• Buro Jansen & Janssen is een onderzoeksburo dat politie, justitie, inlichtingendiensten, de overheid in Nederland en Europa kritisch volgt. Een grond-rechten kollektief dat al 30 jaar publiceert over uitbreiding van repressieve wetgeving, publiek-private samenwerking, bevoegdheden, overheids-optreden en andere staatsaangelegenheden.
    Buro Jansen & Janssen Postbus 10591, 1001EN Amsterdam, 020-6123202, 06-34339533, signal +31684065516, info@burojansen.nl (pgp)
    Steun Buro Jansen & Janssen. Word donateur, NL43 ASNB 0856 9868 52 of NL56 INGB 0000 6039 04 ten name van Stichting Res Publica, Postbus 11556, 1001 GN Amsterdam.

  • Categorieën

  • THE CIA CAMPAIGN TO STEAL APPLE’S SECRETS

    RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

    The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

    By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

    The CIA declined to comment for this story.

    The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

    The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

    Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

    Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.

    The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

    “If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

    Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.

    lockheed
    Lockheed Martin Dulles Executive Plaza, Herndon, Virginia.
    SECURITY RESEARCHERS from Sandia National Laboratories presented their Apple-focused research at a secret annual CIA conference called the Trusted Computing Base Jamboree. The Apple research and the existence of the conference are detailed in documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

    The conference was sponsored by the CIA’s Information Operations Center, which conducts covert cyberattacks. The aim of the gathering, according to a 2012 internal NSA wiki, was to host “presentations that provide important information to developers trying to circumvent or exploit new security capabilities,” as well as to “exploit new avenues of attack.” NSA personnel also participated in the conference through the NSA’s counterpart to the CIA’s Trusted Computing Base, according to the document. The NSA did not provide comment for this story.

    The Jamboree was held at a Lockheed Martin facility inside an executive office park in northern Virginia. Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state — more than 80 percent of its total revenue comes from the U.S. government. Via a subsidiary, Lockheed also operates Sandia Labs, which is funded by the U.S. government. The lab’s researchers have presented Apple findings at the CIA conference.

    “Lockheed Martin’s role in these activities should not be surprising given its leading role in the national surveillance state,” says William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War, a book that chronicles Lockheed’s history. “It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you’re looking for a candidate for Big Brother, Lockheed Martin fits the bill.”

    The Apple research is consistent with a much broader secret U.S. government program to analyze “secure communications products, both foreign and domestic” in order to “develop exploitation capabilities against the authentication and encryption schemes,” according to the 2013 Congressional Budget Justification. Known widely as the “Black Budget,” the top-secret CBJ was provided to The Intercept by Snowden and gives a sprawling overview of the U.S. intelligence community’s spending and architecture. The White House did not respond to a request for comment.

    As of 2013, according to the classified budget, U.S. intelligence agencies were creating new capabilities against dozens of commercially produced security products, including those made by American companies, to seek out vulnerabilities.

    Last week, CIA Director John Brennan announced a major reorganization at the agency aimed, in large part, at expanding U.S. cyber-operations. The Information Operations Center, which organized the Jamboree conferences, will be folded into a new Directorate of Digital Innovation. Notwithstanding its innocuous name, a major priority of the directorate will be offensive cyberattacks, sabotage and digital espionage. Brennan said the CIA reorganization will be modeled after the agency’s Counterterrorism Center, which runs the U.S. targeted killing and drone program.

    THE DOCUMENTS do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence. But they do shed light on an ongoing campaign aimed at defeating the tech giant’s efforts to secure its products, and in turn, its customers’ private data.

    “Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”

    Bellovin says he generally supports efforts by U.S. intelligence to “hack” devices — including Apple’s — used by terrorists and criminals, but expressed concern that such capabilities could be abused. “There are bad people out there, and it’s reasonable to seek information on them,” he says, cautioning that “inappropriate use — mass surveillance, targeting Americans without a warrant, probably spying on allies — is another matter entirely.”

