Business Espionage: Eavesdropping Devices Found at Nortel Complex

Canada - Workers preparing the former Nortel complex as the new home for the Department of National Defence have discovered electronic eavesdropping devices, prompting new fears about the security of the facility.

It’s not clear whether the devices were recently planted or left over from an industrial espionage operation when Nortel occupied the complex...

Recently released DND documents indicate that concerns about the security surrounding the former Nortel campus at 3500 Carling Ave. were raised last year...
 
Last year it was also revealed that Nortel had been the target of industrial espionage for almost a decade... (more)

Note: Nortel Networks Corporation was once a major data networking and multinational telecommunications company. The company filed for protection from creditors on January 14, 2009 and later shut its doors.

Read More

Commercial Espionage Fears Prompts... a conference?!?!

Jamacia - Commercial espionage affecting Jamaican businesses are to be addressed at a two-day conference on Cyber Security and Digital Forensics, to be staged at the University of the West Indies from September 30 to October 1.

Mr. Robinson said he became aware of the level of corporate espionage occurring in Jamaica recently, and the conference will address this concern in a fulsome way.

“We’re not talking about a man hacking into a website and defacing it. We’re talking about criminals doing this for financial gain, or to prove a point. They can hack into a critical national infrastructure and disrupt the country in a significant way; for example your Air Traffic Control system, and you know the damage that can be done,” the State Minister said.

“There are just so many ways someone with a computer can create havoc and we need to be on top of that as a country,” he emphasized. (more)

The "Let's Talk About This" love boat sailed a long time ago. It's time for action. BTW... Corporate espionage via computers is only one hole in your security dike. Be sure your security program handles it all.

Read More

Business Espionage - Bra Biz Ops Man Bugged

Michelle Mone's firm bugged director's office amid fears he was about to jump ship to ex-husband's new company, tribunal hears 

MICHELLE MONE monitored recordings from a bug in a director’s office amid fears he was about quit for a job work with her ex, her new business partner claimed yesterday.

Eliaz Poleg told an employment tribunal he came up with the idea of bugging Scott Kilday’s plant pot.

Poleg – the chairman of the company formed from the sale of Michelle’s MJM firm – said he made the move as he had “extreme concerns” over Kilday’s loyalty to the troubled bra business.

Kilday now works for Michelle’s ex-husband Michael, who was bought out of MJM two days before the sale to MAS Holdings. Kilday walked out on MJM after finding the bug.

Poleg told the tribunal in Glasgow: “I know there was stuff on it because Michelle said she was listening and replacing the machine tapes. (more)

Read More

When Business Espionage Doesn't Work the Next Step is Sabotage

Real News or Business Sabotage? You decide...

The following "news story" was found in Yahoo News. It is filled with anonymous quotes, no proof, no substance, no follow-up with the side being attacked.

“Apple’s new operating system is making me nauseous and giving me a headache - just like when you try to read in the car,” says one user.

Others complain of “vertigo” when apps “zoom” in and out - and say that using iOS 7 devices has left them feeling ill for days.

Apple’s new iOS 7 operating system has been downloaded 200 million times - and some users are complaining that the animations make them seasick - or worse. (more)

To our clients... In addition to your TSCM bug sweeps and our other business espionage reductions, keep an eye out for business sabotage. Document it. Go after it.

Read More

Yet Another Good Reason to Conduct TSCM Sweeps

Police have arrested eight men in connection with a £1.3m theft by a gang who remotely took control of the computer system of a Barclays bank branch.

