active implants” can be used to “cop[y] traffic and direc[t]” it past a passive collector.
XKEYSCORE for counterintelligence
Beyond enabling the collection, categorization, and querying of metadata and content, XKEYSCORE has also been used to monitor the surveillance and hacking actions of foreign nation states and to gather the fruits of their hacking. The Intercept previously reported that NSA and its allies spy on hackers in order to collect what they collect.
Once the hacking tools and techniques of a foreign entity (for instance, South Korea) are identified, analysts can then extract the country’s espionage targets from XKEYSCORE, and gather information that the foreign power has managed to steal.
Monitoring of foreign state hackers could allow the NSA to gather techniques and tools used by foreign actors, including knowledge of zero-day exploits—software bugs that allow attackers to hack into systems, and that not even the software vendor knows about—and implants. Additionally, by monitoring vulnerability reports sent to vendors such as Kaspersky, the agency could learn when exploits they were actively using need to be retired because they’ve been discovered by a third party.
Seizure v. searching: oversight, audit trail and the Fourth Amendment
By the nature of how it sweeps up information, XKEYSCORE gathers communications of Americans, despite the Fourth Amendment protection against “unreasonable search and seizure” — including searching data without a warrant. The NSA says it does not target U.S. citizens’ communications without a warrant, but acknowledges that it “incidentally” collects and reads some of it without one, minimizing the information that is retained or shared.
But that interpretation of the law is dubious at best.
XKEYSCORE training documents say that the “burden is on user/auditor to comply with USSID-18 or other rules,” apparently including the British Human Rights Act (HRA), which protects the rights of U.K. citizens. U.S. Signals Intelligence Directive 18 (USSID 18) is the American directive that governs “U.S. person minimization.”
Kurt Opsahl, the Electronic Frontier Foundation’s general counsel, describes USSID 18 as “an attempt by the intelligence community to comply with the Fourth Amendment. But it doesn’t come from a court, it comes from the executive.”
If, for instance, an analyst searched XKEYSCORE for all iPhone users, this query would violate USSID 18 due to the inevitable American iPhone users that would be grabbed without a warrant, as the NSA’s own training materials make clear.
Opsahl believes that analysts are not prevented by technical means from making queries that violate USSID 18. “The document discusses whether auditors will be happy or unhappy. This indicates that compliance will be achieved by after-the-fact auditing, not by preventing the search.”
Screenshots of the XKEYSCORE web-based user interface included in slides show that analysts see a prominent warning message: “This system is audited for USSID 18 and Human Rights Act compliance.” When analysts log in to the system, they see a more detailed message warning that “an audit trail has been established and will be searched” in response to HRA complaints, and as part of the USSID 18 and USSID 9 audit process.
Because the XKEYSCORE system does not appear to prevent analysts from making queries that would be in violation of these rules, Opsahl concludes that “there’s a tremendous amount of power being placed in the hands of analysts.” And while those analysts may be subject to audits, “at least in the short term they can still obtain information that they shouldn’t have.”
During a symposium in January 2015 hosted at Harvard University, Edward Snowden, who spoke via video call, said that NSA analysts are “completely free from any meaningful oversight.” Speaking about the people who audit NSA systems like XKEYSCORE for USSID 18 compliance, he said, “The majority of the people who are doing the auditing are the friends of the analysts. They work in the same office. They’re not full-time auditors, they’re guys who have other duties assigned. There are a few traveling auditors who go around and look at the things that are out there, but really it’s not robust.”
In a statement to The Intercept, the NSA said:
“The National Security Agency’s foreign intelligence operations are 1) authorized by law; 2) subject to multiple layers of stringent internal and external oversight; and 3) conducted in a manner that is designed to protect privacy and civil liberties. As provided for by Presidential Policy Directive 28 (PPD-28), all persons, regardless of their nationality, have legitimate privacy interests in the handling of their personal information. NSA goes to great lengths to narrowly tailor and focus its signals intelligence operations on the collection of communications that are most likely to contain foreign intelligence or counterintelligence information.”
—
Coming next: A Look at the Inner Workings of XKEYSCORE
Source maps: XKS as a SIGDEV Tool, p. 15, and XKS Intro, p. 6
Documents published with this article:
- Advanced HTTP Activity Analysis
- Analyzing Mobile Cellular DNI in XKS
- ASFD Readme
- CADENCE Readme
- Category Throttling
- CNE Analysis in XKS
- Comms Readme
- DEEPDIVE Readme
- DNI101
- Email Address vs User Activity
- Free File Uploaders
- Finding and Querying Document Metadata
- Full Log vs HTTP
- Guide to Using Contexts in XKS Fingerprints
- HTTP Activity in XKS
- HTTP Activity vs User Activity
- Intro to Context Sensitive Scanning With XKS Fingerprints
- Intro to XKS AppIDs and Fingerprints
- OSINT Fusion Project
- Phone Number Extractor
- RWC Updater Readme
- Selection Forwarding Readme
- Stats Config Readme
- Tracking Targets on Online Social Networks
- TRAFFICTHIEF Readme
- Unofficial XKS User Guide
- User Agents
- Using XKS to Enable TAO
- UTT Config Readme
- VOIP in XKS
- VOIP Readme
- Web Forum Exploitation Using XKS
- Writing XKS Fingerprints
- XKS Application IDs
- XKS Application IDs Brief
- XKS as a SIGDEV Tool
- XKS, Cipher Detection, and You!
- XKS for Counter CNE
- XKS Intro
- XKS Logos Embedded in Docs
- XKS Search Forms
- XKS System Administration
- XKS Targets Visiting Specific Websites
- XKS Tech Extractor 2009
- XKS Tech Extractor 2010
- XKS Workflows 2009
- XKS Workflows 2011
- UN Secretary General XKS
The post XKEYSCORE: NSA’s Google for the World’s Private Communications appeared first on The Intercept.
Read the whole story
· · · · · · · · · · · · · · · · ·
Second in a series. Part 1 here.
The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.
In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.
This global Internet surveillance network is powered by a somewhat clunky piece of software running on clusters of Linux servers. Analysts access XKEYSCORE’s web interface to search its wealth of private information, similar to how ordinary people can search Google for public information.
Based on documents provided by NSA whistleblower Edward Snowden, The Intercept is shedding light on the inner workings of XKEYSCORE, one of the most extensive programs of mass surveillance in human history.
How XKEYSCORE works under the hood
It is tempting to assume that expensive, proprietary operating systems and software must power XKEYSCORE, but it actually relies on an entirely open source stack. In fact, according to an analysis of an XKEYSCORE manual for new systems administrators from the end of 2012, the system may have design deficiencies that could leave it vulnerable to attack by an intelligence agency insider.
XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.
John Adams, former security lead and senior operations engineer for Twitter, says that one of the most interesting things about XKEYSCORE’s architecture is “that they were able to achieve so much success with such a poorly designed system. Data ingest, day-to-day operations, and searching is all poorly designed. There are many open source offerings that would function far better than this design with very little work. Their operations team must be extremely unhappy.”
Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.
As of 2009, XKEYSCORE servers were located at more than 100 field sites all over the world. Each field site consists of a cluster of servers; the exact number differs depending on how much information is being collected at that site. Sites with relatively low traffic can get by with fewer servers, but sites that spy on larger amounts of traffic require more servers to filter and parse it all. XKEYSCORE has been engineered to scale in both processing power and storage by adding more servers to a cluster. According to a 2009 document, some field sites receive over 20 terrabytes of data per day. This is the equivalent of 5.7 million songs, or over 13 thousand full-length films.
This map from a 2009 top-secret presentation does not show all of XKEYSCORE’s field sites.
When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.
There might be security issues with the XKEYSCORE system itself as well. As hard as software developers may try, it’s nearly impossible to write bug-free source code. To compensate for this, developers often rely on multiple layers of security; if attackers can get through one layer, they may still be thwarted by other layers. XKEYSCORE appears to do a bad job of this.
When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.
There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.
AppIDs, fingerprints and microplugins
Collecting massive amounts of raw data is not very useful unless it is collated and organized in a way that can be searched. To deal with this problem, XKEYSCORE extracts and tags metadata and content from the raw data so that analysts can easily search it.
This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.”
One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.
PGP-encrypted messages are detected with the “encryption/pgp/message” fingerprint, and messages encrypted with Mojahedeen Secrets 2 (a type of encryption popular among supporters of al Qaeda) are detected with the “encryption/mojaheden2” fingerprint.
When new traffic flows into an XKEYSCORE cluster, the system tests the intercepted data against each of these rules and stores whether the traffic matches the pattern. A slideshow presentation from 2010 says that XKEYSCORE contains almost 10,000 appIDs and fingerprints.
AppIDs are used to identify the protocol of traffic being intercepted, while fingerprints detect a specific type of content. Each intercepted stream of traffic gets assigned up to one appID and any number of fingerprints. You can think of appIDs as categories and fingerprints as tags.
If multiple appIDs match a single stream of traffic, the appID with the lowest “level” is selected (appIDs with lower levels are more specific than appIDs with higher levels). For example, when XKEYSCORE is assessing a file attachment from Yahoo mail, all of the appIDs in the following slide will apply, however only “mail/webmail/yahoo/attachment” will be associated with this stream of traffic.
To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).
Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.
Here’s an example of a microplugin fingerprint for “botnet/conficker_p2p_udp_data,” which is tricky botnet traffic that can’t be identified without complicated logic. A botnet is a collection of hacked computers, sometimes millions of them, that are controlled from a single point.
Here’s another microplugin that uses C++ to inspect intercepted Facebook chat messages and pull out details like the associated email address and body of the chat message.
One document from 2009 describes in detail four generations of appIDs and fingerprints, which begin with only the ability to scan intercepted traffic for keywords, and end with the ability to write complex microplugins that can be deployed to field sites around the world in hours.
If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.
—
Illustration for The Interceptby Blue Delliquanti
Documents published with this article:
- Advanced HTTP Activity Analysis
- Analyzing Mobile Cellular DNI in XKS
- ASFD Readme
- CADENCE Readme
- Category Throttling
- CNE Analysis in XKS
- Comms Readme
- DEEPDIVE Readme
- DNI101
- Email Address vs User Activity
- Free File Uploaders
- Finding and Querying Document Metadata
- Full Log vs HTTP
- Guide to Using Contexts in XKS Fingerprints
- HTTP Activity in XKS
- HTTP Activity vs User Activity
- Intro to Context Sensitive Scanning With XKS Fingerprints
- Intro to XKS AppIDs and Fingerprints
- OSINT Fusion Project
- Phone Number Extractor
- RWC Updater Readme
- Selection Forwarding Readme
- Stats Config Readme
- Tracking Targets on Online Social Networks
- TRAFFICTHIEF Readme
- Unofficial XKS User Guide
- User Agents
- Using XKS to Enable TAO
- UTT Config Readme
- VOIP in XKS
- VOIP Readme
- Web Forum Exploitation Using XKS
- Writing XKS Fingerprints
- XKS Application IDs
- XKS Application IDs Brief
- XKS as a SIGDEV Tool
- XKS, Cipher Detection, and You!
- XKS for Counter CNE
- XKS Intro
- XKS Logos Embedded in Docs
- XKS Search Forms
- XKS System Administration
- XKS Targets Visiting Specific Websites
- XKS Tech Extractor 2009
- XKS Tech Extractor 2010
- XKS Workflows 2009
- XKS Workflows 2011
- UN Secretary General XKS
The post A Look at the Inner Workings of NSA’s XKEYSCORE appeared first on The Intercept.