    In the top-secret documents, ranging from 2010 through 2012, the researchers appear particularly intent on extracting encryption keys that prevent unauthorized access to data stored — and firmware run — on Apple products.

    “The Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches,” the researchers noted in an abstract of their 2011 presentation at the Jamboree. But, they promised, their presentation could provide the intelligence community with a “method to noninvasively extract” encryption keys used on Apple devices. Another presentation focused on physically extracting the key from Apple’s hardware.

    A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple’s popular App Store. In a talk called “Strawhorse: Attacking the MacOS and iOS Software Development Kit,” a presenter from Sandia Labs described a successful “whacking” of Apple’s Xcode — the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store.

    The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people. “Trying to plant stuff in Xcode has fascinating implications,” says Bellovin.

    The researchers listed a variety of actions their “whacked” Xcode could perform, including:

    — “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer.

    — Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)

    — “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.”

    — Disable core security features on Apple devices.

    THE INTELLIGENCE COMMUNITY IS HIGHLY DEPENDENT ON A VERY SMALL NUMBER OF SECURITY FLAWS, MANY OF WHICH ARE PUBLIC, WHICH APPLE EVENTUALLY PATCHES.
    For years, U.S. and British intelligence agencies have consistently sought to defeat the layers of encryption and other security features used by Apple to protect the iPhone. A joint task force comprised of operatives from the NSA and Britain’s Government Communications Headquarters, formed in 2010, developed surveillance software targeting iPhones, Android devices and Nokia’s Symbian phones. The Mobile Handset Exploitation Team successfully implanted malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for secretly accessing private communications on mobile devices.

    That program was disclosed in Snowden documents reported on last year by The Guardian. A WARRIOR PRIDE plugin called NOSEY SMURF allowed spies to remotely and secretly activate a phone’s microphone. Another plugin, DREAMY SMURF, allowed intelligence agents to manage the power system on a phone and thus avoid detection. PARANOID SMURF was designed to conceal the malware in other ways. TRACKER SMURF allowed ultra-precise geolocating of an individual phone. “[If] its [sic] on the phone, we can get it,” the spies boasted in a secret GCHQ document describing the targeting of the iPhone.

    All of the SMURF malware — including the plugin that secretly turns on the iPhone’s microphone — would first require that agencies bypass the security controls built into the iOS operating system. Spies would either need to hack the phone in order to plant their malware on it, or sneak a backdoor into an app the user installed voluntarily. That was one of the clear aims of the Apple-focused research presented at the CIA’s conference.

    “The U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products,” says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. “If U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple’s customers vulnerable to other sophisticated governments.”

    Security experts interviewed by The Intercept point out that the SMURF capabilities were already available to U.S. and British intelligence agencies five years ago. That raises the question of how advanced the current capacity to surveil smartphone users is, especially in light of the extensive resources poured into targeting the products of major tech companies. One GCHQ slide from 2010 stated that the agency’s ultimate goal was to be able to “Exploit any phone, anywhere, any time.”

    jobs_stage
    Steve Jobs unveiling the first iPhone on January 9, 2007.
    THE FIRST JAMBOREE took place in 2006, just as Apple was preparing to unveil its highly-anticipated iPhone. In March 2010, according to a top-secret document, during a talk called “Rocoto: Implanting the iPhone,” a presenter discussed efforts to target the iPhone 3G. In addition to analyzing the device’s software for potential vulnerabilities, the presentation examined “jailbreak methods,” used within the iPhone community to free phones from their built-in constraints, that could be leveraged by intelligence agencies. “We will conclude with a look ahead at future challenges presented by the iPhone 3GS and the upcoming iPad,” the abstract noted. Over the years, as Apple updates its hardware, software and encryption methods, the CIA and its researchers study ways to break and exploit them.

    The attempts to target vulnerabilities in Apple’s products have not occurred in a vacuum. Rather, they are part of a vast multi-agency U.S./U.K. effort to attack commercial encryption and security systems used on billions of devices around the world. U.S. intelligence agencies are not just focusing on individual terrorists or criminals — they are targeting the large corporations, such as Apple, that produce popular mobile devices.

    “Every other manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s likely they’ll be able to deploy the same capabilities against everyone else,” says Green, the Johns Hopkins cryptographer. “Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.”

    According to the Black Budget, U.S. intelligence agencies have tech companies dead in their sights with the aim of breaking or circumventing any existing or emerging encryption or antiviral products, noting the threat posed by “increasingly strong commercial” encryption and “adversarial cryptography.”

    The Analysis of Target Systems Project produced “prototype capabilities” for the intelligence community, enabled “the defeat of strong commercial data security systems” and developed ways “to exploit emerging information systems and technologies,” according to the classified budget. The project received $35 million in funding in 2012 and had more than 200 personnel assigned to it. By the end of 2013, according to the budget, the project would “develop new capabilities against 50 commercial information security device products to exploit emerging technologies,” as well as new methods that would allow spies to recover user and device passwords on new products.

    Among the project’s missions:

    — Analyze “secure communications products, both foreign and domestic produced” to “develop exploitation capabilities against the authentication and encryption schemes.”

    — “[D]evelop exploitation capabilities against network communications protocols and commercial network security products.”

    — “Anticipate future encryption technologies” and “prepare strategies to exploit those technologies.”

    — “Develop, enhance, and implement software attacks against encrypted signals.”

    — “Develop exploitation capabilities against specific key management and authentication schemes.”

    — “[D]evelop exploitation capabilities against emerging multimedia applications.”

    — Provide tools for “exploiting” devices used to “store, manage, protect, or communicate data.”

    — “Develop methods to discover and exploit communication systems employing public key cryptography” and “communications protected by passwords or pass phrases.”

    — Exploit public key cryptography.

    — Exploit Virtual Private Networks, or VPNs, which allow people to browse the Internet with increased security and anonymity.

    The black budget also noted that the U.S. intelligence community partners with “National Laboratories” to conduct the type of research presented at the CIA’s annual Jamboree conference. It confirms the U.S. government’s aggressive efforts to steal encryption and authentication keys, as occurred in the NSA and GCHQ operations against Gemalto, the world’s largest manufacturer of SIM cards, through the use of Computer Network Exploitation attacks. In that case, spy agencies penetrated Gemalto’s internal networks and cyberstalked its employees to steal mass quantities of keys used to encrypt mobile phone communications.

    The CIA’s Information Operations Center is currently the second largest of the spy agency’s specialized centers. It not only conducts cyber-ops, but has operated covertly in other nations, working to develop assets from targeted countries to assist in its cyber-surveillance programs, according to the Black Budget. At times, its personnel brief the president.

    obama_ipad
    U.S. President Barack Obama holds up an iPad.
    AT THE CIA’s Jamboree in 2011, the computer researchers conducted workshops where they revealed the specifics of their efforts to attack one of the key privacy elements of Apple’s mobile devices. These machines have two separate keys integrated into the silicon of their Apple-designed processors at the point of manufacture. The two, paired together, are used to encrypt data and software stored on iPhones and iPads. One, the User ID, is unique to an individual’s phone, and is not retained by Apple. That key is vital to protecting an individual’s data and — particularly on Apple’s latest devices — difficult to steal. A second key, the Group ID, is known to Apple and is the same across multiple Apple devices that use the same processor. The GID is used to encrypt essential system software that runs on Apple’s mobile devices.

    The focus of the security researchers, as described at the CIA conferences, was to target the GID key, which Apple implants on all devices that use the same processors. For instance, Apple’s A4 processor was used in the iPhone 4, the iPod Touch and the original iPad. All of those devices used the same GID. As Apple designs new processors and faster devices that use those processors, the company creates new GIDs. If someone has the same iPhone as her neighbor, they have the exact same GID key on their devices. So, if intelligence agencies extract the GID key, it means they have information useful to compromising any device containing that key.

    At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.”

    Whatever method the CIA and its partners use, by extracting the GID — which is implanted on the processors of all Apple mobile devices — the CIA and its allies could be able to decrypt the firmware that runs on the iPhone and other mobile devices. This would allow them to seek out other security vulnerabilities to exploit. Taken together, the documents make clear that researching each new Apple processor and mobile device, and studying them for potential security flaws, is a priority for the CIA.

    According to the 2011 document describing the Jamboree presentations on Apple’s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.”

    At the CIA conference in 2012, Sandia researchers delivered a presentation on Apple’s A5 processor. The A5 is used in the iPhone 4s and iPad 2. But this time, it contained no abstract or other details, instructing those interested to contact a CIA official on his secure phone or email.

    “If I were Tim Cook, I’d be furious,” says the ACLU’s Soghoian. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”

    tim_cook
    Apple CEO Tim Cook testifies on Capitol Hill in Washington, May 21, 2013.
    FOR YEARS, Apple has included encryption features in the products it sells to consumers. In 2014, the company dramatically broadened the types of data stored on iPhones that are encrypted, and it incorporated encryption by default into its desktop and laptop operating system. This resulted in criticism from leading law enforcement officials, including the FBI director. The encryption technology that Apple has built into its products — along with many other security features — is a virtual wall that separates cybercriminals and foreign governments from customer data. But now, because Apple claims it can no longer extract customer data stored on iPhones, because it is encrypted with a key the company does not know, the U.S. government can be locked out too — even with a search warrant. The FBI director and other U.S. officials have referred to the advent of the encryption era — where previously accessible data and communications may now be off limits because of the security technology protecting them — as “going dark.”

    In the face of this rising challenge to its surveillance capabilities, U.S. intelligence has spent considerable time and resources trying to find security vulnerabilities in Apple’s encryption technology, and, more broadly, in its products, which can be leveraged to install surveillance software on iPhones and Macbooks. “The exploitation of security flaws is a high-priority area for the U.S. intelligence community, and such methods have only become more important as U.S. technology companies have built strong encryption into their products,” says the ACLU’s Soghoian.

    Microsoft has, for nearly a decade, included BitLocker, an encryption technology that protects data stored on a computer, in its Windows operating system. Unlike Apple, which made encryption available to all customers, Microsoft had included this feature only in its more expensive premium and professional versions of Windows, up until a few years ago. BitLocker is designed to work with a Trusted Platform Module, a special security chip included in some computers, which stores the encryption keys and also protects against unauthorized software modification.

    Also presented at the Jamboree were successes in the targeting of Microsoft’s disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Microsoft declined to comment for this story.

    In the wake of the initial Snowden disclosures, Apple CEO Tim Cook has specifically denounced the U.S. government’s efforts to compel companies to provide backdoor access to their users’ data.

    “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy. More recently, Cook said, “None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering.”

    As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. “Encryption threatens to lead all of us to a very dark place,” declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, “This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.”

    Under current U.S. regulations, law enforcement agencies can get a court order to access communications channeled through major tech companies and wireless providers. But if those communications are encrypted through a process not accessible by any involved company, the data is essentially meaningless, garbled gibberish. “In a world in which data is encrypted, and the providers don’t have the keys, suddenly, there is no one to go to when they have a warrant,” says Soghoian. “That is, even if they get a court order, it doesn’t help them. That is what is freaking them out.”

    Comey alleged that “even a supercomputer would have difficulty with today’s high-level encryption,” meaning a “brute force” attempt to decrypt intercepted communications would be ineffective, and, even if successful, time-consuming.

    “Encryption isn’t just a technical feature; it’s a marketing pitch,” Comey added. “But it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked.”

    A few months after Comey’s remarks, Robert Litt, the general counsel for the Office of the Director of National Intelligence, also appeared at Brookings. “One of the many ways in which Snowden’s leaks have damaged our national security is by driving a wedge between the government and providers and technology companies, so that some companies that formerly recognized that protecting our nation was a valuable and important public service now feel compelled to stand in opposition,” Litt said. He appealed to corporations to embrace “a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.”

