Feeds

back to article Leaked docs: NSA 'Follow the money' team slurped BANK records, CREDIT CARD data

The NSA doesn't only hoover up your emails, web surfing habits and phone call metadata – they also harvest your credit card records and banking transactions. The latest leaks from whistleblower Edward Snowden reveal that the NSA is monitoring international banking and credit card transactions that pass through the Society for …

COMMENTS

This topic is closed for new posts.

Page:

Big Brother

Here we go again.

But we all know , though totally unacceptable and outrageous our governments will do nothing.

We do not expect them to , they are the enemy of the People.

21
1
Silver badge

Re: Here we go again.

And we can do nothing about it........

2
3
Anonymous Coward

Re: Here we go again.

@LarsG

I disagree. There is always something we CAN do about whatever-it-is with a bit of thought, invention and unity of purpose. Bringing those together has always been the problem historically; unfortunately it is invariably only intolerable oppression or extreme poverty and injustice that provides the motivation to sing from the same hymn sheet. We won't call time on these shits till we're uncomfortable enough, but history also suggests it won't be too long before they themselves supply the majority with sufficient motivation.

2
0
Unhappy

Re: Here we go again.

I absolutely agree it is appalling that these people monitor credit card information. There are some things you buy that you just don’t want anybody to know about but I usually use money.

I might be a lot more upset if I thought these perverts were looking at detail of emails, or god forbid Facebook.

0
0
Silver badge

How is this a surprise?

Basically it's been clear for a while now that if it has "bits" then the NSA has it - we're talking the facts of the case here. The SWIFT "information sharing" agreement is really old news and one of the first companies to get into the "lets sell access to the NSA" after 9/11 was a credit card processor.

Yawn.

4
14
Silver badge
Black Helicopters

Re: How is this a surprise?

This is different. The surprise is there's no judicial process for the NSA to get at the SWIFT data (however much of a rubber-stamping exercise that is for the US Treasury) and they're also getting hold of CC data.

I suppose that the NSA has Visa by the balls in the same way as they do MS/Google/Apple/etc... so we can take their denials with a pinch of salt.

15
0
Anonymous Coward

Re: How is this a surprise?

"Basically it's been clear for a while now that if it has "bits" then anyone in the world can own it, pending enough willpower / money / time / desire to acquire it - we're talking the facts of the case here. The ability that any and all your information can be hacked is really old news and one of the first companies to get into the "we will only use security to the level that is profitable" was a credit card processor.

The paranoid will survive."

There. fixed it for you.

2
2
Silver badge

Re: How is this a surprise?

Well, I got a writing from my bank start of the year telling me that they were now "Patriot Act Compliant".

The bank is not even US based.

Like feeling Vader's dick in you. BIATCH!

5
0
Silver badge

Re: How is this a surprise?

Downvote this all you like - it doesn't change the facts, go back to watching The X Factor.

1
5
Anonymous Coward

Re: "Patriot Act Compliant"

The world is clearly the wrong way up when that is portrayed as both marketing slogan and badge of honour.

5
0
Silver badge
Facepalm

Re: I got a writing from my bank

We call that a letter.

2
0
Silver badge

Re: How is this a surprise?

Because there's a difference between your assumptions and evidence?

3
0
Silver badge

Re: "Patriot Act Compliant"

"Patriotism is the last refuge of the scoundrel" - Samuel Johnson

0
1
Bronze badge
Devil

Re: I got a writing from my bank

@ sabroni

"We call that a letter."

Only one? When I get mail from them the envelope is thick due to their insistence in printing a lot of letters per each page of rubbish they try to sell me. And maybe a statement in there too. That has many letters and many numbers. And many minus signs.... so many

0
0
Silver badge

@Dan: The article says no such thing.

In fact it hints at the more probable truth: the slurping is going through channels that have been legislatively approved, requested by the Executive branch, and approved by the Judiciary. Both Visa's statement and the low number of stored records given the daily volume point in this direction.

