NSA

Spy Games: the NSA and GCHQ Offer Their Software to the Open Source Community

David Habusha — Thu, 07 Mar 2019 12:30:00 +0000

Spies worth their salt are generally expected to be good at keeping secrets. With dead drops, encryption, cyanide pills and the like, openly sharing useful information isn’t supposed to be a part of the job description.

So it caught more than a few of us off guard when a couple years ago, some of the top spy agencies began contributing code to GitHub, making it available to the masses by open-sourcing some of their software.

The National Security Agency, the American signals intelligence organization that is tasked with the majority of the cyber-snooping, has released two separate pages on GitHub. The first is the NSA's primary account on GitHub that has 17 listed repos, followed up by its more substantive “NSA Cybersecurity” page with its 31 repositories.

Even though the NSA appears to have been posting some of its software as open source since 2017, presumably a result in part of the effort from the US government to make more of the code produced by the USG available to the public, the agency made news in early January when it announced plans to release a new product to the Open Source community.

The software is called GHIDRA, and it has been described as a tool for reverse-engineering malware. According to reports, GHIDRA has been referenced in the past during the Vault7 document leaks and is available for use across all the major operating systems. Those who are curious for more information on this tool and how to use it can catch a glimpse at a demonstration that the NSA has committed to putting on at this year’s RSA conference.

However, with perhaps less fanfare, it would seem as though it was the Brits who first made the move to take some of their code open source. The British SigInt agency GCHQ released its first piece of open-source tooling with the Gaffer graph database back in 2015, beating the Americans by two years. At the time of writing, the good folks at Her Majesty’s cyber-snooping agency have 39 repositories on offer for all to try out, including one called the CyberChef, which is billed as the “Cyber Swiss Army Knife—a web app for encryption, encoding, compression, and data analysis”.

Go to Full Article

The Linux Journal NSA Reading List: Tails and Tor

Carlie Fairchild — Sun, 25 Mar 2018 19:33:50 +0000

by Carlie Fairchild

Tails is a live media Linux distro designed to boot into a highly secure desktop environment. Tor is a browser that prevents somebody watching your internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Learn why anonymity matters and how you can protect yourself by reading the following archived Linux Journal articles:

Tails above the Rest: the Installation by Kyle Rankin: how to get and validate the Tails distribution and install it. I will follow up with what Tails can and can't do to protect your privacy, and how to use Tails in a way that minimizes your risk. Then I will finish with some more advanced features of Tails, including the use of a persistent volume (with this feature, depending on your needs, you could conceivably use Tails as your main Linux distribution).

Tails above the Rest, Part II by Kyle Rankin: now that you have Tails installed, let's start using it. Read on to find out how to get started.

Tails above the Rest, Part III by Kyle Rankin: in the first two parts on this series, I gave an overview of Tails, including how to get the distribution securely, and once you have it, how to use some of the basic tools. Here, I cover some of the more advanced features of Tails, such as some of its log-in options, its suite of encryption tools and the persistent disk.

Tor Security for Android and Desktop Linux by Charles Fischer: the Tor Project presents an effective countermeasure against hostile and disingenuous carriers and ISPs that, on a properly rooted and capable Android device or Linux system, can force all network traffic through Tor encrypted entry points (guard nodes) with custom rules for iptables. This action renders all device network activity opaque to the upstream carrier—barring exceptional intervention, all efforts to track a user are afterwards futile.

A Bundle of Tor by Kyle Rankin: the best way to set up Tor on your personal machine.

Go to Full Article

Best of Hack and /

LJ Staff — Wed, 05 Apr 2017 11:40:59 +0000

by LJ Staff

Secure Server Deployments in Hostile Territory; Preseeding Full Disk Encryption; Own Your Own DNS; Learn How-to Secure Desktops with Qubes; What's New In 3D Printing

Secure Server Deployments in Hostile Territory
Would you change what you said on the phone, if you knew someone malicious was listening? Whether or not you view the NSA as malicious, I imagine that after reading the NSA coverage on Linux Journal, some of you found yourselves modifying your behavior. The same thing happened to me when I started deploying servers into a public cloud (EC2 in my case).

In this article, I discuss some of the techniques I use to secure servers when they are in hostile territory. Although some of these techniques are specific to EC2, most are adaptable to just about any environment.

