Category Archives: PHONE TAPPING

Australia’s bungling spies dialled wrong numbers and bugged wrong phones

red phone off hook image www.intelagencies.com

ASIO bugged the wrong phone line during an exercise but realised the error after seven minutes.

Australia’s secret intelligence organisations made a string of bungles during the past financial year, according to the annual report by their watchdog.

In one case, the domestic spy agency ASIO bugged the wrong phone, while other officers risked penalties for impersonating Commonwealth officers when trying to give themselves so-called “light-cover” stories to hide their real jobs.

ASIO agents handed out the wrong phone number to the targets of search warrants executed on numerous homes across Sydney last year.

Margaret Stone, former federal court judge who has delivered her first report on Australia's spy agencies as the new Inspector General of Intelligence and Security image www.intelagencies.com

Margaret Stone, former federal court judge who has delivered her first report on Australia’s spy agencies as the new Inspector General of Intelligence and Security. Photo: Tanya Ingrisciano

In separate incidents, Australia’s foreign spy agency, ASIS, sent private information about Australian citizens to foreign intelligence organisations without permission. It also spied on Australians without ministerial authorisation, had officers fire weapons they were not authorised to do and was chided about official record keeping.
Advertisement

The report is the only view the public usually gets inside the secretive agencies known collectively as the Australian Intelligence Community unless there is a specific inquiry.

The annual snapshot was delivered by the new Inspector of Intelligence and Security, Margaret Stone, a former Federal Court judge. Ms Stone has replaced Dr Vivienne Thom, who has finished her five-year contact.

It shows that there were 496 complaints received across the agencies. Of those, 473 were about delays in visa-related security assessments by ASIO. The number was down slightly on the 2013-2014, when there were 504 complaints, of which 487 were related to visa-related security assessments.

Reviewing the highlights of the year, the report said the IGIS had designed and implemented new oversight programs as a result of the federal government’s national security legislative reform program, which has given the intelligence agencies new powers.

“The changes required a re-prioritisation of our work program and a comprehensive revision of existing inspection methodology to focus on the use of the new powers and higher risk activities,” the report said.

Dr Thom spoke at the International Intelligence Review Agency Conference in London in 2014 about how oversight regimes needed to be more transparent to enhance public credibility.

The annual report said that many agencies had since moved to develop outwardly-focused media strategies and explore ways of informing the public about their work. However, “the challenge of ensuring that oversight is transparent continues in Australia”, the report said.

The report revealed a target of an ASIO entry and search warrant had complained that ASIO had given the household the wrong phone number and after an investigation ASIO confirmed that an “incorrect phone number was inadvertently given to individuals at all the Sydney addresses where search warrants were executed on that date”. ASIO later corrected the error.

ASIO also bugged the wrong phone line during an exercise but realised the error after seven minutes. The report found no communications were intercepted or recorded and ASIO has established more stringent procedures and advice for staff to stop any future errors.

A major inquiry into its sister agency ASIS found it had sent intelligence information to foreign spy agencies without permission and without the application of privacy rules on seven separate occasions. It was also found to have spied on two Australians without the required ministerial authorisation.

There was also a deficiency in training for ASIS officers regarding firing of weapons in training without approvals.

“A very significant number of ASIS officers had fired weapons they were not authorised for, either once or on several occasions … indicating a widespread lack of understanding about the legal requirements.”

The report said that ASIS senior management had accepted a raft of recommendations and “demonstrated a strong commitment to reform”.

An inspection report into the so-called “light cover” used by ASIO and ASIS officers to conceal their employment identified four areas of potential concern: risk of penalties for impersonating a Commonwealth officer when using an alternative government department as their cover; court appearances; dealing with police; and obtaining private insurance policies.

Since the report ASIO has finalised its light-cover policy and both ASIO and ASIS have “sought to identify suitable life insurance options for their staff”

Read more: http://www.smh.com.au/national/wrong-number-wrong-phone-australias-bungling-spies-20151217-glqjjy.html?eid=email:nnn-13omn656-ret_newsl-membereng:nnn-04/11/2013-news_am-dom-news-nnn-smh-u&campaign_code=13INO010&et_bid=25741951&promote_channel=edmail&mbnr=MTA5MTAwMDU#ixzz3uobjFOpV
Follow us: @smh on Twitter | sydneymorningherald on Facebook

Skype summoned to Belgian court over failure to share call data

A page from the Skype website is seen in Lausanne May 10, 2011. REUTERS/Denis Balibouse

A page from the Skype website is seen in Lausanne May 10, 2011. REUTERS/Denis Balibouse

Online communication service Skype (MSFT.O) has been summoned to appear in court in Belgium after refusing to pass on customer data to aid a criminal investigation, a court spokesman said.

