Thursday, January 01, 2015

NSA targets airline networks, banks, and power companies by Wayne Madsen

NSA targets airline networks, banks, and power companies

The latest tranche of classified National Security Agency (NSA) documents have been published, with the normal amount of redactions, by Der Spiegel. A set of PowerPoint slides developed by NSA's Canadian counterpart, the Communications Security Establishment Canada (CSEC), that deal with Transport Layer Security (TLS) encryption services use a fictitious country called "Canuckistan" on a sample test report. The use of such a xenophobic term is an indication of the right-wing mindset of the careerists who work within the English-speaking FIVE EYES signals intelligence alliance.

The xenophobic terminology for Canada is followed by CSEC's new motto: "Safeguarding Canada's security through information superiority." The rhetorical verbiage is in keeping with the extremist right-wing views of the government of Stephen Harper and his Conservative Party.

An NSA slide on Signals Intelligence Development (SIGDEV) tactics states that Somalia's Hormuud telecommunications network was a priority target for the FIVE EYES. Another slide describes how a successful use of TOYGRIPPE metadata resulted in the discovery of an Iranian corporate Virtual Private Network intranet with a hub in Tehran and nodes in Ankara, Istanbul, and Izmir, and Turkey; and Malaysia, Armenia, and South Korea.

An NSA Cryptographic Classification Guide reveals that NSA "makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make then exploitable." This is one of the rare times when an actual document proves what has been written and spoken about for decades: that NSA has implanted Trojan horses and back doors in most of the world's encryption systems in order to have access to plaintext encrypted data.

NSA has declared war on anonymity providers around the world. One NSA slide states that NSA must ensure such services are provided to foreign customers of the U.S. Broadcasting Board of Governors in order to get around "Internet blockage" imposed on "Radio Free Asia and VOA Persian news sites."

Another NSA slide dealing with the TOR anonymity service states that surveillance by NSA of TOR relay exit nodes, most of which are in Germany and the second most of which are in the United States, is "scary" because of "Kiddie Porn."

One TOP SECRET/COMINT NSA slide, titled "End Results: Tactical and Strategic, contained in a PowerPoint presentation on the 2012 SIGDEV Conference, states that one way NSA conducts Internet surveillance is through "behavior detection" of users. Another heavily-redacted slide released earlier in the month described how NSA successfully used "behavior analysis" to track the Google Earth and wikimapia searches by alleged terrorist Zarrar Shah before the 2008 attacks on Mumbai's Taj Hotel, Gateway of India, other tourist sites, power plants, dams, and potential boat landings. Of course, NSA conducted its post-analysis of Shah's on-line activities after the attacks but used the Shah behavioral analysis to advocate for expanded similar capabilities to prevent future attacks.

Another NSA slide states that "sustained Skype collection began in Feb 2011 against "in" and "out" modes, where one end is a Skype user and the other is a landline or cell phone user.

NSA Office of Target Pursuit (OTP) slides provide an organizational chart of the agency's operations against virtual private networks (VPNs) around the world:

S: Signals Intelligence Division (SID)
S3: Data Acquisition
S31: Cryptanalytic Exploitation Services
S311: Office of Target Pursuit (OTP)
S3117: Cryptanalytic Exploitation and Discovery
S31171: PRC, N. Korea, SE Asia, Japan [Eastern and Southeast Asia]
S31172: Iran, Hamas, Iraq, Saudi Arabia [Arabian Peninsula]
S31173: Africa, Levant, Latin America, India, Pakistan, Afghanistan [Central Asia]
S31174: Russia, Counter-Intel, Europe, FTM [Follow the Money] [International Targets]
S31176: Custom Thread Development for Network Encryption
S31175: Cross-Target Support Branch
S31176: OTP VPN Exploitation Team

OTP VPN penetration success stories include Iran Air (IRTAA), Royal Jordanian Air (JOTAA), Transaero Airlines (RUCAC) (Russia), Mir Telematiki (Russia), Afghani Wimex, Mexican diplomatic network (MXDBB), Pakistani General Intelligence (PKRAQ), Turkish diplomatic network (TUDAT), and the Afghan government (AFYAD). The five letter nomenclatures are NSA system titles. Those for the Afghan Wimex and Mir Telematiki were pending when the slide was prepared. Other penetrated networks were the Somali Zaad Financial e-wallet system; Kabul Bank; Bank Negara Indonesia (BNI) transactions over Flexy, Telkom Indonesia's fixed wireless network; and the Nigerian power company's internal network. Oddly, the Zaad e-wallet network, run by Somalia's Hormuud Telecom, has been charged by the Al Shabaab guerillas of funneling money to the Somali central government in Mogadishu. NSA now shares something in common with the Al Qaeda affiliate, Al Shabaab: they both are targeting Hormuud Telecom.