Preseeding Full Disk Encryption
Usually I try to write articles that are not aimed at a particular distribution. Although I may give examples assuming a Debian-based distribution, whenever possible, I try to make my instructions applicable to everyone. This is not going to be one of those articles. Here, I document a process I went through recently with Debian preseeding (a method of automating a Debian install, like kickstart on Red Hat-based systems) that I found much more difficult than it needed to be, mostly because documentation was so sparse. In fact, I really found only two solid examples to work from in my research, one of which referred to the other.

Own Your Own DNS
I honestly think most people simply are unaware of how much personal data they leak on a daily basis as they use their computers. Even if they have some inkling along those lines, I still imagine many think of the data they leak only in terms of individual facts, such as their name or where they ate lunch. What many people don't realize is how revealing all of those individual, innocent facts are when they are combined, filtered and analyzed.

Go to Full Article

Dolphins in the NSA Dragnet

Kyle Rankin — Mon, 07 Jul 2014 16:26:38 +0000

by Kyle Rankin

There's an old quote from Jamie Zawinkski that goes: "Some people, when confronted with a problem, think ‘I know, I'll use regular expressions.’ Now they have two problems." Even people like me who like regular expressions laugh at the truth in that quote, because we've seen the consequences when someone doesn't think through the implications of a poorly written pattern. When some people write a bad pattern, they end up with extra lines in a log file. When the NSA does it, they capture and retain Internet traffic on untold numbers of innocent people.

As I mentioned in "NSA: Linux Journal is an ‘extremist forum’ and its readers get flagged for extra surveillance”, the NSA has been flagging certain Internet traffic as extremist based on specific patterns. Alongside patterns that match anyone who was searching for information about the Tor and Tails projects was the following pattern:

linuxjournal.com/content/linux*

While the general consensus seems to be that all of these patterns were overreaching, even if you think it's reasonable to label people who are curious about Tor or Tails as extremist, you would have a hard time lumping Linux Journal in the same category. A number of news outlets have speculated that the above pattern was intended to match the following URL:

http://linuxjournal.com/content/linux-distro-tales-you-can-never-be-too…

This link goes to a short blog post by Michael Reed in 2011 that provides a brief overview of Tails. The blog post wasn't even intended as a HOWTO, and it instead links to the official Tails Web site if you want more details on how to download or install the distribution. Although that article is innocent enough (I can only imagine what they must think of my more in-depth Tor and Tails HOWTOs we recently published), to catch that post they flagged 186 other posts along the way.

At the end of this article, I have posted the complete list of 187 posts on linuxjournal.com that match the pattern, but I figured I'd pick out a few articles to give you a sense of the depth and breadth of the content swept up in this dragnet, like this one:

"Linux Foundation Collaboration Summit - Austin, Texas - April 8th to 10th, 2008" published February 13, 2008 by Jon maddog Hall
http://www.linuxjournal.com/content/linux-foundation-collaboration-summ…

Go to Full Article

NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance

Kyle Rankin — Thu, 03 Jul 2014 16:51:46 +0000

by Kyle Rankin

A new story published on the German site Tagesschau and followed up by BoingBoing and DasErste.de has uncovered some shocking details about who the NSA targets for surveillance including visitors to Linux Journal itself.

While it has been revealed before that the NSA captures just about all Internet traffic for a short time, the Tagesschau story provides new details about how the NSA's XKEYSCORE program decides which traffic to keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails--software I've covered here in Linux Journal that helps to protect a user's anonymity and privacy on the Internet--are among the selectors that will flag you as "extremist" and targeted for further surveillance. If you just consider how many Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.

While that is troubling in itself, even more troubling to readers on this site is that linuxjournal.com has been flagged as a selector! DasErste.de has published the relevant XKEYSCORE source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on DasErste.de, the NSA considers Linux Journal an "extremist forum". This means that merely looking for any Linux content on Linux Journal, not just content about anonymizing software or encryption, is considered suspicious and means your Internet traffic may be stored indefinitely.

One of the biggest questions these new revelations raise is why. Up until this point, I would imagine most Linux Journal readers had considered the NSA revelations as troubling but figured the NSA would never be interested in them personally. Now we know that just visiting this site makes you a target. While we may never know for sure what it is about Linux Journal in particular, the Boing Boing article speculates that it might be to separate out people on the Internet who know how to be private from those who don't so it can capture communications from everyone with privacy know-how. If that's true, it seems to go much further to target anyone with Linux know-how.

Go to Full Article