You may think the laws should say otherwise, that the executive branch should be more circumspect, and/or that judges should be more protective of Constitutionally protected natural rights; but it looks to me like all of the processes have been followed and the slurping is not surreptitious. Which might make it even more outrageous, but is quite something different than the supernatural boogieman slurping everybody's data that Snowden et. al. are trying to paint them as.

1
0
Anonymous Coward

Re: "Patriot Act Compliant"

The world is clearly the wrong way up when that is portrayed as both marketing slogan and badge of honour.

Obama thinks that's good enough. That why he wants your Visa card.

1
0
Bronze badge

Re: @Dan: The article says no such thing.

Quite.

The English translation of "we are not aware of any unauthorised access to our network .. Visa's policy to only provide transaction information in response to a subpoena or other valid legal process" is 'we rolled over'.

1
0
Silver badge

Jesus H F*cking Christ, just what are the NSA *not* doing?

And what does "or other valid legal process" mean exactly? Visa being pretty cagey there.

10
0
Silver badge

Re: skelband

".....Visa being pretty cagey there." For decades, even before the advent of electronic terminals and swipe cards, VISA was providing info to their own fraud investigators, let alone the FBI and Secret Service. Data on where you had shopped, when, what you bought and how much it cost was chucked into a database long before market trend analysis was a even buzzphrase. VISA did it so they could track fraudulent use of their cards. Just how much data they looked at and on who VISA would probably not like to discuss openly.

2
8
Silver badge

Re: skelband

For Visa to be recording information internally for fraud detection is something that most people would expecting them to be doing as well as all banks. The first time I realised that someone had skimmed my debit card was when the bank rang me. That's cool.

For Visa to be spaffing information to the NSA without due process is not acceptable. That process is a court order. Other legal mechanisms are basically doublespeak for NSA strong arming them into giving up their info.

12
0
Anonymous Coward

I heard rumors that they have cameras inside every toilet to spy on people

0
1
Anonymous Coward

"I heard rumors that they have cameras inside every toilet to spy on people"

Do you mean the building or the porcelain ?

1
0
Anonymous Coward

I heard rumours they have people on the internet post stupid comments on threads about privacy, pretending it's not important and sidetracking people with toilet jokes!

1
2
Silver badge
Stop

Re: VISA was providing info to their own fraud investigators

So you mean that when I make a VISA payment VISA know about it? That's exactly the same as them giving information to the american government!

1
1
Silver badge
Black Helicopters

Warrant?

What is this thing you speak of?

Of couse they only need to threaten with the words 'if you don't give us everything you will find operating in this country rather difficult if not impossible. It is your choice?'

If you don't agree this is what you will see following you around ----->>>>

7
0
Bronze badge
Black Helicopters

No more surprises

If it was announced that NSA operatives cooked and ate fresh babies in the name of national security I would not be surprised, providing of course they were thought to be terrorist babies and of course since all babies share similarities ( they are small, smelly and noisy) those that are not actually terrorist babies are only collateral damage (snacks).

If you read Rogue State by William Blum it is clear that ANYTHING that is considered to be in the interests of the current ideal of National Security will be given at least a hearing and probably will be given a go!

There is always the thought that knowing inside information about some transactions may also be beneficial to Black Ops budgets.

Quite surprised GCHQ were a little cagey!

15
1
Bronze badge

The only surprise here is the statement that the db only had 180 million records. That's tiny. There are probably that many transactions in an hour...

So, is the number off by a few zeros or are they throwing out anything under a certain dollar amount ? In other words just keeping those above say $10k?

Of course, it is a bit worrying that the NSA collected at least some of this data by hacking into the other systems. If they are doing it, so are others.

1
4
Silver badge
Facepalm

Re: chris lively

"The only surprise here is the statement that the db only had 180 million records....." Gee, could that be because it is a very targeted system and they are not looking at EVERYONE's transcations as the sheeple want to baaah-lieve?

3
24
Anonymous Coward

This shows active cooperation

The only way to weed it down to 180M is to be embedded in the system and be able to query only the stuff that is "of interest". Otherwise (if it was a product of a normal sigint or intrusion) the dataset would have been much bigger.

