Skip to comments.Secret code indicates NSA tracks privacy tool users
Posted on 07/04/2014 4:55:56 AM PDT by markomalley
A NSA spying tool is configured to snoop on an array of privacy programs used by journalists and dissidents, according to an analysis of never-before-seen code leaked by an unknown source.
The code, published as part of investigation by two German broadcasters on Thursday, contains tracking specifications for XKeyScore, a powerful NSA program that collects and sorts intercepted data.
XKeyScore came to light in documents leaked by former NSA contractor Edward Snowden, but some observers believe the latest information -- which adds greater detail on how the agency monitors people trying to protect their privacy online -- may have not come from the documents he passed to journalists.
The broadcasters, Norddeutscher Rundfunk and Westdeutscher Rundfunk, did not reveal their source for the code but claimed in a report that former NSA employees and experts "are convinced that the same code or similar code is still in use today,"
The report describes how the code enables XKeyScore to track users connected to The Onion Router, known as TOR, a network that encrypts data traffic through random servers in order to obscure identification of a web surfer.
TOR, a project initially started by the U.S. Navy, is considered a critical privacy enhancing tool and one that has hampered NSA surveillance in the past.
The report contends the NSA is monitoring two TOR servers in Germany. One is run by Sebastian Hahn, a 28-year-old computer science student at the University of Erlangen. The server, known as a Directory Authority, a critical part of TOR's infrastructure, supplies a list of relays in the network to computers connecting to the network.
(Excerpt) Read more at computerworld.com ...
Happy Independence Day everybody!
Who didn’t know this? All the privacy stuff is basically setup and/or run by NSA. It’s a key method for spying on the people who want privacy.
“Its a key method for spying on the people who want privacy.”
Agreed. Better to hide in plain sight than to try and use these obfuscation networks.
It's not that we don't know, it's that we want to make it just that much harder to get our data.
You have to remember, Snowden revealed that the NSA catalogs everything that happens over unencrypted channels (i.e. HTTP). That would include our conversations here on FR.
The point isn't that using SSL is any more secure, it's just more difficult to pluck pertinent data from the transactions. The NSA may have backdoors or special keys to infiltrate SSL connections, but they cannot account for every single private key, hash, or salt algorithm. There's still a significant amount of translation that has to be done to encrypted traffic. They may get it eventually, but using encryption makes it just that much more work; work that the NSA may not be willing to do if you're just a home user trying to keep your credit card information secure.
All due respect, sir, but that's very ignorant of you. The NSA isn't your biggest concern, it's the hackers around the globe who sell your personal data to criminal enterprises. The NSA is subversive and a threat to our liberty, but criminals are a threat to your life and your livelihood.
It's better to live securely behind a cloak than to live in the open and expose yourself.
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
Well yes. I certainly use SSL when using my bank’s website but I was thinking more about revolutionary type stuff.
Though I’m sure the NSA scrapes the data from this site constantly, I would rather post here openly than cause greater scrutiny going through an anonymizer proxy.
I remember when PGP was fairly new and the thinking was that 100% of the people should encrypt 100% of their communication using PGP. The point was not (necessarily) that it could or could not be cracked. The point was that it would be tremendously hard work for the bad guys to figure out who was transmitting their shopping list and who was transmitting rosters for their militia unit.
Great! No wonder NSA/CIA failed to protect us in Lybia, Syria, Ukraine, Iraq and other places.
They are spending their money, time and manpower monitoring us.
Isn’t THAT special?
That is a great post.
Yep. Did you ever wonder what all those program updates were for?
This is an upside down admin. Privacy = transparency. Transparency = privacy.
The funny thing about PGP: the black hat community, among others, has a saying, “There’s a reason that PGP stands for ‘pretty good’ protection. Because that’s all it is.”
There are myriad encryption topologies available out there. It takes some time and research to implement properly, but once setup, you’re assured privacy for as long as you’re willing to maintain the environment.
SSL should be used for everything you do, including web browsing. FR is the only site on my “exempt” list for SSL. Anywhere else, if I can’t connect via SSL, I don’t connect at all.
My wife calls me crazy, says I’m missing out on so much. My privacy is worth more than the garbage out there.
My question....is this whole security-upgrade thing becoming a con to get our permission to collect and use our data?
We just call them the ACA or IRS now.