geheimdienst_uk_gchq_ntac   5

Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law
British spies have received government permission to intensively study software programs for ways to infiltrate and take control of computers. The GCHQ spy agency was vulnerable to legal action for the hacking efforts, known as “reverse engineering,” since such activity could have violated copyright law. But GCHQ sought and obtained a legally questionable warrant from the Foreign Secretary in an attempt to immunize itself from legal liability. GCHQ’s reverse engineering targeted a wide range of popular software products for compromise, including online bulletin board systems, commercial encryption software and anti-virus programs.
intercept, 22.06.2015
geheimdienst_uk_gchq_teca  software_reverse_engineering  geheimdienst_uk_gchq_cesg  gesetz_uk_ripa  gesetz_uk_isa  itsicherheit_malware_spyware  itsicherheit_exploit_flaw  überwachung_int_sigint_comint  geheimdienst_uk_gchq_jeac  recht_rechtsbeugung  recht_geheim_verdeckt  land_uk  geheimdienst_uk_gchq_ntac  geheimdienst_polizei_infiltration_tech  uk_ministerium_außen 
july 2015 by kraven
Popular Security Software Came Under Relentless NSA and GCHQ Attacks
The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.
intercept, 22.06.2015
software_anti_malware_virus  software_reverse_engineering  untnehmen_kaspersky  itsicherheit_exploit_flaw  gesetz_uk_isa  überwachung_int_sigint_comint  itsicherheit_by_obscurity  überwachung_internet_mitm  überwachung_internet_email  geheimdienst_us_nsa_tao_cna_cne  geheimdienst_uk_gchq_jtrig_cna_cne  geheimdienst_uk_gchq_ntac  geheimdienst_us_nsa_sso_oakstar_yachtshop  überwachung_itk_inhaltsdaten  geheimdienst_us_nsa_ntoc_camberdada  land_usa  land_uk  geheimdienst_uk_gchq_teca  geheimdienst_uk_gchq_cdo  geheimdienst_polizei_infiltration_tech  überwachung_itk_verkehrs_metadaten 
june 2015 by kraven
GCHQ's beyond TOP SECRET Middle Eastern internet spy base
Above-top-secret details of Britain’s covert surveillance programme - including the location of a clandestine British base tapping undersea cables in the Middle East - have so far remained secret, despite being leaked by fugitive NSA sysadmin Edward Snowden. Government pressure has meant that some media organisations, despite being in possession of these facts, have declined to reveal them. Today, however, the Register publishes them in full. The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen. Another centre, OPC-2, has been planned, according to documents leaked by Snowden. The intelligence agency annually pays selected companies tens of millions of pounds to run secret teams which install hidden connections which copy customers' data and messages to the spooks’ processing centres. The GCHQ-contracted companies also install optical fibre taps or “probes” into equipment belonging to other companies without their knowledge or consent. Within GCHQ, each company has a special section called a “Sensitive Relationship Team” or SRT. Although GCHQ interception of overseas communications can be authorised by a general “external” tapping warrant, the wording of the law does not permit storage of every communication for examination, as GCHQ wished to do. In 2009, the spooks persuaded then Foreign Secretary David Miliband to sign a new warrant legalising what they wished to do. The terms of such warrants have never been published.
The special “external” warrants, issued under the Regulation of Investigatory Powers Act (RIPA), authorise the interception of all communications on specified international links.
register, 03.06.2014
gesetz_uk_ripa  geheimdienst_uk_gchq_mti_tempora  geheimdienst_uk_gchq_srt  geheimdienst_uk_gchq_ntac  geheimdienst_uk_gchq_opc_opd  geheimdienst_uk_gchq_circuit_timpani  geheimdienst_uk_gchq_circuit_guitar  geheimdienst_uk_gchq_circuit_clarinet  land_uk  land_oman  unternehmen_british_telecom  unternehmen_allg_itk_netz  geheimdienst_allg_verdeckte_operation  überwachung_abhörschnittstelle  überwachung_int_sigint_comint  überwachung_itk_inhaltsdaten  überwachung_massenkontrolle  überwachung_mobilfunk  überwachung_satellitentelefonie  überwachung_itk_netzwerkleitung  überwachung_int_comsat_fornsat  unternehmen_vodafone_cww  staat_politik_geheimhaltung  uk_ministerium_außen 
june 2014 by kraven
GCHQ Forced Secure Email Service PrivateSky to Shut Down
Brian Spector, CEO of CertiVox, told IT Security Guru: "Towards the end of 2012, we heard from the National Technical Assistance Centre (NTAC), a division of GCHQ and a liaison with the Home Office, [that] they wanted the keys to decrypt the customer data. We did it before Lavabit and Silent Circle and it was before Snowden happened. "It is the same in the USA with FISMA, and it is essentially a national security warrant. So in late 2012 we had the choice to make - either architect the world's most secure encryption system on the planet, so secure that CertiVox cannot see your data, or spend £500,000 building a backdoor into the system to mainline data to GCHQ so they can mainline it over to the NSA". He said that from the technology it has implemented a split of the root key in the M-Pin technology so it has one half and the user has the other. "So as far as I know we are the first to do that so if the NSA or GCHQ says 'hand it over' we can comply as they cannot do anything with it until they have the other half, where the customer has control of it."
international business times, 11.12.2013
geheimdienst_uk_gchq_ntac  gesetz_uk_ripa  internet_dienst_anbieter  krypto_entschlüsselung_zwang  krypto_key_escrow  krypto_key_splitting  überwachung_internet_email  überwachung_itk_inhaltsdaten  überwachung_int_sigint_comint  land_uk  unternehmen_certivox  krypto_verschlüsselung_datenträger  krypto_crypto_war 
december 2013 by kraven
Wie NSA und GCHQ Verschlüsselung unterminieren
Was bis jetzt über "Edgehill" und "Bullrun" bekannt wurde, ähnelt dem hier schon mehrfach als "Facebook-Überwachungstandard" und "Angriff auf die Blackberrys" beschriebenen Standardentwurf frappierend. Dieseŕ Normentwurf stammt aus dem European Telecom Standards Institute und läuft unter dem Titel "Cloud Lawful Interception", gesetzmäßige Überwachung in der Cloud. Um das auch bei einer verschlüsselten Verbindung zu bewerkstelligen, muss sie angegriffen werden, während beide Endgeräte gerade einen temporären "Session Key" aushandeln. Der Sekretär der zitierten Überwachungstruppe des European Telecom Standards Institute gehört der Einheit NTAC des britischen Militärgeheimdienstes GCHQ an. Von dort stammt auch eines der ersten ETSI-Diskussionspapiere zum Thema Verschlüsselung, nämlich darüber, mit welcher Methode der Schlüsselaufbau angegriffen wird. Die britische Regierung habe ein ähnliches Schema entwickelt, wie das derzeit im ETSI diskutierte, schreibt Ian Cooper, Sekretär von 3GPP SA3LI, in einem Diskussionspapier vom 7. September 2010. In beiden Fällen wird das eigentlich sichere "Multimedia Internet KEYing" (MIKEY) zum Schlüsseltausch kompromittiert. Die britische Veriante MIKEY-SAKKE sei der im ETSI diskutierten Methode MIKEY-IBAKE unter anderem durch "niedrige Latenz" überlegen., 09.09.2013
geheimdienst_uk_gchq_edgehill  geheimdienst_uk_gchq_mti_mobile_projekt  geheimdienst_uk_gchq_ntac  krypto_srtp_mikey  eu_etsi  krypto_backdoor  krypto_entschlüsselung  krypto_rng  krypto_key_session  land_europa  land_usa  land_uk  überwachung_abhörschnittstelle  überwachung_internet_mitm  überwachung_int_sigint_comint  überwachung_itk_inhaltsdaten  überwachung_mobilfunk  geheimdienst_us_nsa_ces_bullrun  überwachung_chat_telefonie_voip  tech_hw_mobilfunk_gerät  krypto_key_recovery  krypto_crypto_war 
september 2013 by kraven

