[Vision2020] The NSA is Targeting Users of Privacy Services, Leaked Code Shows

Paul Rumelhart paul.rumelhart at gmail.com
Sun Jul 6 16:00:12 PDT 2014

I keep hoping that some Congressman somewhere will stop and think "You know
what?  The Executive branch has created the Ultimate Blackmailing Machine,
all with at least arguable legality.  I wonder if that could ever be used
against me?"  Instead, we apparently only elect the "Boy I can't wait to
use that when I'm President" types.  Sucks to be us, I guess.


On Sun, Jul 6, 2014 at 2:45 PM, Scott Dredge <scooterd408 at hotmail.com>

> <What an F-ed up country we live in.>
> We don't live in an effed up country.  If anything technology *might* have
> simply evolved past the Constitutional protections put in place to limit
> government powers.  My bet would be that the 4th Amendment would still hold
> up against improper NSA snooping.  Short of a Supreme Court ruling or
> Congressional action, don't expect the NSA to just turn a blind eye out of
> the goodness of their heart.  Spying is part of their job responsibilities.
> ------------------------------
> Date: Sun, 6 Jul 2014 13:59:06 -0700
> From: paul.rumelhart at gmail.com
> To: vision2020 at moscow.com
> Subject: [Vision2020] The NSA is Targeting Users of Privacy Services,
> Leaked Code Shows
> I am pasting in the entire article for your convenience.  I will also
> provide a link to the article itself.  Be warned, though, that if you click
> on the link to the publicly-published Wired magazine website to view this
> article and you are not located in the US, Canada, Australia, New Zealand
> or the UK your IP address could be collected and stored by the NSA.  I
> encourage those of you who are brave enough to defy your government by
> clicking on a link to specific article in a legitimate mass-market online
> magazine to go ahead and do so.  All it will do is get you added to another
> list (I'm guessing we're all on one, somewhere), thus reducing their
> signal-to-noise ratio for people legitimately concerned about privacy (such
> as dissidents, whistleblowers, oppressed people, people behind censorship
> firewalls, etc.
> As a side note, I'm pleased as punch that anyone who goes to the online
> magazine "Linux Journal", even if you are in one of the "Five Eyes"
> countries, gets their IP address recorded.  Why?  Because it means that
> they fear those of us who use an OS that can't be as easily back-doored,
> which is a good thing.
> First, the link of extreme extremism:
> http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/  What
> an F-ed up country we live in.
> Second, the article itself.  Have a nice day.
> The NSA Is Targeting Users of Privacy Services, Leaked Code Shows
>    - By Kim Zetter <http://www.wired.com/author/kimzetter/>
>    - 07.03.14  |
>    - 5:45 pm  |
> If you use Tor or any of a number of other privacy services online or even
> visit their web sites to read about the services, there’s a good chance
> your IP address has been collected and stored by the NSA, according to
> top-secret source code for a program the NSA uses to conduct internet
> surveillance.
> There’s also a good chance you’ve been tagged for simply reading news
> articles about these services published by Wired and other sites.
> This is according to code, obtained and analyzed by journalists and others
> in Germany, which for the first time reveals the extent of some of the
> wide-spread tracking the NSA conducts on people using or interested in
> using privatizing tools and services—a list that includes journalists and
> their sources, human rights activists, political dissidents living under
> oppressive countries and many others who have various reasons for needing
> to shield their identity and their online activity.
> The source code, for the NSA system known as XKeyscore, is used in the
> collection and analysis of internet traffic, and reveals that simply
> searching the web for privacy tools online is enough to get the NSA to
> label you an “extremist” and target your IP address for inclusion in its
> database.
> But the NSA’s analysis isn’t limited to tracking metadata like IP
> addresses. The system also conducts deep-packet inspection of emails that
> users exchange with the Tor anonymizing service to obtain information that
> Tor conveys to users of so-called Tor “bridges.”
> Legal experts say the widespread targeting of people engaged in
> constitutionally protected activity like visiting web sites and reading
> articles, raises questions about the legal authority the NSA is using to
> track users in this way.
> “Under [the Foreign Intelligence Surveillance Act] there are numerous
> places where it says you shouldn’t be targeting people on the basis of
> activities protected by the First Amendment,” says Kurt Opsahl, deputy
> general counsel for the Electronic Frontier Foundation. “I can’t see how
> this activity could have been properly authorized under FISA. This is
> suggesting then that they have come up with some other theory of
> authorizing this.”
> The findings also contradict NSA longstanding claims that its surveillance
> targets only those suspected of engaging in activity that threatens
> national security.
> “They say ‘We’re not doing indiscriminate searches,’ but this is
> indiscriminate,” Opsahl notes. “It’s saying that anyone who is looking for
> those various [services] are suspicious persons.”
> He notes that the NSA actions are at clear odds with statements from
> former U.S. Secretary of State Hilary Clinton and others in the government
> about the importance of privacy services and tools to protect First
> Amendment freedoms.
> “One hand of the government is promoting tools for human rights advocates
> and political dissidents to be able to communicate and is championing that
> activity,” he says. “While another branch of the government is determining
> that that activity is suspicious and requires tracking. This may intimidate
> people from using these very important tools and have a chilling effect
> that could undermine the free expression of ideas throughout the world.”
> The findings were uncovered and published by Norddeutscher Rundfunk and
> Westdeutscher Rundfunk—two public radio and TV broadcasting organizations
> in Germany. An English-language analysis of the findings
> <http://daserste.ndr.de/panorama/xkeyscorerules100.txt>, along with parts
> of the source code for the XKeyscore program—was also published by Jacob
> Appelbaum, a well-known American developer employed by the Tor Project, and
> two others in Germany who play significant roles in Tor.
> *Secrets Revealed in the Code*
> XKeyscore is the collection system the NSA uses to scoop up internet data
> and analyze it. It has been described in NSA documents leaked by Edward
> Snowden as a crucial tool that the NSA can use to monitor “nearly
> everything a user does on the internet.”
> Embedded in the code they found rules describing what XKeyscore is focused
> on monitoring. The rules indicate that the NSA tracks any IP address that
> connects to the Tor web site or any IP address that contacts a server that
> is used for an anonymous email service called MixMinion that is maintained
> by a server at MIT. XKeyscore targets any traffic to or from an IP address
> for the server. The NSA is also tracking anyone who visits the popular
> online Linux publication, Linux Journal, which the NSA refers to as an
> “extremist forum” in the source code.
> Tor was originally developed and funded by the U.S. Naval Research
> Laboratory in the late ’90s to help government employees shield their
> identity online, but it was later passed to the public sector for use. Tor
> has since been completely rebuilt by developers, and is now overseen by the
> Tor Project, a non-profit in Massachusetts, though it is still primarily
> funded by government agencies.
> Tor allows users to surf the internet as well as conduct chat and send
> instant messages anonymously. It works by encrypting the traffic and
> relaying it through a number of random servers, or nodes, hosted by
> volunteers around the world to make it difficult for anyone to trace the
> data back to its source. Each node in the network can only see the previous
> node that sent it the traffic and the next node to which it’s sending the
> traffic.
> In documents released by Edward Snowden, NSA workers discussed their
> frustration in spying on people who use Tor. “We will never be able to
> de-anonymize all Tor users all the time,” one internal NSA document noted.
> But the XKeyscore source code reveals some of the ways the NSA attempts to
> overcome this obstacle.
> Tor isn’t the only target of XKeyscore, however. The system is also
> targeting users of other privacy services: Tails, HotSpotShield, FreeNet,
> Centurian, FreeProxies.org, and MegaProxy.
> Tails is an operating system <http://www.wired.com/2014/04/tails/> used
> by human rights activists, as well as many of the journalists who have
> access to the Edward Snowden documents, to protect sensitive computer
> activity. It runs from a USB stick or CD so that it’s not stored on the
> system, and uses Tor and other privacy tools to protect user activity. At
> the end of each session, when the user reboots it, Tails erases any data
> pertaining to that session—such as evidence of documents opened or
> chats—except for data the user has specifically saved to an encrypted
> storage device. The NSA clearly regards Tails as a sinister tool, however,
> referring to it in one comment in the source code as “a comsec mechanism
> advocated by extremists on extremist forums.”
> The XKeyscore rule for monitoring Tails users indicates that it is
> designed to identify users searching for the software program, as well as
> anyone “viewing documents relating to TAILs, or viewing websites that
> detail TAILs.”
> *How XKeyscore Works*
> The XKeyscore rules use features the NSA calls “appids,” “fingerprints,”
> and “microplugins,” to identify and tag activity online.
> Appids, the German publication notes, are unique identifiers that help the
> system sort and categorize data and user activity, such as an online
> search. The microplugins are possibly used to extract and store specific
> types of data.
> The rules indicate that the NSA is specifically targeting the IP address
> of nine servers operated by key Tor volunteers in Germany, Sweden, Austria,
> the Netherlands and even the U.S. These servers are used by the Tor network
> as directory authorities. They generate, on an hourly basis, a directory of
> all the Tor nodes or relays on the Tor network, which change constantly as
> new servers are added by volunteers or taken out of the network. The Tor
> software consults these lists to direct traffic to the nodes. The XKeyscore
> system uses a fingerprint called “anonymizer/tor/node/authority” that
> targets any IP address that connects to the nine servers.
> One of the servers is maintained by Sebastian Hahn, a 28-year-old a Tor
> volunteer and computer science student at the University of Erlangen. A
> German attorney told the media outlets that the targeting of Tor volunteers
> in Germany may violate restrictions against the US conducting secret
> intelligence activity against German citizens in Germany.
> Another server is operated at MIT by Tor Project leader Roger Dingledine,
> an MIT alumnus. But in addition to serving as one of the Tor directory
> authorities, the server is also used to operate the MixMinion mail service
> and host a number of other web sites, including ones for online gaming
> libraries, which means the NSA may be collecting IP addresses for those
> users as well.
> The XKeyscore rules indicate that in addition to tracking activity to
> these Tor directory servers, the NSA also records and stores any IP address
> that connects to the thousands of Tor relays on the network. These
> addresses are all publicly known, as they are listed in the directory
> distributed by the nine servers. But in addition to these, there are
> non-public “bridges” that volunteers in the Tor network maintain. These can
> be used by human rights activists and others in repressive regimes like
> Iran and China that censor internet traffic and block their citizens from
> using known Tor relays.
> To obtain the non-public address of one of these bridges users send an
> email to the Tor Project or request an address via the Tor web site. To
> unmask these private bridges, however, XKeyscore records any connections to
> the bridges.torproject.org server and uses a microplugin to then read the
> contents of the email that the Tor Project sends to requesters in order to
> obtain the address of the bridge.
> The NSA also tracks the IP address of anyone who simply visits the Tor web
> site, though it specifically avoids fingerprinting users believed to be
> located in Five Eyes countries—the spying partnership that includes
> Australia, Canada, New Zealand, the UK and the US—from others. This appears
> to be the only distinction made for Five Eyes users, however. The rules for
> fingerprinting visitors to the Tails web site or the web site for the Linux
> Journal do not include such exceptions in the version of source code the
> media outlets examined.
> The EFF’s Opsahl says the exception made for these users with IP addresses
> in these countries is odd since the constitution protects U.S. citizens
> from NSA surveillance no matter which country they’re in, and people using
> or interested in using privacy services are likely to shield their real IP
> address when they visit these sites, making it difficult for the NSA to
> know exactly where they’re really located.
> XKeyscore additionally tracks the addresses for web sites that use Tor
> Hidden Services to hide their location on the internet. Sites that use Tor
> Hidden Services—part of the so-called Dark Web—have a special Tor URL that
> can only be accessed by those using the Tor browser and who know the
> specific address. Tor Hidden Services is used by activists to host forums
> discussing their activity, though it is also used by sites selling illegal
> drugs and other illicit goods. XKeyscore catalogs every one of these URLs
> it can discover by culling through what it calls “raw traffic” and storing
> the address in a database.
> ======================================================= List services made
> available by First Step Internet, serving the communities of the Palouse
> since 1994. http://www.fsr.net mailto:Vision2020 at moscow.com
> =======================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/vision2020/attachments/20140706/8e80d803/attachment-0001.html>

More information about the Vision2020 mailing list