Pages

Saturday, 24 August 2013

NZ direct access to PRISM

Fuck you John Key - liar! Here we are again – New Zealand in the headlines for all the wrong reasons.

A quick search under NZ media finds NOTHING.


New Zealand has direct access to US surveillance
New Zealand’s police and intelligence services have direct access to US surveillance systems such as PRISM, to monitor email and capture various data traffic, according to police affidavits in connection with the raid on Kim Dotcom’s mansion.


RT,
23 August, 2013


The news that the Organised and Financial Crime Agency New Zealand (OFCANZ) requested assistance from the Government Communications Security Bureau (GCSB) was revealed by blogger Keith Ng on his On Point blog


He discovered that the police provided the GCSB – the government’s signals intelligence unit – with a list of indicators for scanning emails and other information traffic generated by Kim Dotcom and his colleagues and co-founders at Megaupload.

New Zealand and Australia use a ‘selector’ categorization system akin to the NSA’s XKEYSCORE, revealed recently by whistleblower Edward Snowden in his set of PRISM revelations about unsanctioned US spying on people across the globe. 

PRISM is an all-reaching computer surveillance system run by the US government and the NSA.

Some of these selectors have been redacted in the documents, but others remain – such as Kim Dotcom’s email addresses and the names of proxy servers he uses to access various accounts and servers. 

Megaupload founder Kim Dotcom (AFP Photo/Marty Melville)
Megaupload founder Kim Dotcom (AFP Photo/Marty Melville)


Last year, Dotcom’s mansion was raided by the police for alleged rights and piracy-related breaches, all based on indictments filed in the US. 


There is clear indication of the surveillance system monitoring live traffic. The reports reveal communications interspersed with terms such as ‘CONFIDENTIAL’ or ‘NEW ZEALAND EYES ONLY’, or even ‘SECRET…REL TO NZL, AUS, CAN, GBR, USA,” which speaks for itself.

However, while this is certainly a new revelation, it may not be surprising to many. 

The NSA sometime shares information with NZ, as part of the Five Eyes intelligence-sharing alliance, which also includes the UK, Australia and Canada. 

Moreover, New Zealand passed a new bill in August, which radically expands the powers of its spying agency. The legislation was passed 61 votes to 59 in a move that was slammed by the opposition as a death knell for privacy rights in New Zealand.


The new amendment bill gives the GCSB powers to support the New Zealand police, Defense Force and the Security Intelligence Service. 

Polls have shown that three quarters of the Kiwi population are opposed to the law. And Kim Dotcom promptly gave his reaction on Twitter with the words “RIP Privacy”



NZ police affidavits show use 

of PRISM for surveillance

New Zealand’s police and intelligence services have direct access to US surveillance systems such as PRISM, to monitor email and capture various data traffic, according to police affidavits in connection with the raid on Kim Dotcom’s mansion.

Keith Ng

23 August, 2013


Police affidavits related to the raid on Kim Dotcom's Mega mansion appear to show that New Zealand police and spy agencies are able to tap directly into United States surveillance systems such as PRISM to capture email and other traffic.


The discovery was made by blogger Keith Ng who wrote on his On Point blog that the Organised and Financial Crime Agency New Zealand (OFCANZ) requested assistance from the Government Communications Security Bureau (GCSB), the country's signals intelligence unit, which is charge of surveilling the Pacific region under the Five-Eyes agreement.


A list of so-called selectors or search terms were provided to GCSB by the police [PDF, redacted] for the surveillance of emails and other data traffic generated by Dotcom and his Megaupload associates.


'Selectors' is the term used for the National Security Agency (NSA) XKEYSCORE categorisation system that Australia and New Zealand contribute to and which was leaked by Edward Snowden as part of his series of PRISM revelations.


Some "selectors of interest" have been redacted out, but others such as Kim Dotcom's email addresses, the mail proxy server used for some of the accounts and websites, remain in the documents.


Megaupload co-founders Bram van der Kolk and Sven Ecthernach was were also targeted for electronic surveillance, ditto Dotcom's wife Mona.


Dotcom's mansion was raided by NZ police last year for crimes related to online piracy, based on indictments filed in the US.


One note on the reports generated from the surveillance points to the system used capturing real-time traffic.


Several of the documents are classified as "CONFIDENTIAL COMINT/NEW ZEALAND EYES ONLY" with one being marked as "SECRET/COMINT/REL TO NZL, AUS, CAN, GBR, USA".