4
1
Silver badge

Re: chris lively

Matty, Matty.

It's pretty retarded to newspeak the meaning of "sheeple" into "those who DISTRUST the well-intentioned government".

Now get off your mall scooter and take a deep breath. What's the matter? Fearing that the market of Itaniums will crash even more when the NSA is put on a leash?

5
2
Silver badge

Re: chris lively @Matt Bryant

Hello Plump and Bleaty, ewe still trying to claim it's other people that are the sheeple? Sweet!

4
1
Bronze badge

Re: This shows active cooperation

Or collect it all and discard what is uninteresting. It isn't clear why we - the cardholders - should prefer one approach to the other, though.

0
0
Silver badge

Re: chris lively

Sure 180 million records are the targeted ones...

BUT instead of getting exactly the data requested via warrant on specific targets (which would be the legal and proper way to do it), they are looking at all transactions and then selecting the ones they want: "NSA is monitoring international banking and credit card transactions that pass through".

I guess if you want to be pedantic bout it, it could be strictly legal within the US, but for those of us who are non-merkins, that's a foreign country that is nominally our ally hacking our systems to get data behind our backs instead of using an existing a mechanism by which they can ask for, and get, that same data.

Not cool

5
0
Silver badge

Re: chris lively

That 180 million was in 2011 and was one project named 'dishfire' for reasons unknown. Sounds like a single project to me; not the whole of the thing.

0
0
Silver badge

@ James Micallef

No hacking is required, and your government likely agreed to it either through direct treaty, bi-lateral agreements, or secret memorandum of understanding.

NSA issues one of their special warrants under the Patriot Act, the banks hand over the data. Whether on tape, disk, or via a direct feed. NSA filters the data stream for what they want and file it for further research as needed in the future. Probably no humans involved in looking at even the filter stream except for quality control purposes. Because the simple fact of the matter is that once you get much past 100, no human reads that much data randomly looking for connections.

2
0
Silver badge
Facepalm

Re: Destroyed All Braincells Re: chris lively

"....retarded to newspeak the meaning of "sheeple"...." What are you on? The term has always referred to those well-meaning self-delusionists that trot along behind those like Assange. I remember it being used for CND hippies with a similar level of paranoid delusion back loooong before Assange was even born! I remember some hilarious conversations with deeply deluded and paranoid ladies protesting at Greenham Common, who were so scared of their own shadows they even had punch ups where women sharing the same tent became equally convinced their tent partner just HAD to be an MI5 or US MIC undercover agent. I had great fun feeding their paranoia - these were the kind of people that really believed their TVs watched them!

"....the market for Itaniums....." Sorry to burst your bubble, but the NSA are traditionally one of IBM's biggest mainframe customers. The people that actually collect a lot of the data used by the NSA (Google, etc.) are more inclined to be using x86 platforms, except for the telecoms, which do still have a large contingent of Itanium kit. Last I heard there was still plenty of old VMS still being used in the financial houses that probably report plenty of data to the NSA, so that's probably on Itanium by now too. But I suspect the future of sifting such data, given that it requires lots of relatively low-powered streams running in parallel, will probably be Linux grids made up of racks and racks of cheap Atom or ARM servers (possibly AMD if they can get the Seamicro kit in front of the right people). But then I can probably see that because I actually work in the industry, unlike the majority of the sheeple like you.

0
2
Silver badge
Facepalm

Re: BoringGreen Re: chris lively @Matt Bryant

<Yawn> Still unable to post a coherent argument, I see? This is my surprised face, honest. Did you get the gold vulture from being El Reg's tealady?

Which of my points posted in this thread is it that is causing you such distress, or is it that you simply so hate being debunked you intend to forum stalk with more pointless posts whenever my name makes you cringe in fear of reality? Go on, try and be even mildly interesting and post a point of view. I'm not even going to ask that it be your own (it usually isn't), but it would at least be a (minor) contribution rather than just a sulking snipe. I'm sure you're just bubbling over with "righteous" indignation that the NSA may know you used your Mom's VISA card to buy your subscription to Sheep Fanciers Monthly, so try and put your objections in a post. Think of it as a possible start on the therapy you so obviously need.

0
1
Silver badge

whenever my name makes you cringe in fear of reality?

it's not a fear of reality Matt, but you certainly make me cringe!

You really need to get over yourself, you sound a bit demented.

0
0
Silver badge
Happy

Re: sabroni Re: whenever my name makes you cringe in fear of reality?

Just poking fun at the sheeple, chap. If you do it artfully enough you can reduce even the pacifists amongst them to such a rage I even had one kicking three-shades of brown stuff out of his own VW combi! Besides, all this childish "Baaaaah, the NSA is watching me" bleating is getting very boring.

0
1
Anonymous Coward

Hmmmm....

And SWIFT transactions are conducted via AES-256 encryption.

So make your own conclusion as to how safe AES is.

0
5
Silver badge
Boffin

Re: AC Re: Hmmmm....

"....So make your own conclusion as to how safe AES is." If they have a hack into the systems then they are probably looking at the data before encryption is applied.

5
3
Anonymous Coward

Re: Hmmmm....

It WAS "safe"...until someone threw enough money at "the problem" to make it disappear.

And, on that note, our lesson ends for the day.

0
3
Silver badge

Re: Hmmmm....

There are many ways to decrypt a message that do not involve "breaking" the cypher.

As already pointed out: hacking in before it is encrypted, using you 'influence' to get a copy of the key(s), compromising the key/certificate generation software, compromising a closed-source implementation so it leaks information that you have the key to make use of...

4
0
Silver badge

Makes Sense

This makes perfect sense. How else will the IRS know who has (untaxed) money overseas without invoking National Security. It is fairly obvious money is the only thing that National Security is about. It sure as fuck isn't about catching terrorists.

It is no wonder the Swiss rolled over on their clients. They knew they had been compromised and it was either look insecure/incompetent or look like they were bullied. Only one of those can you reasonably excuse.

5
0
Silver badge
Big Brother

"we are not aware of any unauthorised access to our network"

Hmm, nice bit of Double-speak there from Visa! What about *authorised* access (which, of course, being a US company, they're not allowed to talk about...)

13
0
Silver badge
Big Brother

It would be really nice to know under what circumstances data is snooped...

Can they grab anything at any time? When they do grab info, what happens with it?

Also, have they put a backdoor or found a vulnerability in aes 256?

0
0
Silver badge
Meh

Re: It would be really nice to know under what circumstances data is snooped...

I fully anticipate that it will come out that this report was a highly compartmentalized publication and that in fact everything is slurped, but they've 'only looked' at the 185 million records in question. The records that haven't been 'officially' examined will be under another program name.

It simply doesn't make sense to secretly gain access to digital information and not take it all. Why not? That's why it is secret; nobody knows, so nobody can care.

3
1
Gold badge
Unhappy

US company + US servers + THE PATRIOT Act --> *complete* compromise.

And as long as that piece of legislation stands it always will be.

"Constitutional protection you say?"

The War Against Terrorism is far too important to let that get in the way.

7
0
Unhappy

Re: US company + US servers + THE PATRIOT Act --> *complete* compromise.

Just looked this up on Wikipedia and it is disgraceful. Appropriate tools to intercept and obstruct terrorism, but they can legally look at all my emails and what I done on the internet.

I don’t want them seeing this, my girlfriends and I share a lot of intimate stuff, it’s just not right that other people can see it. What can I do now?

2
1
Silver badge

Re: US company + US servers + THE PATRIOT Act --> *complete* compromise.

It is indeed sad Clare (web specialist), but it is necessary. You or your girlfiend or other friends or their friends or possibly one of their friends, friends might be harboring as yet unrealized terroristic tendencies and in order to make sure we cover all the bases after something happens you'll need to have all your information rifled through.

If we don't know how a basically random event came to be, we can't align national resources to identify the drop of water in the ocean for future random event post analysis. You understand.

2
0

Page:

This topic is closed for new posts.