¿Qué tenía el trabajo universitario que provocó una alerta de seguridad porque equivalía a “exportar armas nucleares a un gobierno hostil”? – El Mostrador

¿Por qué una agencia de espías de Estados Unidos no quería que los universitarios discutieran su trabajo en público? El caso es que no lograron acallarlos y, gracias a ello, tenemos la web.

Fuente: ¿Qué tenía el trabajo universitario que provocó una alerta de seguridad porque equivalía a “exportar armas nucleares a un gobierno hostil”? – El Mostrador


Encriptación punto-a-punto: de la oscuridad al mainstream | Manzana Mecánica

Encriptación punto-a-punto: de la oscuridad al mainstream | Manzana Mecánica.

Lunes 5 Ene 2015

Carlos Castillo

En pocos días he llegado a un punto de saturación respecto a leer predicciones para el 2015. Muchas de las predicciones son, fundamentalmente, cosas que ya están sucediendo y que al autor de la predicción le gustaría que continuaran sucediendo. Eso no tiene nada de malo, pero no estaría mal llamar a las cosas por su nombre.

En ese espíritu, creo que hay algo muy importante que sucedió a fines del 2014 y que estaría muy bien que continuara sucediendo el 2015. Me refiero a la transición que están experimentando las tecnologías de nube con conocimiento cero, en particular la encriptación punto-a-punto.

Conocimiento cero = bueno

Almacenar cosas en la “nube” es valioso por varios motivos. Primero, poder acceder a tus propios archivos desde cualquier dispositivo (móvil, tabletlaptop, etc.) es muy conveniente. Segundo, un efecto secundario positivo es que tienes un respaldo de estos archivos. Tercero, es más fácil compartir un archivo con otra persona si tu archivo ya está en la “nube”.

Para muchas personas, resulta obvio que si, por ejemplo, subes algunas fotos a un sistema de almacenamiento, entonces tus fotos quedan a disposición de la gente que opera esa nube. La gente que trabaja para esa empresa puede ver tus fotos, y si los hackean a ellos, o si adivinan tu clave sin necesidad de tener acceso a tu dispositivo, entonces tus fotos pueden acabar en cientos de sitios en Internet.

Para un cliente corporativo, el problema de almacenar secretos de negocio en la nube es mucho más serio, sobre todo si se trata de un negocio del sector tecnológico (posible competidor del proveedor de nube) o que compite con alguna empresa estadounidense, como le sucedió a Petrobras.

Un proveedor de almacenamiento remoto no necesita tener acceso al contenido de tus archivos para poder almacenarlos.

Resulta obvio para casi todo el mundo que esta desventaja es una consecuencia inevitable de subir un archivo a Internet, pero no tiene por qué ser así. Desde hace décadas que existe tecnología para encriptar un archivo antes de subirlo, y decriptarlo después de bajarlo. En otras palabras, para que, sin necesidad de que tú tengas que hace nada ni siquiera preocuparte de lo que está sucediendo, un sistema de almacenamiento pueda funcionar con conocimiento cero.

En algunos casos, el proveedor de almacenamiento ofrece esta característica como una de sus cualidades principales, como es el caso de SpiderOak. En otros casos (e.g. Dropbox), es el mismo usuario el que debe configurar su computador para que utilice cero-conocimiento, como explicamos en un artículo anterior.


Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco

Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco.

BY RYAN GALLAGHER 

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.

Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear.

Now, in partnership with Dutch and Belgian newspapers NRC Handelsbladand De StandaardThe Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation.

Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom’s networks,The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.


Gato espía rondaba casas vecinas para conseguir WiFi gratis – BioBioChile

Gato espía rondaba casas vecinas para conseguir WiFi gratis – BioBioChile.


Coco y el collar scanner | Gene Bransfield

Coco y el collar scanner | Gene Bransfield

Publicado por Eduardo Woo
Un hombre experto en informática equipó a su gato para espiar y hackear redes inalámbricas WiFi dentro de su barrio, en Washington, DC.

Se trata de Gene Bransfield, quien puso a ‘Coco’ -como se llama el felino siamés- un collar que contenía una placa base Spark Core, un chip GPS, una tarjeta WiFi y una batería recargable, denominada “WarKitteh”.

Los elementos con que funciona el collar | Gene Bransfield

Los elementos con que funciona el collar | Gene Bransfield

El aparato sirve como scanner, el que gracias a las andanzas de ‘Coco’ permitía descubrir y geolocalizar lugares con redes WiFi sin protección, o con seguridad débil, basadas en WEP, una encriptación con más de 10 años que es fácilmente manipulable por terceros.

La revista de tecnología Wired explica que Bransfield realizó el experimento con la intención de llamar la atención ante lo vulnerables que son algunas personas con sus señales de internet.

“Mi intención no era mostrarle a la gente dónde pueden conseguir WiFi. Sólo le puse tecnología al gato y le dejé dar vueltas porque la idea me divertía”, afirmó, agregando que el resultado fue sorprendente ya que encontró muchos puntos abiertos.


I, spy: Edward Snowden in exile | World | The Guardian

I, spy: Edward Snowden in exile | World | The Guardian.

Fiction and films, the nearest most of us knowingly get to the world of espionage, give us a series of reliable stereotypes. British spies are hard-bitten, libidinous he-men. Russian agents are thickset, low-browed and facially scarred. And defectors end up as tragic old soaks in Moscow, scanning old copies of the Times for news of the Test match.

Such a fate was anticipated for Edward Snowden by Michael Hayden, a former NSA and CIA chief, who predicted last September that the former NSA analyst would be stranded in Moscow for the rest of his days – “isolated, bored, lonely, depressed… and alcoholic”.

But the Edward Snowden who materialises in our hotel room shortly after noon on the appointed day seems none of those things. A year into his exile in Moscow, he feels less, not more, isolated. If he is depressed, he doesn’t show it. And, at the end of seven hours of conversation, he refuses a beer. “I actually don’t drink.” He smiles when repeating Hayden’s jibe. “I was like, wow, their intelligence is worse than I thought.”

Oliver Stone, who is working on a film about the man now standing in room 615 of the Golden Apple hotel on Moscow’s Malaya Dmitrovka, might struggle to make his subject live up to the canon of great movie spies. The American director has visited Snowden in Moscow, and wants to portray him as an out-and-out hero, but he is an unconventional one: quiet, disciplined, unshowy, almost academic in his speech. If Snowden has vices – and God knows they must have been looking for them – none has emerged in the 13 months since he slipped away from his life as a contracted NSA analyst in Hawaii, intent on sharing the biggest cache of top-secret material the world has ever seen.

Since arriving in Moscow, Snowden has been keeping late and solitary hours – effectively living on US time, tapping away on one of his three computers (three to be safe; he uses encrypted chat, too). If anything, he appears more connected and outgoing than he could be in his former life as an agent. Of his life now, he says, “There’s actually not that much difference. You know, I think there are guys who are just hoping to see me sad. And they’re going to continue to be disappointed.”

When the Guardian first spoke to Snowden a year ago in Hong Kong, he had been dishevelled, his hair uncombed, wearing jeans and a T-shirt. The 31-year-old who materialised last week was smartly, if anonymously, dressed in black trousers and grey jacket, his hair tidily cut. He is jockey-light – even skinnier than a year ago. And he looks pale: “Probably three steps from death,” he jokes. “I mean, I don’t eat a whole lot. I keep a weird schedule. I used to be very active, but just in the recent period I’ve had too much work to focus on.”

 Edward Snowden – video interview

There was no advance warning of where we would meet: his only US television interview, with NBC’s Brian Williams in May, was conducted in an anonymous hotel room of Snowden’s choosing. This time, he prefers to come to us. On his arrival, there is a warm handshake for Guardian reporter Ewen MacAskill, whom he last saw in Hong Kong – a Sunday night after a week of intense work in a frowsty hotel room, a few hours before the video revealing his identity to the world went public. Neither man knew if they would ever meet again.

Snowden orders chicken curry from room service and, as he forks it down, is immediately into the finer points of the story that yanked him from a life of undercover anonymity to global fame. The Snowden-as-alcoholic jibe is not the only moment when he reflects wryly on his former colleagues’ patchy ability to get on top of events over the past year. There was, for instance, the incident last July when a plane carrying President Evo Morales back to Bolivia from Moscow was forced down in Vienna and searched for a stowaway Snowden. “I was like, first off, wow, their intelligence sucks, from listening to everything. But, two, are they really going to the point of just completely humiliating the president of a Latin American nation, the representative of so many people? It was just shockingly poorly thought out, and yet they did it anyway, and they keep at these sort of mistakes.” It was as if they were trying not to find him. “I almost felt like I had some sort of friend in government.”


Privacy under attack: the NSA files revealed new threats to democracy | Technology | The Guardian

Privacy under attack: the NSA files revealed new threats to democracy | Technology | The Guardian.

Thanks to Edward Snowden, we know the apparatus of repression has been covertly attached to the democratic state. However, our struggle to retain privacy is far from hopeless

US National Security Agency
The US National Security Agency threat operations centre in Fort Meade, Maryland, in 2006. Photograph: Paul Richards/AFP/Getty Images

In the third chapter of his History of the Decline and Fall of the Roman Empire, Edward Gibbon gave two reasons why the slavery into which the Romans had tumbled under Augustus and his successors left them more wretched than any previous human slavery. In the first place, Gibbon said, the Romans had carried with them into slavery the culture of a free people: their language and their conception of themselves as human beings presupposed freedom. And thus, says Gibbon, for a long time the Romans preserved the sentiments – or at least the ideas – of a freeborn people. In the second place, the empire of the Romans filled all the world, and when that empire fell into the hands of a single person, the world was a safe and dreary prison for his enemies. As Gibbon wrote, to resist was fatal, and it was impossible to fly.

The power of that Roman empire rested in its leaders’ control of communications. The Mediterranean was their lake. Across their European empire, from Scotland to Syria, they pushed roads that 15 centuries later were still primary arteries of European transportation. Down those roads the emperor marched his armies. Up those roads he gathered his intelligence. The emperors invented the posts to move couriers and messages at the fastest possible speed.

Using that infrastructure, with respect to everything that involved the administration of power, the emperor made himself the best-informed person in the history of the world.

That power eradicated human freedom. “Remember,” said Cicero to Marcellus in exile, “wherever you are, you are equally within the power of the conqueror.”

The empire of the United States after the second world war also depended upon control of communications. This was more evident when, a mere 20 years later, the United States was locked in a confrontation of nuclear annihilation with the Soviet Union. In a war of submarines hidden in the dark below the continents, capable of eradicating human civilisation in less than an hour, the rule of engagement was “launch on warning”. Thus the United States valued control of communications as highly as the Emperor Augustus. Its listeners too aspired to know everything.

We all know that the United States has for decades spent as much on its military might as all other powers in the world combined. Americans are now realising what it means that we applied to the stealing of signals and the breaking of codes a similar proportion of our resources in relation to the rest of the world.

The US system of listening comprises a military command controlling a large civilian workforce. That structure presupposes the foreign intelligence nature of listening activities. Military control was a symbol and guarantee of the nature of the activity being pursued. Wide-scale domestic surveillance under military command would have violated the fundamental principle of civilian control.

Instead what it had was a foreign intelligence service responsible to the president as military commander-in-chief. The chain of military command absolutely ensured respect for the fundamental principle “no listening here”. The boundary between home and away distinguished the permissible from the unconstitutional.

The distinction between home and away was at least technically credible, given the reality of 20th-century communications media, which were hierarchically organised and very often state-controlled.

When the US government chose to listen to other governments abroad – to their militaries, to their diplomatic communications, to their policymakers where possible – they were listening in a world of defined targets. The basic principle was: hack, tap, steal. We listened, we hacked in, we traded, we stole.

In the beginning we listened to militaries and their governments. Later we monitored the flow of international trade as far as it engaged American national security interests.


Blackphone: el smartphone que quiere ser la pesadilla de los espías – BioBioChile

Blackphone: el smartphone que quiere ser la pesadilla de los espías – BioBioChile.


Visitas
Blackphone | Silent Circle

Blackphone | Silent Circle

Publicado por Denisse Charpentier | La Información es de Agencia AFP
Es negro, se parece a un teléfono inteligente cualquiera, pero el Blackphone tiene una cosa más: sus creadores prometen a sus propietarios que tendrán comunicaciones seguras, al amparo de los “grandes oídos” gubernamentales o de los piratas informáticos.

En pleno debate sobre la extensión de la vigilancia de los servicios de inteligencia estadounidenses, el lanzamiento del Blackphone, concebido por la firma estadounidense Silent Circle y la española Geeksphone, no se habría beneficiado de una mejor publicidad.

Pero el jefe de Silent Circle, Mike Janke, dice no haber buscado esa oportuna publicidad. Su empresa, explicó a la AFP, trabajaba sobre ese aparato desde mucho antes que el exconsultor de la agencia de inteligencia NSA Edward Snowden comenzará a divulgar documentos secretos acerca del espionaje estadounidense.

“Hicimos esto porque el problema de las comunicaciones seguras no estaba regulado”, señaló este exmiembro del cuerpo de élite de la marina estadounidense Navy Seal, quien se unió a compañeros de armas y expertos en criptografía de Silicon Valley para crear la empresa Silent Circle.

“Ofrecemos a los usuarios la posibilidad de comunicarse de manera encriptada a través de videos, textos o de llamadas orales sobre redes compatibles IP”, destacó Janke.

Su empresa no se estrena con el Blackphone. En el pasado colaboró con multinacionales y hasta con el gobierno de Tíbet en el exilio.

Las habilidades de Silent Circle han que hecho que “casi todos los grandes fabricantes de smartphones se volviesen hacia nosotros” para trabajar en un aparato seguro.


Qué pasa si las autoridades le confiscan su computadora – El Mostrador

Qué pasa si las autoridades le confiscan su computadora – El Mostrador.

Si las autoridades estadounidenses lo desean, pueden confiscar su ordenador cuando usted ingrese dentro de los límites del país, para buscar allí evidencia de actividad delictiva, vínculos con servicios de inteligencia en el extranjero o conexiones extremistas.

seguridadbbc2

Un juez federal en Nueva York dictaminó que las autoridades estadounidenses pueden incautar la computadora portátil de un viajero cuando cruza la frontera, sin tener un motivo legal, sin que se sospeche que la persona haya cometido algún delito y sin dar ninguna clase de explicación. ¿Qué pasa si confiscan la suya?

El año pasado, los medios dedicaron gran parte de su cobertura a historias sobre la Agencia de Seguridad Nacional (NSA, por sus siglas en inglés) de Estados Unidos y sus operaciones de vigilancia, y los riesgos de estas actividades para la privacidad de los usuarios en internet.

La publicación de documentos obtenidos por el exanalista de la NSA Edward Snowden arrojó nueva luz sobre el programa global de espionaje electrónico.

Sin embargo, las autoridades pueden averiguar información sobre usted de una forma más tradicional: confiscando sus posesiones en la frontera.


Exclusive: Secret contract tied NSA and security industry pioneer | Reuters

Exclusive: Secret contract tied NSA and security industry pioneer | Reuters.

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah, December 16, 2013. Jim Urquhart/REUTERS

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah, December 16, 2013. Jim Urquhart/

CREDIT: REUTERS

(Reuters) – As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

 

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.


$10m NSA contract with security firm RSA led to encryption 'back door' | World news | theguardian.com

$10m NSA contract with security firm RSA led to encryption ‘back door’ | World news | theguardian.com.

• Flawed formula enabled agency to crack into products

• RSC and NSA decline to comment

  • theguardian.com
RSA
An RSA SecurID dongle used for internet VPN tunnelling. Photograph: Chris Helgren/Reuters

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the National Security Agency arranged a secret $10m contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by the former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers, to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10m in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.


Lavabit founder refused FBI order to hand over email encryption keys | World news | theguardian.com

Lavabit founder refused FBI order to hand over email encryption keys | World news | theguardian.com.

Unsealed documents show Ladar Levison, now subject of government gag order, refused requests to ‘defeat its own system’

 in New York

Lavabit, the encrypted email service

Court ordered Levison to be fined $5,000 a day beginning 6 August until he handed over electronic copies of the keys. Photo: Demotix/Alex Milan Tracy/Corbis

The email service used by whistleblower Edward Snowden refused FBIrequests to “defeat its own system,” according to newly unsealed court documents.

The founder of Lavabit, Ladar Levison, repeatedly pushed back against demands by the authorities to hand over the encryption keys to his system, frustrating federal investigators who were trying to track Snowden’s communications, the documents show.

Snowden called a press conference on 12 July at Moscow’s international airport, using a Lavabit address. The court documents show the FBI was already targeting the secure email service before the invite was sent.

Levison is now subject to a government gag order and has appealed against the search warrants and subpoenas demanding access to his service. He closed Lavabit in August saying he did not want to be “complicit in crimes against the American people”.


No, Apple hasn't said it will share an iPhone 5s 'fingerprint database' with the NSA | Technology | theguardian.com

No, Apple hasn’t said it will share an iPhone 5s ‘fingerprint database’ with the NSA | Technology | theguardian.com.

Just because a right-wing ‘satire’ site writes something about the iPhone 5s, that doesn’t make it true: and the characters in quotes saying Apple will share data are made up

 

 

John Lennon fingerprint card

The FBI already keeps a fingerprint database; these were John Lennon’s on his application for permanent US residence. Photograph: Henry S Dziekan III/Getty Images

 

The latest “oh, this must be true because we read it somewhere” is that “Apple is going to share its fingerprint database collected by the iPhone 5s with the National Security Agency”. Reality check: the article claiming this comes from a right-wing “satire” site. Why are people confused? Because the satire’s badly executed.

A lot of people read it but didn’t realise that the satire site was a satire site. (I’ve had at least one email pointing excitedly to it, and not ironically.) This isn’t surprising, because the thing about satire is that you either have to lay it on with a trowel, or get so close to the bone (eg The Thick Of It) that it’s indistinguishable from painful reality. It’s easy to do badly. And the site in question, National Report, does it really badly. It’s like Fox News, but with the jokes and facts taken out.

Even so, you’d hope people who read such “stories” might think a bit. Or that they might even look at other headlines on the site, and wonder if a site which has a story headlined “Apple iPhone 5s Fingerprint Data To Be Shared With NSA” but also has one headlined “Packers Embarrassing Loss to Bengals Linked To Green Bay Bridge Collapse” and “Taurus Firearms Company Introduces The New Trayvon PK-10 or ‘Perp-Killer’” is entirely serious. (It isn’t actually funny, especially the latter headline; if you’re easily offended, don’t read the story that goes with it. But that’s another matter.)

Let’s recap what we do know about the iPhone 5s‘s fingerprint system.


Silent Circle claims major companies not declaring data breaches | Technology | theguardian.com

Silent Circle claims major companies not declaring data breaches | Technology | theguardian.com.

The company which shut its secure email over privacy concerns says corporate customers have admitted regular data breaches

generic keyboard pic/email key
Secure communications providers Silent Circle claim corporate customers have admitted regular data breaches

Major companies are failing to disclose data security breaches, a secure communications company has claimed.

The co-founder of Silent Circle, which closed its secure email service over concerns that it could not guarantee users’ privacy from government-mandated surveillance, claimed that corporate users have admitted data breaches that have not been disclosed to shareholders.

“We’re like digital priests,” said Mike Janke, chief executive of the service. “Everybody calls us, or comes to our office, and tells us just every dirty thing that’s going on.

“I sat and spoke with the chief information officer of a Fortune 500 company, and he’s telling me that they’re not reporting 80% of their data breaches. And I’m going, ‘there’s a law against that’.

“Customers of ours disclose that they’re being breached, weekly, and they don’t disclose it to shareholders.”


The NSA's next move: silencing university professors? | Jay Rosen | Comment is free | theguardian.com

The NSA’s next move: silencing university professors? | Jay Rosen | Comment is free | theguardian.com.

A Johns Hopkins computer science professor blogs on the NSA and is asked to take it down. I fear for academic freedom

 

 

 

A computer user is silhouetted with a row of computer monitors at an internet cafe in China

On 9 September, Johns Hopkins University asked one of its professors to take down a blog post on the NSA. Photograph: AP

 

This actually happened yesterday:

A professor in the computer science department at Johns Hopkins, a leading American university, had written a post on his blog, hosted on the university’s servers, focused on his area of expertise, which is cryptography. The post was highly critical of the government, specifically the National Security Agency, whose reckless behavior in attacking online security astonished him.

Professor Matthew Green wrote on 5 September:

I was totally unprepared for today’s bombshell revelations describing the NSA’s efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine.

The post was widely circulated online because it is about the sense of betrayal within a community of technical people who had often collaborated with the government. (I linked to it myself.)

On Monday, he gets a note from the acting dean of the engineering school asking him to take the post down and stop using the NSA logo as clip art in his posts. The email also informs him that if he resists he will need a lawyer. The professor runs two versions of the same site: one hosted on the university’s servers, one on Google’s blogger.com service. He tells the dean that he will take down the site mirrored on the university’s system but not the one on blogger.com. He also removes the NSA logo from the post.


US and UK spy agencies defeat privacy and security on the internet | World news | The Guardian

US and UK spy agencies defeat privacy and security on the internet | World news | The Guardian.

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs ‘undermine the fabric of the internet’

Computer screen data

Through covert partnerships with tech companies, the spy agencies have inserted secret vulnerabilities into encryption software. Photograph: Kacper Pempel/Reuters

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees thatinternet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.


Email service used by Snowden shuts itself down, warns against using US-based companies

http://www.theguardian.com/commentisfree/2013/aug/09/lavabit-shutdown-snowden-silicon-valley

Edward Snowden: ‘Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way’

Lavabit

The front page of Lavabit announces to its users its decision to shut down rather than comply with ongoing US surveillance orders Photo: Lavabit

A Texas-based encrypted email service recently revealed to be used by Edward Snowden – Lavabit – announced yesterday it was shutting itself down in order to avoid complying with what it perceives as unjust secret US court orders to provide government access to its users’ content. “After significant soul searching, I have decided to suspend operations,” the company’s founder, Ladar Levinson, wrote in a statement to users posted on the front page of its website. He said the US directive forced on his company “a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” He chose the latter.

CNET’s Declan McCullagh smartly speculates that Lavabit was served “with [a] federal court order to intercept users’ (Snowden?) passwords” to allow ongoing monitoring of emails; specifically: “the order can also be to install FedGov-created malware.” After challenging the order in district court and losing – all in a secret court proceeding, naturally – Lavabit shut itself down to avoid compliance while it appeals to the Fourth Circuit.


Lavabit privacy row: second email service closes 'to prevent spying'

http://www.theguardian.com/technology/2013/aug/09/lavabit-email-edward-snowden-shuts-down

Withdrawal comes after apparent pressure on Lavabit to allow US government access to encrypted messages on its servers

Lavabit Encrypted Email Service

Lavabit was apparently under pressure to grant US government access to its encrypted servers. Photograph: Alex Milan Tracy/NurPhoto/Corbis

Two American companies which provided encrypted email services – one to the NSA fugitive Edward Snowden – have abruptly shut down the service, apparently following US government pressure to let it read users’ messages.

Lavabit, which is believed to have been used by Snowden and which claimed to have 350,000 customers, closed after apparently rejecting a US government court order to cooperate in surveillance on its customers by allowing some form of access to the encrypted messages on its servers.

Its founder Ladar Levison wrote on the company’s website: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.”


El miedo al ‘caso Snowden’ atenaza a las empresas de correo electrónico seguro

 

http://tecnologia.elpais.com/tecnologia/2013/08/09/actualidad/1376034844_279355.html

Dos servicios de mensajería cifrados cierran en menos de 24 horas

La carta publicada en lugar de la página de Lavabit.

Dos empresas que ofrecen a sus clientes servicios cifrados de correo electrónico —que permiten la transferencia de información de forma segura —han dejado de operar voluntariamente en menos de 24 horas. El motivo ofrecido a los clientes es el mismo: el miedo a que la onda expansiva de las filtraciones de Edward Snowden las alcance de lleno.