    Green, the Johns Hopkins professor, argues that U.S. government attacks against the products of American companies will not just threaten privacy, but will ultimately harm the U.S. economy. “U.S. tech companies have already suffered overseas due to foreign concerns about our products’ security,” he says. “The last thing any of us need is for the U.S. government to actively undermine our own technology industry.”

    The U.S. government is certainly not alone in the war against secure communications. British Prime Minister David Cameron has suggested that if he is re-elected, he may seek to ban encrypted chat programs that do not provide backdoor access to law enforcement. “Are we going to allow a means of communications which it simply isn’t possible to read?” Cameron said in a speech in England earlier this year. “My answer to that question is: ‘No, we must not.’”

    When the Chinese government recently tried to force tech companies to install a backdoor in their products for use by Chinese intelligence agencies, the U.S. government denounced China. “This is something that I’ve raised directly with President Xi,” President Obama said in early March. “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.” But China was actually following the U.S. government’s lead. The FBI has called for an expansion of U.S. law, which would require Apple and its competitors to design their products so that all communications could be made available to government agencies. NSA officials have expressed similar sentiments.

    “Obama’s comments were dripping with hypocrisy,” says Trevor Timm, executive director of the Freedom of the Press Foundation. “Don’t get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on — now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won’t he order the FBI and NSA to stop pushing for it as well?”

    ———

    Documents published with this article:

    TCB Jamboree 2012 Invitation
    Strawhorse: Attacking the MacOS and iOS Software Development Kit
    TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker
    TCB Jamboree 2012
    Apple A4/A5 Application Processors Analysis
    Differential Power Analysis on the Apple A4 Processor
    Secure Key Extraction by Physical De-Processing of Apple’s A4 Processor
    Rocoto: Implanting the iPhone
    Smurf Capability – iPhone
    Black Budget: Cryptanalysis & Exploitation Services – Analysis of Target Systems
    ———

    Andrew Fishman, Alleen Brown, Andrea Jones, Ryan Gallagher, Morgan Marquis-Boire, and Micah Lee contributed to this story.

    Note: An earlier draft of this story incorrectly suggested that the iOS Group ID is used to sign software. An earlier draft also incorrectly stated that Lockheed Martin owns Sandia National Laboratories. Sandia Corporation, a wholly owned subsidiary of Lockheed Martin, operates Sandia National Laboratories as a contractor for the U.S. Department of Energy’s National Nuclear Security Administration.

    Disclosure: Freedom of the Press Foundation, which Trevor Timm represents, has received grant funding from First Look Media, The Intercept’s parent company. Intercept co-founders Glenn Greenwald and Laura Poitras are on the board of the organization.

    Photo: Google Maps; Simon Dawson/Bloomberg/Getty Images; Tony Avelar/Getty Images; Kevin Lamarque/Reuters/Landov; J. Scott Applewhite/AP

    Email the authors: jeremy.scahill@theintercept.com, josh.begley@theintercept.com

    BY JEREMY SCAHILL AND JOSH BEGLEY @jeremyscahill@joshbegley 10 MAR 2015

    Find this story at 10 March 2015

    Copyright firstlook.org

    The Intercept, Mass Surveillance and the State

    Like a proud father CIA director John Brennan has announced that he’s creating a new directorate to conduct cyberespionage. Never mind all those classified documents published recently by the Intercept which prove that the CIA has been active in the cyber domain for years. While it goes without saying that the CIA’s subversion campaign is unsettling what’s equally thought-provoking is the manner in which the Intercept frames the involvement of the private sector.

    Every year the CIA showcases its latest batch of subversion tools, taking them for a victory lap at a secret conference which internal documents refer to glibly as a “Jamboree.” In 2012 the Jamboree was hosted by Lockheed Martin at a campus in northern Virginia. Journalists at the Intercept describe Lockheed as follows:

    “Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state — more than 80 percent of its total revenue comes from the U.S. government.”

    Note how this description subtly creates the impression that the ultimate culprit with regard to mass surveillance is the government. Lockheed is merely a “wing” of an overarching “national security state”. All roads lead to U.S. intelligence, it’s all about the state.

