nsa   20608

« earlier    

Telegram vs NSA/GCHQ/5E: sporaw
Кстати, совсем забыл (тема - 2015 год). Человек тут один стал троллить на тему новости про "российскую сертификацию SIM-карт" и я, объясняя причину, заодно соединил с другим. NSA/GCHQ ломало Gemalto для получения доступа ко всем выпускаемым SIM-картам. Соответственно, они без проблем могут делать любые клоны любых SIM-карт в мире. А как следствие, они могут запросить подключение девайса, получить SMS на клон (вы ее не увидите, т.к. насколько я помню, и звонок и SMS приходят на последнюю активную симку в сети), и получить доступ к вашему Telegram. Даже не надо очередную операцию по взлому Павла и его команды делать (хотя для NSA, очевидно, это элементарно).

Такие дела.

И да, Gemalto, подлецы, отрицали очевидный факт.

P.S. Кстати, по идее, можно и клона не делать даже, но тогда надо "эфир" слушать и им манипулировать. Что, в общем-то, сложнее и привязка к месту физическому.
gsm  megafon  mobile  security  crypto  fail  nsa  telegram 
2 days ago by some_hren
How Spies Stole the Keys to the Encryption Castle
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
...
According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”
gsm  megafon  privacy  mobile  security  fail  nsa 
2 days ago by some_hren
The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
Disconnecting Maersk’s entire global network took the company’s IT staff more than two panicky hours. By the end of that process, every employee had been ordered to turn off their computer and leave it at their desk. The digital phones at every cubicle, too, had been rendered useless in the emergency network shutdown.

On a normal day, these servers push out routine updates—bug fixes, security patches, new features—to a piece of accounting software called M.E.Doc, which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used by nearly anyone who files taxes or does business in the country

In the spring of 2017, unbeknownst to anyone at Linkos Group, Russian military hackers hijacked the company’s update servers to allow them a hidden back door into the thousands of PCs around the country and the world that have M.E.Doc installed. Then, in June 2017, the saboteurs used that back door to release a piece of malware called ­NotPetya, their most vicious cyberweapon yet.

But EternalBlue and Mimikatz together nonetheless made a virulent combination. “You can infect computers that aren’t patched, and then you can grab the passwords from those computers to infect other computers that are patched,” Delpy says.
cybersecurity  history  wired  worm  notpetya  virus  russia  ukraine  taxes  eternalblue  nsa  supplychain 
22 days ago by bwiese
NSA Leaker 'Reality Winner' Gets More Than 5 Years in Prison
A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison.
Reality Winner, a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, initially faced 10 years in prison and a $250,000 fine.
However, in the U.S. District Court in Augusta, Georgia on Thursday, Winner agreed to a plea agreement that called for five years and three months in prison with three years of supervision after release.
gov2.0  politics  whistleblower  NSA  crime  russia  hack  election 
25 days ago by rgl7194
Reality Winner: NSA contractor jailed for five years over classified report leak | US news | The Guardian
Winner, who leaked report on Russian election interference, is first person Trump administration charged under Espionage Act
The NSA contractor Reality Winner was sentenced on Thursday to five years and three months in prison for leaking a top-secret document about Russian interference in the US election.
Winner, 26, was sentenced at a federal court in Georgia after pleading guilty in June as part of a deal with government prosecutors.
She is the first person the Trump administration has charged under the Espionage Act for a document leak.
The justice department did not pursue the maximum sentence and instead recommended a 63-month penalty. Government attorneys said that would be the longest sentence ever for an unauthorized disclosure to the media.
gov2.0  politics  whistleblower  NSA  crime  russia  hack  election 
25 days ago by rgl7194
Whistleblower Gets Long Sentence for Leaking Evidence of Russian Election Interference - WhoWhatWhy
Reality Winner, an Air Force veteran and former NSA contractor, was sentenced to 63 months in federal prison Thursday after pleading guilty to violating the Espionage Act of 1917.
Whistleblower advocates condemned the sentence and its length as “shameful,” while President Donald Trump used the case to take a swipe at his political rival, Hillary Clinton, and Attorney General Jeff Sessions.
Winner was accused of leaking to the Intercept a document about Russian military officers attempting to hack an American election software company. She initially pleaded not guilty, but changed her plea to guilty last month.
Public scrutiny and accusations that the Intercept failed to protect its source when publishing the report led the organization to do an internal review of its procedures. Soon thereafter, Intercept Editor-in-Chief Betsy Reed acknowledged failures on their part.
gov2.0  politics  whistleblower  NSA  crime  russia  hack  election 
25 days ago by rgl7194
NSA leaker who mailed doc outlining Russian hacking gets 5 years in prison | Ars Technica
Reality Winner, the intelligence contractor who leaked to The Intercept and was quickly caught in June 2017 thanks to microdot printing, was sentenced to 63 months in prison on Thursday.
She had pleaded guilty on June 21 to a single count of unlawful retention and transmission of national defense information.
The information that Winner provided to The Intercept resulted in this June 5, 2017 news story: "Top-Secret NSA Report details Russian hacking effort days before 2016 election."
gov2.0  politics  whistleblower  NSA  crime  russia  hack  election 
25 days ago by rgl7194
A riddle wrapped in a curve – A Few Thoughts on Cryptographic Engineering
This is a 2005 article positing a conspiracy theory that the NSA discovered a major weakness in elliptic curve cryptography.
cryptography  NSA  via:HackerNews 
27 days ago by mcherm
328 NSA Documents Reveal “Vast Network” of Iranian Agents, Details of a Key Intelligence Coup, and a Fervor for Voice-Matching Technology
No offense... but Snowden’s biggest mistake was not handing off the NSA files to Wikileaks.