A court in Mechelen, just north of Brussels, had asked for data from messages and calls exchanged on Microsoft-owned Skype, arguing that telecom operators in the country were required to do so.

“The judicial question is whether Skype is also a telecoms operator,” the court spokesman said, adding that Skype would have to pass on the data if this was established to be the case. It could also face a fine.

Skype was not immediately available for comment.

ooo

Henry Sapiecha

Judges now required to give written reasons for issuing warrants for covert surveillance

NSW Chief Justice Tom Bathurst, centre, has introduced a procedure requiring judges to write brief reasons for granting a warrant for covert surveillance. image www.intelagencies.com

NSW Chief Justice Tom Bathurst, centre, has introduced a procedure requiring judges to write brief reasons for granting a warrant for covert surveillance.

NSW Supreme Court judges are now required to give written reasons for issuing warrants authorising covert surveillance such as listening devices.

The recent parliamentary inquiry into the police bugging scandal revealed the extent of covert telephone intercepts of police and journalists allegedly without good reason between 1999 and 2001.

It emerged there was insufficient or no evidence of wrongdoing by many of the more than 100 police and civilians whose names appeared on warrants issued by the Supreme Court.

NSW Police Deputy Commissioner Nick Kaldas image www.intelagencies.com

NSW Police Deputy Commissioner Nick Kaldas was at the centre of a NSW police bugging scandal. He accused the former police internal affairs unit of engaging in “massive wrongdoing and habitual illegal acts”. Photo: Daniel Munoz

On Tuesday the Chief Justice of NSW Tom Bathurst said he had introduced a procedure whereby judges are required to write brief reasons for granting a warrant to any state or federal agency for covert surveillance.

The written reasons will be placed in a sealed envelope alongside the documents submitted in support of the warrants.

Chief Justice Bathurst said the court is receiving an average five requests a day for warrants, usually from NSW Police, the NSW Crime Commission and occasionally the Australian Federal Police.
NSW Chief Justice Tom Bathurst.NSW Supreme Court image www.intelagencies.com

NSW Chief Justice Tom Bathurst. Photo: NSW Supreme Court

Describing the revelations from the inquiry into Operation Mascot as “historical problems”, he said the decision to implement a formal written record of a judge’s reasons was “a sensible thing to do”

“It just focuses the attention, I think, of the judge without making what is already an onerous burden too onerous,” he said.

However, so long as the power to issue warrants remained with the judiciary “we rely on the judge to act responsibly in doing so”, he said, noting the suggestion of setting up an administrative body to handle the task has been raised.

Chief Justice Bathurst said aside from the inquiry, there has been “very little direct complaint” about the issuing of warrants. “There’s an awful lot of trials in which intercepted material is used and very little complaint that it has been illegally or improperly obtained,” he said.

The NSW police bugging scandal emerged from Operation Mascot, which used a corrupt former policeman, code named M5, to target allegedly corrupt police with a listening device between 1999-2001.

NSW Deputy Police Commissioner Nick Kaldas was named in 35 affidavits in support of 80 bugging warrants issued, which included surveillance of members of his family. Journalist Steve Barrett was named on 52 warrants.

Mr Kaldas accused the former police internal affairs unit of engaging in “massive wrongdoing and habitual illegal acts”.

During the inquiry, a former solicitor for the Crime Commission, John Giorgiutti, highlighted the sheer volume of warrants being issued to law enforcement agencies for surveillance operations, querying whether the courts are subjecting them to sufficient scrutiny.

Greens upper house MP and former barrister David Shoebridge, said: “There is this largely pretend oversight by the Supreme Court of applications for warrants and covert surveillance … our court system cannot handle inundating waves of ex parte applications by crime agencies other than by simply rubber-stamping them.”

ooo

Henry Sapiecha

 

Top cop Nick Kaldas claims ‘massive wrongdoing’ and cover-up in police bugging of his children scandal

Subject of 'intense electronic and other surveillance': Police Deputy Commissioner Nick Kaldas, far right.

Deputy police commissioner Nick Kaldas has accused an internal affairs unit formerly run by two of NSW’s most senior officers – Commissioner Andrew Scipione and his deputy, Catherine Burn – of “massive wrongdoing and habitual illegal acts” in relation to a covert bugging operation more than a decade ago.

In a submission to a parliamentary inquiry examining the operation, codenamed Mascot, Mr Kaldas also sensationally claims illegal activities by the police Special Crime and Internal Affairs (SCIA) unit were “sanctioned and covered up” by the Police Integrity Commission.

Mr Kaldas was one of more than 100 police and civilians bugged by Operation Mascot between 1999-2001.

Mr Scipione was commander of SCIA  at the time, while Ms Burn was head of the team which ran Operation Mascot.

The operation exploded into controversy when it emerged at least one journalist and police not under suspicion of wrongdoing were among those whose names appeared on covert surveillance warrants issued by the Supreme Court.

An internal police operation, Strike Force Emblems, was launched into Operation Mascot in 2003. Its report has never been released, although details have been previously revealed by Fairfax Media.

In his submission Mr Kaldas says documents submitted to the committee show “a level of intense electronic and other surveillance [was] … carried out on every part of my life, home and work, including my ex-wife and children, and was clearly unjustified but in the end yielded not one allegation to be put to me at the end of the operation”.

The submission was published on Thursday morning, as the parliamentary inquiry began hearings into a two-year investigation by the NSW Ombudsman Bruce Barbour into Strike Force Emblems.

Mr Kaldas and Ms Burn are due to give evidence on Friday. Mr Scipione and Mr Barbour are scheduled to appear on Tuesday.

In her submission to the inquiry, Ms Burn strongly denied any wrongdoing.

Ms Burn denies she directed internal affairs police “to use illegal warrants to secretly record conversations of my rivals in the police force”, in particular Mr Kaldas, when she did not suspect him of wrongdoing.

Ms Burn also denied directing use of illegal warrants to bug Mr Kaldas “as part of a personal vendetta”.

The inquiry – which is opposed by the NSW government, was established in response to concerns about the time being taken for Mr Barbour to complete his investigations and the nature of his inquiries.

Earlier on Thursday, committee chairman Robert Borsak accused NSW attorney-general Brad Hazzard of seeking to “bribe” him into withdrawing from the inquiry, which the government opposes.

The inquiry heard from Channel Seven journalist Steve Barrett, whose name appeared on one of the bugging warrants.

Barrett said he was mystified as to why he appeared on the warrant but suggested that either Supreme Court judges had been “duped” or “no one checked”.

ooo

Henry Sapiecha

iPhone encryption won’t stop police getting your data, experts say

Apple may not be able to access your data, but that doesn't mean it's secure, experts say.image www.intelagencies.com

Apple may not be able to access your data, but that doesn’t mean it’s secure, experts say. Photo: Mashable / Getty Images

This post was originally published on Mashable.

Last week, Apple announced that starting with iOS 8, the company would no longer help police get some of the most sensitive data on your phone, including messages, emails, contacts and call history.

And it’s not that it doesn’t want to anymore, it’s that now Apple says it can no longer do it — even if it wanted to.

“Apple cannot bypass your passcode and therefore cannot access this data,” the company said in its new privacy policy.

Many, including privacy advocates, rejoiced at the news — but some police officers are not that happy. And although there are still other ways cops can get their hands on your iPhone data, authorities are still complaining.

“It’s definitely going to impact investigations, there’s no doubt about that,” Dennis Dragos, a former New York Police Department detective who worked for 11 years in the computer crimes squad, told Mashable.

“Detectives are trained to follow down every single lead, follow every possible trail until you get to the resolution of your investigation,” he continued.

“This is now a dead end. You’re closing a door that was available before.”

Dragos is not the only one who thinks that way.

On Thursday, FBI Director James Comey himself said that he was “very concerned” about Apple’s decision.

John Escalante, the chief of detectives for Chicago’s police department, said that because of this change, “Apple will become the phone of choice for the paedophile.”

For some law enforcement officials, this could even become a matter of life and death. In a Washington Post op-ed, Ronald T. Hosko, the former assistant director at the FBI Criminal Investigative Division, complained that Apple’s new privacy stance, later followed by Android, will “protect many thousands of criminals who seek to do us great harm, physically or financially.”

“[Criminals’] phones contain contacts, texts, and geo-tagged data that can help police track down accomplices,” Hosko wrote. “These new rules will make it impossible for us to access that information. They will create needless delays that could cost victims their lives.”

But privacy advocates and security researchers are sceptical.

“I think there’s a lot of kicking and screaming over this but cops have been able to do their job just fine for the past 200 years in this country, without having access to people’s personal iPhone,” Jonathan Zdiarski, a forensic and security researcher who has worked as a consultant to police agencies, told Mashable. “Criminals are just as stupid today as they always have been and they’re going to leave traces and evidence in a number of places.”

Moreover, despite all the controversy, there are actually still a few ways for the police to get at least some data from an iPhone with iOS 8 and protected by a passcode. Below, we’ve broken down some of the ways cops can still put their hands on your digital belongings.

Getting your iCloud backup

If police officers can’t get the data that’s locally stored on an iPhone, they might still be able to get it from the cloud.

Apple prompts users to back up their iDevices to iCloud, and the data there can be obtained by law enforcement agents with a search warrant. Yes, iCloud backups are encrypted, but they’re encrypted with a key in Apple’s possession, so Apple can be legally required to turn the backups over if served with a valid legal request, as Micah LeeFirst Look‘s technologist and security expert, explained.

With iCloud, police can potentially get any data from your phone, unless you turn off the automatic backup, or you only backup certain data.

Using forensic tools

Forensic tools are still a great way to get some data out of your iPhone. If the police arrests you and gets both your phone and a computer that you used to connect with your phone using iTunes — a “paired device” — they can dump some data out of it bypassing your passcode using existing forensic tools, as Zdiarski noted in a recent blog post.

In this case, the passcode doesn’t protect you, because Apple has designed this system to allow you to access some data on your phone using iTunes or Xcode without unlocking your device.

The caveat here is that only some data is available in this scenario. In particular, any data from third party applications such as Facebook, Twitter and Evernote; photos, videos and recordings; and iTunes media such as books and podcasts. But data from native iOS applications like iMessages, emails or calls is out of reach.

To prevent this from happening, as Zdiarski notes, then you can “pair lock” your iPhone so that it doesn’t pair with any new computer, preventing police computers from “pairing” with your iPhone.

Without the ability to impersonate a trusted computer, and with a locked phone protected with the passcode, “law enforcement at this point doesn’t seem to really have any options,” Zdiarski said.

Getting your iTunes backup

Another target for police officers is the iTunes backup on your computer. If you back up your iPhone to your computer with iTunes, a police officer that gets his hands on your computer can get all the data that you have last backed up.

“Data is still available, as long as iTunes and iCloud reign,” Lee Reiber, the vice president for mobile solutions at forensic firm AccessData, told Mashable.

In this scenario, only a backup password can stop the police, and in that case, it better be a good password or it might be vulnerable to brute forcing — the automated process of guessing all possible passwords until you get the right one. Or, they might just force you to give it up.

Forcing you to give up your passcode

Having a passcode protect your phone is great — unless someone else knows that passcode. And here’s a legal caveat many might not be aware of: the police might be able to compel you to give up your passcode, which renders any sophisticated technological protections you might have on your phone completely moot.

The case law on this issue is still contradictory, and it has only dealt with computers (though it’s hard to see the difference between an encrypted computer and an encrypted phone).

But in some cases someone who refuses to give up her password can be held in contempt of court, which can even lead to jail, as reported by Wired.

In the US, a defendant can plead the fifth and refuse to testify against himself and self-incriminate. Some think that handing out a password to authorities amounts to self-incrimination and should not be accepted, but others disagree.

Breaking TouchID

Where there seems to be more consensus that “pleading the Fifth” won’t get you anywhere is if the cops ask for your fingerprint.

Fingerprints, and other physical objects like actual keys, have traditionally not been considered protected by the Fifth Amendment. So if you lock your iPhone with TouchID, the cops can legally compel you to unlock it, as internet and privacy lawyer Marcia Hoffman explained last year.

And if you refuse, police officers might be able to lift your fingerprint from a surface — say your computer screen — and unlock it themselves.

As various online videos have shown, it’s possible to break into an iPhone 6 with a dummy fingerprint just as it was with the 5S.

Other options

Outside of these scenarios, options for law enforcement, at this point, are limited. A good old brute force attack, where you guess every possible passcode combination is technically possible, but there are no forensic tools that can make this automated, both Zdiarski and Reiber said.

Technically, Apple could brute force a four digit passcode if the police asked the company to do it, but it seems unlikely that Apple would do something like that after trumpeting that they wouldn’t help police unlock phones anymore.

Doing it manually is obviously a daunting task, as there are 10,000 combinations of 4 digit passcodes, and iPhones disable after six wrong attempts.

And if police are simply looking for call records, they can always request them from phone carriers, or perhaps plant malware on your phone.

As for the iPhone, it might be harder now, but forensic firms and law enforcement hackers will now look for new places and holes to get data.

“As secure as the device can be, there’s always going to be some vulnerability that can be located and exploited,” Reiber said. “That’s what it really is, cat and mouse.”

1…’Poor law enforcement. They’re going to have to make do with their ability to covertly track you, wiretap you and hack into your computer.’

2…’With iOS 8, Apple won’t be able to unlock iPhones and iPads for law enforcement http://www.washingtonpost.com/business/technology/apple-will-no-longer-unlock-most-iphones-ipads-for-police-even-with-search-warrants/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html?hpid=z1 

3…’If smartphone encryption prevents the police from solving crimes, how did they solve them before smartphones were invented? Anyone remember?’

A Closer Look: Ways to hide, secure data on police proof phones

group communications worlwide image www.intelagencies.com

NEW YORK (AP) — Apple got a lot of attention last week when it released a new privacy policy along with a declaration that police can’t get to your password-protected data.

Essentially, your photos, messages and other documents are automatically encrypted when you set up a passcode, with or without a fingerprint ID to unlock the phone. Apple says it cannot bypass that passcode, even if law enforcement asks.

Google says it will also encrypt data by default in an upcoming Android update. The option has been there, but many people don’t know about it or bother to turn it on.

Apple, Google and other tech companies have been trying to depict themselves as trustworthy stewards of personal information following revelations that the National Security Agency has been snooping on emails and other communications as part of an effort to identify terrorists. Apple is also trying to reassure customers about its commitment to security and privacy after hackers broke into online accounts of celebrities who had personal photos stored on Apple’s iCloud service.

Beyond setting up passcodes, some phones have additional tools for hiding or securing sensitive photos and documents stored on the phone, particularly if you need to lend or show your phone to someone.

Here’s a closer look at some of those options:

APPLE’S IPHONES AND IPADS:

i phone image black on white www.intelagencies.com

In the latest software update for mobile devices, iOS 8, Apple offers an easier way to hide photos from your collection in the Photos app. Simply press down on the photo or the thumbnail of it and tap “Hide.”

However, the photo will still appear in individual albums, including a new one called “Hidden.” You can go there to unhide hidden photos.

So why bother? This feature is mainly useful when you want to let people glance through your entire collection of photos. That could be when you’re sitting with a friend in the same room or making a presentation before a large audience. You can hide embarrassing or incriminating photos – such as naked selfies – as long as you remain in control of the device. If you hand it to a friend and walk out, your friend can browse through the albums section.

SAMSUNG’S GALAXY DEVICES:

samsung-galaxy-alpha image white www.intelagencies.com

The Galaxy S5 phone introduced a private mode. You turn it on in the settings, under “Private Mode” in the Personalization section.

You then go through your phone to mark certain content as private. With photos, for instance, just go to the Gallery app and select the photos or albums you want to keep private. Then hit the menu icon for the option to “Move to Private.” This also works with selected video, music, audio recordings.

After you’ve marked your files as private, you need to go back to the settings to turn Private Mode off. Think of that setting as the door to a vault. Turning it on opens the door and lets you move stuff in and out. Turning it off closes and locks the door. It’s the opposite of what you might think: Private Mode needs to be off for your content to be secure.

Once locked, it is as though the content never existed. No one will know what’s inside the vault, or whether there’s even anything inside. To unlock the vault, you need your passcode or fingerprint ID.

The private-mode feature is also part of Samsung’s Galaxy Tab S tablets and the upcoming Galaxy Note phones.

 LG G 3

LGOptimusGPro_image www.intelagencies.com

LG’s flagship phone has a guest mode. You can lend a phone to a friend without giving your friend access to everything. You can even set a separate unlock code for the guest, so that you don’t have to give out yours.

Look for “Guest mode” in the settings under the General tab. You then specify which apps your guest can access. For instance, you might want to give access to the phone, alarm clock and music, but you might want to block email and texts.

In some cases, guests have limited access to your content. With the Gallery app, your collection of photos won’t generally appear unless they are in the “Guest album.” Guests can take photos, too, and have them appear there. On the other hand, if you enable access to the Photos app, your guest gets everything. Likewise, there are no restrictions with email or texts if you allow access to those apps.

I recommend logging in as a guest – with the alternative code – to verify what’s available after you pick the apps to allow.

Beyond the guest mode, the G3 lets you lock certain images in the Gallery app during normal use, similar to what the Galaxy devices offer.

– THE BIGGER PICTURE:

Digital Life A Closer Look Phone Privacy

These tips touch only the surface of what you can do to protect your privacy.

For instance, these apply only to data stored on the device. For files stored on Internet-based storage services such as iCloud and Dropbox, you’ll want to make sure you have a strong password and turn on a second layer of protection, often known as two-step verification. I covered that in a previous column, which can be found here: http://bit.ly/1paHdMw .

You’ll also want to pay attention to what data you’re sharing through apps.

With iOS, you can choose which apps can know your location and when, such as all the time or only when the app is actively running. Go to the “Location Services” settings under “Privacy.” Unfortunately, it tends to be all or nothing with Android. You can turn off location services, but that affects all apps, including maps and others that might need your location.

With both iOS and Android, you can choose to limit ad targeting based on your interests and surfing history.

For an explainer, read our column here: http://bit.ly/1qnBRNa .

Henry Sapiecha

flashing-bright-blue-line-300x5

Edward Snowden reveals tapping of major Australia-New Zealand undersea telecommunications cable

New Zealand Prime Minister John Key denied there had been mass surveillance image www.ispy-site.com

New Zealand Prime Minister John Key denied there had been mass surveillance.

A major undersea telecommunications cable that connects Australia and New Zealand to North America has been tapped to allow the United States National Security Agency and its espionage partners to comprehensively harvest Australian and New Zealand internet data.

Documents published by The Intercept website by former US intelligence contractor Edward Snowden show that New Zealand’s electronic spy agency, the Government Communications Security Bureau (GCSB), worked in 2012 and 2013 to implement a mass metadata surveillance system based on covert access to the Southern Cross undersea cable network.

Founded in 1997, Southern Cross owns and operates a Trans-Pacific submarine cable network connecting Australia, New Zealand, Fiji and Hawaii to the internet backbone on the west coast of the United States. The network was developed to service the rapid growth of Internet traffic across the Pacific. It is owned by Telecom New Zealand with a 50 per cent share, SingTel Optus (Australia’s second-largest telecommunications provider) with 40 per cent and Verizon Business with 10 per cent.

Edward Snowden accused New Zealand's Prime Minister of misleading the public image www.ispy-site.com

Edward Snowden accused New Zealand’s Prime Minister of misleading the public.

Top secret documents provided by Mr Snowden show that the GCSB, with ongoing cooperation from the US National Security Agency, implemented Phase I of a mass surveillance program code-named “Speargun” at some time in 2012 or early 2013.

ooo

“Speargun” involved the covert installation of “cable access” equipment connected to New Zealand’s main undersea cable link, the Southern Cross Cable, which carries internet traffic between Australia, New Zealand and North America.

Upon completion of the first stage, Speargun moved to Phase II, under which “metadata probes” were to be inserted into those cables. The leaked NSA documents note that the first such metadata probe was scheduled for installation in “mid-2013”. Surveillance probes of this sort are used by NSA and its “5-eyes” partners including the Australian Signals Directorate (ASD) to tap into high capacity fibre-optic communication cables, enabling them to extract vast flows of data including the dates, times, senders, and recipients of emails, phone calls, as well as the actual content of communications as required.

The latest disclosures from top secret documents leaked by Mr Snowden come in the context of the final stages of New Zealand’s election campaign where New Zealand Prime Minister John Key has been under pressure to explain the extent of GCSB’s surveillance activities. On Sunday Mr Key stridently attacked US journalist Glen Greenwald, who is the author of numerous articles based on Mr Snowden’s materials including Monday’s report published on The Intercept website.

Mr Snowden, in a post for The Intercept, also published on Monday, accused Prime Minster Key of misleading the New Zealand public about GCSB’s role in mass surveillance. “The Prime Minister’s claim to the public, that ‘there is no and there never has been any mass surveillance’, is false,” the former NSA analyst wrote. “The GCSB, whose operations he is responsible for, is directly involved in the untargetted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.”

Mr Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X-Keyscore'”. He further observed that “the GCSB provides mass surveillance data into X-KEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”

Mr Key responded quickly to the latest disclosures, claiming that “there is not, and never has been, mass surveillance of New Zealanders undertaken by the GCSB”.

The New Zealand Prime Minister said he would not discuss the X-Keyscore program, saying “we don’t discuss the specific programmes the GCSB may, or may not use”.

“But the GCSB does not collect mass metadata on New Zealanders, therefore it is clearly not contributing such data to anything or anyone,” Mr Key said.

Fairfax Media has previously reported on the Australian Signals Directorate’s involvement in the X-Keyscore program and the ASD’s cooperation with Singapore’s Ministry of Defence to tap submarine cables in South East Asia.

The Australian Signals Directorate has also acquired sophisticated technology designed to tap high-speed fibre optic data cables including those that connect Australia with Asia and North America.  The huge volume of intelligence now collected by the ASD data has required the construction of a new $163.5 million data storage facility at the HMAS Harman naval communications facility near Canberra.

The latest revelations from Mr Snowden’s trove of leaked intelligence documents are likely to fuel debate in Australia about the Commonwealth Government’s controversial proposals for compulsory retention of metadata by telecommunications and internet service providers for access without warrant by the Australian Security Intelligence Organisation and law enforcement agencies. Attorney-General George Brandis yesterday confirmed the Australian Government’s determination to introduce legislation to mandate the compulsory data retention “later in the year”.

Henry Sapiecha

NSW Police use hacking software to spy on computers and smartphones: WikiLeaks data

Martin Muench, managing director of Gamma International, poses for a photo in 2012 image www.ispysite.com

Martin Muench, managing director of Gamma International, poses for a photo in 2012.

NSW Police are using sophisticated hacking software to spy on smartphones and computers during criminal investigations, according to documents published by WikiLeaks on Monday.

FinFisher, also known as FinSpy, is surveillance software sold by German company Gamma International. The software is typically used by intelligence and policing agencies to break into computers and mobiles and can secretly log keystrokes and take screenshots.

It can also remotely capture Skype and instant messenger conversations and take control of computer microphones and web cameras to listen in.

The documents show NSW Police purchased approximately $2.5 million worth of licences for the software, starting in September 2011. They reveal the agency has held nine licences for FinSpy, FinFly, FinIntrusion, FinSpy Mobile and FinFireWire over the past three years.

NSW Police is named as the only Australian agency among many around the world to have spent a collective $72 million on the software.

NSW Police did not deny the spyware’s use.

“Given this technology relates to operational capabilility [sic], it’s not appropriate to comment,” a police spokesman said.

Under NSW law, police can apply for “covert” search warrants, which allow them to search a computer without its owner’s knowledge; this includes online accounts and the like. The warrants are obtained from a Supreme Court judge who is “eligible” to grant them.

In early March 2009, then NSW premier Nathan Rees unveiled a suite of new laws, one of which he said would allow police to gain “remote access” to computers for seven days at a time or up to a total of 28 days or longer in exceptional circumstances. The laws were passed later that month.

“This could including cracking codes and searching computers for evidence of child porn, drug running and money laundering,” Rees said then.

“FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world,” said Julian Assange, the Australian WikiLeaks editor in chief, who is holed up in the Ecuadorian embassy in Britain.

Julian Assange has criticised Germany for allowing FinFisher to exist.www.ispysite.com

“The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centres.”

ooo

The leaked documents published by WikiLeaks have come to light following the hacking of Gamma International in August, which exposed an estimated 40 gigabytes of internal data from the firm detailing the operations and effectiveness of the FinFisher suite of surveillance platforms.

Sydney software architect and IT security consultant Troy Hunt said it was no surprise that government agencies, including NSW Police, were making use of the spyware.

But he said its use raised a number of questions, such as whether police were obliged to remove the spyware after its use and whether due legal process was followed in installing it.

He said the software gave its users the ability to virtually look over the shoulders of any target. More often than not he said the software was able to be installed remotely by its users.

NSW Council for Civil Liberties spokesman Stephen Blanks said he was uncomfortable with the software’s use.

“The use of software like this to enable law-enforcement agencies to remotely access computer networks raises particular concerns and it is vital that there is sufficient information made available about the use of [the associated] warrants so that the public can be satisfied that they are not being abused.”

In one leaked document, WikiLeaks identifies a NSW Police user of the spyware emailing Gamma saying that warrants authorised the use of FinFisher. In the same ticket, the user asks Gamma if some new capabilities can be introduced to make its use conform to Australian standards.

