Feeds

back to article NSA slides reveal: iPhone users are all ZOMBIES

Spooks at the US National Security Agency (NSA) can't believe we're all paying for the equipment it's using to spy on us, describing Steve Jobs as Big Brother and iPhone buyers as "zombies". That assertion comes from NSA documents leaked to Germany's Spiegel Online. The self-promoting presentation, purportedly an internal NSA …

COMMENTS

This topic is closed for new posts.

Page:

Android

More likely that the NSA have paid Google to include a back door of some sort, though this would be harder to hide, given that the code is open sourced.

6
6
Silver badge

Re: Android

Why pay anyone when a simple buffer overrun will do the job?

The fact is that the NSA are being paid to do this job and it's silly to run crying to mother about it. We simply need to sharpen up our act (as law abiding members of the programming community) and write much better code for these devices that gives us true privacy if that's what we want. Alternatively we could simply learn to live in the daylight and admit our social sins - which are, in most cases, all we're hiding.

6
15

This post has been deleted by its author

Black Helicopters

Re: Android

That "back door" is more than likely "on the wire" and/or an access gateway in a providers DC(s). Nearly all the mechanisms out there (GSM, HTTPS etc) are "data in transit" methods, not "data at rest".

Once at rest, data is much easier to manipulate. If it's encrypted at rest, handing over keys is also easier as there is no session "fun" to play with (or your data is signed with 'your' key, the providers key and 'any other key duly requested to be included').

As per the article, you go for the point of least resistance/easiest entry - in the iPhone example, it's the attached computer. In other darkened rooms, it's a rubber hose.

I wonder when "utilizing encryption for the hell of it" will become "obstructing officers in the course of their duties".....(never mind being asked to hand over keys under RIPA)

5
0
Silver badge

Re: Android @Version 1.0

"Alternatively we could simply learn to live in the daylight and admit our social sins - which are, in most cases, all we're hiding."

The problem with that is that all our little foibles can be used to manipulate, inconvenience and/or oppress us. Living in the light would be fine if everybody could be relied on to be a little open minded and allow others a little wiggle room; but that isn't the world we live in.

Not only that, but things change. Stuff that might be OK now may become unacceptable in the future. When I were a lad, going to the local gravel pit and blowing a few plants up with homebrew explosives was just part of being a teenage boy...nowadays not so much.

Smoking weed is regarded as fairly harmless these days; but can still get you arrested. Or maybe someone is into BDSM but has a religious employer with "views". There are good reasons not to let everybody know everything. Not just for now; but also what use someone malign may make of that information in the future.

34
2
Bronze badge
Black Helicopters

Re: Android

The same applies to mobiles as PCs. Let's say, for argument's sake, that the OS is completely bulletproof, security-wise. How many apps do you have installed? Just for me: a RSS fetcher, two browsers, two camera apps, a few for post-processing pics, half a dozen games, an e-book reader, music player, video player, a couple of text editors, a grep tool, and a whole battery of 'system' tools... and that's not including the stuff that comes with CyanogenMod.

Are each and every one of them secure? I think it's safer to assume that your phone, regardless of brand/OS/vendor, is compromised and thus keep anything genuinely sensitive well away from it.

PS: To the NSA bods who've seen my shopping list. It's for a lamb vindaloo. Feel free to drop by around, you know where and when. ;p

5
0
Silver badge

Re: Android

> live in the daylight and admit our social sins

Unless you work for an oil company outside the USA - in which case apparently you are targeted in the national interest.

11
1

Re: Android

What absolute tosh. Social sins - so in other words, the usual "if you have nothing to hide, you have nothing to fear".

What about corporate espionage carried out by the NSA for American companies? Do EU business people have anything to fear about that? What about the fact they know damn well that terrorists evade these measures easily, indicating this is about SOCIAL CONTROL, not terrorism?

Can't you see that the world is hotting up with protests, repressive measures such as increasing militarisation of the police? Western governments learnt from the arab spring only too well. The increasing surveillance of the public is totally in line with what governments and others can see approaching a mile away, even if you are indolently complacent.

Social sins, my arse.

34
3
Anonymous Coward

Re: Android back door, but open source?

Presumably "they" might, if "they" were naughty, install/push backdoored binaries based on code only very slightly deviating from what "they" open source; and it would be nigh on impossible to tell. That'd cover the vast majority of android devices, I'd have thought.

1
0
Bronze badge

Re: living in the daylight

Yeah, I don't mind the spooks (or Google etc) knowing that I have looked at porn, have checked the spelling of Al Qaeda on the internet (my spellchecker suggests Qaddafi) etc. What concerns me is that the spooks (naturally enough) want to have the least amount of oversight and restrictions on their activities and Google considers it's role in life is to snuggle up with Creepy.

Much more informed public oversight is needed before all this snooping is acceptable.

1
2
Bronze badge
Pint

Re: Android

Remember the NSA has seen what your friends ^really^ say about your lamb vindaloo.

Keep friends, Free Beer.

3
0

Re: Android

"Alternatively we could simply learn to live in the daylight and admit our social sins - which are, in most cases, all we're hiding."

Anonymity is a shield from the tyranny of the majority.

4
0
Anonymous Coward

Re: Android

"When it comes to an iPhone, the best approach, according to the documents seen by Spiegel Online, is hacking the computer to which it is connected"

So what they are saying (indirectly) is that it's actually not so easy to hack an iPhone itself rather than get the information from a less secure desktop PC.

4
0

Re: Android @Version 1.0

"Alternatively we could simply learn to live in the daylight and admit our social sins - which are, in most cases, all we're hiding."

"Thought" experiment:

The technology develops further. Now they can read your thoughts.

Still OK with that?

0
1

Re: Android

So so true, even in the UK. Last time my uncle came home he was strip searched (complete with cavity search). Reason? He had been sent to Iraq to inspect the oil wells there and they detected traces of "explosives" on his passport when he came back through customs.

He's a health and safety manager for a large oil company, trained in emergency first aid (the hard way, on the Uganda in the Falklands) and with handling explosives. It would be more suspicious if there weren't traces of explosives on him.

1
0

Re: Android

Another recent article highlighted how Google was removing whatever services it can from the core Android OS - helping towards beating fragmentation which Android is well known for.

http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/

As these features are now included in the "Google Play Service" - which has pretty much every permission assigned to it, if you use Google Apps - which everyone seemingly does including myself, then they have the ability to install anything on your phone, without any notice to the unsuspecting user so Android is probably the easiest to hack currently! If you disable the service, no Google apps continue to work!! then again if you use the apps, all your e-mails/calendar/google searches are all up in the cloud anyway!!

0
0
Silver badge

Re: Android

It is possible to have an Android device without using Google Play if your use of the device is specific and fairly modest; but there is a price to pay...YouTube and other Google services don't work well (pretty sure that it's deliberate as it happened suddenly) with unregistered devices.

I use mine as a book reader; to email myself notes back from client meetings and good ideas from the pub (it's amazing what you think of around the 3-pint mark); and as an offline Spanish <--> English dictionary and I got all the necessary from here:

http://www.freewarelovers.com/android

...also to solve the occasional pub argument: "£5 says the Bronze Age was before the Iron Age" sort of thing.

I just didn't like the idea of registering the device and permanently tagging myself, so I didn't.

0
0

Re: Android @Version 1.0

Within living memory, J Edgar Hoover tried to blackmail Martin Luther King into committing suicide, by threatening to expose MLK's extramarital affairs.

No one can be entrusted with this unfettered power, unless we want our democracy to turn into a Putinesque siloviki state.