    Yet close examination of the history of the CIA yields a different picture. Contractors like Lockheed Martin aren’t a subordinate extension of the national security state. Quite the opposite. It’s probably more accurate to conclude that intelligence agencies, like the NSA, represent a public sector appendage of a much larger corporate power structure whose nexus resides in profound sources of wealth and influence outside of the government. A Deep State, if you will, that’s fundamentally driving what goes on in Washington.

    In the absence of mass public outcry private capital sets the rules. It’s been this way since Ferdinand Lundberg wrote America’s Sixty Families back in 1937. Or perhaps Mr. Scahill hasn’t glimpsed politicians on both sides of the aisle trotting out in front of billionaires to audition for public office?

    Hence there is a recurring theme in L’affaire Snowden that arises from the Intercept’s coverage of mass surveillance. Focus is maintained almost exclusively on the government without acknowledging the central role that corporations play. According to the Intercept’s worldview hi-tech companies are but helpless pawns being coerced and assailed by runaway security services rather than willing symbiotic accomplices that directly benefit from the global panopticon.

    Honestly, doesn’t Ed Snowden have more information on Booz Allen?

    When a doctor is faced with a serious medical condition the diagnosis typically informs the subsequent course of treatment. So it is with mass surveillance. Only in the case of mass surveillance the diagnosis is being shaped by certain actors to fit a preconceived solution. The agenda of the far right is clear. Nothing short of corporate feudalism. Libertarian political operator Grover Norquist boldly spelled it out: “I don’t want to abolish government. I simply want to reduce it to the size where I can drag it into the bathroom and drown it in the bathtub.”

    A messaging scheme which depicts the government as the chief villain is a godsend for people who are itching for reasons to demolish the state. Techno libertarians rejoice and present the public with their version of salvation. “Crypto everywhere” roar CEOs across Silicon Valley. How predictably shallow and self-serving. Their counter-surveillance talking points provide them with something new to sell us. It also absolves them of responsibility while redirecting the public’s attention away from more far-reaching systemic measures.

    In light of this it’s hard not to notice the various twists of fate in L’affaire Snowden. Classified documents gradually trickled into the public record thanks to a whistle-blower who donated money to Ron Paul and exhibited some decidedly right-wing inclinations online. A copy of the classified documents were provided to a journalist who wrote a policy whitepaper for the CATO Institute (formerly known as the Charles Koch Foundation). Then out of the woodwork appears a kindly libertarian billionaire who dazzles the said journalist with fame and fortune, “a dream opportunity that was impossible to decline.”

    The product of coincidence? To an extent. But what’s undeniable is that a member of the financial elite, a man who has clocked over a dozen visits to the Obama White House, deliberately leveraged his assets to inject himself into the unfolding course of events. Once more the narrative about mass surveillance that his news organization conveys tends to cast corporations as champions against mass surveillance while omitting to acknowledge how they stand to benefit from the global panopticon. It appears that elements within the ruling class would have us believe that the Deep State will solve the very problem that it intentionally created.

    Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal , and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.

    by BILL BLUNDEN
    WEEKEND EDITION MARCH 13-15, 2015

    Find this story at March 2015

    Copyright © CounterPunch

    Top-Secret Crate Packers Among Legions Hired With Leaker

    To the growing list of U.S. jobs that require Top Secret clearances add this one: packing and crating.

    A June 2 job posting on the website of CACI International Inc. (CACI), a government contractor that works for the Defense Department and intelligence agencies, seeks a full-time “packer/crater” to prepare products such as “chillers, generators, boats and vehicles” for shipping.

    The listing says the candidate must have a high-school diploma and hold a Top Secret/Sensitive Compartmented Information clearance, the type held by Edward Snowden, 29, the former National Security Agency contractor who says he passed information about classified electronic surveillance programs to two newspapers.