This all looks like a well curated FOIA response.
cia  nsa  snowden 
29 days ago by foliovision
How social media took us from Tahrir Square to Donald Trump - MIT Technology Review
Rather, the problem is that when we encounter opposing views in the age and context of social media, it’s not like reading them in a newspaper while sitting alone. It’s like hearing them from the opposing team while sitting with our fellow fans in a football stadium. Online, we’re connected with our communities, and we seek approval from our like-minded peers. We bond with our team by yelling at the fans of the other one. In sociology terms, we strengthen our feeling of “in-group” belonging by increasing our distance from and tension with the “out-group”—us versus them. Our cognitive universe isn’t an echo chamber, but our social one is. This is why the various projects for fact-checking claims in the news, while valuable, don’t convince people. Belonging is stronger than facts.
socialMedia  politics  activism  communication  ArabSpring  Egypt  TahrirSquare  Tunisia  Syria  Iran  Twitter  MubarakHosni  authoritarianism  power  control  ObamaBarack  targeting  technoUtopianism  bigData  misinformation  polarisation  NSA  security  Facebook  Google  monopolies  YouTube  recommendation  algorithms  attention  insults  TrumpDonald  USA  Russia  trolling  interference  corruption  accountability  filterBubble  surveillance  platforms  personalData  inequality  precarity  insecurity  dctagged  dc:creator=TufekciZeynep 
4 weeks ago by petej

« earlier    

related tags

1stamendment  2015  accountability  activism  ai  ajitpai  algorithms  alt-right  amazon  ant  apple  arabspring  archive  archives  arstechnica  assange_julian  at&t  att  attention  authoritarianism  bahraich  barabanki  barack_obama  bhutan  big_brother  bigdata  bitcoin  bnd  brandx  breach  brettkavanaugh  brexit  bulk  cable  canada  cellphone  censorship  certs  china  cia  cis3360  cis4615  citrix  civilliberties  client  collection  collusion  commoncarrier  communication  complex  conspiracy  contractor  control  corruption  court  crime  crypto  cryptography  cyber_security  cyber_warfare  cybersecurity  dadaism  danderspritz  data  database  davidtatel  dc:creator=tufekcizeynep  dccircuit  dctagged  defensive_tactics  defiict  democracy  design  dfir  dns  doj  donald  donaldtrump  eff  egypt  election  email  emmanuelmacron  encryption  engine  eternalblue  exploit  facebook  fail  far-right  fascism  fbi  fcc  filterbubble  five  foia  foreignpolicy  frankfurt  free_speech  funny  gchq  gdpr  germany  giuseppeconte  google  gov2.0  government  govtmanipulation  govtoverreach  graph-database  graph  graphic  greece  gsm  hack  hacking  henry_kissinger  high  history  hrmcmaster  humor  iad  ignorance  incidentresponse  india  inequality  infosec  insecurity  insults  intellectual_property  interference  internet  internets  inwigilacja  iran  isp  italy  jamescarafano  jamesclapper  japan  journalism  judges  justintrudeau  kanpur  kernels  lab  lang-pl  leak  leaks  learning  lemongraph  lies  linux  lmdb  log  longreads  macbookpro  machine  mail  marketing  media  megafon  michael_hayden  misinformation  mobile  monopolies  mord  motivational  mubarakhosni  muckreads  narendramodi  national_strategies  nepal  net  netneutrality  networks  neutrality  niemcy  nominee  notpetya  obamabarack  occupational  offensive_tactics  opposes  opsec  over  panopticon  pdf  pentesting  personaldata  phone  platforms  polarisation  politico  politics  poster  posters  power  precarity  privacy  propaganda  quantum_computing  reality  realitywinner  recommendation  recordsmanagement  research  resources  retro  right-wing  russia  russiagate  russland  sarahhuckabeesanders  security  security_&_intelligence  sentenced  separation  server  shadow_brokers  shinzoabe  signal  snowden  snowdenedward  socialmedia  software  softwaredefinedradio  speck  spies  spying  srisrinivasan  ssl  supplychain  supports  supreme  supremecourt  surveillance-industrial  surveillance  syria  tahrirsquare  targeting  taxes  tech  techcrunch  technicall  technoutopianism  telecom  telegram  tempest  theintercept  thin  timezones  tls  to  tomwheeler  tools  tor  toread  trade  transparency  treaties  trolling  trump  trumpdonald  trumpknew  trump’s  tsalikidis  tunisia  tv  twitter  ukraine  united_states  usa  uttarpradesh  vault7  vectors  verizon  virus  virustotal  vis  vodafone_greece  vpn  war  weapons  weekly  whatsapp  whistleblower  whistleblowers  wifi  wikileaks  winner:  wired  wisdom  world  worm  xenophobia  xijinping  yahoo  years  youtube  Überwachung  μυστικές_υπηρεσίες  παρακολουθήσεις  τσαλικίδης   

Copy this bookmark:



description:


tags: