Latest Leak Shows NSA Engaging In Economic Espionage -- Not Fighting Terrorism
from the flying-pigs dept
As more and more information about the NSA's global surveillance capabilities emerges through leaks of material obtained by Edward Snowden, the US authorities have been playing the terrorist card heavily. That is, they concede that they have been spying on pretty much everyone, but claim that it was only to fight terrorism, and thus to save lives. In particular, the NSA insists it is not spying on anyone for the purposes of industrial espionage -- here's what it wrote in an email to the Washington Post on the subject just a couple of weeks ago:
"The Department of Defense does engage" in computer network exploitation, according to an e-mailed statement from an NSA spokesman, whose agency is part of the Defense Department. "The department does ***not*** engage in economic espionage in any domain, including cyber."
Despite the screaming asterisks, like many other statements on the subject from the NSA, this one turns out to be untrue, as the Brazlian TV program "Fantastico" revealed on Sunday, drawing on new leaked documents provided by Glenn Greenwald, who lives in the country:
The internal computer network of Petrobras, the Brazilian oil giant partly owned by the state, has been under surveillance by the NSA, the National Security Agency of the United States.
The Fantastico article goes on to give more information about the attacks on the company's internal networks, and points out that Petrobras is hardly a terrorist organization:
…
a top secret presentation dated May 2012 is used by the NSA to train new agents step-by-step how to access and spy upon private computer networks -- the internal networks of companies, governments, financial institutions -- networks designed precisely to protect information.
The name of Petrobras -- Brazil's largest company -- appears right at the beginning, under the title: "MANY TARGETS USE PRIVATE NETWORKS."
…
The name of Petrobras appears on several slides, as the training goes deeper in explaining how data from the target companies is monitored.The yearly profits of Petrobras are over 280 billion reais -- US$ 120 billion. More than the GDP of many countries. And there are plenty of motives for spies to want access to the company's protected network.
Here's one of them:
For example, the details of each lot in an auction [of oil drilling rights] set for next month: for exploration of the Libra Field, in the Bay of Santos, part of the Pre-salt. Whether the spies had access to this information is one of the questions the Brazilian government will have to put to the United States.
Once again, the NSA's rebuttal of these claims is weak and unconvincing:
Former Petrobras Director Roberto Villa considers this the greatest auction in the history of oil exploration. "It's a very peculiar auction. The auction of an area where we already know there's oil, there's no risk", he says. What no one else should know, Villa says, is which are the richest lots. "Petrobras knows. And I hope only they know." He considers that such information, if stolen, could give someone an advantage. "Someone would have an edge. If this information was leaked and someone else has obtained it, he would be in a privileged position at the auction. He'll know where to invest and where not to. It's a handy little secret."It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.
Or, you know, it could provide US companies with insights about which were the best lots in the forthcoming auction of seabed areas for oil exploration, or about highly-specialized deep-sea oil extraction technology, in which Petrobas is a world leader. After all, why wouldn't the NSA drop some useful hints about such things to US companies as a way of justifying its huge budget?
We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries' economic policy or behavior which could affect global markets.
This latest attack on Brazil's flagship enterprise will make the country's already strained relationship with the US even more difficult. But the Fantastico story on the NSA program, which is apparently called "Royal Net", is about much more than those bilateral relations:
Besides Petrobras, e-mail and internet services provider Google's infrastructure is also listed as a target. The company, often named as collaborating with the NSA, is shown here as a victim.
There are also first details of other, hitherto unknown, spying programs and capabilities:
Other targets include French diplomats -- with access to the private network of the Ministry of Foreign Affairs of France -- and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions.The NSA presentation contains documents prepared by the GCHQ -- the British Spy agency, from a country that appears as an ally of the United States in spying. The British agency shows how two spy programs operate. "Flying Pig" and "Hush Puppy" also monitor private networks which carry supposedly secure information. These networks are known as TLS/SSL.
This confirmation that man-in-the-middle attacks are used by the NSA to intercept data, along with detailed information about the high-level economic espionage that is going on, underlines why the Fantastico report is so important, and why it is well-worth reading in its entirety.
The presentation explains how data is intercepted, through an attack known as "Man in the Middle". In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: brazil, economic espionage, nsa, nsa surveillance, surveillance
Companies: petrobas
Reader Comments
Subscribe: RSS
View by: Time | Thread
According to the Computer Misuse Act, every single agent of the NSA should be locked up for 35 years.
But no, they'll just get a wink and a nod.
Disgusting.
[ link to this | view in thread ]
[ link to this | view in thread ]
How many lies and deceptions need to be uncovered?
1. Leaked document exposes dirty laundry of NSA.
2. People speculate on implications of said dirty laundry.
3. NSA denies that any of those implications are true.
4. New leaked document directly contradicts NSA's denial.
5. GOTO 2, repeat.
It's the same pattern, for months running. When are people (and Congress, and the President, and the Courts, our supposed public servants) going to finally realize that the entire setup is utterly corrupt and untrustworthy? That it needs to be removed in its entirety and maybe replaced (I'm in doubt that we even need the NSA).
[ link to this | view in thread ]
Financial Crisis
they have the ability to guess when financial crises may be coming? Yet they failed to do anything during the mortgage bubble when American and allied banks were taking actions that could negatively impact the global economy? Here could have been a chance to justify their budget and save millions, if not billions of dollars, but they missed that as well.
[ link to this | view in thread ]
Re: Financial Crisis
[ link to this | view in thread ]
[ link to this | view in thread ]
it might even be able to warn the USA and elsewhere of an impending global, financial disaster.
what do you mean, we've already had one! when did we miss that, then??'
[ link to this | view in thread ]
Re:
I'm surprised why this hasn't been explored further. Their loyalty is not toward the government or its citizens but to their bottom line. i wonder what immunities if any these contracting companies have with the NSA or our government.
[ link to this | view in thread ]
Re: Re: Financial Crisis
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
I kinda assumed that that was part of SSL...
[ link to this | view in thread ]
Re: Re: Financial Crisis
[ link to this | view in thread ]
Thanks for turning me onto Diffie-Hellman.
That is a notion I learned about programming is that learning a language was to determine what I could do with it. How was a just a matter of consulting the manuals and algorithms.
[ link to this | view in thread ]
Re:
This weakness of centralized certificate authorities isn't new. In fact we knew about it the second someone came up with the idea. Yet here we are :)
[ link to this | view in thread ]
Re: Re: Financial Crisis
If it involves private entities we are talking a preemptive bail for a lot of financial institutions to go wild... Not exactly a good thing.
If it is to inform companies about how to avert disaster, we are talking something equivalent to industrial espionage on roids.
If the informations are made public, well, then we are talking about rather benign activity but that seems completely unbelievable for what NSA has done in the past.
The only reasonable other use would be giving the informations to other parts of the government and then we can start this list again for that government entity, not to mention the whitewashing they have to do to get their information emissible in court...
Financial spying is incredibly easy to abuse, conciously or unconciously.
Therefore I think secret services should keep from spying in that field entirely...
[ link to this | view in thread ]
Great job, NSA. Great job.
[ link to this | view in thread ]
Re:
The hard part is for the NSA computer to pretend to be the real server. There are three ways for them to do so. First, they could have demanded/stolen the secret key and certificate from the server they're trying to intercept traffic to. Second, they could have a trusted Certificate Authority (CA) tell the user that they are the server. Third, they could use their massive supercomputers to fake a valid certificate.
We've heard a decent bit about the first one. The second one happens because browsers operate on a chain of trust that is completely invisible to a normal user. It would be easiest for them to go this route. The third method was actually demonstrated by a couple of researchers. They used a bunch of PS3s to sign a valid md5 based certificate. It's an old attack, but someone on that huge invisible chain of trust is probably still vulnerable.
Like Snowden said. The problem isn't the encryption, it's everything else. In this case, web browsers relying on public key cryptography with some major flaws.
[ link to this | view in thread ]
Re: Financial Crisis
And there could be 1000 invisible teapots orbiting Saturn!
And monkeys could fly out of my butt!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
A grain of healthy skepticism
Unless we have actual proof of this, all that's happening is rampant speculation, which gives the NSA's defenders the ability to say: "See! The people attacking the NSA are nothing more than a bunch of conspiracy theorists making baseless accusations!"
... At least until the next leak comes out.
So I'd hold off on saying that the NSA shares information with/drops hints to American companies until there's some evidence to (at least partially) support those claims.
But that's just me. And until Guardian/Spiegel/NYT/WaPo stops publishing stories based on information from the Snowden Documents, we won't know if there's any actual proof about that or not.
As the Zen Master says, "We'll see.'
[ link to this | view in thread ]
Re: Re:
a/ As I understand it Obama promised at least steps in this direction and lied through his teeth even more than the average politician
and
b/ Any politician actually serious about such reform has about as much chance to getting as far as having people vote for him as I am of being in the running for Pope.
... it seems a rather forlorn hope.
[ link to this | view in thread ]
[ link to this | view in thread ]
"Flying Pig"
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
HWIBTJQTEIYLTMEAFSMTOYOA - does anyone see the hidden message?
[ link to this | view in thread ]
Re: Re:
They gave the telcos total immunity to anything happening to them, even as they were well aware what they were doing violated the Constitution and the law... so...
[ link to this | view in thread ]
Huh?
Terrorism was the justification (or excuse) *only* for gathering very broad data on private citizens, as distinguished from foreign governments, officials and institutions.
One of the problems with this issue is the failure of the media and many of the commentators to draw the simplest of distinctions. Another is apparent refusal to learn what the law is and the history of the issue.
[ link to this | view in thread ]
It strains credulity to believe they are ***not*** engaging in corporate espionage
Given the plethora of examples demonstrating the complete disregard for the law (US Constitutional, international, privacy, and otherwise) on the part of the NSA, it would be naive to believe that cavalier attitude stopped at the boardroom doors.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
-James Clapper
If the alleged felonious liar pinky swears and crosses his heart, while stating that this corporate espionage information will not be abused. Well, who are we to question his honesty, credibility, and integrity on such matters?
[ link to this | view in thread ]
Re: How many lies and deceptions need to be uncovered?
let's ask Comrade Snowden about it.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Imagine if every road route would be 2x longer because some agency's whim.
[ link to this | view in thread ]
Re: Financial Crisis
They had plenty of warning about the crash of '08. It was actually Bush who warned about it, but he was ignored. When the revelations by Matt Taibbi came to light, no action was taken, even though the activities of BOA, etc., were publicly known.
Let's face it, none of them give a damn whether our economy gets wrecked again or not, what they want is to be able to take advantage of insider knowledge so they can gamble on the stock exchange. Amirite?
[ link to this | view in thread ]
Dissidents
[ link to this | view in thread ]
Re: Financial Crisis
the answer is in your own question. There were the few that benefited greatly from the subprime festival. The bankers.
[ link to this | view in thread ]
I'm saying all this because if this made it into their main Sunday show that has a whole lot of audience then you can bet it's damn critical AND it's got enough mainstream outrage to justify showing.
It's interesting indeed!
[ link to this | view in thread ]
LIBOR rigging? HSBC?
How did they manage to miss the massive money-laundering HSBC did for drug cartels?
And what hiccup caused them to ignore HSBC's part in illegal transfers to Iranian banks?
Who is being protected, and from whom?
Quid custodiet impossible custodes? Indeed.
[ link to this | view in thread ]
Typo...
It's "ipsos" not "impossible." Durn newfangled idiot auto-complete.
[ link to this | view in thread ]
Espionage
[ link to this | view in thread ]
Re: Financial Crisis
[ link to this | view in thread ]
Mission Creep
[ link to this | view in thread ]
Catalyst
Perhaps the media coverage of their dirtier business dealings will be what helps the world kick our fossil fuel dependence.
[ link to this | view in thread ]
[ link to this | view in thread ]
Hush Puppy
"Hush puppy times two" meant that the recon team had taken care of the Edmondses’ two watch dogs, with sound-suppressed weapons.
[ link to this | view in thread ]
By knowing the "extra-curicular" activities of CEOs, politicians, lawyers, high-ranking gangsters, presidents and kings, via communications interception, one can easily push one's own agenda internationally, by simply NOT telling what you know, and making your "targets" aware of what you're not telling.
For a government to indulge in this type of high-stakes extortion is especially effective, as the capital gained is unrecorded and can be used for other less-than-legal operations without fear of oversight, and the results of the process take place in the real world as if they were entirely natural.
It is the favourite passtime of Organized Crime, in all of its myriad legitimate disguises.
[ link to this | view in thread ]
Re: Re: How many lies and deceptions need to be uncovered?
[ link to this | view in thread ]
Re: Re: How many lies and deceptions need to be uncovered?
[ link to this | view in thread ]
Re: Financial Crisis
How would we know what outcome they wanted. Perhaps that event worked to there advantage?
Given the extents of there abilities and intel, seems more likely to me than they simply 'missed it'
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Where is the evidence?
Because I looked for it in your story, but I saw no evidence of that at all.
It's in the nature of spying that it can't respect the artificial walls that divide one human-defined activity from another; they go where the spies are or could be without exception, subject only to judicial limitations (limitations which are being very poorly attended to, we all agree).
So far as I can tell, neither you nor Glen Greenwald nor Snowden have produced the smoking evidentiary gun which shows economic espionage has occurred here, except as you have defined it downward to mean- spying on business computers and networks.
This from a group of people who loudly decry trials during which flimsy charges with insufficient evidence are used to convict actually innocent people.
[ link to this | view in thread ]