NSA Surveillance, National Security and Privacy

Transcription

1 NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1

2 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM XKeyScore Tailored Access Operations Other Tools & Activities US National Cybersecurity Strategy State-sponsored Surveillance & Attacks What s Next 2

3 Background 3

4 Edward Snowden 4

5 Edward Snowden Worker of Dell posted to CIA & NSA Worker of Booz Allen Hamilton posted to NSA (in Hawaii) System Administrator, Infrastructure Analyst 5

6 Timeline 20-May-13 5-June-13 6-June-13 8-June-13 9-June June June June June June-13 Snowden boraded plane to Hong Kong The Guardian announced massive leak The Washington Post disclosed PRISM program Boundless Informant program & NSA tools The Guardian published interview video with Snowden US defended - "Terrorist events prevented" SCMP published interview with Snowden Microsoft, Apple, Facebook published number of requests from NSA Tempora program - direct tap into cable Snowden flew to Moscow 6

7 Timeline 31-July-13 1-August-13 2-September November December March-14 April-14 7-August August-14 XKeyScore program ( , IP address) One year temporary renewable Asylum NSA build malware, man-in-the-middle attack, break encryption TAO tools Letter from Snowden Snowden's talk Glenn's book - No Place to Hide 3 year residency permit of Russia Interview with WIRED (MonsterMind) 7

8 Motive For Leaking the Documents "to inform the public as to that which is done in their name and that which is done against them." 8

9 National Security Agency (NSA) 9

10 NSA The core missions are to protect U.S. national security systems and to produce foreign signals intelligence information. global monitoring, collection, decoding, translation and analysis of information and data for foreign intelligence and counterintelligence purposes. Surveillance Activities disclosed: Tapping into communications Installing malicious software Acquiring information from other parties 10

11 US Law Governing Surveillance Foreign Intelligence Surveillance Act (FISA) Allow secret surveillance of foreign entities to protect national security (warrantless surveillance) A Foreign Intelligence Surveillance Court (FISC) to oversee requests for surveillance warrants Amended in 2001 according to the Patriot Act to include terrorist groups not under any foreign government lone wolf Executive Order target to non-us citizens only 11

12 The Documents 50,000 to 200,000 documents downloaded (over 1 million documents touched) July 2013 In addition to U.S. federal documents, there were documents from the "Five Eyes" network About 1.7 million U.S. intelligence files At least 58,000 British intelligence files At least 15,000 Australian intelligence files Glenn Greenwald, journalist at The Guardian Laura Poitras, filmmaker Barton Gellman, journalist at The Washington Post 12

13 Washington Post Analysis of Intercepted Data 13

14 What NSA has done 14

15 The NSA Programs PRISM Boundless Informant Xkeyscore Tailored Access Operations Other Tools & Activities 15

16 PRISM Collects stored Internet communications requested from Internet companies such as Google. Section 702 of the FISA Amendments Act - companies to turn over any data that match the requirements (search criteria) 16

17 PRISM 17

18 PRISM 18

19 PRISM 19

20 PRISM 20

21 PRISM Metadata Header, date/time, duration, persons Information collected not just non-us citizens Information shared with Five Eyes passed to other partners 21

22 Information requested by NSA During Second Half of 2012 Microsoft had been requested for approximately 31,000 customers Facebook received between 9,000 and 10,000 requests covering 19,000 accounts From 1 December 2012 to 31 May 2013 Apple received 4,000 to 5,000 requests, covering 9,000 to 10,000 devices 22

23 XKEYSCORE A computer system used to search and analyze Internet data it collects worldwide every day. 23

24 XKeyscore 24

25 25

26 26

27 NSA Data Centre in Utah Completed in late

28 Boundless Informant A data analysis and visualization tool used to summarize the data collected One month from March 8, 2013 (telephone calls & ) 28

29 29

30 Tailored Access Operations (TAO) A cyber-warfare intelligence-gathering unit computer network exploitation NSA ANT catalog List of technology available to aid in cyber surveillance 49 items disclosed 30

31 COTTONMOUTH Modified USB and Ethernet connectors that can be used to install Trojan, providing covert remote access to the target machine. 31

32 PICASSO Software that can collect mobile phone location date, call metadata, access the phone s microphone to eavesdrop on nearby conversations. 32

33 RAGEMASTER A device that taps the video signal from a target's computer's VGA signal output so the NSA can see what is on the monitor 33

34 NIGHTSTAND Portable system that wirelessly installs Microsoft Windows exploits from a distance of up to eight miles. 34

35 TAO Tools Surveillance passive, data collection Intrusive remote control change of configuration, system behavior remotely install an exploit in one of the core routers at a major Internet service provider in Syria 35

36 MonsterMind A program that would automate the hunting for the original source of a foreign cyberattack. It could automatically fire back, with no human involvement. How can it be done?! This is what the researchers around the world have tried to achieve for years!! 36

37 MonsterMind potential problems Handling of Spoofed attacks False positive & auto-fire Collateral damage - disabling critical civilian infrastructure Massive data storage and analysis 37

38 Dishfire A massive database that collects hundreds of millions of text messages on a daily basis Data received & stored each day: Geolocation data of more than 76,000 text messages and other travel information 110,000+ names from electronic business cards 800,000+ financial transactions from text-to-text payments or credit cards to phone users Details of 1.6 million border crossings based on the interception of network roaming alerts Over 5 million missed call alerts million text messages from around the world

39 Concerns on Privacy Gathering information from Internet providers & backbone Metadata Metadata or More? Use of the information Can create personal vulnerabilities of an individual Legality National Security Vs Privacy 39

40 Other Agencies conducting surveillance in US Department of Defense (DoD) Federal Bureau of Investigation (FBI) Central Intelligence Agency (CIA) Department of Homeland Security (DHS) 40

41 US National Cybersecurity Strategy 41

42 Survey Conducted on Surveillance Very Concerned Somewhat Concerned Not too concerned Not at all concerned No Opinion The government s ability to tap into a suspect s computer and follow their Internet Usage October September Software which allows the government to tap into all Internet , searching for incriminating evidence of any kind October September

43 Before 911 End of Cold War Development of Internet, Networked Society Morris Worm, Computer Emergency Response Team Kevin Mitnick Open & Free Environment 43

44 Before , 1999 President National Security Strategy Report National Defense Panel, Dec 1997 Presidential Decision Directive 63 (PDD 63),

45 Before 911 Defense Objective Open Communication Information Classification Critical Infrastructure Protection Security Advisory Council National Security Agency Department of Defense 45

46 After 911 Strengthen Preventive Measures Intelligence Gathering National Security Strategy to protect cyberspace 46

47 After 911 Patriot Act to collect anti-terrorism infomation Department of Homeland Security Computer Emergency Readiness (Response) Team US-CERT From Open to Control Environment 47

48 Cyber Security Strategy in United States Leading from the Top Sharing Responsibility for CyberSecurity private sector & government international community Information Sharing and Incident Response incident response framework information sharing & capability improvement improve cybersecurity for all infrastructure Encouraging Innovation Action Plans 48

49 State-sponsored Cyber Attacks From surveillance to attack Outage of Critical Infrastructure Disruption of Government/Business Examples Stuxnet Worm & its variants Internet Outage of Syria 49

50 What s Next 50

51 NSA Reform Bill passed control over bulk data collection More leaked documents More leakers controls in NSA are still weak How About Other Countries Cyberwar Cyber Army 51

52 Thank You 52