Home Tags Posts tagged with "gchq"

gchq

0

The UK’s government will review security procedures after a hoax caller was put through to PM David Cameron.

The caller talked to the prime minister after claiming to be Robert Hannigan, director of government monitoring agency GCHQ.

David Cameron received the call on an official mobile but ended it when it became clear it was a hoax, and no sensitive information was disclosed.

GCHQ is also carrying out a review after Robert Hannigan’s mobile phone number was revealed in a separate call.

The contact number given out for the GCHQ head is thought to have been for an unclassified phone rather than one of the secure lines used for sensitive communications.David Cameron hoax call

And although the call to David Cameron was made to an official mobile, the conversation was understood to have been “quite brief”.

A government spokeswoman said a notice has gone out to all departments to be on the alert for hoax calls following the incident.

She said: “The prime minister ended the call when it became clear it was a hoax. In neither instance was sensitive information disclosed.

“Both GCHQ and Number 10 take security seriously and both are currently reviewing procedures following these hoax calls to ensure that the government learns any lessons from this incident.”

According to the latest Edward Snowden leaks, the UK intelligence agency , GCHQ, has monitored in real-time YouTube video views, Facebook “likes” and Blogger visits.

Details of an alleged GCHQ program codenamed Squeaky Dolphin have been published by NBC News.

It reports that the agency showed off its abilities to the National Security Agency (NSA) in 2012.

Facebook has since started encrypting its data, but Google’s YouTube and Blogger services remain unencrypted.

Both firms have said that they did not give GCHQ (Government Communications Headquarters) permission to access the data.

The alleged operation’s leaked logo – showing a dolphin holding a canister branded GTE – appears to refer to Global Telecoms Exploitation, a GCHQ division believed to be capable of collecting data from fibre-optic cables.

According to an earlier leak, published by the Guardian, GCHQ has been tapping fibre-optic cables to create a “buffer” of information it could search through since at least 2011, as part of a scheme called Tempora.

GCHQ has monitored in real-time YouTube video views, Facebook "likes" and Blogger visits

GCHQ has monitored in real-time YouTube video views, Facebook “likes” and Blogger visits

The newspaper said that by 2012 the agency had tapped more than 200 cables – including transatlantic communication links – and was able to process phone and internet data taken from up to 46 of them at a time.

GCHQ declined to comment on the specifics of the latest report.

The NBC report is based on a presentation entitled Psychology: A New Kind of Sigdev [signals development]. It was part of the trove of documents former NSA contractor Edward Snowden passed to journalist Glenn Greenwald, who contributed to NBC’s report.

The papers refer to the use of Splunk Dashboard to provide real-time analysis of how people use YouTube, Facebook and Blogger.

Splunk is commercially available software designed to let organisations “listen” to their own data.

Examples that GCHQ is said to have shown off include:

  • a table showing how many people based in the city of Lagos looked at a specific job vacancies blog over a 24-hour period
  • a graph showing how many London-based internet users “liked” links about former Defense Secretary Liam Fox on Facebook over a week-long period
  • a pie chart highlighting 20 trending YouTube video tags a day before planned anti-government protests in Bahrain

Although the examples provided do not identify specific users, NBC suggests this would have been possible to do if GCHQ had access to such data.

A spokesman for Facebook added: “Network security is an important part of the way we protect user information, which is why we finished moving our site traffic to HTTPS [encryption] by default last year, implemented Perfect Forward Secrecy, and continue to strengthen all aspects of our network.”

[youtube gpmA9ujR-cg 650]

According to a new report, the NSA and Britain’s GCHQ routinely try to gain access to personal data from Angry Birds and other mobile applications.

A NSA document shows location, websites visited and contacts are among the data targeted from mobile applications.

It is the latest revelation from documents leaked by Edward Snowden.

In a statement, the NSA said it was not interested in data beyond “valid foreign intelligence targets”.

“Any implication that NSA’s foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true,” the statement said.

The report, published by the New York Times, Pro Publica and the Guardian says the NSA and  GCHQ have worked together since 2007 to develop ways to gain access to information from applications for mobile phones and tablets.

The scale of data gathering is unclear.

But the reports suggest data is gained from a variety of mapping, gaming and social networking applications, using techniques similar to the ones used to intercept mobile internet traffic and text message data.

The documents also reveal the two agencies are increasingly convinced of the importance of mobile applications data.

The joint spying program “effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system” one 2008 document from the British intelligence agency is quoted as saying.

Another GCHQ report, in 2012, laid out how to extract information from Angry Birds user information from phones on the Android operating system. The game has been download 1.7 billion times across the world.

The NSA and GCHQ routinely try to gain access to personal data from Angry Birds and other mobile applications

The NSA and GCHQ routinely try to gain access to personal data from Angry Birds and other mobile applications

The GCHQ said it would not comment on intelligence matters, but insisted that all of its activities were “authorized, necessary and proportionate”.

Another NSA document described a “golden nugget” – a perfect scenario where NSA analysts could get broad selections of information from the applications, including networks the phone had connected to, documents downloaded, websites visited and “buddy lists”.

Other applications mentioned by the documents include the photo-sharing site Flickr, movie-based social network Flixster and applications that connect to Facebook.

Developers are responsible for the information generated from each application, but there was no suggestion firms were actively agreeing to give the spy agencies data.

On Monday, the justice department announced it had reached agreement with five major internet firms over their request to share information about how they responded to orders from the NSA and other agencies.

Google, Microsoft, Yahoo, Facebook and LinkedIn had previously sued the US government over being able to disclose to the public more information on what they have released to intelligence agencies.

Under the compromise announced, the firms will be able to release:

  • the number of criminal-related orders from the government
  • the number of secret national security-related orders from government investigators, rounded to the nearest thousand
  • how many national security-related orders came from the foreign service intelligence and the number of customers those orders affected
  • whether those orders were for just email addresses or covered additional information

As part of the deal, the firms will delay releases of the number of national security orders by six months and promise they cannot reveal government surveillance of new technology or forms of communications they create for two years.

[youtube 5zSXu2eCZlY 650]

DuckDuckGo, the little known U.S.-based search engine, sets itself aside from its giant competitors such as Google and Yahoo, by not sharing any of its clients’ data with searched websites.

Web-users who want to protect their privacy have been switching to a small unheard of search engine in the wake of the ‘Prism’ revelations.

This means no targeted advertising and no skewed search results.

Aside from the reduced ads, this unbiased and private approach to using the internet is appealing to users angered at the news that U.S. and UK governments (the NSA in the U.S. and GCHQ in the UK), have direct access to the servers of big search engine companies, allowing them to ‘watch’ users.

Within just two weeks of the NSA’s operations being leaked by Edward Snowden, DuckDuckGo’s traffic had doubled – from serving 1.7 million searches a day, to 3 million.

“We started seeing an increase right when the story broke, before we were covered in the press,” said Gabriel Weinberg, founder and CEO, speaking to The Guardian.

Gabriel Weinberg, 33, had the idea for the company in 2006, while taking time out to do a stained-glass making course. He had just sold successful start-up Opobox, similar to Friends Reunited, for $10 million to Classmates.com.

While on the course Gabriel Weinberg realized that the teacher’s “useful web links” did not tally up with Google’s search results, and realized the extent of the personalized skewing of results per user.

From there he had the idea to develop a “better” search engine, that does not share any user information with any websites whatsoever.

Search data, Gabriel Weinberg told The Guardian, “is arguably the most personal data people are entering into anything. You’re typing in your problems, your desires. It’s not the same as things you post publicly on a social network”.

DuckDuckGo sets itself aside from its giant competitors by not sharing any of its clients' data with searched websites

DuckDuckGo sets itself aside from its giant competitors by not sharing any of its clients’ data with searched websites

DuckDuckGo, named after an American children’s tag game Duck Duck Goose (though not a metaphor), was solo-founded by Gabriel Weinberg in 2008, in Valley Forge, Pennsylvania.

He self-funded it until 2011 when Union Square Ventures, which also backs Twitter, Tumblr, Foursquare and Kickstarter, and a handful of angel investors, came on board.

The team has expanded to a few full-time people, many part-time contributors and a bunch of open-source contributors.

“If you’re wondering how you would turn that into a verb…Duck it!” Gabriel Weinberg says on the company website.

Gabriel Weinberg, who lives in Paoli, a suburb of Philadelphia, PA, with his wife and two children, explains that when other search engines are used, your search terms are sent to that site you clicked on; this sharing of information is known as “search leakage”.

“For example, when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on (for that search),” he points out on his website.

“In addition, when you visit any site, your computer automatically sends information about it to that site (including your User agent and IP address). This information can often be used to identify you directly.

“So when you do that private search, not only can those other sites know your search terms, but they can also know that you searched it. It is this combination of available information about you that raises privacy concerns,” he says.

The company offers a search engine, like Google, but which does not traffic users, which has less spam and clutter, that showcases “better instant answers”, and that does not put users in a “filter bubble” meaning results are biased towards particular users.

Currently, 50% of DuckDuckGo’s users are from the U.S., 45% from Europe and the remaining 5% from Asia-Pacific (APAC).

On June 3, the company reported it had more than 19 million direct queries per month and the zero-click Info API gets over 9million queries per day.

It has partnerships with apps, browsers and distributions that include DuckDuckGo as a search option: Browsers, distributions, iOS, and Android. Companies can use DuckDuckGo for their site search, and the firm offers an open API for Instant Answers based on its open source DuckDuckHack platform.

Speaking on U.S. radio channel, American Public Media, Gabriel Weinberg said: “Companies like DuckDuckGo have sprung in the last couple years to cater to the growing number of data dodgers.

“There’s pent up demand for companies that do not track you.”

User feedback on the company website say the search engine reminds them of the early days of using Google; it’s like an “honorable search site to complement Wikipedia”; and other are “amazed” that a search engine company is “doing exactly the right thing”.

Critics of the company remain cautious of the sudden surge in success, however, pointing out that 3 million searches per day is just a “drop in the ocean” compared with the 13 billion searches Google does every day.

Writing on his website, Danny Sullivan, who runs the Search Engine Land site and analyses the industry, said big companies like Ask.com and Yahoo had tried pro-privacy pushes before and failed to generate huge interest.