NSA whistleblower Edward Snowden is no stranger to the press. He’s appeared in dozens of interviews with major media outlets as well as an Oscar nominated documentary called Citizen Four.

But HBO funnyman John Oliver provided what is no doubt the toughest interview yet for Snowden. Granted there was plenty of light banter, such as if the NSA can intercept your “dick picks”, but there were a number of sharp, pointed questions on whether Snowden’s mass disclosure of documents was well-warranted whistleblowing or reckless behavior.

John Oliver – Edward Snowden interview

“How many of those documents have you actually read?” Oliver asked.

“I’ve evaluated all the documents that are in the archive,” Snowden responded.

Pressed he elaborated further: “I do understand what I turned over.”

But for Oliver that wasn’t good enough.

“There’s a difference between understanding what’s in the documents and reading what’s in the documents. Because when you’re handing over thousands of NSA documents the last thing you’d want to do is read them,” Oliver said. “So The New York Times took a slide, didn’t redact it properly, and in the end it was possible for people to see that something was being used in Mosul on al Qaeda.”

“That is a problem,” Snowden replied.

“Well, that’s a fuckup,” said Oliver.

The interview is hard hitting and well worth the watch. Check it out in the video embedded above.

The post John Oliver Grills Edward Snowden on ‘Last Week Tonight’ appeared first on VR World.

The last two years have been rife with reasons to be concerned about national cyber security in the United States: From Edward Snowden’s leaks regarding NSA domestic and international surveillance, to the allegedly North Korean attack on Sony Pictures, to a recent Russian attack on a White House network, to the GAO’s “high-risk” listing on the terrible gaps in U.S cybersecurity. It should therefore come as no surprise that we find the U.S government flailing to haphazardly establish various and poorly connected initiatives in a desperate attempt to stay above water in a brave new world.

The latest step in these efforts is the establishment of the Cyber Threat Intelligence Integration Center. During a keynote at the Wilson Center in Washington D.C, assistant to the president for homeland security and counterterrorism Lisa Monaco said: “Currently, no single government entity is responsible for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing cyber centers … and supporting the work of operators and policymakers with timely intelligence about the latest cyber threats and threat actors. The CTIIC is intended to fill these gaps.”

The “gaps” to which Monaco refers are really tremendous chasms between U.S agencies like the FBI, CIA and NSA which traditionally don’t like talking to one another. In the golden age of espionage, this could be a good thing that aided national security. But in the information age, more information is better, and sharing is the only way to improve national safety.

With an increasingly large number of organizations dedicated to handling the daunting task of keeping the United States safe from outside attacks, it is all the more paramount that they communicate with one another and stay organized and transparent.

“In the cyber context, we need to share threat information more broadly and to coordinate our actions so that we are all working to achieve the same goal,” said Monaco.

Just another agency

But not everyone is convinced that the CTIIC is necessary, or that it will really accomplish its stated purpose. One new member in a sea of acronyms, the CTIIC is considered extraneous by some, or a potential excuse for the government to collate and collect private information: not worth the $35 million it will cost to establish.

A huge influx of governemnt programs to fix a national crisis is an American tradition

Greg Nojeim of the Center for Democracy and Technology is one such skeptic, and has been quoted as saying: “Given the number of other agencies that have cybersecurity threat integration responsibilities, it’s not clear that a new agency is needed.”

Speaking with The Guardian Norjem added, “We are keen to hear from the White House about the measures it will impose to ensure that this new agency operates transparently, with effective independent oversight, and does not become a repository for personal information unnecessary to counter cyber threats.”

What’s more, the CTIIC follows a familiar template, and is modeled after the National Counterterrorism Center which deals with terrorist threats at home and abroad.  The U.S government understands terrorism, and knows all too well how to fight it, and thinks that the same methods will help it to manage a cybersecurity crisis.

But the facts show this strategy is failing miserably. The CTIIC is not the first effort the U.S government has made in the last few years to improve public IT, as the government has already spent billions of dollars to manage the digital frontier – the Pentagon itself spends $5 billion every year on cybersecurity. And according to this month’s GAO report, national cybersecurity is still plagued by terrible problems, and words like “inadequate”, “inconsistent” and “partial” were used to describe the government’s efforts. Since 2006, the number of information security incidents reported by federal agencies to the US-CERT have increased by 1,121%

.

Cyber threats and terrorism are apples and oranges: both fruits, but of completely different kinds. The U.S government is trying to manage a 21st century problem with 20th century solutions, much as the FCC has done by trying to regulate the Internet as utility. Leading technology companies are feeling the brunt of these moves, and Verizon released a satirical statement in morse code regarding the FCC’s new rules to emphasize the inadequacy of outdated methods where new problems are concerned.

So is the CTIIC good or necessary? Perhaps, with proper oversight, it could marginally improve the existing nature of U.S cybersecurity. But perhaps the time has come to stop thinking of ways we can glue the old system together, and come up with something better suited for the decidedly unique threats of the modern world.

The post Is the Newest U.S Cybersecurity Agency Necessary? appeared first on VR World.

CitizenFour, a documentary on Edward Snowden and the surveillance state by filmmaker Laura Poitras, took home the top Oscar for documentary features Sunday night with Lindsay Mills, Snowden’s girlfriend, accepting the Oscar on stage with Poitras and journalist Glenn Greenwald.

“The disclosures that Edward Snowden revealed don’t only expose a threat to our privacy but to our democracy itself,” Poitras said in her acceptance speech. “Thank you to Edward Snowden for his courage and for the many other whistleblowers.”

The bulk of CitizenFour is from footage Poitras shot over the course of eight days in Hong Kong, where Snowden first hid after making contact with Poitras and Greenwald. Once Snowden was offered political asylum in Russia, Poitras travelled there to interview him on his life after he revealed himself to the public.

Snowden sent his best wishes to Poitras for the Oscar win in a statement via the American Civil Liberties Union.

“When Laura Poitras asked me if she could film our encounters, I was extremely reluctant. I’m grateful that I allowed her to persuade me,” Snowden said in the statement. “The result is a brave and brilliant film that deserves the honor and recognition it has received. My hope is that this award will encourage more people to see the film and be inspired by its message that ordinary citizens, working together, can change the world.”

Poitras earned two previous Oscar nominations for her Iraq war documentary My Country, My Country, released in 2006, and 2010’s The Oath, about prisoners in Guantánamo Bay.

The post Edward Snowden Documentary ‘CitizenFour’ Nabs Oscar Doc appeared first on VR World.

A security researcher is claiming to have found a set of services in iOS that appear to be a firmware-level backdoor in iOS devices. What’s more interesting is that Apple has, in a very non-Apple manner, responded to his claims by posting a support page about it. He claims that these are confirmations of the backdoors that he found in iOS and that Apple claims to use them for diagnostic and enterprise purposes. These backdoors can only be accessed by Apple (or anyone that has access to Apple’s services) so they’re mostly secure backdoors, but they are backdoors nonetheless. Most consumers are completely and wholly unaware that alternative pathways into their devices exist and can be exploited by ANYONE (in this case Apple) other than themselves. This is also why remote bricking and other ‘security’ features being pushed through legislatures are also a problem, but at least we’re aware of their existence unlike these services on iOS.

The services in question, om.apple.mobile.pcapd, com.apple.mobile.file_relay, com.apple.mobile.house_arrest among others have been addressed in Apple’s knowledge base article. Apple does not directly address Jonathan Zdziarski’s claims but instead tries to illuminate their use of these services and what they’re supposed to be used for. Apple claims that some of these services are used for diagnostic purposes internally as well as for iTunes and Apple Care support. However, the fact that these supposed backdoor services exist without users’ or developers’ knowledge is a bit worrisome.

The real truth here is that no matter what happens, or is really happening, customers should be aware of how intrusive some of these services are or can be. Sure, some of them are limited in scope in terms of what they can access, but even so, Apple should notify customers when they use such services or sign up for the operating system that there are services running on their devices that give Apple access to their device. Backdoor systems are not a joke and some of them are open invitations to hackers to try to hack into a backdoor and use it for their own purposes. Backdoors are inherently insecure and consumers should be made aware of them, malicious or not.

The post Security Researcher Claims iOS Devices Have a Backdoor appeared first on VR World.

The Intercept is reporting that the NSA is unsurprisingly spying on countless American citizens without there being any reasonable justification for doing so. This is being reported based on the documents that Edward Snowden gave Glenn Greenwald including a “FISA recap” spreadsheet that details thousands of email addresses being monitored. Out of those email accounts being monitored, 202 addresses were marked as US persons, while 1,782 were marked as non-US persons and 5,501 were marked as unknown or simply left blank. The Intercept identified five Americans on the list from their email addresses and helped build the story that we’re reporting on today.

The NSA is monitoring the emails (and likely more) of multiple Muslim-Americans even though they have never had any ties to any terrorist groups or anti-American sentiment. There was, however, one lawyer involved in the spying on Americans who represented clients in terrorism cases, but that is merely a breach of due process. A breach where the NSA could pass on confidential information to the prosecution and help create a case where there is none. Obviously, such lawyers would probably suspect that they’re already being watched, but not by the NSA. Even so, he is one of five Americans basically put on a ‘watch list’ for who they are and what they do, not a justification for being spied on as an American.

The five Americans that are being spied on were discovered in Edward Snowden’s leaked NSA documents. These five men, that are Americans, Faisal Gill, Asim Ghafoor, Hooshang Amirahmadi, Agha Saeed and Nihad Awad are all obviously people that could easily be considered Muslim Americans. But the fact is that with the exception of Asim Ghafoor, none of these men have ANY remote ties with terrorists in any way, shape, or form. In fact, Asim Ghafoor only does because its part of his job as a lawyer to represent them, which is still an American thing to do in order to ensure due process.

FISA Recap Spreadsheet

These men’s email addresses were found in a FISA recap spreadsheet which basically broke down who was and wasn’t being spied on and whether or not their account owners were American, non-American or unknown. Unfortunately for all of us Americans, it doesn’t really seem to make much of a difference whether or not people are American if the NSA really wants to spy on them. Because the truth is that the FISA courts are basically granting the NSA any and all permissions that they need to ‘do their job’. In the 35 years that the FISA court (FISC) has been in existence, the court has approved 35,434 government requests for surveillance, while rejecting only 12. Giving you merely a small idea of how strictly these requests are really being ‘judged’.

What’s worse is that some of these men have grown up and served their country, like Faisal Gill, who has served in the military and worked for the White House under President George W. Bush. In fact, he was a staunch supporter of the Republican party and their ideals. He also did lots of work under the Department of Homeland security and after he was done working there, the NSA spied on him, while George W. Bush was still president. In fact, after he left the Department of Homeland security, where he had very high level security clearance, the spying on him began.

The Intercept interviewed some of these men to talk about the spying and their experiences, and there are some really powerful words being said, especially towards the end.

The problem with all of this is that our government, The NSA, the FBI and the FISA courts that enable them are really toeing a very dangerous line. If it is okay to spy on American citizens with basically no supporting evidence (as it appears that these men were) then what prevents the NSA, CIA, FBI and other government agencies from monitoring everything we do, waiting until we trip up?

Just because these men are Muslim-Americans should not mean that they are suddenly dangerous to Americans and our freedom. In fact, singling them out because of what religion they are might be one of the most grave transgressions the NSA has committed so far. We already know that the NSA is spying on people that use Tor, so who’s next? Tor Users, American Muslims… Communists? Chinese-American Immigrants? Mexican-Americans? Where does it end?

The post Which Americans The NSA Spies On appeared first on VR World.

The Washington Post is reporting via documents obtained from Edward Snowden that the NSA is collection hundreds of thousands of records, upwards of 160,000 communications, most of which are completely irrelevant to the target person or people. After spending four months analyzing the data which included 22,000 reports and 160,000 data intercepts, the Washington Post was able to discern that a whopping 89% of the total data collected was from non-targets or mere bystanders.

The records obtained by Edward Snowden and passed on to the Washington post spanned 4 years of records that started in 2009 and ended in 2012. Obviously, they are merely a sliver of what was actually collected, but gave a fairly good idea of what kind of net the NSA has been casting with their programs and how unabashedly they are collecting innocent people’s data.

Washington Post Diagram of Data Collection

The data above also shows a vast increase in spying on people as Obama took office, indicating that the NSA’s activities only increased under his presidency. This would make a lot of Obama’s own biggest supporters very worried as he was supposedly working to curtail such programs as a senator. Nonetheless, the Washington Post and Edward Snowden never disclosed that they had these reports and documents which detail the scope and detail of the NSA’s spying from 2009 to 2012.

Ultimately, these programs are a self-fullfilling prophecy where the government continues to spy on more and more people without any probable cause and doing so on such a scale that it becomes almost impossible to control. These programs, like many other government programs seek to enlarge themselves from year to year and in many cases result in larger and larger bureaucracies that seek to increase their own size regardless the cost. A good example of that is with the war on drugs, many agencies involved in such programs are become ever more militarized and as a result have stepped up the scale of the war on drugs which results in needing more funding to maintain competitiveness. The real truth is that the NSA spent $1.5 billion on a data center to warehouse all of the data they’re collecting on us and it won’t be the last either. If we continue to allow the NSA to spy with the use of FISA as a vehicle, they will only become more and more invasive and dangerous.

The post The NSA Gathers 90% Irrelevant Data appeared first on VR World.

According to documents obtained by the Washington Post, the US court that oversees the FISA-based activities, also known as the FISA Court, has given the NSA the ability to effectively spy on any country that isn’t part of the Five Eyes alliance. The countries included in the Five Eyes alliance are all English-speaking powers that are England or former English colonies. These include, The UK (who has GCHQ), Canada, Australia and New Zealand. The US is also part of the Five Eyes alliance, which is the fifth member of this English-speaking alliance. And due to agreements signed by these five countries, they have all agreed to not spy on each other. They also have various information sharing agreements among each other in order to cement these relationships legally.

What does this mean, exactly? It means that the NSA’s scope is virtually unlimited and incredibly broad and they realistically are not going to be able to filter out the citizens of 5 countries out of the hundreds they spy on every day. The court that granted the NSA these rights clearly did not give the NSA a tight enough scope within who and why they could spy. The NSA is merely spying for the sake of spying, meaning that they will continue to grow in size and scope until they have a definite mission. When a government-funded organization such as the NSA is allowed to spy as freely as they do, they’re effectively going to do everything within their power to increase their scope, which ultimately increases their power and even more importantly, their funding. After all, they did build a $1.5 billion facility in Utah to warehouse all that unnecessary surveillance.

A coalition of grassroots groups from across the political spectrum joined forces to fly an airship over the NSA’s data center in Bluffdale, Utah on Friday, June 27, 2014, to protest the government’s illegal mass surveillance program. The environmental group Greenpeace flew its 135′ long thermal airship over the data center carrying the message “NSA Illegal Spying Below”. Photo by Greenpeace

When you take into account that many of the countries in the Five Eyes alliance have already collaborated on multiple spying operations and shared that data, it comes as little surprise that the NSA is involved in such activities. These activities include the NSA cooperating with Canada to spy on diplomats and leaders in the G8 and G20 summits in Canada and the GCHQ spying on the diplomats and leaders in London at a G20 summit as well. Ultimately, even if we reduce the scope of what the NSA can do, they will merely work with their Five Eyes partners to achieve similar goals if necessary, which means that the courts (or congress) need to strictly set the goals of the NSA as opposed to the general goal of ‘national security’ and ‘terrorism’.

The post NSA Can Spy on Any Country Not in the "Five Eyes" appeared first on VR World.

The German government has announced that they will be switching away from Verizon for internet services as an ISP for the German government. They noted that the reasons for this decision had to do with increased demands on the network and the prevalence of the NSA in Verizon’s business. Based on the translation that was available, it appears as though the German government is merely using this as an opportunity to switch internet services to a company that is German. Sure, the likelihood that their networks will get snooped on by the NSA will probably go down, or at least become more difficult.

However, usually, such moves are usually just being used by the companies not involved to gain an upper hand on their competition, which is in this case Verizon. While the German government hasn’t quite made it clear who they intend to replace Verizon with, it is quite clear that the NSA’s snooping and relationship with Verizon has made doing business in Germany difficult for Verizon. This will likely not be the end of such moves by European governments and I suspect there will be more companies that will lobby their governments to switch to local ISPs or technology companies in order to ‘better protect’ themselves. While simultaneously taking an opportunity of bad PR on the part of American companies to snatch away their business.

According to an AP report, Verizon was unable to keep the contract (which they’ve held since 2010) due to the fact that they weren’t able to meet some core requirements of the German government put on the company, likely as a result of the NSA’s snooping revealed by Edward Snowden and publications like Der Spiegel. As a result of not meeting the German government’s demands on these requirements, Verizon is losing the contract in 2015 to another company, likely one based in Europe or even Germany.

The post German Government Ditches Verizon Amid NSA Fears appeared first on VR World.

As a result of the Snowden revelations regarding the NSA’s spying on basically the whole world, some privacy advocates have filed lawsuits against the NSA in US courts. Naturally, this results in the NSA having to gather evidence by subpoena to prove their side of the story. This is especially true when you consider that James Clapper, the Director of the NSA, lied to Congress about exactly what the NSA was and wasn’t doing. Yet, somehow the guy is still in power and has not faced any repercussions for his lies. As such, there are multiple lawsuits claiming that the NSA has overstepped the boundaries of what the law permits and require the NSA to provide evidence of this one way or another.

Now, according to the Washington Post, the NSA claims that their systems are far too complex and as a result of that, they are unable to save evidence that is being required for them to hold by the court. This is because of court cases like Jewel v NSA and the EFF’s countless lawsuits against the NSA as well. In a hearing in the US District for California’s Northern District court, Judge Jeffrey S. White reversed an emergency order he had issued earlier the same week barring the government from destroying data that the EFF had asked be preserved for the case. The data is collected under Section 702 of the Amendments Act to the FISA (Foreign Intelligence Surveillance Act).

The NSA argued that it would be too much of a burden on them to hold the data. The NSA’s Deputy Director, Richard Ledgett, in a court filing stated, “A requirement to preserve all data acquired under section 702 presents significant operational problems, only one of which is that the NSA may have to shut down all systems and databases that contain Section 702 information.”

He states that the complexity of the NSA’s systems means that preservation efforts might not work, but would have “an immediate, specific, and harmful impact on the national security of the United States.” After dropping that NSA standard tagline, which the department regularly uses to protect their programs, he stated that part of the complexity of these systems has to do with the privacy restrictions placed on the programs by the FISA court. Which, if their scope were not so wide, would be believable, but I have a feeling it has a lot more to do with the amount of data they collect and the amount of warehousing they have. I don’t think anyone honestly buys the fact that the NSA’s respecting our privacy is the reason why we can’t get evidence from automatically getting deleted. Plus, if they can’t back up what they’re doing in court with evidence, maybe they shouldn’t be doing it in the first place?

The amount of data the NSA goes through on a daily basis is probably nearing petabytes, if it isn’t petabytes of data. So, naturally, they would need to delete data they do not believe is relevant fairly quickly in order to be able to store the more important data for longer periods of time. After all, they don’t have millions of hard drives at their disposal to store everything they record, even if they wish they could. They probably do have close to that, though.

The post The NSA Claims They Have No Control Over Their Systems appeared first on VR World.

As we come closer and closer to Edward Snowden’s interview tonight with none other than Brian Williams of NBC, Glenn Greenwald has said (while promoting his new book) that he will be publishing a list of Americans (likely high profile individuals) that are being spied upon by the NSA. This list of NSA targets that are American citizens (something the NSA cannot really do without specific permission) will likely open up exactly who the NSA is spying on in terms of people inside the US. We will discover what kinds of groups they’re targeting and where those people come from as well, and it will likely make the NSA look a lot worse than they already do with the American public. After all, the people of Aghanistan and The Bahamas probably aren’t very happy with the NSA either once they found out that all of their calls were being recorded by the NSA.

Additionally, I have a very strong feeling that many of the Americans that the NSA is spying on are probably the very people that are cooperating with them, including the employees of 80-some companies that are cooperating with them, according to a recent Wikileaks disclosure. Greenwald also said that the NSA’s data security isn’t necessarily the greatest when you consider that Edward Snowden had successfully stolen 1.7 million files from their systems and was not caught  during his entire process. This alone should be a grave worry of anyone that believes that the NSA should be allowed to capture and then warehouse billions of records across the world, including those of American citizens. Ultimately, the NSA should not be trusted to the degree that they are today and that there should be more oversight of the agency, more than the recently passed USA Freedom Act which was gutted the day before it was passed in order to give the US security apparatus more freedoms than were originally intended in the bill.

Glenn Greenwald hasn’t given a specific date or time when he will release these names, but there’s a good chance he’ll do it after Edward Snowden’s interview with Brian Williams airs on NBC tonight. This will be the first interview that Edward Snowden has with any American network since his disclosures of NSA spying last year and will be aired at 10pm/9pm central on NBC. While we don’t know the details of that interview, we can assume that it’ll probably rehash a lot of things that have already been disclosed and won’t likely talk much about any new disclosures since Snowden has left many of those to be released by journalists. Although don’t forget, Brian Williams is a journalist and there’s a good chance we could hear something new during that interview, we simply don’t know what Snowden wants to say about the NSA directly to the American public.

Either way, this week sounds like it should pan out to be pretty interesting if both Snowden and Greenwald release new info.

The post Glenn Greenwald Will Publish List of Americans Spied on by NSA appeared first on VR World.

According to the latest release by Wikileaks, the NSA is recording all calls coming in and out of Afghanistan. They reported this even though other publications and journalists strictly opposed to releasing the name of Afghanistan in their disclosures that the NSA was recording all calls in the Bahamas. Under a week ago, The Intercept (Glenn Greenwald and co.) along with Wikileaks and a few other publications had disclosed that all cellular calls were being recorded by the NSA and that there was another country that had yet to be named that was getting a similar treatment. However, The Intercept refused to publish the name of the second country for fear that it would cause actual and gave harm to people’s lives if that country’s name were to be released.

However, Wikileaks did not agree with The Intercept and The Washington Post on the Afghanistan topic and chastised them publicly on Twitter for not wanting to disclose the name of the second target country, even though Wikileaks did not believe that the truth should be withheld or that knowing the truth would actually affect anyone’s lives or put anyone in danger. The Washington Post and The Intercept both chose to withhold the name of the second country but really, it seems quite pointless to have done so if Wikileaks was already going to release that information. Additionally, I don’t quite understand how The Intercept and The Washington Post necessarily rationalized that releasing Afghanistan’s name would somehow endanger lives. If anything, it would merely result in the US being pushed out of Afghanistan sooner rather than later, which is already an inevitability as it is already.

Not to mention, the Afghani people have the full right to know that the US is effectively spying on all of their cellular communications without their consent. They are already living with a heavy US military presence but in addition to that, everything they’re doing is effectively being monitored by the NSA and likely passed on to the military and CIA who are partaking in drone strikes. Overall, this information is certainly not surprising, but it is still quite worrying that the NSA is capable of spying on an entire country’s cellular communications and record every bit of it as well. Also don’t forget that the NSA is also collecting metadata on people in Mexico, Kenya and the Philippines as well. None of this is surprising, but the sad part is that the NSA is allowed to continue to violate people’s electronic privacy in the name of ‘national security’.

It will be interesting, however, to see how the US’ dipolmatic relations and military engagements with the aforementioned countries will be as a result of this disclosure. No, I don’t think people’s lives are in danger, just the political climate is a bit more difficult than it was a few days ago.

The post The NSA is Recording all Calls in Afghanistan, Says Wikileaks appeared first on VR World.

So, remember when the US Government was painting Edward Snowden out as an evil guy and someone that was harming our country? Well, today’s vote of the United States House of Representatives appears to suggest otherwise. Sure, the USA Freedom Act that was passed by the House today was a gutted and signifcantly weaker version of the bill that the EFF had originally backed, but now at least we can agree that Snowden’s disclosures were without a doubt pivotal in passing this legislation. Sure, it still needs to go to the US Senate and be passed there and then passed by Obama himself, but judging by how gutted this version of the bill is, it will likely be seen as enough compromise by many of the opposing parties to get passed the whole way up through Obama.

The USA Freedom Act’s creator (and creator of the despicable Patriot Act) Congressman Jim Sensenbrenner of Wisconsin’s 5th district gave an extensive explanation of what the USA Freedom Act was intended to do, based upon Snowden’s revelations of NSA activities. However, Snowden’s name is not mentioned ANYWHERE on Sensenbrenner’s site nor the US Congress’ site even though without his leaks we would never know of these vast oversteppings of the NSA’s activities and therefore arrive at today’s bill. The USA Freedom Act should really be called shut down the NSA act, but the reality of the situation is that nobody in the US government want to be responsible for that or dealing with all of the military and political consequences of not having the NSA. The NSA gives the US an edge and they know it, but they need to make it appear that it isn’t violating the rights of its citizens at the same time. So, below you have HR 3361, or the political name, the USA Freedom Act.

H.R. 3361/ S. 1599

You can read the full text of the passed bill on the US Congress’ website which was passed 303-121 with 70 democrats and 50 republicans voting against. But ultimately, it doesn’t really matter who voted against it because it was already a fairly gutted version of the bill that was fairly weaker than had originally been intended. Sure, there’s always going to be give and take in politics, but there was a lot more give in this than anyone, including the EFF would have liked to see. Sure, the USA Freedom Act is a step in the right direction, but ultimately, the Patriot Act should have never been passed to begin with. Without the Patriot Act, many of the things that the NSA partook  (and probably continues to partake in) would be flat out illegal and have no legal framework protecting it.

Furthermore, we now have to pass a bill called the USA Freedom Act after we allowed something so horrendous as the Patriot Act to pass? We get our freedom after we go for our patriotism? I don’t know, but I think that a lot of people are not going to be happy with how far this bill has gone and the fact that it completely and wholly ignores why it was even created. And the fact that the Patriot Act’s creator is the one that wrote is both ironic and a sign of how awful the Patriot Act has become in terms of violating Americans’ civil liberties that we supposedly cherish so greatly.

The post USA Freedom Act Passes House, Snowden Vindicated appeared first on VR World.

Since we’ve had quite a bit of time between Snowden disclosures of NSA activities, it appears as though Wikileaks has gotten ahold of some secret NSA documents that name names as to whom has been cooperating with them. They claim that they have over 80 different companies in their strategic partnerships.

Wikileaks Tech NSA

The Wikileaks obtained slide states that these 80 “Major Global Corporations” are supporting BOTH missions. However, the document doesn’t specify exactly what both of those missions are, exactly. However, since this slide is labelled as COMINT that means it specifically pertains to communications between people, which may narrow exactly what those missions might be.

They list that those 80 companies are in a long laundry list of businesses including:

Telecommunications and Network Service Providers – AT&T, Verizon and Qwest (now part of Centurylink).

Network Infrastructure – Cisco and HP

Hardware Platforms Desktops/Servers – HP, Intel, Qualcomm, IBM, EDS (now HP)

Operating Systems – Microsoft

Applications Software – Oracle, EDS (now HP) and Microsoft

Security Hardware and Software – Cisco, Oracle, EDS (now HP)

System Integrators – HP, IBM, Cisco and EDS (now HP)

However, if you do look at this list, it only specifically names 12 of the 80 companies that they’re cooperating with. This is the first time that companies are specifically being named as cooperative partners in NSA activities. Back when the NSA’s PRISM activities were disclosed most of the companies were able to feign their being victims of the NSA activities as completely unknowing as to the PRISM program. However, there have been numerous suspicions that many of these companies had been cooperating with the NSA on certain backdoors and such in order to obtain government contracts and such. Additionally, some executives even claimed that they were attacked by the government because they wouldn’t cooperate, namely Qwest’s former CEO Joseph Nacchio.

While Wikileaks has been known to leak documents that the US government doesn’t particularly like being seen by the public, this is a rare disclosure by Wikileaks that doesn’t come with much more information. While we would like to know the full list of companies involved and the rest of the slides in this deck, we’ll have to go off of what we have now. However, we will be contacting our people at the companies mentioned above to see what they have to say about their involvement with NSA security programs. On the record.

The post 80 Tech Companies Cooperating with NSA, Claims Wikileaks appeared first on VR World.

According to Glenn Greenwald, who seemingly quotes himself in his own titles, the NSA has routinely been intercepting US-based networking hardware bound for countries abroad. While Glenn Greenwald doesn’t specifically implicate any networking companies, it would be safe to assume that companies like Cisco, Juniper, Brocade, Dell, HP and many more. This is in the face of the fact that the US government had been criticizing the use of Huawei networking hardware due to the beliefs that the Chinese would be presenting a security risk to the US. They essentially claimed that Huawei was bugging their networking equipment for the Chinese government and that their routers weren’t safe, meanwhile the NSA was doing exactly what the US was accusing the Chinese of doing.

Glenn Greenwald states that this is among many other revelations in his new book due out tomorrow, called No Place to Hide which chronicles Edward Snowden, the NSA, and the U.S. Surveillance State. It is a bit curious that he would release such news from Edward Snowden a day before his book’s release and alluding to the fact that there would be more details buried within his book. A lot of people are going to look at this as an obvious money grab and are going to question his motives and whether he’s doing all of this to personally enrich himself. While he doesn’t address this in his interview with GQ directly, he clearly has a lot to say about a multitude of topics, including Edward Snowden himself. This is in addition to having left The Guardian, the publication that had originally helped him run all of the Snowden documents and gain worldwide attention to the US’ vast surveillance apparatus to start The Intercept.

So, How does the NSA do it? Well, according to a 2010 NSA document obtained by Glenn Greenwald, they would receive (intercept) routers, servers and other computer networking devices planned on being exported from the US before they were to be delivered to their final international destination. The NSA’s secret division would then implant backdoor surveillance tools and repackage the hardware with a factory seal and send them on their way. The NSA would then be able to gain access to those companies’ networks and all of their users and possibly data through these backdoors. He even states that the NSA document gleefully states that, “SIGINT tradecraft … is very hands-on (literally!),” clearly alluding to their physical tampering with hardware. Eventually, the bugged hardware connects back to the NSA and provides them with the data they want. The report continues, “In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.”

Clearly, the NSA has a very detailed and well-established structure for these activities and likely has been doing so for quite some time. The NSA are probably much more careful about how they do things nowadays with all of the attention drawn to them because of the Snowden disclosures, but it would be foolish to assume they’ve stopped.

If you’re interested in getting Glenn Greenwald’s book, I recommend you head over here.

The post NSA Bugged Foreign-Bound Networking Equipment appeared first on VR World.

Google has consistently tried to make themselves look like they are forced to cooperate with the NSA and that they aren’t participating in the NSA’s programs to monitor the general population, but Al Jazeera America has obtained documents via the Freedom of Information Act  that show a fairly close level of cooperation between Google and the NSA. Sure, the documents obtained by Al Jazeera don’t show any sort of cooperating ‘smoking gun’ but they do show that the NSA does work fairly closely with Google on National Security measures that might affect the security of Google and ultimately the security of the USA. In the letters, Keith Alexander is communicating with Sergey Brin through Eric Schmidt about meeting up in San Jose at a secure location to be briefed about security threats to Google and the US back in 2012, pre Edward Snowden. And if you read Eric Schmidt’s response to Keith Alexander, he clearly seems to have a very relaxed and familiar relationship with the head of the NSA, Keith Alexander.

He then gets a reply from Brin explaining that it isn’t his primary email but rather to communicate with him at another email address that he actually checks often. He is asking Brin to join an 18 CEO steering group that would help the NSA address security issues more effectively without issue, however the details of the documents themselves are very vague (intentionally) and are clearly designed to make the NSA’s mission to appear to be defensive security-based rather than offensive security based like the PRISM program. That program, Google claims, they had no awareness of, and that the NSA had effectively been doing behind everyone’s backs. So, either the NSA is working with these companies at the same time as working behind their backs, or there’s a level of cooperating that we’re not aware of and that the companies aren’t willing to admit.

For Google’s sake, we really hope its just the NSA being douchebags and not being forthcoming with exactly what they’re doing, which wouldn’t be a surprise to anyone. Its just that Google’s relationship with the NSA appears to be closer than they’ve led on, and there has been no mention of Google cooperating with the NSA on this ESF (enduring security framework).

The post Google's Relationship with the NSA Closer Than Believed appeared first on VR World.

On Monday, as a follow up to the awareness around the Heartbleed bug and all of the rumors that circulated around it, The Whitehouse posted a blog clarifying their stance on how they approach vulnerabilities such as Heartbleed. In fact, the NSA categorically denied any knowledge of the Heartbleed bug officially on Twitter, even though they have been known to lie to Congress and the American people without hesitation, so their honesty is a little more than at question.

So, what exactly are they going to disclose and when? Well, there’s a nifty little check list that the Whitehouse has provided us with so that we know when an agency should withhold information from the public and when it should make it public.

We have also established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure. This interagency process helps ensure that all of the pros and cons are properly considered and weighed. While there are no hard and fast rules, here are a few things I want to know when an agency proposes temporarily withholding knowledge of a vulnerability:

• How much is the vulnerable system used in the core internet infrastructure, in other critical infrastructure systems, in the U.S. economy, and/or in national security systems?

• Does the vulnerability, if left unpatched, impose significant risk?

• How much harm could an adversary nation or criminal group do with knowledge of this vulnerability?

• How likely is it that we would know if someone else was exploiting it?

• How badly do we need the intelligence we think we can get from exploiting the vulnerability?

• Are there other ways we can get it?

• Could we utilize the vulnerability for a short period of time before we disclose it?

• How likely is it that someone else will discover the vulnerability?

• Can the vulnerability be patched or otherwise mitigated?

So, basically, The Whitehouse and the administration of Obama are basically saying that if a vulnerability doesn’t really affect us too much, but can gain us lots of valuable intelligence we should keep our mouths shut. What is interesting about this supposed “rigorous” process for vulnerability disclosure is that there is no time limit set for how long they are allowed to wait until they disclose a vulnerability. There is no limitation on how long they can leave a vulnerability open if it passes all of these checks that they’ve established. They mention utilizing the vulnerability for a short period of time, but that doesn’t actually mean anything because a short period of time could be a day, a week, a month, or a year.

With the Heartbleed bug and the public disclosure around it, there were a lot of companies scrambling to patch the bug and some attacks that utilized it immediately after its disclosure. However, if left unpatched, Heartbleed could have disasterous implications and would give any government with knowledge of it almost unlimited access across the web. As a result, many people simply don’t believe that The Whitehouse and the NSA were unaware of such a bug, especially since the NSA had quietly exploited countless other bugs continually without any concern.

The post The Whitehouse Says They Have Right to Withhold a Security Vulnerability appeared first on VR World.

For their part, there is no denying that the Washington Post and The Guardian have done a great public service for the world in remaining steadfast in their journalistic principals, even when the GCHQ forced The Guardian to destroy their laptops and computers.

However, one must not forget that these newspapers are still businesses, and even though Jeff Bezos recently purchased the Washington Post to protect it and keep it safe, it doesn’t change the fact that they are still businesses. This means that many of the revelations that have been published about the NSA have slowly trickled out and resulted in many millions of hits for each publication, worth millions of dollars in advertising revenue. Sure, there’s a value in slowly letting out the information in order for certain important things not to be missed, but there’s also some criticism that they are milking the Snowden leak for their maximum benefit as Snowden is not responsible for how they distribute the documents.

In the end, the world is a better place with the Snowden leaks, at least in our eyes, and they have done the world a huge service by helping Snowden show the world the grave oversteppings of the NSA under the guise of national security and the protection of the United States of America’s interests. Sure, it makes the NSA’s job harder, but a lot of the things they’ve been doing are highly questionable, even with the ambiguity of the Patriot Act.

The post The Guardian and Washington Post Win Pulitzer Prize for NSA Coverage appeared first on VR World.

According to a report coming out of Bloomberg, the NSA supposedly knew of the OpenSSL Heartbleed bug for nearly 2 years and used it to their advantage when they needed to. This makes the entire belief that the bug was an accidental mistake in the code that hadn’t been noticed much less probable. Not to mention the fact that the heartbleed bug is effecting almost the entire internet and puts the security of most passwords into question. The problem, however, is that not enough websites have fixed their certificates to patch this issue. There are hundreds of thousands if not millions of affected sites that handle critical user email accounts, bank accounts and various other sensitive data. The day that the bug was found and announced a fix was also issued to resolve the issue, however, system administrators are slow to implement the fix as attacks are already supposedly under way.

In any case, it is advisable to change all of your passwords to sensitive accounts and to enable 2-step authentication as well, considering the fact that such issues could be discovered in the future and that you could be vulnerable until then, like now. The real truth of the matter is that this issue is an unfortunate situation and in today’s online world there is no doubt that one has to remain vigilant and stay on top of all potential security risks. It also doesn’t help that the NSA and CIA are building backdoors into hardware across the entire IT industry and that they are effectively building in backdoors for hackers to exploit if they figure out how and where to look. The fact that these governmental agencies are doing this in light of trying to claim that foreign companies cannot be trusted (see Huawei) is hypocritical at the very least and damaging to the US economy at the very most. There is no doubt in my mind that the government’s involvement in both covert espionage and industrial espionage is causing other countries to not want to do business with US companies, even if those companies have absolutely no knowledge of their insecurities.

As far as this Heartbleed bug goes, you should be mindful of your passwords and accounts and likely change them over the course of the next few days as companies update their OpenSSL and issue new certificates. Unfortunately, until then, you’re pretty much cannon fodder for any hackers that want to exploit this. So, be careful and enable 2-step authentication wherever possible, because even if they have your password, the likelihood that they ALSO have access to your phone is very narrow. However, some 2-step authenticaion does use email, so be careful of that and change your email passwords ASAP.

The post The NSA Exploited the OpenSSL Heartbleed Bug for 2 Years appeared first on VR World.