In another email, a NSW Police user complains about access to an Apple Mac user’s computer.

“When a mac target is online, there is a configuration link which allows updating the configuration of the target and trojan,” the NSW Police user says in the ticket. “However when the target is offline, there isnt [sic] any configuration link. This only appears on a mac target … Should there be a configuration link on a mac target when it is offline?”

In another email, a NSW Police user complains about an update which broke the software.

“From our logs, there appears to have been an update early this morning which has broken the Agents [sic] access to the server. If at all possible, we require urgent assistance as we are waiting to conduct an install tonight,” the user says.

Last year a freedom of information request by an Australian citizen to the Australian Federal Police seeking information about whether it used FinFisher was rejected by the agency.

Henry Sapiecha

NSA’s Internet monitoring said to be legal

NSA Surveillance-Privacy Report

WASHINGTON (AP) — The first time the bipartisan Privacy and Civil Liberties Oversight Board dissected a National Security Agency surveillance program, it found fundamental flaws, arguing in a January report that the NSA’s collection of domestic calling records “lacked a viable legal foundation” and should be shut down.

But in its latest study, the five-member board takes the opposite view of a different set of NSA programs revealed last year by former NSA systems administrator Edward Snowden.

The new report, which the board was to vote on Wednesday, found that the NSA’s collection of Internet data within the United States passes constitutional muster and employs “reasonable” safeguards designed to protect the rights of Americans.

The board, whose members were appointed by President Barack Obama, largely endorsed a set of NSA surveillance programs that have provoked worldwide controversy since Snowden disclosed them. However, the board’s report said some aspects of the programs raise privacy concerns meriting new internal intelligence agency safeguards.

Under a provision of the 1978 Foreign Intelligence Surveillance Act known as Section 702, the NSA uses court orders and taps on fiber optic lines to target the data of foreigners living abroad when their emails, web chats, text messages and other communications traverse U.S. telecommunications systems.

Section 702, which was added to the act in 2008, includes the so-called PRISM program, under which the NSA collects foreign intelligence from Google, Facebook, Microsoft, Apple and nearly every other major American technology company.

U.S. intelligence officials and skeptical members of Congress have agreed that Section 702 has been responsible for disrupting a series of terrorist plots and achieving other insights.

The board said the programs have “led the government to identify previously unknown individuals who are involved in international terrorism, and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries.”

Because worldwide Internet communications are intermingled on fiber optic lines and in cyberspace, known as the cloud, the collection inevitably sweeps in the communications of Americans with no connection to terrorism or foreign intelligence. Activists have expressed concern that a secret intelligence agency is obtaining private American communications without individual warrants. Some have questioned how such a program could be legal under the Fourth Amendment to the Constitution.

The board, including a Democratic federal judge, two privacy experts and two former Republican Justice Department officials, found that the NSA monitoring was legal and reasonable and that the government takes steps to prevent misuse of Americans’ data. Those steps include “minimization” that leaves out the names of Americans from intelligence reports unless they are relevant.

“Overall, the board finds that the protections contained in the Section 702 minimization procedures are reasonably designed and implemented to ward against the exploitation of information acquired under the program for illegitimate purposes,” said the report. “The board has seen no trace of any such illegitimate activity associated with the program.”

That said, the board noted that the rules “potentially allow a great deal of private information about U.S. persons to be acquired by the government.”

The board was troubled by the “unknown and potentially large scope of the incidental collection of U.S. persons’ communications,” and collection of communications about a target, such as a foreign terrorist organization, that could capture two innocent Americans discussing the organization.

The report proposals some rule-tightening. For example, the board recommends that NSA and CIA analysts query Section 702 data using the names or email addresses of Americans “only if the query is based upon a statement of facts showing that it is reasonably likely to return foreign intelligence information.”

Section 702 has its roots in the Terrorist Surveillance Program, a collection program President George W. Bush ordered after the 9/11 attacks without seeking a change in the law. After administration lawyers deemed aspects of it illegal, and after so-called warrantless wiretapping was disclosed in news reports, Congress essentially legalized the program in 2008.

Obama, then a senator running for president, voted in favor of the bill.

Henry Sapiecha

THIS SITE IS UNDER CONSTRUCTION-WATCH THIS SPACE

Welcome to Acbo Call Centre

UnderConstruction

Henry Sapiecha

pi spy glass line-13