chrisj1968 Posted September 13, 2013 Share Posted September 13, 2013 Story link: http://news.cnet.com/8301-13578_3-57602701-38/nsa-disguised-itself-as-google-to-spy-say-reports/ If a recently leaked document is any indication, the US National Security Agency -- or its UK counterpart -- appears to have put on a Google suit to gather intelligence. Here's one of the latest tidbits on the NSA surveillance scandal (which seems to be generating nearly as many blog items as there are phone numbers in the spy agency's data banks). Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed outTechdirt's point-out.) Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a "man in the middle attack" involving Google was apparently carried out. A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords. The article by Brazil's Fantastico mentions a hitherto unknown GCHQ spy program called "Flying Pig." This prompted a Twitter quip from Electronic Frontier Foundation attorney Kurt Opsahl: "PRISM, Flying Pig. Someone in the surveillance state has a thing for Pink Floyd album covers." (Credit: Pig: Musiclipse.com; prism: Harvest, Capitol.) The technique is particularly sly because the hackers then use the password to log in to the real banking site and then serve as a "man in the middle," receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer -- all the while collecting data for themselves, with neither the customer nor the bank realizing what's happening. Such attacks can be used against e-mail providers too. It's not clear if the supposed attack in the Fantastico document was handled by the NSA or by its UK counterpart, the Government Communications Headquarters (GCHQ). The article by the Brazilian news agency says, "In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing." "There have been rumors of the NSA and others using those kinds of MITM attacks," Mike Masnick writes on Techdirt, "but to have it confirmed that they're doing them against the likes of Google... is a big deal -- and something I would imagine does not make [Google] particularly happy." Google provided a short statement to Mother Jones reporter Josh Harkinson in response to his questions on the matter: "As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law." (The company is also trying to win the right toprovide more transparency regarding government requests for data on Google users.) CNET got a "no comment" from the NSA in response to our request for more information. As TechDirt suggests, an MITM attack on the part of the NSA or GCHQ would hardly be a complete shock. The New York Times reported last week that the NSA has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards. It wouldn't be much of a stretch to obtain a fake security certificate to foil the Secure Sockets Layer (SSL) cryptographic protocol that's designed to verify the authenticity of Web sites and ensure secure Net communications. Indeed, such attacks have been aimed at Google before, including in 2011, when a hacker broke into the systems of DigiNotar -- a Dutch company that issued Web security certificates -- and created more than 500 SSL certificates used to authenticate Web sites. In any case, the purported NSA/GCHG impersonation of Google inspired a rather clever graphic by Mother Jones, one that might even impress the rather clever Doodlers at Google: Link to comment Share on other sites More sharing options...
COKid Posted September 13, 2013 Share Posted September 13, 2013 And yet I still don't care. But you get an "A" for your fud errorts. :) Link to comment Share on other sites More sharing options...
vcfan Posted September 13, 2013 Share Posted September 13, 2013 NSA: "No one will suspect a thing" Link to comment Share on other sites More sharing options...
freak180 Posted September 13, 2013 Share Posted September 13, 2013 And yet I still don't care. But you get an "A" for your fud errorts. :) Such a childish attitude Matthew_Thepc, Raa, Gerowen and 2 others 5 Share Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted September 13, 2013 MVC Share Posted September 13, 2013 And yet I still don't care. But you get an "A" for your fud errorts. :) I really wish the NSA would target you for no apparent reason. Ian W 1 Share Link to comment Share on other sites More sharing options...
theyarecomingforyou Posted September 13, 2013 Share Posted September 13, 2013 If you want an insight into the insanity that pervades intelligence services in the US then check out this interview on the Colbert Report: http://www.youtube.com/watch?v=nF6Ajwjq2So&feature=youtu.be&t=14m21s They are run by angry little men who think they know better than everybody else. Truly scary. :no: Link to comment Share on other sites More sharing options...
DocM Posted September 14, 2013 Share Posted September 14, 2013 There was a recent article in Foreign Policy Magazine (paywall) reporting that NSA Chief Keith Alexander had what amounted to their Situation Room decorated by Hollywood types to look like the command deck of the Enterprise D from ST:TNG, including a leather Captain's Chair. All computerized with a full-wall screen and ops-crew consoles. Every Congress-critter that passed through got the tour and time in The Chair, and NSA almost always got what they wanted. EDIT: one of several reports on the FP article - http://www.businessinsider.com/nsa-chief-keith-alexander-and-star-trek-2013-9 Link to comment Share on other sites More sharing options...
123456789A Posted September 14, 2013 Share Posted September 14, 2013 Oh, I thought Google was the NSA. guru and Dot Matrix 2 Share Link to comment Share on other sites More sharing options...
Growled Member Posted September 14, 2013 Member Share Posted September 14, 2013 The NSA has gone way too far and it's time why were reined back in. Raa 1 Share Link to comment Share on other sites More sharing options...
Anibal P Posted September 15, 2013 Share Posted September 15, 2013 The NSA has gone way too far and it's time why were reined back in. The sheep in the country won't vote someone in who will actually do the right thing, they rather vote for the one who promises the most freebies Raa and guru 2 Share Link to comment Share on other sites More sharing options...
Anibal P Posted September 15, 2013 Share Posted September 15, 2013 i dunno, Republicans promised as usual, tax cuts and incentives to the rich (freebies), and it didnt help them any. The so called right thing you say, ruined the country. Those tax cuts helped me out and I'm nowhere close to being considered rich by any definition, don't let propaganda get in the way of reality Link to comment Share on other sites More sharing options...
AsherGZ Posted September 15, 2013 Share Posted September 15, 2013 No matter who the ruling party is, your president is just a puppet. The main people running your country from behind the scenes are defence contractors and organizations who never want America to be at peace. Organizations like NSA are nothing more than a lame effort to scare the people into good behavior and ensure they never stand up to the system that thrives on war and send your soldiers to die in the name of freedom because they have access to all your secrets. I mean how many times has the all knowing NSA prevented a terrorist attack. Your government is perfectly fine with letting the people believe whatever new hoohah your media claims the NSA is capable of. After all that's how your government controls you: using fear tactics. Link to comment Share on other sites More sharing options...
Recommended Posts