Read the whole story
· · · · · · · · · · · · · · ·
After failing to criminally prosecute any of the financial firms responsible for the market collapse in 2008, former Attorney General Eric Holder is returningto Covington & Burling, a corporate law firm known for serving Wall Street clients.
The move completes one of the more troubling trips through the revolving door for a cabinet secretary. Holder worked at Covington from 2001 right up to being sworn in as attorney general in Feburary 2009. And Covington literally kept an office empty for him, awaiting his return.
The Covington & Burling client list has included four of the largest banks, including Bank of America, Citigroup, JPMorgan Chase and Wells Fargo. Lobbying records show that Wells Fargo is still a client of Covington. Covington recently represented Citigroup over a civil lawsuit relating to the bank’s role in Libor manipulation.
Covington was also deeply involved with a company known as MERS, which was later responsible for falsifying mortgage documents on an industrial scale. “Court records show that Covington, in the late 1990s, provided legal opinion letters needed to create MERS on behalf of Fannie Mae, Freddie Mac, Bank of America, JPMorgan Chase and several other large banks,” according to aninvestigation by Reuters.
The Department of Justice under Holder not only failed to pursue criminal prosecutions of the banks responsible for the mortage meltdown, but in fact de-prioritized investigations of mortgage fraud, making it the “lowest-ranked criminal threat,” according to an inspector general report.
For insiders, the Holder decision to return to Covington was never a mystery. Timothy Hester, the chairman of Covington, told the National Law Journal that Holder’s return to the firm had been “a project” of his ever since Holder left to the join the administration in 2009. When the firm moved to a new building last year, it kept an 11th-story corner office reserved for Holder.
James Garland, Holder’s former deputy chief of staff, who rejoined Covington in 2010, told the Law Journalthat when Covington’s partners gathered to welcome Holder back four weeks ago, “He was so busy giving people hugs and shaking hands.”
As Covington prepared for Holder’s return, the firm continued to represent clients before the Department of Justice. For instance, Covington negotiated with the department on behalf of GlaxoSmithKline for a plea agreement in 2010.
Holder’s critics charge that he made a career out of institutionalizing “Too Big to Prosecute” rules within the department. In 1999, as a deputy attorney general, Holder authored a memo arguing that officials should consider the “collateral consequences” when prosecuting corporate crimes. In 2012, Holder’s enforcement chief, Lanny Breuer, admittedduring a speech to the New York City Bar Association that the department may go easy on certain corporate criminals if they believe prosecutions may disrupt financial markets or cause layoffs. “In some cases, the health of an industry or the markets are a real factor,” Breuer said.
Rather than face accountability for their failures, the incentive structure of modern Washington is designed to reward both men. Breuer left the department in 2013 to rejoin Covington. Holder is set to become among the highest-earning partners at the firm, with compensation in the seven or eight figures.
(This post is from our blog: Unofficial Sources.)
Photo: Chip Somodevilla/Getty
The post Eric Holder Returns as Hero to Law Firm That Lobbies for Big Banks appeared first on The Intercept.
Read the whole story
· ·
Next Page of Stories
Loading...
Page 6
Testifying before two Senate committees on Wednesday about the threat he says strong encryption presents to law enforcement, FBI Director James Comey didn’t so much propose a solution as wish for one.
Comey said he needs some way to read and listen to any communication for which he’s gotten a court order. Modern end-to-end encryption — increasingly common following the revelations of mass surveillance by NSA whistleblower Edward Snowden — doesn’t allow for that. Only the parties on either end can do the decoding.
Comey’s problem is the nearly universal agreement among cryptographers, technologists and security experts that there is no way to give the government access to encrypted communications without poking an exploitable hole that would put confidential data, as well as entities like banks andpower grids, at risk.
But while speaking at Senate Judiciary and Senate Intelligence Committee hearings on Wednesday, Comey repeatedly refused to accept that as reality.
“A whole lot of good people have said it’s too hard … maybe that’s so,” he said to the Intelligence Committee. “But my reaction to that is: I’m not sure they’ve really tried.”
In a comment worthy of climate denialists, Comey told one senator: “Maybe the scientists are right. Ennnh, I’m not willing to give up on that yet.”
He described his inability to make a realistic proposal as the act of a humble public servant. “We’re trying to show humility to say we don’t know what would be best.”
Comey said American technologists are so brilliant that they surely could come up with a solution if properly incentivized.
Julian Sanchez, a senior fellow at the Cato Institute, was incredulous about Comey’s insistence that experts are wrong: “How does his head not explode from cognitive dissonance when he repeats he has no tech expertise, then insists everyone who does is wrong?” he tweeted during the hearing.
Prior to the committee hearings, a group of the world’s foremost cryptographers and scientists wrote a paper including complex technical analysis concluding that mandated backdoor keys for the government would only be dangerous for national security. This is the first time the group has gotten back together since 1997, the previous instance in which the FBI asked for a technical backdoor into communications.
But no experts were invited to testify, a fact that several intelligence committee members brought up, demanding a second hearing to hear from them.
Comey got little pushback from the panel, despite his lack of any formal plan and his denial of science. Sen. Martin Heinrich, D-N.M., thanked him for his display of “humility” in not presenting a solution, while Committee Chairman Richard Burr, R-N.C., said “I think you deserve a lot of credit for your restraint.”
Comey at one point briefly considered the possibility of a world not like the one he imagined, then concluded: “If that’s the case, then I think we’re stuck.”
(This post is from our blog: Unofficial Sources.)
Photo: Getty
The post FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption Dilemmaappeared first on The Intercept.
Read the whole story
· ·
RAMZAN ALKHANASHVILI WAS was just 18 years old when he disappeared from the small Georgian village of Dumasturi in April of this year. His mother, Tina Alkhanashvili, dropped him off at school in the morning, as she normally did. A few hours later, around noon, he left and never returned. The only trace of him left at the school was his backpack. His mother waited until evening, and then she and relatives began to search for him, asking friends and acquaintances if they knew what had happened. No one knew anything. That night they went to the local police station, located in the center of one of the larger villages in the region. The brightly lit station looks like a UFO amid the typical small, poor Georgian houses, built from stone and covered with circular asbestos tiles.
The police checked their computer database, a product of Western assistance aimed at helping Georgia secure its borders. It turned out that Ramzan, along with a friend who was barely 16 years old, had gone to the airport in Tbilisi, Georgia’s capital, and had flown out of the country at 3 in the afternoon, just a few hours after cutting out from school. The police officers didn’t have any more information. The teenagers were gone.
It wasn’t until the next evening that the boys sent their families brief audio messages through the Internet instant messaging service WhatsApp, saying that everything was OK. They were in Turkey. They didn’t say what they were doing there, or why they had left so suddenly. They said, however, that they were going to Syria and that it was their own decision. The families didn’t hear anything more directly from them.
Ramzan Alkhanashvili and Muslim Kushtanashvili (ICK.GE)
A few days later, the Islamic State published the boys’ photographs online. They were sitting in a featureless room painted white. They were dressed in field uniforms, holding rifles on their knees. They did not, as many fighters do, obscure their faces. They looked proudly into the camera, fingers pointing to the sky, signaling that they were sacrificing themselves to Allah. Behind them was the black flag of the Islamic State.
The Islamic State has proven adept at recruiting young Muslims around the world — it’s currently estimated that over 20,000 foreign fighters have joined ISIS. And Georgia, a small country whose population is just 10 percent Muslim, has been particularly hard hit. Georgia’s Muslims are not traditionally devout, and yet the community here has suddenly become a boon for Islamic State recruiting. One of the most famous commanders of the Islamic State, Abu Omar al Shishani, came from a small village in Georgia’s Pankisi Gorge.
DUMASTURI, AN IMPOVERISHED village on the left bank of the Alazani River, which cuts through the Pankisi Gorge, is typical of the region. Its residents are mostly shepherds who graze cows, sheep and even buffalo. Dumasturi used to be populated by Ossetians, Orthodox Christians, but they left the region about 15 years ago. The village now consists of families, like Tina’s, who are ethnic Kists — Muslims who fled from Chechnya five generations ago and adopted Georgian surnames.
The dozen or so houses feature the old architecture characteristic of the region: stone and wood multi-story family homes surrounded by gardens. Today, however, it’s a village near ruin: some of the houses are abandoned, with roofs and walls collapsing and small trees, ivy and even grape vines overtaking the empty structures. Tina’s husband left her and moved to Grozny, the Chechen capital, where he started a new family. She and her children live in poverty, seemingly with no chance for a better future. Ramzan, for reasons Tina can’t understand, saw his future in Syria.
In the Pankisi Gorge, the one-way trip to jihad has become more and more fashionable, even among women. There’s nothing for young people in the valley do to, except go to school and then return home. It’s a life of boredom, with no prospects for a different future. Fortunately, there is the Internet, a virtual world where youth can connect through social media, see through the lens of YouTube, and find a community of people, like those joining the Islamic State.
Residents of the valley have repeatedly told police that their villages have become recruiting grounds for young people enticed to join the jihad in Syria. A representative of the Chechen diaspora in the valley said explicitly that if the Georgian state does not stop recruitment, “the valley’s youth will disappear.”
A local journalist, Gela Mtivlishvili, claimed he had information about how and who was organizing recruits from Pankisi to travel to Syria. He said the group was operating in Jokolo, a small picturesque village in the valley. Mtivlishvili presented his recordings and other evidence to the Counterterrorism Center of the Ministry of Internal Affairs in the capital, Tbilisi. It came to nothing, and recruitment to the Islamic State in the valley appears to continue.
The authorities in Tbilisi admit that at least 50 people from the region have gone to Syria, although those in Pankisi believe the number of volunteers is much greater. In November 2013, Umar Idigov of the Georgian nongovernmental organization Integration Foundation of Caucasus People, toldKavkazskiy Uzel, a local press agency, that nearly 200 Chechens from Georgia were fighting in Syria.
Seventeen months later, in late April 2015, the Georgian deputy minister of internal affairs, Levan Izoria, confirmed that ISIS recruitment of Georgians was taking place — not in the Pankisi itself, but abroad. He denied that any representatives of the Islamic State were operating inside Georgia.
This response isn’t convincing for Tina Alkhanashvili. Her son was 18 years old; he had a passport and could leave the country, but how did the 16-year-old boy manage it? He needed the consent of his parents. Who organized all the papers? “I could not afford to send him on a plane trip,” she said of her own son. “I have no money. Somebody had to help him.”
Young men from the Pankisi Gorge region of Georgia. (Tomasz Glowacki)
THE PANKISI GORGE stretches over just 8 miles, traversed by a road that connects a handful of sparsely populated villages. “Come and visit wild and beautiful Pankisi,” reads a flyer for the only guest accommodations in the valley. “It is easily reached by taxi in two hours from Tbilisi.”
Nazy’s Guest House has been in business for two years already, but its Facebook page so far has only 45 “likes.”
“Nazy is my name and it doesn’t have anything in common with Nazis,” laughs a young woman in her mid-twenties. She speaks perfect English. Nazy’s Guest House is her family house in Jokolo.