related tags

eu_etsi  geheimdienst_allg_verdeckte_operation  geheimdienst_polizei_infiltration_tech  geheimdienst_uk_gchq_cdo  geheimdienst_uk_gchq_cesg  geheimdienst_uk_gchq_circuit_clarinet  geheimdienst_uk_gchq_circuit_guitar  geheimdienst_uk_gchq_circuit_timpani  geheimdienst_uk_gchq_edgehill  geheimdienst_uk_gchq_jeac  geheimdienst_uk_gchq_jtrig_cna_cne  geheimdienst_uk_gchq_mti_mobile_projekt  geheimdienst_uk_gchq_mti_tempora  geheimdienst_uk_gchq_opc_opd  geheimdienst_uk_gchq_srt  geheimdienst_uk_gchq_teca  geheimdienst_us_nsa_ces_bullrun  geheimdienst_us_nsa_ntoc_camberdada  geheimdienst_us_nsa_sso_oakstar_yachtshop  geheimdienst_us_nsa_tao_cna_cne  gesetz_uk_isa  gesetz_uk_ripa  internet_dienst_anbieter  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_malware_spyware  krypto_backdoor  krypto_crypto_war  krypto_entschlüsselung  krypto_entschlüsselung_zwang  krypto_key_escrow  krypto_key_recovery  krypto_key_session  krypto_key_splitting  krypto_rng  krypto_srtp_mikey  krypto_verschlüsselung_datenträger  land_europa  land_oman  land_uk  land_usa  recht_geheim_verdeckt  recht_rechtsbeugung  software_anti_malware_virus  software_reverse_engineering  staat_politik_geheimhaltung  tech_hw_mobilfunk_gerät  uk_ministerium_außen  unternehmen_allg_itk_netz  unternehmen_british_telecom  unternehmen_certivox  unternehmen_vodafone_cww  untnehmen_kaspersky  überwachung_abhörschnittstelle  überwachung_chat_telefonie_voip  überwachung_int_comsat_fornsat  überwachung_int_sigint_comint  überwachung_internet_email  überwachung_internet_mitm  überwachung_itk_inhaltsdaten  überwachung_itk_netzwerkleitung  überwachung_itk_verkehrs_metadaten  überwachung_massenkontrolle  überwachung_mobilfunk  überwachung_satellitentelefonie 

Copy this bookmark: