Jump to content



Photo

NSA disguised itself as Google to spy, say reports CNET Article


  • Please log in to reply
11 replies to this topic

#1 chrisj1968

chrisj1968

    copyrighted!! ©

  • 4,120 posts
  • Joined: 17-June 08
  • Location: United States

Posted 13 September 2013 - 15:18

Story  link: http://news.cnet.com...py-say-reports/

 

If a recently leaked document is any indication, the US National Security Agency -- or its UK counterpart -- appears to have put on a Google suit to gather intelligence.

 

sm_Flag_of_the_United_States_National_Se

 

Here's one of the latest tidbits on the NSA surveillance scandal (which seems to be generating nearly as many blog items as there are phone numbers in the spy agency's data banks).

Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed outTechdirt's point-out.)

Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a "man in the middle attack" involving Google was apparently carried out.

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

floyd_covers.png

The article by Brazil's Fantastico mentions a hitherto unknown GCHQ spy program called "Flying Pig." This prompted a Twitter quip from Electronic Frontier Foundation attorney Kurt Opsahl: "PRISM, Flying Pig. Someone in the surveillance state has a thing for Pink Floyd album covers."

(Credit: Pig: Musiclipse.com; prism: Harvest, Capitol.)

The technique is particularly sly because the hackers then use the password to log in to the real banking site and then serve as a "man in the middle," receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer -- all the while collecting data for themselves, with neither the customer nor the bank realizing what's happening. Such attacks can be used against e-mail providers too.

It's not clear if the supposed attack in the Fantastico document was handled by the NSA or by its UK counterpart, the Government Communications Headquarters (GCHQ). The article by the Brazilian news agency says, "In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing."

"There have been rumors of the NSA and others using those kinds of MITM attacks," Mike Masnick writes on Techdirt, "but to have it confirmed that they're doing them against the likes of Google... is a big deal -- and something I would imagine does not make [Google] particularly happy."

Google provided a short statement to Mother Jones reporter Josh Harkinson in response to his questions on the matter: "As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law." (The company is also trying to win the right toprovide more transparency regarding government requests for data on Google users.)

CNET got a "no comment" from the NSA in response to our request for more information.

As TechDirt suggests, an MITM attack on the part of the NSA or GCHQ would hardly be a complete shock. The New York Times reported last week that the NSA has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards.

It wouldn't be much of a stretch to obtain a fake security certificate to foil the Secure Sockets Layer (SSL) cryptographic protocol that's designed to verify the authenticity of Web sites and ensure secure Net communications.

Indeed, such attacks have been aimed at Google before, including in 2011, when a hacker broke into the systems of DigiNotar -- a Dutch company that issued Web security certificates -- and created more than 500 SSL certificates used to authenticate Web sites.

In any case, the purported NSA/GCHG impersonation of Google inspired a rather clever graphic by Mother Jones, one that might even impress the rather clever Doodlers at Google:

 

2_Mother_Jones_Google_Doodle.jpg

 

 




#2 COKid

COKid

    Neowinian Senior

  • 2,900 posts
  • Joined: 07-April 10
  • Location: Loveland, CO

Posted 13 September 2013 - 15:33

And yet I still don't care. But you get an "A" for your fud errorts. :)



#3 vcfan

vcfan

    POP POP RET

  • 4,736 posts
  • Joined: 12-June 11

Posted 13 September 2013 - 15:41

NSA:  "No one will suspect a thing"



#4 freak180

freak180

    Mr. GreatDisaster

  • 2,146 posts
  • Joined: 02-December 08
  • Location: Philadelphia, PA
  • OS: Windows 8 Pro 64-bit

Posted 13 September 2013 - 16:00

And yet I still don't care. But you get an "A" for your fud errorts. :)

Such a childish attitude 



#5 +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,849 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 13 September 2013 - 16:05

And yet I still don't care. But you get an "A" for your fud errorts. :)

 

I really wish the NSA would target you for no apparent reason.



#6 theyarecomingforyou

theyarecomingforyou

    Tiger Trainer

  • 16,005 posts
  • Joined: 07-August 03
  • Location: Terra Prime Profession: Jaded Sceptic
  • OS: Windows 8.1
  • Phone: Galaxy Note 3 with Galaxy Gear

Posted 13 September 2013 - 17:21

If you want an insight into the insanity that pervades intelligence services in the US then check out this interview on the Colbert Report:

 

 

They are run by angry little men who think they know better than everybody else. Truly scary. :no:



#7 DocM

DocM

    Neowinian Senior

  • 16,868 posts
  • Joined: 31-July 10
  • Location: Michigan

Posted 14 September 2013 - 06:12

There was a recent article in Foreign Policy Magazine (paywall) reporting that NSA Chief Keith Alexander had what amounted to their Situation Room decorated by Hollywood types to look like the command deck of the Enterprise D from ST:TNG, including a leather Captain's Chair. All computerized with a full-wall screen and ops-crew consoles.

Every Congress-critter that passed through got the tour and time in The Chair, and NSA almost always got what they wanted.

EDIT: one of several reports on the FP article -

http://www.businessi...tar-trek-2013-9

#8 Enron

Enron

    Windows for Workgroups

  • 8,824 posts
  • Joined: 30-May 11
  • OS: Windows 8.1 U1
  • Phone: Nokia Lumia 900

Posted 14 September 2013 - 06:51

Oh, I thought Google was the NSA.



#9 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 14 September 2013 - 23:51

The NSA has gone way too far and it's time why were reined back in. 



#10 Anibal P

Anibal P

    Neowinian

  • 4,150 posts
  • Joined: 11-June 02
  • Location: Waterbury CT
  • OS: Win 8.1
  • Phone: Android

Posted 15 September 2013 - 02:30

The NSA has gone way too far and it's time why were reined back in. 

 

The sheep in the country won't vote someone in who will actually do the right thing, they rather vote for the one who promises the most freebies 



#11 Anibal P

Anibal P

    Neowinian

  • 4,150 posts
  • Joined: 11-June 02
  • Location: Waterbury CT
  • OS: Win 8.1
  • Phone: Android

Posted 15 September 2013 - 02:34

i dunno, Republicans promised as usual, tax cuts and incentives to the rich (freebies), and it didnt help them any.

The so called right thing you say, ruined the country.

 

Those tax cuts helped me out and I'm nowhere close to being considered rich by any definition, don't let propaganda get in the way of reality  



#12 AsherGZ

AsherGZ

    nonon best girl

  • 1,569 posts
  • Joined: 30-June 11
  • Location: Karachi, Pakistan
  • OS: Windows 8.1 Pro x64
  • Phone: Lumia 820, 520

Posted 15 September 2013 - 06:19

No matter who the ruling party is, your president is just a puppet. The main people running your country from behind the scenes are defence contractors and organizations who never want America to be at peace. Organizations like NSA are nothing more than a lame effort to scare the people into good behavior and ensure they never stand up to the system that thrives on war and send your soldiers to die in the name of freedom because they have access to all your secrets. I mean how many times has the all knowing NSA prevented a terrorist attack. Your government is perfectly fine with letting the people believe whatever new hoohah your media claims the NSA is capable of. After all that's how your government controls you: using fear tactics.





Click here to login or here to register to remove this ad, it's free!