Jacob Appelbaum's must-watch 30C3 talk: why NSA spying affects you, no matter who you are

[Permalink]

Saw part two yesterday and Jesus HC all revealed things it makes it pretty obvious that the paranoid weren’t so. Cory I’m sure you are within a few hops to applebaum have you checked your firmwares?

What the information imparted by Appelbaum drives home is the fact that the NSA can compromise individual as well as telco level systems in multiple ways. A must watch. Utterly mind boggling.

Privacy is more important now than ever before. We may not be able to hide from the NSA, but we can stop using sites like Facebook and Google. Just think about it. If you care so much about your privacy, if you are outraged by all of the NSA spying, then WHY are you using facebook and google. Those companies are just as bad, if not worse, than the NSA. This is why I advocate using privacy-based sites such as DuckDuckGo, Ravetree, HushMail, etc.

Not “can”. Does. In a drive-by fashion. To the entire Internet. If you’re using Yahoo, you’ve been exploited. If you use CNN for news, you’ve been exploited. These are the only ones he mentioned, and they’re not even “tasked” (ie, specific) targets. So imagine what other sites they’re doing these attacks on. And the result of these attacks is the world’s largest botnet. Not to mention that they have owned botnet C&C servers as well, but have made sure not to shut them down. They really are prepping to create a digital nuclear war with China and Russia (who are doing the same things).

No shit: lock your doors and windows, Corey.

However, these revelations are scary enough without hyperbole:

“the fact that Iphones are completely compromised and can be successfully attacked 100 percent of the time (Jake suspects that this suggests collaboration on the part of Apple)”

Better:

the fact that IPhones [in 2008] were completely compromised [if the NSA had physical access to them] and could be successfully attacked 100 percent of the time (Jake suspects that this suggests collaboration on the part of Apple, [but given that anyone could compromise a 2008 iPhone 100% of the time, given access, this conjecture is spurious at best - given the evidence at hand].

Maybe let’s focus on fixing this issue instead of posting BGR-style Apple-baiting?

I’m sure this is gripping, convincing “required viewing”
 For approximately .07% of the population. It’s virtually Greek to everyone else.

I exaggerate, a bit. I’m sure the percentage of people capable of understanding an endless stream of acronyms and insider programming jokes is closer to the percentages of say, Kinsey Scale 6s or full-blown alcoholics in the general population (maybe 10 – 13%). My point is that most of us will have to wait for the zippy, “plain English” Upworthy-type video before this information is very helpful. I’m not saying it isn’t important, just that it isn’t digestible.

The irony is that people like me – relative illiterates – are probably less likely to be shocked by these revelations. We don’t understand the processes all that well, so we’ve never labored under a false sense of superior knowledge or infallibility. For instance, I never bothered with struggling to keep my facebook profile “secure.” I knew going in that I couldn’t keep up with the endless changes, or anticipate the next way the site would (obviously) be misusing my personal info. While watching the video, I amused myself with the conceit that the one audience member who kept claiming to be unsurprised was really just some dummy like me, who had wandered into the wrong conference room.

1 Like

at just over an hour it is a commitment. personally i looked for (and could not find) the statement that appelbaum claimed poitras made about the nsa retaining ‘15years’ of surveillance data.

think he was drunk?

People need to start paying attention to install logs with apple products. Unless you are good with a computer, be sure to clean out your user library before you do an archive install, or else you will not erase the shared metadata. Below is my log only after I cleaned out the user library. You can see the metadata hopefully was stymied a bit by this

Jan 3 20:06:15 localhost Unknown[357]: 2014-01-03 20:06:15.416 Install OS X Mavericks[376:fdcf] Metadata.framework [Error]: couldn’t get the client port
Jan 3 20:06:15 localhost Install OS X Mavericks[376]: Folder Manager is being asked to create a folder (docs) while running as uid 0
Jan 3 20:08:01 localhost Unknown[357]: 2014-01-03 20:08 Install OS X Mavericks[376] (CarbonCore.framework) FSEventStreamStart: ERROR: FSEvents_connect() => Unknown service name (1102)
Jan 3 20:08:01 localhost Install OS X Mavericks[376]: Connection to sharingd became invalid
Jan 3 20:08:01 localhost Install OS X Mavericks[376]: Connection to sharingd became invalid
Jan 3 20:08:01 localhost Unknown[357]: 2014-01-03 20:08:01.987 Install OS X Mavericks[376:e327] Metadata.framework [Error]: couldn’t get the client port
Jan 3 20:08:01 localhost Install OS X Mavericks[376]: Folder Manager is being asked to create a folder (docs) while running as uid 0
Jan 3 20:10:21 localhost configd[113]: FIXME: IOUnserialize has detected a string that is not valid UTF-8, â€œÂ”Ă ĂŽâˆ‘â€.
Jan 3 20:10:22 localhost OSIESpringboard[373]: FIXME: IOUnserialize has detected a string that is not valid UTF-8, â€œÂ”Ă ĂŽâˆ‘â€.
Jan 3 20:10:22 localhost OSIESpringboard[373]: FIXME: IOUnserialize has detected a string that is not valid UTF-8, â€œÂ”Ă ĂŽâˆ‘â€.
Jan 3 20:10:22 localhost OSIESpringboard[373]: FIXME: IOUnserialize has detected a string that is not valid UTF-8, â€œÂ”Ă ĂŽâˆ‘â€.

If you have physical access to any device, you can break into it. That’s a given. The point Jake is making is that the NSA can break into iPhone 100% of the time WITHOUT physical access.

Really? You might want to watch that again.

The NSA did say is was working on a remote exploit, but there is no evidence they have succeeded.

Major takeaways from the video:

  • The network surveillance carried out by NSA and others is not “targeted” unless you call an entire affinity group (eg by way of a religious affiliation) to be a legitimate “target”.

  • There are different levels of targeting, some are more specific.

    • Some individuals are considered high value targets.
    • High Value Targets include foreign leaders and activists that piss the US or UK off. (eg Merkel, Chavez, Assange)
  • They are watching what you do on the Internet ALL THE TIME, using scripts to pick out target words or phrases.

  • Anything that you say or do can be looked at by a human at any time.

  • If you are Muslim you are at higher risk than other categories of people to have your traffic looked at by an actual human. Because.

  • They are able to send you malware even if you didn’t click on any bad links.

    • They do this by sending the viruses and trojans inside Internet traffic that you legitimately asked for.
  • They are putting physical bugs directly into people’s computers.

    • They do this when computers or computer parts are shipped to a target.
    • ie If you bought your computer online and some NSA-friendly intelligence org wanted to know more about what you do with your computer, your computer was probably physically altered before it reached you.
  • Intelligence agencies use their own cell-tower base stations to capture and compromise target phones.
    - To understand, you should know: If you log into any cell phone tower, the company that controls that tower captures information about your phone and phone usage. They can also send your phone software updates under many circumstances. Agencies buy base stations they can reprogram for their own purposes.

  • They have gone WAY off into crazy sci-fi land, and are actually beaming radiation at people in order to pick up signals that they can’t otherwise capture.

    • Think about movie plots where they aim a laser at a window in order to pick up vibrations in the room and hear everything inside. This is like that, only instead of a window it’s a HUMAN and instead of a laser it’s some other form of electromagnetic radiation, and instead of hearing sounds, they are picking up on ALL the network and non-networked communications, including but not limited to what’s on the non-networked computer screen in front of the target. (Sorry, I didn’t catch exactly what they are beaming at people. I’ll have to go back and look at that document again.)

There’s more, but I think that’s a pretty “Ordinary English” summary of some highlights from the talk.

He said that she specifically wouldn’t say outright that it was 15 years of data but preferred instead for people to do the math themselves. Go find the article where she talked about the data retention and do the math based on the figures she gives there to verify.

There is nothing here that suggests to me that this is an exploit requiring physical access. I also rewatched the section, and didn’t hear anything he said that made it sound like they had to have physical access to the phone to implant this exploit.

In the notes accompanying the NSA slides it specified physical interception and exploit, essentially a jailbreak. [Will look for source].

I appreciate your summary. I should clarify: up until your final bullet, perhaps, none of this was remotely surprising to me. The technology details mystify me somewhat, but I get (and previously suspected) the big picture being painted.

My point was that the video fails as “must-watch” for the majority of people who aren’t – like me – already operating under the assumption that the surveillance is indiscriminate and pervasive. The OP seems to be describing this as a video that will convince the so-far unconcerned, “I’m not doing anything wrong, therefore I have nothing to worry about” crowd that there is reason for concern. I don’t see a lot of those folks sitting through all the technospeak and inside baseball.

This topic was automatically closed after 5 days. New replies are no longer allowed.