The spying on Dotcom, his wife and van der Kolk was deemed to be illegal as all three are residents of New Zealand and the GCSB is precluded by current law from intercepting their communications.


In the United States, declassified government documents have been released to the Electronic Frontier Fourndation that show the NSA operates an eavesdropping program that has direct access to internet communications.


The documents are part of a statement by the US Foreign Intelligence Surveillance Court (FISC) which berates the NSA for misleading the tribunal on the extent of domestic spying on innocent people, saying such collection was unconstitutional.


And from the man himself - 


Ich bin ein Cyberpunk

Keith Ng

22 August, 2013


Welcome to your sudden but inevitable future of ubiquitous surveillance.
To an extent, I appreciate the arguments made by supporters of the GCSB Bill – it’s not really a huge encroachment of mass surveillance powers, it is, mostly, just the formalisation of mass surveillance powers that have been encroaching for a decade. We are not fucked off because of the bill itself, really, but because we’ve finally been forced to pay attention to the barftastic overreach of state surveillance that’s been happening around us.
At least, that’s true for me. Thanks to the GCSB Bill, I finally got around to reading the Kim Dotcom affidavits. It’s the best example we have of how “GCSB assistance” is actually rendered. The Police asked the GCSB for help in a one-page request (page 13 of this):



Once the GCSB’s lawyer had a look at it, the Police provided a list of “selectors” to the GCSB (we now know from the PRISM documents that “selectors” is the term used to describe the search terms used to make PRISM requests):


The selectors were entered into █████, in an email classified as “SECRET//COMINT//REL TO NZL, AUS, CAN, GBR, USA”. In other words, the selectors were entered into a secret communications intelligence system, and this secret system was considered related to Five Eyes:


The email from the GCSB then described “traffic volume from these selectors”: i.e. This secret system was capturing live traffic.


This is consistent with everything that we know about PRISM. Key has refused to comment on this.

What does this mean? It means that GCSB assistance is NSA assistance. It means that government agencies can tap into these powers as part of bread-and-butter law enforcement. Through the Bradley Ambrose case, we’ve seen that the Police are willing to use the full extent of their powers for entirely bullshit cases. Combine the two, and it makes me very, very queasy.
I ended my post in May with “we need to start by getting really, really fucked off”. What is step two? Fortunately, there is a 25-year-old answer to this question: Encrypt everything.
Over the next however long it’s going to take me, I’m going to be doing short posts on how to secretfy your stuff. Today’s post is on encrypting text using public-key encryption.
Public-key Encryption (the uber-short version)
This technique is based on a pair of matching keys – one public, one private. Anything encrypted with one can only be decrypted with the other. Why? MATHS, that’s why. The public key is then made public (my key is here), and anyone can use that key to encrypt a messsage. Only you – with the private key that you keep secret – can decrypt that message.
It’s actually not that hard. The simplest tool for dealing with PGP keys is gpg4usb. Go download it and have a play. Purely for testing purposes, here is the public AND private keys for “John PGPKey” (right click on the link –> “Save link as..” to save the file). Open up gpg4usb and use the menu bar: Keys –> Import Key from.. –> File.



Select the .asc file you just downloaded. You can now use John PGPKey’s private and public keys.
(Just to reiterate, this is for testing purposes only – you should NEVER put your real private key on the internet.)
Here is a message that’s been encrypted using John PGPKey’s public key. Open it up and copy and paste the garbled text into gpg4usb (including the BEGIN PGP MESSAGE and END PGP MESSAGE lines). Click on the “Decrypt” button. It’ll ask you for a passphrase, which is “spicy panopticon in a dunnenad sauce” (this is a more reliable guide to making secure passphrases than your IT department).
(And no, you should not be putting the passphrases for your real private key on the internet, either. NOTE: Apologies if this didn’t work before, I posted the wrong version of the key I was faffing around with.)


Enter the passphrase and BAM – you’ve decrypted a message! (If you haven’t, check that you’ve copied the whole message, and check that you typed in the password properly.)
Now, to encrypt a message, just type things into the text box, select the key you want to encrypt with, and click on the “Encrypt” button. Pretty goddamn easy.
To create your own key, open up Keys –> Manage Keys. From the Key Management window, open up Key –> Generate Key. Fill out the boxes and go. You can export the public key and put it somewhere public – but let’s not actually do that yet, until we have a way of securing your private key.

In the next part, we’ll talk about publishing keys, verifying keys, signing with keys


Access to Keith Ng's blog site On Point HERE

No comments:

Post a Comment

Note: only a member of this blog may post a comment.