0
1
Silver badge
FAIL

Re: Fazal Majid Re: Android @Version 1.0

".....J Edgar Hoover tried to blackmail Martin Luther King into committing suicide, by threatening to expose MLK's extramarital affairs......" Wrong. The intimidation of King was driven by the Kennedys in the Whitehouse, was due to King's close association with suspected KGB agents Stan Levison and Jack O'Dell, and was not driven by Hoover. All the surveilance on King was ordered and authorized by JFK's brother, Attroney General Robert Kennedy. The Kennedys were driven by quite simple worries about re-election if they were associated with a "Commie" civil rights campaigner, but it's another example of the lefties revisioning of history to protect their martyr JFK's reputation. Hoover's personal animosity towards King was due to King claiming that FBI agents in the South were "too friendly" with the KKK, a grandstanding smear against his beloved FBI that Hoover could not forgive. But Hoover still debunked attempts by people like George Wallace to slander King as a "Communist trainer", and sent FBI agents to protect King from assassination by white supremacists. Try reading more history and watching less movies.

0
0
Silver badge
Unhappy

No surprise there.

Before the end of the Cold War, these agencies, NSA, GCHQ and so on had a role to play in keeping watch on the enemy without. i.e. The USSR. Now that things have warmed up a little the agencies have to justify their existence so have targeted the enemy within, us.

The use of words such as adversary, defeat , subversion clearly show the mind set of these people, that they are at war with their own populations. Never mind that the tactics used maybe illegal, there's a war on and after all you have to have something to show your political masters to justify the empires that have been built up. In the absence of an external foe, an internal one will do just as well

Who is this effort for? This talk of freedom and security. It certainly is not the general public.. Maybe it's for the state within a state that is the security apparatus.

30
3
Silver badge

Re: No surprise there.

Oh pulease. Can the hysteria. Just because they have the capability to conduct a "war" in your words doesnt mean they actually are. If we are to have a reasoned debate and get some of this idiocy stopped panic and hyperbole are the tools of them - not us.

7
37
Silver badge

Re: No surprise there.

If you are not convinced that we are regarded as "targets" then take a look at this article in the Guardian:

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

Then tell me that we are regarded as adversaries of the security agencies.

Note the strapline on the GCHQ slide "PTD. We penetrate targets' defenses."

9
2
Silver badge

Watch the enemy within...

When I read about almost a million people with security clearance in the US, I gotta agree with nematoad about the state within the state. Why would they, rationally, need so many secrets and such a large bureaucracy handling secrets? It looks like a runaway bureaucracy. The politicians talked about perpetual war (on drugs, on terror) for so long that it became a self-fulfilling prophecy, backed by a good old-fashioned state bureaucracy (well, let's call it modern, with all those companies and consultants on the gravy train).

5
1

Re: No surprise there.

No more moronic responses about "hysteria" and "tin foil hattery". That was acceptable BEFORE Snowden's admissions. When you spit that out, you are the only one who looks out of touch with reality, sonny.

23
3
Silver badge

Re: No surprise there.

Before the end of the cold war, they spied on CND, Greenpeace, opposition parties, trade unions journalists.

Now they spy on families of people shot by the police, families of people murdered where the police did nothing, people who object to fracking, animal rights campaigners.

And these are the cases where they actually bothered to insert actual agents - who do they spy on when it's more work to exclude somebody from a sweep than include them?

8
1
Silver badge
Big Brother

Re: No surprise there.

I have to say I cannot adapt myself to the New Times and cannot feel shock about NSA shenanigans either. It's like it was somehow still okay.

Oldthinkers unbellyfeel the Listening, reckon.

With all the snooping one would think the War on Terror would be "won" in a jiffy. But now, it's getting worse by the hour, soon with Pakistan on the Rio Grande. What gives? What are they doing?? Aren't they keeping us safe?

1
1
Bronze badge

Re: No surprise there.

The referenced article describe things that improve NSA' s and GCHQ's ability to perform their officially stated missions. The fact that they could be used wrongly is not evidence that they are being misused in fact. While I do not doubt that there have been instances of abuse, there seems to be a lack of evidence that it is either common or a matter of government policy.

So yes, it may be time to tune down the hysteria and address the question of how controls are to be put in place to ensure against improper use, since it is most unlikely that either NSA or GCHQ (or any of their counterparts in most or all other countries) will be shut down or have their basic activities constrained in any major way.

For now, I plan to generally follow Bruce Schneier's advice at

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

1
4
Anonymous Coward

Re: No surprise there.

It is not just that.

It looks like they have used their knowledge of the defeated enemy outside to justify their existance by creating the enemy within.

The USSR National Security Agency (ok, it was called committee, not agency, but, not far off) has used the enemy within technique since the days when it was called NKVD. Initially, Stalin blamed everyone who could potentially threaten him as an enemy and any local "usual suspects" queued for termination as their supporters. That worked well till ~ 1935. After Trozky was assassinated the choice of external enemies dwindled to the point where they had to be invented. So KGB invented the Trust (lovely mythical organization, almost as "real" as Al Qaeda), the Russian Party, etc. It is much easier to assign a membership to a mythical organization - less proof necessary. So this allowed it to purge all of those who were potentially subversive. Millions marched down the death road to Kolyma, into the desert beyond the Kazachstan steppes or into the the Uranium and rare earth mines of the "Jewish Soviet Republic". While some of that started initially as Stalin's paranoia it soon became an endless enemy within campaign designed to keep employed the grown out of control security apparatus. That continued all the way until the fall of USSR.

Frankly, what Graunidad, Spiegel and New Yourk Times are dragging out starts to look very familar. Scarily familiar.

5
3
Silver badge

Re: No surprise there.

Gordon 10, I dare you to bet your life on it.

1
0
Silver badge

Re: No surprise there.

Tom Dial, history shows the "hysteria" is in fact, warranted and justified.

1
2
Bronze badge

Re: No surprise there.

The term Adversary is used by the security business as a whole to describe hackers, terrorists, spies and criminals, basically groups who actively oppose them, it is not used to describe everybody. No western security agency has the capability of doing anything more than monitoring chatter, and then acting on triggers for key individuals. You just have to think of the costs and logistics involved in doing anything more than this to realise how silly the idea that they are watch everybody. They may have data on the vast majority of people, but only a fraction of a percentage of people will ever be looked at.

So far as living in the light goes, if you think smoking pot, and a load of other stuff we do when we are young would stop you getting a job, it won't, because if you are open about it, it can't be used as leverage against you, unless you are still doing it.

I read the Guardians article in full, and several others, being a Guardian reader, their articles are coloured a particular way to back their position on Internet freedom, in fact this is more like Daily Mail journalism than anything else, make the people afraid of something they don't understand. It isn't balanced. It is true that anyone could be a target, but that does not mean everybody is. The people you want security services to monitor are Organised Criminals, Spies, Terrorists, Foreign Governments, People with access to very sensitive information, Economic Competition, and Infiltration Targets, they really don't have time to look at all of these, let alone anyone else.

1
4
Bronze badge

Re: Watch the enemy within...

Just because you are security cleared does not mean you are involved in the security apparatus, it just means you are trusted to handle sensitive information to a certain level. In the UK all civil servants are security cleared, the level of that clearance will depend on the information they handle. The same is true for all employees of government contractors. Would you want your tax information handled by people who were not cleared. The vast bulk of cleared civil servants work for the DWP and HMRC.

1
0
Gold badge
Unhappy

The bottom line *so* far.

Buy RIM.

Don't visit dodgy web sites.

Don't allow anyone or thing to install apps you don't know about.

Keep the battery out as much as possible (and make sure anyone you're talking to does the same, if you want you're conversations to stay private).

4
1
Silver badge

Re: The bottom line *so* far.