After learning her visitor is a journalist, her mood darkens. “Oh yes,” she says. “You’ve arrived here to make a bad advertisement. You’ll immediately announce that jihadis are living here, that they are going to Syria, and that it’s unsafe and no one will come here.”
Next to Nazy’s house is a Georgian Orthodox church built from stone. It’s closed down tight, and no one has been inside in years. In Pankisi almost no one sings hymns or liturgical songs, even though Georgia is home to one of the oldest Christian churches, the so-called Georgian Apostolic Orthodox Church, founded in the first century A.D. by Saint Andrew, one of the 12 apostles.
Instead of church bells, now in the valley you hear the muezzin calling to prayer five times a day. Islam has supplanted Christianity. The shift started in the mid-19th century, when, through war and deportation, the Russian empire reduced the population of Chechens in the northern Caucasus by more than half. The Chechens who fled to Pankisi are the Kists.
Muslims and Christians once lived here side by side: Muslim Kists, Orthodox Christian Georgians and Ossetians, but that began to shift in the 1990s. In 1991, when Chechnya declared its independence, Russia launched a new war, and one-fifth of the Chechen population was killed, according to some estimates. As the Chechen Republic’s attempt at independence collapsed in 1999 and 2000, Chechen refugees arrived in Pankisi along with Chechen militants, who over the next few years regularly organized armed raids to Chechnya and other Caucasus republics belonging to the Russian Federation. The Christian Ossetians largely abandoned their homes in 1999 as the Muslim refugees from Chechnya appeared in the valley.
The wars also changed the nature of Islam in the valley. When Islamic scholars declared a holy jihad in Chechnya, fighters, or “brothers,” came from the Caucasus and around the world. Arabs, Turks, Azeris, Kurds and even a few Afghan Taliban arrived in the Georgian valley as a jumping-off point to Chechnya. Soon the Pankisi Gorge had entirely new mosques, and Wahhabism, a strict form of Islam, gained popularity among the local Kists.
The mosque in Jokolo was built in the center of the village on the only asphalt road that connects to other villages in the valley. Next to the mosque are some small shops, market stalls and even a restaurant, though it’s open only for special occasions. In front of the mosque is group of men. Most have beards: black and red, but no traces of gray. The unnaturally long and well-kempt facial hair looks out of place on the young men.
They stand and talk, shell and eat sunflower seeds. Only the cars passing occasionally interrupt their boredom. The muffled sound of songs can be heard coming from the vicinity of the men. The songs are in Arabic, and refer to Allah, war, jihad and martyrs.
There’s not much traffic on the road. A few kilometers away, in the next village, the asphalt ends and a road of potholes, mud and stones climbs north toward the border with Chechnya. What is most striking is the lack of people: Pankisi is slowly depopulating itself. Most Chechens left in 2004 and 2005, chased away by the former president of Georgia, Mikhail Saakashvili, out of fear that Russia might use the presence of Chechen fighters to encroach on Georgian territory, but also on the advice of the U.S. government, which was in the midst of its global war on terrorism. Calm reigned in Pankisi, but not for long.
In 2008, fighting escalated at the border with South Ossetia, a separatist region of Georgia. Russia got involved, and Georgian leaders feared Russian forces might take the war all the way to Tbilisi. The Georgian government, which had long had a conflicted history of helping the Chechens, turned to Doku Umarov, the Chechen leader of the self-declared Caucasus Emirate, a jihadi group trying to establish an Islamic state in the Caucasus, a former colleague of Umarov told me.
Umarov, who is on a United Nations sanctions list for his alleged association with al Qaeda, agreed to strike the Russians with his fighters from the north. From the south of Georgia, another branch of jihadis would be secretly allowed into the country by the Georgian secret service, and even given weapons. The volunteers from Azerbaijan, Dagestan and Chechnya never got to take part in the fighting, however. After just five days, it was all over. Georgia lost the war with Russia, and that was the end of the Mujahideen war, at least at the time.
Georgia may not want jihadi organizations to recruit in Georgia, but neither is it necessarily in the country’s interests to stop it. If another war with Russia breaks out, a large number of Syrian jihadis who originated from the former Soviet Union — the Kists, Chechens, Azerbaijanis and Dagestanis — would likely return to the Caucasus to fight for their homeland against the common enemy, Russia.
The Georgian government did not respond to queries on the record, but provided written information about its efforts to combat recruitment, which includes supporting local sports for Muslim youth. The material cites, for example, building a modern Judo facility.
“[I]n order to counter the recruitment of nationals as foreign terrorist fighters, the Government of Georgia strengthened Georgia’s overall border security to a greater extent,” the materials prepared by the Georgian government read. “Thus, their movement through border crossing points of Georgia is strictly limited to the maximum possible extent (for example: personnel at border crossing points are provided with the updated consolidated list of terrorists sanctioned by respective UNSC resolutions).”
Fighters who return to Georgia, the materials state, are “taken under permanent operative control and prophylactic interviews are conducted with them in order to prevent possible illegal acts in future.”
SUSPICION RELATED TO the Islamic State’s recruitment here has fallen on Ayub Borchashvili, the self-proclaimed official representative of the so-called Islamic State of Georgia. Some people call him imam. He rides around in his dark green Honda CR-V that seems to be always on the move, traversing the valley day and night. Driving on the asphalt road in Pankisi, he passed us many times. Hoping to meet him, my Georgian driver flashed his lights to get him to stop on one of his passes. He halted the car, and behind the wheel of the compact SUV sat a well-built man with a long graying beard. When he heard the word journalist after a brief exchange, he pressed on the gas without saying goodbye; tires disappeared squealing around the bend.
My contacts from the region — Muslims who fought in Chechnya — believe Borchashvili is actually still cooperating with the Georgian Intelligence Service, which wants to keep its contact with Islamic fighters alive. Why else, they reasoned, would the security service, so vigilant of activities in the region, not arrest Ayub? In the Pankisi Gorge, “people are more afraid of the Georgian security forces than they are of the Islamic State,” said one of the former fighters.
A few weeks after my thwarted interview with the imam, in late May, two young women from Karajala, an ethnic Azeri village in Georgia, left their homes and joined the Islamic State. That same weekend, a resident of the valley was killed in Syria. He was 32 years old. He had disappeared three months earlier. Nobody noticed because he was a shepherd; everyone thought he went into the mountains to graze sheep and that he would return in the autumn, when the leaves fall off the trees, but he never came back. It turns out he was a close relative of the imam.
The departure of the two teenagers from Dumasturi to Syria received wide coverage in the Georgian media, however, perhaps promoting the Georgian government to finally take action. In June, the imam was arrested, accused of helping the boys join the Islamic State. He is currently being held for two months as part of pre-trial detention.
Whatever the degree of official ambivalence, one fact is clear: recruiters from the Islamic State are at work in Georgia, leading away the children of the Pankisi Gorge.
A man herds sheep in the Pankisi Gorge region of Georgia. (Tomasz Glowacki)
JUST OVER THE river in Jokolo, “Marina,” who does not want to reveal her real name, lost two sons in Syria. One day, she got a Skype message from Syria, from the wife of one of her sons. It was a song that her son had written, sung and dedicated to his mother. He wanted it sent to his mother when he left this world to meet Allah, explained her son’s wife — now widow.
It’s a sad poem sung a capella by the Mujahed, since for Salafists instrumental music is haram — forbidden by the holy Hadith. Some Muslim scholars are even said to regard it as “alcohol for the soul.”
“Mother, do not be sad, Mother do not cry, I chose Allah, and I’m on the right path. Understand, my dear, that jihad is our destiny. We are children of God’s creation, so I will give my life to Allah. Do not be angry with me that I left you; I climbed a high mountain to find my faith. I went away to fight, to wage jihad and die. When death comes to me, I will return again to you. In the sleepless nights I miss you. I have not abandoned you, Mother. I am your son and I love you.”
The only visible remainder of Ramzan today in Dumasturi is graffiti written on the wall surrounding his childhood home: It’s his name inscribed next to the word “Ichkeria,” a reference to the Chechen Republic of Ichkeria, which nominally existed until 2000, when the Russian military took back the capital of Grozny, although the unofficial republic’s government continued operating from exile for several more years.
“Nobody famous comes from here,” a Chechen friend, who has lived in Pankisi for the past several years, once told me. With recruits from Georgia now earning fame in the Islamic State, that statement is no longer entirely true. After years of being a member of an obscure ethnic group, in a valley forgotten by most of the world, Ramzan has his shot at fame.
I spoke with Tina Alkhanashvili just a week after her son disappeared. She believes the teenagers will come back, but in Pankisi, nobody else believes that. The brothers of the caliphate likely took their passports. By posting their pictures on the Internet, they made any return impossible. From that day, the teenagers from Pankisi became wanted men, terrorists whose faces the whole world knew, particularly the police and security services. Even if they aren’t sent on suicide missions, and somehow manage to survive the fighting, they can’t ever return home: they would be detained and sent to prison.
Ramzan is Tina’s oldest son, and now she is worried that her younger children may also leave for jihad. “They say that the Islamists could convince even grown women to go to Syria,” Tina says.
Tina worries about his Ramzan. She says he’s sick. For several months before he left he’d been having kidney problems and was under the care of a doctor. “How is he holding up?” she asks no one in particular. “After all, fighting is hard on the body.”
She was still struggling to understand what happened. Before he left, Ramzan had clearly lost himself in the Internet, but so do many other teenagers who don’t run away to joint the Islamic State. He had never been more religious than his brothers or friends. He only started to regularly visit the mosque a couple of weeks before his disappearance. Everything happened too fast, and she didn’t have time to intervene.
“It was only two weeks,” she cried.
– Coming Next: How a Recruit from Georgia Became a Famous ISIS Commander
Photo:Tina Alkhanashvili, mother of Ramzan Alkhanashvili. (Tomasz Glowacki)
The post A Remote Region of Georgia Loses its Children to ISIS appeared first on The Intercept.
Read the whole story
· · · · · · · · · · · · · ·
When you pick up the phone, who you’re calling is none of the government’s business. The NSA’s domestic surveillance of phone metadata was the first program to be disclosed based on documents from whistleblower Edward Snowden, and Americans have been furious about it ever since. The courts ruled it illegal, and Congress let the section of the Patriot Act that justified it expire (though the program lives on in a different form as part of the USA Freedom Act).
Yet XKEYSCORE, the secret program that converts all the data it can see into searchable events like web pages loaded, files downloaded, forms submitted, emails and attachments sent, porn videos watched, TV shows streamed, and advertisements loaded, demonstrates how Internet traffic can be even more sensitive than phone calls. And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. Maybe Verizon stopped giving phone metadata to the NSA, but if a Verizon engineer uploads a spreadsheet full of this metadata without proper encryption, the NSA may well get it anyway by spying directly on the cables that the spreadsheet travels over.
The outrage over bulk collection of our phone metadata makes sense: Metadata is private. Americans call suicide prevention hotlines, HIV testing services, phone sex services, advocacy groups for gun rights and for abortion rights, and the people they’re having affairs with. We use the phone to schedule job interviews without letting our current employer know, and to manage long-distance relationships. Most of us, at one point or another, have spent long hours on the phone discussing the most intimate details about our lives. There isn’t an American alive today who didn’t grow up with at least some access to a telephone, so Americans understand this well.