    From packers to computer specialists, the number of U.S. military and intelligence jobs requiring Top Secret clearances has risen since the attacks of Sept. 11, 2001, as the federal government expanded efforts to track and stop terrorists globally. That has made the government more dependent on contractors such as Arlington, Virginia-based CACI to fill many of these roles, and it has increased the workload on investigators who must process security clearances.

    “Perhaps the government should take a look at the number of people being granted access to sensitive information” and the security risks of that proliferation, said Robert Burton, a partner at the law firm of Venable LLP in Washington who served as acting administrator of the Office of Federal Procurement Policy in President George W. Bush’s administration.
    About 1.4 Million

    About 1.4 million Americans held Top Secret clearances as of October, including about 483,000 who worked for contractors, according to data from the Office of the Director of National Intelligence. Packer/Crater is listed among occupational specialties on the Central Intelligence Agency’s jobs website, which says the job pays $23.94 an hour and requires a polygraph examination.

    Access to Sensitive Compartmented Information, or SCI, is limited to those cleared for specific Top Secret programs or information.

    Among those with Top Secret clearances was Snowden, who had been working as a computer technician for government contractor Booz Allen Hamilton Holding Corp. (BAH) for less than three months after previously holding a position with the CIA. Booz Allen said yesterday it had fired Snowden, who it said had a salary of $122,000 a year, for “violations of the firm’s code of ethics and firm policy.”

    For Booz Allen, based in McLean, Virginia, almost a quarter of annual revenue comes from work for intelligence agencies, according to its annual regulatory filing. About 27 percent of its employees held Top Secret/Sensitive Compartmented Information clearances, according to the company.
    Lockheed, SAIC

    The company, which reported sales for the year ending March 31 of $5.76 billion, was acquired in 2008 by the Washington-based private-equity firm Carlyle Group LP, which still holds 67 percent of the company, according to data compiled by Bloomberg.

    Booz Allen, the 13th-largest federal contractor, competes with Lockheed Martin Corp. (LMT), SAIC Inc. (SAI), CACI and other companies for U.S. intelligence contracts.

    Jobs seeking candidates with Top Secret clearances are among the five most-advertised requirements in the U.S., according to Wanted Technologies, a Quebec City-based company that collects and analyzes job ads.

    While postings for Top Secret jobs declined about 23 percent in March from a year earlier, there were still 20,000 such ads posted online, according to “Hiring Demand Indicators” published in April by Wanted Technologies. All of the top five job categories were related to computer technologies.
    Security Clearances

    Government agencies must turn to contractors for almost a half-million workers with Top Secret clearances because agencies can’t meet their needs for such “highly prized” workers from within, said Stan Soloway, president and chief executive officer of the Professional Services Council, an Arlington, Virginia-based group that represents contractors such as SAIC and CACI.

    The danger of leaks isn’t exacerbated by having workers for contractors holding Top Secret clearances, Soloway said.

    “You’d still have an overwhelming number of people” working in this area, even if the government was hiring federal workers rather than contractors, Soloway said. “The sheer growth in the intel community increased the potential for leaks.”
    Background Investigations

    The demand for workers with security clearances has grown so much that many of the background investigations that once were done by the Federal Bureau of Investigation and the Office of Personnel Management are now farmed out to contractors as well, said Charles Tiefer, a University of Baltimore law professor and former member of the U.S. Commission on Wartime Contracting.

    “You couldn’t fill a need as large as it is today if you still depended on the FBI to do field work on every job applicant for a clearance in the government or as a government contractor,” Tiefer said. “So many clearances are being granted that they are doing it by having contractors process the clearances.”

    The boost in jobs requiring Top Secret clearances has another effect too: It costs money.

    The U.S. Government Accountability Office said in a July 2012 report that the Director of National Intelligence hadn’t provided other government agencies with a clear policy and instructions for determining which civilian jobs needed that clearance.
    ‘Investigative Workload’

    “Developing a sound requirements process is important because requests for clearances for positions that do not need a clearance or need a lower level of clearance increase investigative workload and costs unnecessarily,” according to the GAO report.