"Don't write anything you can phone.

Don't phone anything you can talk.

Don't talk anything you can whisper.

Don't whisper anything you can smile.

Don't smile anything you can nod.

Don't nod anything you can wink.”

Earl K. Long.

10
1
Silver badge

Re: The bottom line *so* far.

Interesting. So it does seem that my views have been vindicated yet again with holding on to BlackBerry.

2
2
Anonymous Coward

Re: The bottom line *so* far.

"Interesting. So it does seem that my views have been vindicated yet again with holding on to BlackBerry."

I doubt it. I seem to recall Blackberry having to provide back doors to various rather dodgy governments before they were allowed to sell their devices, and that all came out years before Snowden did the decent thing. How would Blackberry be allowed to sell devices in the US if the Stasi weren't able to intercept?

8
0

Re: The bottom line *so* far.

Another vindication to my recent purchase of the BlackBerry Z10.

As an aside, seriously nice phone, very intuitive. I occasionally swipe up on my ipad and wonder why it won't quit to the home screen...

2
1

Re: The bottom line *so* far.

I assume you referring to articles such as these: http://www.theregister.co.uk/2012/08/02/rim_keys_india/

In which case, I'd say no keys were handed out nor were backdoors made (though, in the current climate, I concede that doesn't mean one doesn't exists in some fashion). Unless there's a story I missed?

0
0
Silver badge
Trollface

Re: The bottom line *so* far.

"Keep the battery out as much as possible (and make sure anyone you're talking to does the same, if you want you're conversations to stay private)."

Ah, so the iPhone not sporting a removable battery is NSA's contribution to its design.

3
0
Silver badge
Black Helicopters

Re: The bottom line *so* far.

At this rate I'm going to go back to the Commodore Amiga and Nokia Communicator.

0
0
Silver badge

Re: The bottom line *so* far.

Just turn it iff and wrap it in 'Tinfoil'/tin box/filmsafe pouch

after putting it in flight mode naturally.

1
0
Silver badge
Happy

Re: The bottom line *so* far.

Well, an upvote for at least paying enough attention in the article to make a sane technical judgement, but yo seem to have fallen asleep during the crucial part:

"....if the NSA wants to know everything you see and hear....." Trust me, the vast majority of you are of no interest to anyone.

2
5
Silver badge

Re: The bottom line *so* far.

The Blackberry is secure if you are running your own BES. If you are using one provided by your phone company then in the words of Nelson Muntz "haw haw"

0
0
Silver badge
Thumb Down

Re: The bottom line *so* far.

"Trust me, the vast majority of you are of no interest to anyone."

https://www.schneier.com/blog/archives/2013/09/conspiracy_theo_1.html

"The NSA has repeatedly lied about the extent of its spying program. James R. Clapper, the director of national intelligence, has lied about it to Congress. Top-secret documents provided by Edward Snowden, and reported on by the Guardian and other newspapers, repeatedly show that the NSA's surveillance systems are monitoring the communications of American citizens. The DEA has used this information to apprehend drug smugglers, then lied about it in court. The IRS has used this information to find tax cheats, then lied about it. It's even been used to arrest a copyright violator. It seems that every time there is an allegation against the NSA, no matter how outlandish, it turns out to be true."

4
1
Silver badge
FAIL

Re: Dan 55 Re: The bottom line *so* far.

"....show that the NSA's surveillance systems are monitoring the communications of American citizens...." They are not monitoring the coms of everyone, they are collecting, which is different. The data is then sifted to provide the eventual coms that are actually listened to and analysed. BIG difference.

".....The DEA has used this information to apprehend drug smugglers, then lied about it in court...." The DEA has been listening to Latin American drug gangs since the eighties at least, if you had to wait for Snowjob to tell you where the fudge have you been? And I'm not surprised the DEA would want to hide the details as doing so makes it harder for the drug gangs to counter them. DUH! Are you telling me you don't approve of drug gangs being caught?

".....The IRS has used this information....." Oh yes, the uber-boogeyman of the IRS, and Mr Schneir's proof of this claim is.... Oh, he doesn't have any!

And then we have the conspiracy junkies and vid pirates fave bleat, Kim Dot Com, which wasn't even a Yank case. So, in all that's one actual case, one possible case, and one unsubstantiated theory - so how many drug smugglers and copyright violators (and tax cheats) were arrested in the States last year WITHOUT the use of PRISM or any of the other NSA toys? The DEA made 30,476 arrests in 2012 (http://www.justice.gov/dea/resource-center/statistics.shtml#arrests), I suggest you consider the fact there is more than just a slight drugs problem and plenty of arrests not involving the NSA info happening, and you have been unable to provide conclusive proof of one instance. The IRS guestimates that about 18% of taxable income is not declared, which suggest there are a lot of people evading US taxs, but you are unable to provide one instance of one being caught through PRISM. The number of copyright infringements in the US involving the Internet probably was counted in the millions last year, yet you have one foreign case (who was of more interest due to his hosting info and apps linked to organised crime and malware groups). Five-plus billion people on the planet and you have less than three cases? LOL!

0
7
Silver badge

Re: The bottom line *so* far.

"Trust me, the vast majority of you are of no interest to anyone."

You keep saying that, Matt, but how do *you* know what interests the NSA or other agencies? How do you know what will interest them tomorrow?

0
0
Silver badge
Black Helicopters

Re: The bottom line *so* far.

.... and now I've genuinely got black(-ish) helicopters overhead! Apaches, to be precise. I apologise, Matt - maybe you do have information the rest of us don't!

0
0
Silver badge
Boffin

Re: Dan 55 The bottom line *so* far.

If you click on the original link you'll find additional links in that paragraph and in the whole piece.

Collecting and monitoring is different... until someone at the terminal presses the button to shuffle through what was collected and by art of magic it is now monitored.

You say "less than three cases," but I'm listing types of cases, so there are more individual cases. Indeed where do you get the "less than" from?

I do approve of drug gangs being caught, and all the evidence used to catch them should be presented, including that from the three letter agencies. The person being prosecuted should have a chance to defend themselves against that evidence, something which forms a part of the rule of law of our societies.

I am unable to provide evidence about the IRS prosecuting someone through PRISM as yet again as with the DEA this evidence cannot be revealed, however instructions are included in an IRS manual.

You talk about "one foreign case" as if a five-eyes country (NZ) didn't count yet afterwards immediately talk about 5+ billion people worldwide (please update your general knowledge).

You're not worried about a dossier built up on everyone? Ah, no, it's just collected, until it's converted into a dossier by pressing a few buttons and a program is run on stored data. That's alright then. But you're sure that every future government department and government will not abuse this information which has been collected and is ready to be converted into a dossier at the press of a button or, in the best case scenario, you're sure that when a new law is passed making something previously legal, illegal, that you won't be flagged up?

Government departments are already abusing this data. We're on a bit of a slippery slope, aren't we?

LOL indeed.

1
1
Silver badge
FAIL

Re: Dan 55 Re: Dan 55 The bottom line *so* far.

Dan, all you are doing is stretching the limited evidence of IT COULD HAPPEN to say we should all run around like headless chcikens and insist IT IS HAPPENING. You have shown only one definitive case of it happening - Kim Dot Com - and not one single verifiable case otherwise, just capability. I have the capability to go out and murder everyone I meet, are you going to insist that it will happen simply because I have the capability? There is a massive difference between "could happen" and "is verifiably happening" - you, like all conspiracy junkies, have failed to prove the latter. Going by the statistical evidence of FISC warrants, I am more likely to be struck by lightning, win the lottery AND then be murdered than have my communications actually be listened to and analysed by the NSA.

0
3

Page:

This topic is closed for new posts.