But Americans don’t understand the Internet yet. Bulk collection of phone metadata is, without a doubt, a violation of your privacy, but bulk surveillance of Internet traffic is orders of magnitude more invasive. People also use the Internet in all the ways they use phones — often inadvertently sharing even more intimate details through online searches. In fact, the phone network itself is starting to go over the Internet, without customers even noticing.
XKEYSCORE, as well as NSA’s programs that tap the Internet directly and feed data into it, have some legal problems: They violate First Amendment rights to freedom of association; they violate the Wiretap Act. But the biggest and most obvious concerns are with the Fourth Amendment.
The Fourth Amendment to the U.S. Constitution is short and concise:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
It means that Americans have a right to privacy. If government agents want to search you or seize your data, they must have a warrant. The warrant can only be issued if they have probable cause, and the warrant must be specific. It can’t say, “We want to seize everyone’s Internet traffic to see what’s in it.” Instead, it must say something like, “We want to seize a specific incriminating document from a specific suspect.”
But this is exactly what’s happening:
The government is indiscriminately seizing Internet traffic to see what’s in it, without probable cause. The ostensible justification is that, while tens of millions of Americans may be swept up in this dragnet, the real targets are foreigners. In a legal document called USSID 18, the NSA sets out policies and procedures that purportedly prevent unreasonable searches of data from U.S. persons.
But it doesn’t prevent, or even claim to prevent, unreasonable seizures.
Kurt Opsahl, general counsel of the Electronic Frontier Foundation, explains: “We have a fundamental disagreement with the government about whether [data] acquisition is a problem. Acquisition is a seizure and has to be compliant with the Fourth Amendment.”
If you read USSID 18 carefully, you’ll see that it appears to limit, with many exceptions, the government’s ability to intentionally collect data concerning U.S. persons. But the Department of Defense, under which the NSA operates, defines “collection” differently than most of us do. It doesn’t consider seized data as “collected” until it’s been queried by a human.
If you email your mom, there’s a good chance the NSA will intercept the message as it travels through a fiberoptic cable, such as the ones that make up the backbone of the Internet, eventually making its way to an XKEYSCORE field site. You can thwart this with encryption: either by encrypting your email (hopefully someday all parents will know how to use encrypted email), or by using email servers that automatically encrypt with each other. In the absence of such encryption, XKEYSCORE will process the email, fingerprint it and tag it, and then it will sit in a database waiting to be queried. According to the Department of Defense, this email hasn’t been “collected” until an analyst runs a query and the email appears on the screen in front of them.
When NSA seizes, in bulk, data belonging to U.S. citizens or residents, data that inevitably includes information from innocent people that the government does not have probable cause to investigate, the agency has already committed an unconstitutional “unreasonable seizure,” even if analysts never query the data about innocent U.S. persons.
The NSA has legal justifications for all their surveillance: Section 215 of the Patriot Act, now expired, was used to justify bulk collection of phone and email metadata. Section 702 of the Foreign Intelligence Surveillance Act (FISA) is currently used to justify so-called “upstream” collection, tapping the physical infrastructure that the Internet uses to route traffic across the country and around the world in order to import into systems like XKEYSCORE. Executive Order 12333, approved by President Reagan, outlines vague rules, which are littered with exceptions and loopholes, that the executive branch made for itself to follow regarding spying on Americans, which includes USSID 18.
But these laws and regulations ignore the uncomfortable truth that the Fourth Amendment requires surveillance of Americans to be targeted; it cannot be done in bulk. Americans are fighting to end bulk surveillance in dozens of lawsuits, including Jewel v. NSA, which relies on whistleblower-obtained evidence that NSA tapped the fiber optic cables that carry Internet traffic in AT&T’s Folsom Street building in San Francisco. It’s easy for the government to stall cases like this, or get them dismissed, by insisting that talking about it at all puts our national security at risk.
And, of course, let’s not forget the 6.8 billion people on Earth who are not in the United States. Article 12 of the U.N. Declaration of Human Rights states:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
The NSA has very few restrictions on spying on non-Americans (it must be for “foreign intelligence” or “counterintelligence” purposes, and not other purposes), despite XKEYSCORE and the bulk collection programs that feed it being an “arbitrary interference” with the privacy of such persons. NSA doesn’t even have restrictions on spying on allies, such as Germany and France.
Facebook feeds everywhere are decorated with baby pictures. When those babies are grown up and getting elected to Congress, maybe then Americans will understand how the Internet works, and that bulk surveillance of phone metadata is just a tiny sliver of the enormous “collect it all” bulk surveillance pie.
Photo: Getty
The post Spying on the Internet is Orders of Magnitude More Invasive Than Phone Metadataappeared first on The Intercept.
Read the whole story
· · · · ·
Prescriptions for boys outpacing girls during elementary, high school and college years.
Man tried to resist arrest.
Editorial: The cyber defense crisis by Editorial Board
ANYONE WHO has ever filled out standard form 86 will attest that it is arduous. This 127-page “Questionnaire for National Security Positions” is part of the process of being cleared to handle the secrets of the U.S. government. It probes all kinds of sensitive moments in a person’s life: mental and emotional health, police records, alcohol or drug use, finances, employment history and friends overseas. For example, on page 62: “Do you have, or have you had, close and/or continuing contact with a foreign national within the last seven (7) years with whom you, or your spouse, or cohabitant are bound by affection, influence, common interests, and/or obligation?” A “yes” answer leads to more questions about the foreign contact. Read full article >>
Read the whole story
· ·
Next Page of Stories
Loading...
Page 7
Footage shows the cable snapping and being whipped towards the ground - narrowly missing a teenage boy - at a theme park in Wisconsin Dells, Wisconsin.
Hafiz Saeed Khan and more than 30 other insurgents were believed to have been killed on Friday in the Nangarhar province, Afghan officials said.
 DefenseNews.com |
Dozens Of Russian Troops 'Flee Unit, Fearing Ukraine Deployment'
DefenseNews.com MOSCOW — Dozens of Russian soldiers are facing trial for fleeing their unit, fearing deployment to Ukraine, a news site and a lawyer for five of the men said Saturday. The popular Gazeta.ru website said several dozen soldiers would be prosecuted after ... Reports: Russian troops leave unit fearing Ukraine deployment | News | DW ...Deutsche Welle all 9 news articles » |
While some targets have been predictable, Russia’s new foreign agents include an organization that supports the mothers of soldiers and Memorial, Russia’s oldest human rights organization.
Woman stranded in desert after wrong turn was prepared to die in car next to her husband
 Wall Street Journal |
The Latest: Greek Bailout Talks to Resume in the Morning
New York Times BRUSSELS — The latest from Greece's financial crisis (all times local): ___. 12:10 a.m.. Bailout discussions between the Greek finance minister and his peers in the 19-country eurozone have wrapped up and will resume in the morning. No press ... European finance ministers debate Greek bailout into Sunday morningUSA TODAY "Difficult" Eurogroup talks on Greece resume 0900 GMT -DijsselbloemReuters Greece news live: Germany readies five-year temporary Grexit plan after ...Telegraph.co.uk Irish Times -The Australian -Montreal Gazette all 776 news articles » |
Next Page of Stories
Loading...
Page 8
Greece nears euro exit as bailout talks break up without agreement by Ian Traynor in Brussels
Last-ditch negotiations to resume on Sunday after eurozone’s fiscal hawks put up fierce resistance to Alexis Tsipras’s rescue plan
Greece’s final attempt to avoid being kicked out of the euro by securing a new three-year bailout worth up to €80bn ran into a wall of resistance from the eurozone’s fiscal hawks on Saturday.
Finland rejected any more funding for the country and Germany called for Greece to be turfed out of the currency bloc for at least five years.
Continue reading...
Trump hammers away on immigration, expands criticism to foreign policy with China and Russia
‘Husband’ and ‘wife’ words to be illegal in USby The European Union Times
After the same-sex marriages legalization in all the US states, the law is suggested to be extended.
A 77-year-old Lois Capps, member of the US House of Representatives from California, has applied to eliminate such terms as “wife” and “spouse” from the federal law, so that, gays and heterosexuals will have equal rights.
Instead, neutral “spouse”, or “married couple” may be used, not to discriminate the LGBT community.
California has already adopted the initiative.
Pravda.Ru has reported, that such terms as “mother” and “father” are illegal in the US since 2011. It was noticed by the State Department, that more and more same-sex couples raise children.
Capps said her bill would also have other benefits if it became law. In one example, she noted that U.S. law says it’s illegal to threaten the president’s wife, but says nothing about the president’s husband. “Capps’ bill would update the code to make it illegal to threaten the president’s spouse,” her office said.
In case of Clinton’s winning presidential elections in 2016, Bill Clinton may be called as the “first spouse”.
Similar measures have been introduced by the Royal Bank of Scotland, that decided to address the clients as Mx (Mixter), instead of gendered Mr, Mrs, Ms or Miss.
Read the whole story
· ·
Pope Francis highlighted Paraguay’s history to emphasize its resilience, but also criticized corruption, a delicate issue in one of Latin America’s poorest countries.
Ayatollah Ali Khamenei's comments to university students suggests continuing distrust of Washington, regardless of the outcome of nuclear negotiations
Head of IS in Afghanistan Killedby webdesk@voanews.com (Ayesha Tanzeem)
The head of the so-called Islamic State group in Afghanistan, Hafiz Saeed Khan, has been killed in a drone strike in eastern Nangarhar province of Afghanistan. Afghanistan’s intelligence agency said 30 other members of the group also died in the strike Friday in Achin district. Haseeb Sediqi, spokesman for the National Directorate for Security, called Khan “the so-called Ameer of Khurasan province from Daesh group.” Daesh is another term for the Islamic State group. 'Major impact' The death, along with the killings of three other top commanders last week, will have a “major impact” on the group’s activities, Sediqi said. “We will feel a considerable decrease and disruption in their activities," he said. The three commanders killed last week included Islamic State group military commander Gul Zaman; his deputy, Jahadyar, and Shahidullah Shahid, a former spokesman of the Pakistani Taliban who was ousted by them when he pledged allegiance to the Islamic State group, Sediqi said. The Pentagon confirmed Friday that the U.S. conducted two drone strikes on July 6 and 7 but did not confirm who was killed in the strikes. Sediqi said Afghans considered three factors when they decided to call on international allies for a drone strike to kill Khan, rather than sending in their own forces: effectiveness, speed and minimizing collateral damage through a precision airstrike. Concentration of IS The Islamic State group has shown a considerable concentration of fighters in the Nangarhar province lately and many airstrikes conducted in the last month have targeted groups of up to 20 people. The Islamic State group is a slowly emerging phenomenon in Afghanistan. Most of the members who have pledged allegiance to the Middle East-based group are former Taliban or other local militants. Security forces in Afghanistan have created a three pronged special working group to deal with the threat of Islamic State militants. The group consists of Intelligence officials to gather information about the group’s activities, analysts to sift through the intelligence, and special operations military units to decide how and when to conduct a military operation.
Read the whole story
· ·
Next Page of Stories
Loading...
Page 9
STRATFOR |
Turkish Military Cooperation Prompts Russian Military Moves in the Caucasus ...
STRATFOR There has been growing military cooperation between Turkey, Georgia and Azerbaijan over the past six weeks. From May 31 to June 10, Turkish, Georgian and Azerbaijani military forces held a series of military exercises dubbed "Caucasian Eagle" in ... and more » |
- Get link
- X
- Other Apps
Comments
Post a Comment