    To issue a Top Secret clearance, the government or a designated contractor conducts a Single Scope Background Investigation, which includes a review of everywhere an individual has lived, attended school and worked, according to the GAO. Investigators also interview four references who have social knowledge of the individual, talk to former spouses and conduct a check of financial records. Top Secret clearances must be renewed every five years. Some also require a polygraph examination.

    The U.S. spent $1 billion in 2011 to conduct background investigations for a variety of classifications, the GAO said.

    In 2012, each investigation to issue a new Top Secret clearance costs about $4,000 with a renewal cost of $2,711, compared with the base price of $260 for a more routine Secret clearance, according to the GAO.

    “A lot of security reform efforts have been focused on other aspects” of how intelligence agencies work, Brenda Farrell, author the GAO report said in a phone interview. “This one definitely needs attention.”

    To contact the reporters on this story: Gopal Ratnam in Washington at gratnam1@bloomberg.net; Danielle Ivory in Washington at divory@bloomberg.net

    To contact the editors responsible for this story: Stephanie Stoughton at sstoughton@bloomberg.net; John Walcott at jwalcott9@bloomberg.net

    By Gopal Ratnam and Danielle Ivory – Jun 12, 2013

    Find this story at 12 June 2013

    ®2013 BLOOMBERG L.P.

    Alle Geheimdienst-Aufträge an Privatfirmen in Deutschland

    Was treiben die USA in Deutschland? Antworten finden sich auch in einer offiziellen US-Datenbank. Hier finden Sie alle Verträge für Geheimdienstarbeiten in Deutschland.

    Was treiben die USA in Deutschland? Antworten finden sich auch in der offiziellen Datenbank FPDS.gov. Hier müssen alle vergebenen Staatsaufträge praktisch in Echtzeit eingebucht werden, wenn ihr Volumen 3000 Dollar übersteigt.

    Die Webseite bietet eine Volltextsuche, lässt sich jedoch auch nach Kategorien filtern. Wer sich für Aufträge in Deutschland interessiert, gibt POP_COUNTRY_NAME:”GERMANY” in das Feld ein. Wer nach PRODUCT_OR_SERVICE_CODE:”R423″ sucht, findet alle Aufträge die mit “Intelligence” zu tun haben, mit Geheimdienstarbeit.
    Amerikanische Auftragnehmer
    Was Spionagefirmen in Deutschland für die USA treiben

    Die US-Geheimdienste sammeln so viele Daten, dass sie alleine nicht hinterherkommen. Deswegen mieten sie Zusatzkräfte bei privaten Dienstleistern. Die arbeiten wie Spione – auch in Deutschland.

    Diese Daten kann man dann als Excel-Datei herunterladen. Hier finden Sie die Tabelle mit allen Intelligence-Aufträgen in Deutschland zum Herunterladen.

    Das bedeuten die wichtigsten Spalten in der Tabelle:

    Contract ID: Auftragsnummer, über die man in der Regel leicht in der FPDS-Datenbank den Auftrag mit weiteren Zusatzinformationen findet

    Vendor Name: Dienstleisterfirma

    Year signed: Jahr, in dem der Vertrag geschlossen wurde

    Action Obligation ($): Auftragssumme (manchmal negativ, wenn Aufträge stoniert oder rückwirkend verringert werden)

    NAICS Description und PSC Description: Kategorie des Auftrags

    Global Vendor Name: Mutterkonzern
    Aufträge in Deutschland
    Die Top 3 der Mietspione

    Alleine in Deutschland haben die USA bisher 140 Millionen Euro für private Spione ausgegeben. Die meisten Aufträge gingen an die drei Firmen SOSi, Caci und MacAulay-Brown. Was sind das für Konzerne?
    Demonstration gegen NSA-Horchposten bei Darmstadt: Auch Staatsaufträge für den Dagger-Complex finden sich in der Datenbank (Foto: dpa)

    16. November 2013 11:05 Datenbank-Recherche
    Von Bastian Brinkmann

    Find this story at 16 November 2013

    Vijf bedrijven in een excel

    Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH