Inside Project Raven, a Team of Former NSA Analysts Who Worked for the UAE Government

Project Raven was a team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Reuters tells the story.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.

An interesting story. We know that iOS 14.8 patched a vulnerability used by the Pegasus spyware, but I haven’t heard much about Karma.

Court Finds NSA Collects Innocent Americans’ Data Anyway

The Foreign Intelligence Surveillance Court (FISC) found that the NSA doesn’t follow the law and collections the data of innocent Americans. This is according to a recently declassified document [PDF] from November 2020.

From where we sit, it seems clear that the FISC continues to suffer from a massive case of national security constitutional-itis. That is the affliction (not really, we made it up) where ordinarily careful judges sworn to defend the Constitution effectively ignore the flagrant Fourth Amendment violations that occur when the NSA, FBI, (and to a lesser extent, the CIA, and NCTC) misuse the justification of national security to spy on Americans en mass.

NSA Wants to Spy on Americans Because Reasons

U.S. government servers have been getting hacked left and right. In response, the NSA wants us to think that approval of domestic spying will solve the problem, despite suffering an egregious hack in 2016 where its zero-day exploits were stolen.

“We truly need to look at the ability for us to see ourselves and right now it’s difficult for us to see ourselves,” Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.

NSA Avoids Discussing Back Doors in Commercial Products

The U.S. National Security agency is dodging questions about back doors in commercial products and whether it’s continuing this practice. The article mentions Dual EC, a type of encryption algorithm the NSA tried to get ratified as a global standard. Why? Because they could easily crack it.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

And that’s the reason we oppose these kinds of back doors or “weaknesses on purpose” on Security Friday. If one group can easily crack it, so eventually will other groups.

US Court Rules NSA Mass Surveillance Program Illegal

Seven years after NSA whistleblower Edward Snowden exposed the agency’s mass surveillance of Americans, a U.S. appeals court has deemed it illegal.

The ruling will not affect the convictions of Moalin and his fellow defendants; the court ruled the illegal surveillance did not taint the evidence introduced at their trial. Nevertheless, watchdog groups including the American Civil Liberties Union, which helped bring the case to appeal, welcomed the judges’ verdict on the NSA’s spy program.

NSA Spy Program Cost Taxpayers $100 Million and Was Overall Useless

Form 2015 to 2019 the National Security Agency (NSA) collected Americans’ domestic phone calls and texts. The program cost US$100 million but only one investigation was able to make use of that data.

Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.

“Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.”

NSA Publishes Threatening Letter Calling for Encryption Backdoors

Glenn S. Gerstell, general counsel for the National Security Agency (NSA) published a letter in the New York Times, writing about how a “digital revolution threatens to upend our entire national security infrastructure.” He thinks backdoors into encryption is one answer (of course he doesn’t use the word backdoor), as well as the agency collecting even more data from citizens. Read his letter by clicking the link below, then read this take by Nefarious Laboratories.

Make no mistake, this letter is a thinly-veiled threat to every major corporation around the globe: provide the U.S. government with access to all of your data or else, “there is another path, and it is the one taken by authoritarian regimes around the world”.

Governments Are Terrible at Securing Data

It absolutely infuriates me when agencies like the FBI, and governments like Australia, the U.S., Germany, and more want us to break encryption or circumvent it with a back door. As Mathew Gault writes, they are completely inept at securing data. Even the NSA, which likes to think it’s the “world leader in cryptology” got hacked.

Regular phone and internet users remain vulnerable, forced to take individual protective measures, like a poor wage-worker without health insurance who’s told to secure her nest egg by cutting out morning lattes.

National Security Agency Releases Ghidra

The NSA has released its tool called Ghidra at the RSA Security Conference. It’s an open-source tool that helps security researchers examine malware code.

You can’t use Ghidra to hack devices; it’s instead a reverse engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveals what the software you churn through it does.

NSA Spying Program Has Allegedly Ended

The NSA spying program that analyzed the calls and texts of American citizens has allegedly been shut down.

Christopher Augustine, an N.S.A. spokesman, told The New York Times in January that agency officials were “carefully evaluating all aspects” of the Freedom Act program, and were discussing its future. Mr. Augustine made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act.

I hope this is actually true. Now we need the GCHQ to not spy on us either.

WIN an iPhone 16 Pro Max!