Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Secret code indicates NSA tracks privacy tool users
Computer World ^ | 7/4/2014 | Jeremy Kirk

Posted on 07/04/2014 4:55:56 AM PDT by markomalley

A NSA spying tool is configured to snoop on an array of privacy programs used by journalists and dissidents, according to an analysis of never-before-seen code leaked by an unknown source.

The code, published as part of investigation by two German broadcasters on Thursday, contains tracking specifications for XKeyScore, a powerful NSA program that collects and sorts intercepted data.

XKeyScore came to light in documents leaked by former NSA contractor Edward Snowden, but some observers believe the latest information -- which adds greater detail on how the agency monitors people trying to protect their privacy online -- may have not come from the documents he passed to journalists.

The broadcasters, Norddeutscher Rundfunk and Westdeutscher Rundfunk, did not reveal their source for the code but claimed in a report that former NSA employees and experts "are convinced that the same code or similar code is still in use today,"

The report describes how the code enables XKeyScore to track users connected to The Onion Router, known as TOR, a network that encrypts data traffic through random servers in order to obscure identification of a web surfer.

TOR, a project initially started by the U.S. Navy, is considered a critical privacy enhancing tool and one that has hampered NSA surveillance in the past.

The report contends the NSA is monitoring two TOR servers in Germany. One is run by Sebastian Hahn, a 28-year-old computer science student at the University of Erlangen. The server, known as a Directory Authority, a critical part of TOR's infrastructure, supplies a list of relays in the network to computers connecting to the network.

(Excerpt) Read more at computerworld.com ...


TOPICS: Extended News; Government
KEYWORDS: bigbrother; nsa; surveillance

Happy Independence Day everybody!

1 posted on 07/04/2014 4:55:56 AM PDT by markomalley
[ Post Reply | Private Reply | View Replies]

To: markomalley
""Crime is contagious.
If the government becomes a law breaker,
it breeds contempt for the law." "

Justice Louis D. Brandeis


2 posted on 07/04/2014 5:04:49 AM PDT by Diogenesis
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Who didn’t know this? All the privacy stuff is basically setup and/or run by NSA. It’s a key method for spying on the people who want privacy.


3 posted on 07/04/2014 5:23:05 AM PDT by ClearCase_guy ("Harvey Dent, can we trust him?" http://www.youtube.com/watch?v=HBsdV--kLoQ)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ClearCase_guy

“It’s a key method for spying on the people who want privacy.”

Wonderful.


4 posted on 07/04/2014 5:52:50 AM PDT by pieceofthepuzzle
[ Post Reply | Private Reply | To 3 | View Replies]

To: ClearCase_guy

Agreed. Better to hide in plain sight than to try and use these obfuscation networks.


5 posted on 07/04/2014 6:01:18 AM PDT by Incorrigible (If I lead, follow me; If I pause, push me; If I retreat, kill me.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ClearCase_guy
All the privacy stuff is basically setup and/or run by NSA

It's not that we don't know, it's that we want to make it just that much harder to get our data.

You have to remember, Snowden revealed that the NSA catalogs everything that happens over unencrypted channels (i.e. HTTP). That would include our conversations here on FR.

The point isn't that using SSL is any more secure, it's just more difficult to pluck pertinent data from the transactions. The NSA may have backdoors or special keys to infiltrate SSL connections, but they cannot account for every single private key, hash, or salt algorithm. There's still a significant amount of translation that has to be done to encrypted traffic. They may get it eventually, but using encryption makes it just that much more work; work that the NSA may not be willing to do if you're just a home user trying to keep your credit card information secure.

6 posted on 07/04/2014 6:01:40 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Incorrigible
Better to hide in plain sight than to try and use these obfuscation networks.

All due respect, sir, but that's very ignorant of you. The NSA isn't your biggest concern, it's the hackers around the globe who sell your personal data to criminal enterprises. The NSA is subversive and a threat to our liberty, but criminals are a threat to your life and your livelihood.

It's better to live securely behind a cloak than to live in the open and expose yourself.

7 posted on 07/04/2014 6:04:25 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: markomalley; COUNTrecount; Nowhere Man; FightThePower!; C. Edmund Wright; jacob allen; ...

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...

8 posted on 07/04/2014 6:14:21 AM PDT by null and void (If Bill Clinton was the first black president, why isn't Barack Obama the first woman president?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

Well yes. I certainly use SSL when using my bank’s website but I was thinking more about revolutionary type stuff.

Though I’m sure the NSA scrapes the data from this site constantly, I would rather post here openly than cause greater scrutiny going through an anonymizer proxy.


9 posted on 07/04/2014 6:15:03 AM PDT by Incorrigible (If I lead, follow me; If I pause, push me; If I retreat, kill me.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: rarestia

I remember when PGP was fairly new and the thinking was that 100% of the people should encrypt 100% of their communication using PGP. The point was not (necessarily) that it could or could not be cracked. The point was that it would be tremendously hard work for the bad guys to figure out who was transmitting their shopping list and who was transmitting rosters for their militia unit.


10 posted on 07/04/2014 6:25:02 AM PDT by ClearCase_guy ("Harvey Dent, can we trust him?" http://www.youtube.com/watch?v=HBsdV--kLoQ)
[ Post Reply | Private Reply | To 6 | View Replies]

To: markomalley

Great! No wonder NSA/CIA failed to protect us in Lybia, Syria, Ukraine, Iraq and other places.

They are spending their money, time and manpower monitoring us.


11 posted on 07/04/2014 6:51:21 AM PDT by Grampa Dave ( Herr Obozo, the Sunni Won-Doer, will not divert $'s from his war on Americans to help our Veterans!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

M4L


12 posted on 07/04/2014 7:06:47 AM PDT by Scrambler Bob (You can count my felonies by looking at my FR replies.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Well...

Isn’t THAT special?


13 posted on 07/04/2014 7:27:04 AM PDT by Montana_Sam (Truth lives.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Ping


14 posted on 07/04/2014 8:51:18 AM PDT by BuckeyeTexan (There are those that break and bend. I'm the other kind. ~Steve Earle)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

That is a great post.


15 posted on 07/04/2014 8:55:06 AM PDT by B4Ranch (Name your illness, do a Google & YouTube search with "hydrogen peroxide". Do it and be surprised.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ClearCase_guy
All the privacy stuff is basically setup and/or run by NSA.

Yep. Did you ever wonder what all those program updates were for?

This is an upside down admin. Privacy = transparency. Transparency = privacy.

16 posted on 07/04/2014 1:02:04 PM PDT by bgill
[ Post Reply | Private Reply | To 3 | View Replies]

To: ClearCase_guy

The funny thing about PGP: the black hat community, among others, has a saying, “There’s a reason that PGP stands for ‘pretty good’ protection. Because that’s all it is.”

There are myriad encryption topologies available out there. It takes some time and research to implement properly, but once setup, you’re assured privacy for as long as you’re willing to maintain the environment.


17 posted on 07/04/2014 1:28:36 PM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Incorrigible

SSL should be used for everything you do, including web browsing. FR is the only site on my “exempt” list for SSL. Anywhere else, if I can’t connect via SSL, I don’t connect at all.

My wife calls me crazy, says I’m missing out on so much. My privacy is worth more than the garbage out there.


18 posted on 07/04/2014 1:30:13 PM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: bgill
I have a guestion. My computer company provided me a trial upgrade to improve computer speed (it hasn't). Part of it was I was given McAffee security for free. I read the fine print before I signed up, and it involved permission for McAffee to collect data from me and use it as they thought appropriate. I didn't sign up.

My question....is this whole security-upgrade thing becoming a con to get our permission to collect and use our data?

19 posted on 07/04/2014 1:39:31 PM PDT by grania
[ Post Reply | Private Reply | To 16 | View Replies]

To: rarestia
>"it's the hackers around the globe who sell your personal data to criminal enterprises. "

We just call them the ACA or IRS now.

20 posted on 07/04/2014 4:12:58 PM PDT by rawcatslyentist (Jeremiah 50:32 "The arrogant one will stumble and fall ; / ?)
[ Post Reply | Private Reply | To 7 | View Replies]

To: null and void

surprise surprise


21 posted on 07/04/2014 4:54:39 PM PDT by Nifster
[ Post Reply | Private Reply | To 8 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson