« First...102030...1,9581,9591,9601,9611,962...1,9701,9801,990...Last »

Edward Snowden says he wishes he had leaked NSA documents sooner

Posted on by

LOS ANGELES, Feb. 23 (UPI) -- NSA whistleblower Edward Snowden says he wishes he had come forward sooner with documents exposing the agency's surveillance program.

In a Reddit ask-me-anything interview Monday, Snowden said that's the one thing he would do differently in 2013 when he revealed NSA practices.

"I would have come forward sooner," he said.

"Had I come forward a little sooner, these programs would have been a little less entrenched, and those abusing them would have felt a little less familiar with and accustomed to the exercise of those powers. This is something we see in almost every sector of government, not just in the national security space, but it's very important: Once you grant the government some new power or authority, it becomes exponentially more difficult to roll it back," he said.

"Don't let it happen in your country."

Snowden participated in the question-and-answer session with Laura Poitras, a journalist and director of CITIZENFOUR -- Sunday's Oscar winner for best documentary -- and Glenn Greenwald, a journalist who co-founded The Intercept with Poitras and journalist Jeremy Scahill.

At Sunday night's Academy Awards ceremony host Neil Patrick Harris made a dig at Snowden, using the pun "for some treason."

Snowden said he wasn't bothered by Harris' comment.

"To be honest, I laughed at NPH," he said. "I don't think it was meant as a political statement, but even if it was, that's not so bad. My perspective is if you're not willing to be called a few names to help out your country, you don't care enough."

Snowden then quoted 18th century politician Patrick Henry: "If this be treason, then let us make the most of it."

View post:
Edward Snowden says he wishes he had leaked NSA documents sooner

Snowden appears with Poitras by video link ahead of Oscars

Posted on by

NEW YORK (AP) - Edward Snowden, Citizenfour director Laura Poitras and journalist Glenn Greenwald had a kind of reunion Thursday, their first time together publicly since clandestinely meeting in a Hong Kong hotel in 2013.

Snowden appeared on video link from Russia, joining Poitras and Greenwald for a talk conducted by New York Times media columnist David Carr. The conversation was held in the newpapers New York headquarters shortly before Carr collapsed and died. They spoke about the Oscar-nominated documentary, which chronicles Snowdens leak of National Security Agency documents.

Snowden said he initially refused Poitras wish to film their encounter but she eventually convinced him. He called the documentary incredible, but regretted his presence in the film, comparing his analytical instruction to Dustin Hoffman in Rain Man.

Snowden figures to be a conspicuous absence from the Academy Awards on Feb. 22, at which Citizenfour is the favorite to win the documentary Oscar. He said living in Moscow hes busier than he ever was as a National Security Agency employee, but life is more rewarding as he continues to speak out about governmental surveillance.

Snowden said he remains confused why the U.S. revoked his passport midway in his initial flight from Hong Kong. He said his destination was Latin America, and claimed it would have been easier for the U.S. to extradite him from there than from Russia, which has granted him asylum.

He said he has no regrets, even if some label him a traitor.

If youre not willing to be called some bad names to serve your country, you really dont care that much about your country, said Snowden. So bring the names on.

The rest is here:
Snowden appears with Poitras by video link ahead of Oscars

Gemalto says NSA SIM card hack might not be so bad after all

Posted on by

Nate Swanner

Late last week, Edward Snowden revealed another bombshell. In his ongoing quest to reveal the scope of NSA spying, he announced the NSA and GCHQ (NSAs UK counterpart) hacked a major SIM card provider, Gemalto, in an attempt to get the keys to your phone. In hacking your phone via the SIM, the NSA and GCHQ would be able to bypass the carriers, and keep a watchful eye on you with no one being the wiser. In response to the report, Gemalto is now saying it might not be a problem at all.

In a blog post on the alleged hack, Gemalto says theyre still knee-deep in checking it out, but at first glance, its a non-issue:

Gemalto, the world leader in digital security, is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn't expect to endure a significant financial prejudice.

If youre not satisfied with that, Gemalto says theyll release a full report on their findings thisWednesday.

The alleged hack took place in 2011, so its entirely possible many affected SIM cards have been cycled out of circulation by now. On the other hand, thats the only hack we were told about. Its equally possible the NSA and GCHQ were executing the same type of hack after 2011.

Source: Gemalto Via: The Next Web

See the original post here:
Gemalto says NSA SIM card hack might not be so bad after all

NSA Spying Wins Another Rubber Stamp

Posted on by

schwit1 sends this report from the National Journal: A federal court has again renewed an order allowing the National Security Agency to continue its bulk collection of Americans' phone records, a decision that comes more than a year after President Obama pledged to end the controversial program. The Foreign Intelligence Surveillance Court approved this week a government request to keep the NSA's mass surveillance of U.S. phone metadata operating until June 1, coinciding with when the legal authority for the program is set to expire in Congress. The extension is the fifth of its kind since Obama said he would effectively end the Snowden-exposed program as it currently exists during a major policy speech in January 2014. Obama and senior administration officials have repeatedly insisted that they will not act alone to end the program without Congress.

See original here:
NSA Spying Wins Another Rubber Stamp

Google relaxes mandatory encryption requirement for Android Lollipop devices

Posted on by

Google has quietly backed away from a pledge that new Android devices running Lollipop would have full-disk encryption enabled by default.

According to an Ars Technica report, multiple devices are shipping without the encryption enabled by default, like the new Moto E. A subtle change has been introduced to Android's documentedencryption requirements, stating that it's "very strongly recommended, as we expect this to change to must in the future versions of Android." (See section 9.9 of the linked PDF.)

This indicates that Google still intends to make device encryption a requirement at some point, but there is some kind of engineering issue that makes the company feel it can't force all its hardware partners to get on board.

Testing from AnandTech in November showed that encryption devastated the Nexus 6's storage performance, with encrypted devices being anywhere from 50.5 to 80.7 percent slower than an unencrypted Nexus 6, depending on what was being measured. That sort of performance drop-off may have spurred Google's softened stance on device encryption, at least for now.

We'll keep an eye on all the new phones coming out of Mobile World Congress and elsewhere this year to see how this plays out.

Why this matters: Device encryption is an important security matter, especially in the post-Snowden era, and it's disappointing to see Google backtrack on this. At the very least the Android documentation indicates the company is still committed to making this happen, as full-disk encryption protects your data from unauthorized entry by hacking or other government agencies. It also makes it unreadable when it's time to sell off your phone for the latest and greatest device.

Derek Walter is a freelance technology writer based in Northern California. He is the author of Learning MIT App Inventor, a hands-on guide to building your own Android apps. More by Derek Walter

Your message has been sent.

There was an error emailing this page.

Read more from the original source:
Google relaxes mandatory encryption requirement for Android Lollipop devices

Google confirms poor performance is to blame for reneged Android Lollipop encryption pledge

Posted on by

It turns out there was something to the report thathardware performance was to blame for Google backing off its encryption requirement for new Lollipop devices.

Google issued a statement to Engadget, confirming that many phones wont come with encryption turned on, a reversal of the companys original plans:

In September, we announced that all new Android Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. That said, our new Nexus devices are encrypted by default and Android users (Jelly Bean and above) have the option to encrypt the data on their devices in Settings -> Security - >Encryption. We remain firmly committed to encryption because it helps keep users safe and secure on the web.

Such problems started showing up as early as November, when a test showed flipping on encryption tanked Nexus 6 storage performance. This issue has clearly hit enough Android devices to compel Google to back off from its original plan to require encryption in all new phones running Lollipop.

Fortunately, you can turn this security feature on yourself by following our encryption guide.

Why this matters:Encryption-by-default is long overdue for Android devices. When its upgrade time, youre likely to sell off or trade in your phone, meaning someone else will be using your old device. If your data isnt encrypted, someone with nefarious motives could possibly gain access to your old stuff.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Derek Walter is a freelance technology writer based in Northern California. He is the author of Learning MIT App Inventor, a hands-on guide to building your own Android apps. More by Derek Walter

Your message has been sent.

There was an error emailing this page.

Continue reading here:
Google confirms poor performance is to blame for reneged Android Lollipop encryption pledge

Gemalto: Spy Agencies ‘Probably’ Hacked Us, But Encryption Keys Secure

Posted on by

The NSA and GCHQ probably hacked SIM card maker Gemalto, but didn't nab any encryption keys, the firm said.

SIM card maker Gemalto today said it believes the NSA and GCHQ did indeed breach its systems, but the firm found that the agencies were unable to swipe any encryption keys.

The news comes after a recent report, based on documents leaked by Edward Snowden, said that the NSA and its U.K. counterpart hacked Gemalto in order to steal encryption keys and spy on wireless communications.

A multinational chipmaker based in The Netherlands, Gemalto supplies SIM cards used by all four of the top U.S. carriers and 450 wireless network providers around the world. Access by intelligence agencies, therefore, would allow the monitoring of mobile communications without approval, warrant, or wiretap.

Gemalto's subsequent investigation found that the agencies' "intrusions only affected the outer parts of our networksour office networks," Gemalto said. SIM encryption keys and customer data is stored on other networks.

The Dutch tech giant said its networks are frequently under attack, but that very few efforts actually succeed. Two sophisticated attacks in 2010 and 2011, however, caught Gemalto's eye and "could be related" to the reported NSA and GCHQ breaches.

One of those attacks focused on suspicious activity on one of its French sites, while another involved fake emails sent to mobile operator customers. At the same time, Gemalto detected numerous attempts to access the employees' PCs.

Though unable to identify the intruders at the time, the company now believes the NSA and GCHQ were behind the breaches. "An operation by NSA and GCHQ probably happened," it said.

"It is important to understand that our network architecture is designed like a cross between an onion and an orange," the report said. "It has multiple layers and segments which help to cluster and isolate data."

The breach was allegedly detailed in a "secret" 2010 GCHQ document, but was only just made public via the Snowden data dump.

The rest is here:
Gemalto: Spy Agencies 'Probably' Hacked Us, But Encryption Keys Secure

World’s top SIM maker says NSA spies hacked in, but didn’t steal encryption keys

Posted on by

SIM card maker Gemalto has dismissed recent reports that U.K. and U.S. spies obtained encryption keys protecting millions of mobile phones by hacking its network.

Secret documents revealed last week suggested that spies from the U.S. National Security Agency and the U.K. Government Communications Headquarters had stolen SIM card encryption keys from Gemalto, allowing them to intercept the conversations of millions of mobile phone users. The GCHQ documents, dating from 2010, were among those leaked by former NSA contractor Edward Snowden.

On Wednesday, though, Gemalto said that while it had detected sophisticated attacks on its office networks in 2010 and 2011 that it now believed were probably conducted by the NSA and GCHQ, these could not have led to the massive theft of SIM encryption keys.

While the leaked documents showed the spies boasting (We) believe we have their entire network, Gemalto said that its internal investigation showed that the intrusions only breached its office network, and not the entirely separate infrastructure used for generating and transmitting the SIM card encryption keys.

By 2010 those keys were being exchanged with its network operator customers by secure means in all but a few cases, making the wholesale theft of the keys unlikely and meaning that Gemalto could not have been the source of the massive leaks reported, it said.

Furthermore, Gemalto had never sold SIM cards to four of the 12 networks named in the leaked documents, so it could not have been the source of, for example, 300,000 SIM encryption keys stolen from a Somali carrier, it said.

That doesnt exclude the possibility that the keys were stolen from other SIM manufacturers, though: Gemalto is the largest, but not the only, supplier of the devices.

Even if the spy agencies had somehow stolen SIM encryption keys from Gemalto, only communications on second-generation mobile networks such as GSM would be vulnerable, not the newer 3G and 4G networks introduced by many operators after 2010, the company said.

Gemalto assumed for the purposes of its investigation that the leaked documents were genuine and accurate, but did not seek to confirm or refute the documents claims, it said.

Outsiders regularlyand unsuccessfullytry to hack its networks, it said, and only a few attempts breach even the outer levels of its network.

Here is the original post:
World's top SIM maker says NSA spies hacked in, but didn't steal encryption keys


« First...102030...1,9581,9591,9601,9611,962...1,9701,9801,990...Last »