A man posing as an IT engineer gained access to the Swiss Cottage branch in north London on 4 April, fitting a keyboard video mouse (KVM) device, which enabled the gang to remotely transfer funds to bank accounts under its control. (more)

Read More

Fingerprint Security Appears Risky on iPhone, and Elsewhere

Reason 1. - iPhone's fingerprint biometrics defeated, hackers claim.
Just one day after the new fingerprint-scanning Apple iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism. After their announcement on Saturday night, the Chaos Computer Club posted a video on YouTube which appears to show a user defeating Apple’s new TouchID security by using a replicated fingerprint. Apple has not yet commented on this matter, and, as far as I can tell, no third-party agency has publicly validated the video or the hacker group’s claim. In theory, the techniques used should not have defeated the sub-dermal analysis (analyzing three dimensional unique aspects of fingerprints rather than just two-dimensional surface images) that Apple was supposed to have used in its fingerprint scanner. (more)

Reason 2. - Mythbusters.



Reason 3. - When You're Busted.
Police can't compel you to spill your password, but they can compel you to give up your fingerprint.

"Take this hypothetical example coined by the Supreme Court: If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence, turning over the key wouldn’t be testimonial if it’s just a physical act that doesn’t reveal anything you know.

However, if the police try to force you to divulge the combination to a wall safe, your response would reveal the contents of your mind — and so would implicate the Fifth Amendment. (If you’ve written down the combination on a piece of paper and the police demand that you give it to them, that may be a different story.)" (more)

Read More

Is Your Cell Phone Talking to Your Carrier, or Behind Your Back to a Rogue?

It's not easy to tell, but very important if you want to have a confidential conversation.

What is a rogue or IMSI catcher?
"An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones. Such a virtual base transceiver station (VBTS) is a device for identifying the International Mobile Subscriber Identity (IMSI) of a nearby GSM mobile phone and intercepting its calls." (more)

Folks with a Cryptophone know...

"Each week an increasing number of Cryptophone customers are becoming aware of disturbing, yet unfortunately not surprising changes to the cellular network in their area.

This screenshot sent in by a customer shows the Cryptophone 500 alerting them to changes in the mobile network. In this case standard network encryption has been turned off. This is often an indication that a rogue base station or “IMSI Catcher” is active in the area.

While this knowledge would be of great to concern to most people, Cryptophone users can rest easy knowing that even in the presence of an ‘active’ attack’s like this, their communications are still completely secure." (more) (more)

Think the problem is theoretical? 

"Recently leaked brochures advertising next generation spy devices give outsiders a glimpse into the high-tech world of government surveillance. And one of the most tantalizing of the must-have gizmos available from a company called GammaGroup is a body-worn device that surreptitiously captures the unique identifier used by cell phones." (more)

"Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair" (more) 

"Septier IMSI Catcher (SIC) has been designed as a tactical solution intended to extract GSM entities. Based on the Septier GUARDIAN infrastructure, Septier IMSI Catcher provides its users with the capability of extracting IMSI and IMEI of GSM Mobile Stations (MS) that are active in the system's effective range.

Septier IMSI Catcher is the perfect solution for both extracting identities from MS in its area of coverage (when these identities are previously unknown) and detecting the presence of known cell phones in the area, notifying the system user about those phones. Septier IMSI Catcher can be equipped with an add-on 3G module that allows identity extraction for 3G cell phones as well. It has several configurations that allow meeting the specific requirements of every operation and are suitable for various working conditions." (more)

Read More

PRISM as part of the BLARNEY program

(Updated: September 25, 2013)

Last June, the still on-going Snowden-leaks started with the unveiling of PRISM, an NSA program which collects information about foreign targets from American internet companies like Facebook, Google, Yahoo and Microsoft.

Since then, no new information about PRISM was published, but recently some new details could be found. These show that PRISM is part of another NSA program, codenamed BLARNEY, and that US-984XN is not a single designator for PRISM, but stands for multiple designators, one for each of the internet companies.


New slides

On September 8, the Brazilian television news magazine Fantástico aired a report about the NSA trying to access the network of the Brazilian oil company Petrobras. In the background of this report, a number of hitherto unseen NSA slides were shown.

One of the slides shows details about the BLARNEY program, which has the SIGAD, or SIGINT Activity Designator US-984 and the PDDG, or Producer Designator Digraph AX. The slide says that BLARNEY collects DNR (telephony) and DNI (internet) communications under authority of the FISA court. Main targets of the program are diplomatic establishments, terrorists, foreign governments and economic targets:

Top left the slide shows the NSA seal and top right we see a green leprechaun hat with a clover leaf, symbolizing Blarney, as this is also the name of a small town in Ireland.

However, the most intesting fact is that the BLARNEY SIGAD US-984 is almost the same as US-984XN, which is prominently shown on the first slide of the PRISM presentation that was published in June:

This similarity indicates that PRISM is part of BLARNEY, which is also suggested in the Wikipedia article about the latter program.


SIGADs

Wikipedia also has a good article about the SIGAD or SIGINT Activity Designator itself, which teaches us that a SIGAD with two letters followed by three or four numbers, like US-984, is for identifying signals intelligence collection programs and activities.

An additional alphabetic character is added to denote a sub-designator for a subset of the primary collection unit, like a detachment. Lastly, a numeric character can be added after the aforementioned alphabetic to provide for a sub-sub-designator. This already confirms that with the designation US-984XN, PRISM is a sub-program of BLARNEY.

But there's more. In the Wikipedia-article the SIGADs are represented like XX-NNNxn, where an X represents an alphabetic character and an N represents a numeric character. Here we see the same XN-suffix as in the alleged PRISM designator US-984XN, so it seems that XN is only meant as a placeholder for the actual designations of PRISM subsets.

This is confirmed by another slide from Brazilian television, which says that the SIGAD US-984X stands for multiple programs and partners collecting under FAA authority:

PRISM SIGADs

In one of the PRISM slides published in June, there's an explanation of the PRISM case notations. These start with a designation for each PRISM provider, like P1 for Microsoft, P2 for Yahoo, etc. (the first position in the slide below). These designators fit the XN-scheme of one alphabetic character followed by one numeric character.

If we combine this, it seems likely that instead of US-984XN as a single PRISM SIGAD, there might be actually the following multiple SIGADs, one for each of the internet companies:

- Microsoft: US-984P1
- Yahoo: US-984P2
- Google: US-984P3
- Facebook: US-984P4
- PalTalk: US-984P5
- YouTube: US-984P6
- Skype: US-984P7
- AOL: US-984P8
- Apple: US-984PA

After P8 for AOL, the final number becomes the letter A for Apple. Maybe this is because more than nine companies became involved, and so NSA chose to go on with hexadecimal numbers, so PA can be followed by PB, PC, etc.

Having separate SIGADs for each internet company makes sense, because a SIGAD identifies a specific facility where collection takes place, like a ship or a listening post. PRISM as a program is not such a facility, but comprises a number of them.

The notation of the multiple PRISM SIGADs is also more like that of other collection facilities, for example US-987LA and US-987LB for the Bavarian and Afghanistan listening posts of NSA's German partner-agency BND.

BLARNEY

Under BLARNEY, information is collected from both telephone and internet communications at facilities in the United States. The program was started in 1978 under the authority of the Foreign Intelligence Surveillance Act (FISA), which was enacted in the same year for regulating foreign intelligence collection in which communications of Americans could be involved. The SIGAD for BLARNEY collection under this initial FISA authority is US-984.

According to a report of the Wall Street Journal, BLARNEY was established with AT&T, for capturing foreign communications at or near key international fiber-optic cable landing points, like the AT&T facility Room 641A in San Francisco that was revealed in 2006. A similar facility was reportedly built at an AT&T site in New Jersey.

One of the doors of room 641A in the building of AT&T in San Francisco,
where the NSA had a secret internet tapping device installed,
which was revealed by an AT&T technician in 2006.

After the 2001 attacks these intercept capabilities were expanded to top-level telecommunications facilities within the United States, like main switching stations for telephone and internet traffic. These are accessed through arrangements with American internet backbone providers. Finally companies providing internet services like Microsoft, Google and Facebook were added.

Since 2008 this collection takes place under authority of the FISA Amendments Act (FAA) and the specific BLARNEY sub-programs and corporate partners are identified by SIGADs in the format US-984X. Except for PRISM, none of them are publicly known.

According to the recently disclosed US Intelligence Budget, NSA pays 65.96 million USD for costs made by corporate partners under the BLARNEY program. As PRISM is part of BLARNEY, it's possible that part of that money (maybe the 20 million mentioned in this slide?) is also for expenses made by the internet companies like Facebook, Google and Yahoo.

When PRISM was unveiled in June, the Guardian said this program was one of the main contributors to the President's Daily Brief, the top-secret document which briefs the US president every morning on intelligence matters. Being the PRISM parent program, BLARNEY is also one of the top sources to this document. According to a report by Der Spiegel, some 11,000 pieces of information reportedly come from BLARNEY every year.

This is shown in the slide below with a chart of the Top Ten Collection SIGADs from 2010-2011:

(screenshot courtesy @koenr)

In green we see the signals intelligence sources where NSA's Special Source Operations (SSO) division uses arrangements with corporate partners, in blue the sources where there are no such arrangements needed, which means SSO can collect the data on its own.

By far the most productive sources are the programs under US-984X, which include PRISM. Second comes information from what is called "transit only" traffic under the FAIRVIEW program (US-990). The initial BLARNEY collection under US-984, which is apparently from the AT&T network, is the nineth most productive source.

Some more information about BLARNEY is in another slide that was shown on Brazilian television:

Click for a readable version

Among other things, the slide says that BLARNEY is used for gathering information related to counter proliferation, counter terrorism, foreign diplomats and governments, as well as economic and military targets. PRISM seems to be used against more or less the same targets, as can be seen in a lesser known slide of the famous PRISM powerpoint presentation:

(it seems the bottom part of this slide was blacked out by Brazilian media, as the Indian
paper The Hindu disclosed that this slide also mentions "politics, space, nuclear" as
topics under the header "India", and also information from Asian and African
countries is contributing to a total of "589 End product Reports")

Once again this makes clear that programs like BLARNEY and PRISM are used to gather information about the usual strategic and tactical topics and therefore not for spying on Americans or other ordinary people.

(Updated on September 23 with the slide describing US-984X, the slide with the PRISM topics, some additional information from the WSJ report and a new slide about the top ten FAA sources)

Read More

Ex-Sheriff Pleads Guilty to Wiretapping

WV - Former Clay County Sheriff Miles Slack pleaded guilty Tuesday to a federal charge that he hacked his wife’s work computer.

Slack entered the plea to a wiretapping charge Tuesday in U.S. District Court in Charleston. He faces up to five years in prison. Sentencing was set for Dec. 19.

The government said Slack secretly installed a keystroke logger on a computer in the Clay County Magistrate Court office in April where his wife worked. They were married at the time but have since divorced.

Spyware devices can be purchased online and typically are 1-2 inches long and attached to the keyboard cable. Once installed, they can intercept anything typed on that keyboard. (more)

Read More

Afraid of Getting a Virus from a Public Recharging Station?

 For every scare, there is an inventor with an answer...
via int3.cc...

Have you ever plugged your phone into a strange USB port because you really needed a charge and thought: "Gee who could be stealing my data?." We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes. Well now you can be a bit safer. "USB Condoms" prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through.Thus, these "USB Condoms" prevent attacks like "juice jacking".

Use USB-Condoms to:
* Charge your phone on your work computer without worrying...
* Use charging stations in public without worrying...

If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-) (more)

Read More

New iPhones Are Coming - Learn How to Sanitize Your Old One

Planning on buying a new iPhone? 

Whether you trade-in, sell or gift your old one, do this first. Erase all your personal data. 

Here's how:
1. Plug your phone into the charger, or make sure you have enough charge to complete the process.
2. Take a moment to back-up the phone. iTunes or iCloud make this easy.
3. Go to SETTINGS > GENERAL > RESET
4. Press ERASE ALL CONTENT AND SETTINGS. Press CONFIRM.
5. (Optional) Press all the other RESETS.
6. Double-check to make sure all your data has gone to the bit-bucket in the sky.

Enjoy your new phone!

Read More

How Law Enforcement Can Watch Tweets in Real-time

BlueJay, the "Law Enforcement Twitter Crime Scanner," provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth and #protest (yes, those are real examples) in their communities. 

BlueJay is the product of BrightPlanet, whose tagline is "Deep Web Intelligence" and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.

BlueJay allows users to enter a set of Twitter accounts, keywords and locations to scan for within 25-mile geofences (BlueJay users can create up to five such fences), then it returns all matching tweets in real-time. If the tweets come with GPS locations, they are plotted on a map. The product can also export databases of up to 100,000 matching tweets at a time. (more)

Read More

New Mobile Survey Reveals 41% of Employees Are Deliberately Leaking Confidential Data

Congratulations and condolences to the nation’s CIOs for being responsible for data security. 

There’s now more job security but now there’s less information security too. Because, according to a new survey from uSamp, 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices.

Welcome to the mobile workplace. It’s less secure and loaded with risk.

And, according to the research, the estimated annual cost to remedy the data loss is about $1.8 billion. So what’s a CIO to do? On the one hand, it’s her job to help employees remain productive, but it’s also her job to secure the company’s confidential information.

Six IT experts were asked about their take on the matter, here are their suggestions... (more)

Read More

"Secure" Integrated Circuit Chip Salami'ed into Spilling Secrets

A technique has been developed to bypass elaborate physical protections and siphon data off the most secure chips potentially including those used to protect military secrets.

The proof-of-concept technique demonstrated by researchers at Berlin's Technical University and security consultancy IOActive was successfully applied to a low-security Atmel chip commonly used in TiVo video recording devices. But the research team found that their complex and expensive attack could be applied to successfully pry data from highly-secure chips.

The attack used a polishing machine to mill down the silicon on the target chip until it was 30 micrometers thin.

The chip was then placed under a laser microscope fitted with an infrared camera to observe heat emanating from where encryption algorithms were running.

A focused ion-beam was then shot at the chip which dug a series of two micrometer -deep trenches in which wiretap probes were inserted.

Together, the elaborate techniques if bolstered by the use of more expensive equipment not available to the researchers could potentially bypass the most advanced chip security mechanisms. (more)

Read More

SpyCam Nails Airline Baggage Handlers at JFK

Seven baggage handlers at JFK Airport were arrested Wednesday for allegedly stealing thousand of dollars in items from checked baggage.

After receiving customer complaints of missing items, Israeli airline EL AL installed a camera in the belly of one of their 747 jets.

Over a five month period they caught seven employees - often wearing gloves - rifling through passenger's suitcases and stuffing luxury items in their pockets and down their pants. (more)

Read More

Sports Spying - Italian Football

Italy - In a frankly bizarre twist, Sampdoria caught a Genoa scout dressed in camouflage gear spying on their training ahead of Sunday’s derby.

The two local rivals will face off at Marassi on Sunday.

It seems Genoa were hoping to gain an advantage, but were left red-faced when Primavera youth team goalkeeping Coach Luca De Prà was caught spying on Samp’s training session.

It was Sampdoria who revealed the strange story with a statement on their official website and photograph of the man dressed in full camouflage gear to hide in the bushes outside the Bogliasco camp. (more)

Read More

Wizard of Id... More True than They Know

Read More

Alps Slayings Could be Linked to Industrial Espionage - Prosecutor

French authorities said Friday they were investigating the possibility that the British family shot dead while on holidays in the Alps a year ago was executed over industrial espionage. (more)

Read More

The US classification system

(Updated: October 12, 2013)

Top Level Telecommunications often involve information that has to be kept secret. To ensure that, governments have systems to protect sensitive information by classifying it, which is best known from document markings like "Top Secret".

Here we'll explain the classification system of the United States, which is far more complex than most people think, also because it's one of the world's biggest secrecy systems. In 2012 almost 5 million (!) people in the US had a clearance for access to classified information.*

The deeper parts of this classification system are classified, but some new details and codewords have been revealed in documents from the recent Snowden-leaks.

Classification markings

All documents that contain classified information, whether digital or hard copy, have to be marked with the appropriate markings. These are shown in the classification or banner line, which is shown at the top and bottom of every document and usually has three parts, separated by double slashes:

Classification level // SCI or SAP compartment // Dissemination marking

An example of such a classification line would be:

TOP SECRET//COMINT//NOFORN

Additionally, all sections of a document should have a portion marking, which is an abbreviation of the full classification line. Below, the abbreviations for these portion markings are shown in brackets.

When a document contains joint or Foreign Government Information (FGI), the necessary markings are shown in a separate part of the classification line. Finally declassification instructions can be added. These markings will not be discussed here.

The meaning of abbreviations and codewords can be found in the separate listing of Abbreviations and Acronyms and the listing of Nicknames and Codewords.


Classification levels

The United States government classifies information according to the degree which the unauthorized disclosure would damage national security. Like many other countries, the US has three classifications levels. From the highest to the lowest level these are:

- TOP SECRET (TS, color code: orange)
- SECRET (S, color code: red)
- CONFIDENTIAL (C, color code: blue)

Government documents that do not have a classification can be marked as:
- UNCLASSIFIED (U, color code: green)


With 1.4 million people having a Top Secret clearance, it's more than clear that additional measures are needed to protect the more sensitive information. Therefore, that information is put in separated compartments, only accessible for those people who have the 'need-to-know'.

This system is called Sensitive Compartmented Information (SCI) for intelligence information, while other highly secret and sensitive information is protected by a Special Access Program (SAP). Both sub-systems will be explained below.


SCI compartments

Sensitive Compartmented Information (SCI) is a system to protect national intelligence information concerning sources and methods, and is divided into control systems and compartments, which are further subdivided in subcontrol systems and subcompartments. These systems and compartments are usually identified by a classified codeword, some of which were leaked or have been declassified. In total, there may be between 100 and 300 SCI compartments and subcompartments, grouped into about two dozen control systems.

Known and supposed SCI control systems are:
- COMINT or Special Intelligence (SI)
- TALENT KEYHOLE (TK)
- HUMINT Control System (HCS)
- KLONDIKE (KDK)
- RESERVE (RSV, since 2005)
- BYEMAN (BYE or B, defunct since 2005)
- Special Navy Control Program (SNCP)
- VERDANT (VER)
- PANGRAM (PM)
- MEDITATE (M)
- SPECTRE
- LOMA
- ? (GG)
- ? (CRU)
- AZURE BLUE (AB)
- STELLARWIND (STLW, since 2001)
- RAGTIME (RT, since 2001)

In a classification line this is shown like: TOP SECRET//SI

Multiple control systems are shown like: TOP SECRET//SI/TK


COMINT (SI)
This control system is for communications intercepts or Signals Intelligence and contains various sub-control systems and compartments, which are identified by an abbreviation or a codeword. In a classification line they follow COMINT or SI, connected by a hyphen.

Known COMINT sub-control systems are:
- Very Restricted Knowledge (VRK)
- Exceptionally Controlled Information (ECI)
- GAMMA (G)
- DELTA (D, now defunct)
- UMBRA (defunct)

In a classification line this is shown like: TOP SECRET//SI-ECI


Very Restricted Knowledge (VRK)
This sub-control system of SI contains compartments, which have an identifier of apparently three alpha numeric characters.

In a classification line this is shown like: TOP SECRET//SI-VRK 11A *


Exceptionally Controlled Information (ECI)
This sub-control system of SI contains compartments, which are identified by a classified codeword. In the classification line there's a three-letter abbreviation of this codeword.

Recently disclosed codewords for ECI compartments are:
- AMBULANT (AMB), APERIODIC, AUNTIE, PAINTEDEAGLE, PAWLEYS, PENDLETON, PIEDMONT, PICARESQUE (PIQ) and PITCHFORD. There's also an undisclosed codeword which has the abbreviation RGT.

In a classification line this is shown like: TOP SECRET//SI-ECI PIQ

Multiple compartments are shown like: TOP SECRET//SI-ECI PIQ-ECI AMB


GAMMA (G)
This sub-control system of SI is for highly sensitive communication intercepts and contains compartments, which are identified by a codeword or an identifier of four alphabetic characters.

Some former GAMMA compartments were:
- GABE, GANT, GILT, GOAT, GUPY, GYRO and GOUT

In a classification line this is shown like: TOP SECRET//SI-G GUPY

Multiple compartments are shown like: TOP SECRET//SI-G GUPY GYRO


TALENT KEYHOLE (TK)
This control system is for products of overhead collection systems, such as satellites and reconnaissance aircraft, and contains compartments, which are identified by a classified codeword.
The original TALENT compartment was created in the mid-1950s for the U-2. In 1960, it was broadened to cover all national aerial reconnaissance and the KEYHOLE compartment was created for satellite intelligence.

Some former TK subcompartments were:
- CHESS, RUFF and ZARF

In a classification line this is shown like: TOP SECRET//TK-ZARF


RESERVE (RSV)
This control system is for compartments protecting new sources and methods during the research, development, and acquisition process done by the National Reconnaissance Office (NRO). Compartments within RESERVE have an identifier of three alpha numeric characters.* There are no actual examples.

In a classification line this is shown like: TOP SECRET//RSV-XXX


KLONDIKE (KDK)
This control system is for geospational intelligence (GEOINT) and contains compartments with identifiers of up to six alpha numeric characters.* There are no actual examples.

In a classification line this is shown like: TOP SECRET//KDK-XXXXXX


? (GG)
This control system is for information derived from Measurement and Signature Intelligence (MASINT) and is identified by a codeword that is still classified. It's only known by the abbreviation.*


? (CRU)
This control system is identified by a codeword that is still classified and is only known by the abbreviation which was accidentally revealed in 2009.* It's related to highly secret CIA programs.

A compartment of CRU seems to be:
- GREYSTONE (GST)

In a classification line this is shown like: TOP SECRET//CRU-GST


GREYSTONE (GST)
This compartment is for information about the extraordinary rendition, interrogation and counter-terrorism programs, which the CIA established after the 9/11 attacks. It contains more than a dozen sub-compartments, which are identified by numeric characters.*

In a classification line this is shown like: TOP SECRET//CRU-GST 001


SAP compartments

Special Access Programs (SAP) are created to control access, distribution, and protection of particularly sensitive information. Each SAP is identified by a nickname which consists of two unassociated, unclassified words or a single classified codeword. Such an identifier is abbreviated in a two or three-character designator.

There are apparently over 100 SAPs, with many having numerous compartments and sub-compartments. The classification line for SAP information shows the words SPECIAL ACCESS REQUIRED (SAR), followed by the program nickname or codeword. Examples of program nicknames are BUTTER POPCORN, MEDIAN BELL, SENIOR ICE and SODA.

In a classification line this is shown like: TOP SECRET//SAR-MEDIAN BELL

Multiple SAP's are shown like: TOP SECRET//SAR-MB/SAR-SD


SAP sub-compartments
Subcompartments of SAPs are separated by spaces and they are listed in ascending alphabetic and numeric order. The classification markings do not show the hierarchy beyond the sub-compartment level. Sub-sub-compartments are listed in the same manner as sub-compartments.

In a classification line this is shown like: TOP SECRET//SAR-MB A691 D722


Dissemination markings

Dissemination markings or caveats are used to restrict the dissemination of information within only those people who have the appropriate clearance level and the need to know the information. Dissemination markings can also be used to control information which is unclassified. Some markings are used by multiple agencies, others are restricted to use by one agency.

Markings used by multiple agencies:
- FOR OFFICIAL USE ONLY (FOUO)
- SENSITIVE INFORMATION (SINFO, defunct since 2002)
- LAW ENFORCEMENT SENSITIVE (LES)

Intelligence community markings:
- ORIGINATOR CONTROLLED (ORCON) (OC)
- CONTROLLED IMAGERY (IMCON) (IMC)
- SOURCES AND METHODS INFORMATION (SAMI, defunct since 2009)
- NO FOREIGN NATIONALS (NOFORN) (NF)
- PROPRIETARY INFORMATION (PROPIN) (PR)
- AUTHORIZED FOR RELEASE TO (REL TO) [country/coalition designator]
- Releasable by Information Disclosure Official (RELIDO)
- Foreign Intelligence Surveillance Act (FISA)
- DISPLAY ONLY

National Security Agency (NSA) markings:
- [country trigraph] EYES ONLY

NSA also used SIGINT Exchange Designators, which were gradually replaced by the 'REL TO [...]' marking. Some former SIGINT Exchange Designators were:
- FRONTO
- KEYRUT
- SEABOOT
- SETTEE

National Geospatial intelligence Agency (NGA) markings:
- LIMITED DISTRIBUTION (LIMDIS) (DS)
- RISK SENSITIVE (RSEN)

Department of Defense (DoD) markings:
- NC2-ESI
- SPECIAL CATEGORY (SPECAT, defunct since 2010)

Department of Homeland Security (DHS) markings:
- SPECIAL SECURITY INFORMATION (SSI)

State Department (DoS) markings:
- EXCLUSIVE DISTRIBUTION (EXDIS) (XD)
- NO DISTRIBUTION (NODIS) (ND)
- SENSITIVE BUT UNCLASSIFIED (SBU)
- SBU NOFORN

Drug Enforcement Administration (DEA) markings:
- DEA SENSITIVE (DSEN)

Nuclear weapons related markings:
- RESTRICTED DATA (RD)
- FORMERLY RESTRICTED DATA (FRD)
- DOD UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION (DCNI)
- DOE UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION (UCNI)
- TRANSCLASSIFIED FOREIGN NUCLEAR INFORMATION (TFNI)

In a classification line this is shown like: SECRET//SI//ORCON

Multiple markings are shown like: SECRET//SI//ORCON/NOFORN


Nuclear weapons related markings
The markings Restricted Data (RD) and Former Restricted Data (FRD) are used by the Department of Defense and the Department of Energy for information about design and operation of nuclear warheads. Both can have the following two additional sub-markings:

- CRITICAL NUCLEAR WEAPON DESIGN INFORMATION (CNWDI)
- SIGMA (SG, followed by a number between 1 and 20)

In a classification line this is shown like: SECRET//RD-CNWDI

Multiple SIGMA markings are shown like: SECRET//RD-SIGMA 2 4


Internal markings
Some intelligence agencies also use internal markings, indicating that information may not be released or shown to anyone outside that particular agency without proper permission. Internal markings are shown after the dissemination markings at the very end of a classification line.

Central Intelligence Agency (CIA) internal markings:*
- CIA INTERNAL USE ONLY

National Security Agency (NSA) internal markings:
These markings are used to identify a COI or CoI, which stands for Community Of Interest. Recently disclosed COI identifiers are:
- BULLRUN
- ENDUE
- NOCON

In a classification line this is shown like: TOP SECRET//SI//NOFORN/BULLRUN


In order to prevent codewords being assigned twice, the Controlled Access Program Coordination Office (CAPCO) lists all codenames and authorized abbreviations of Sensitive Compartmented Information and Special Access Programs in the Authorized Classification and Control Markings Register or CAPCO list.


Links and Sources

- Wikipedia articles:
  - Classified information in the United States
  - Sensitive Compartmented Information
  - Special access program
- The 2010 Project BULLRUN Classification Guide
- The 2009 Intelligence Community Classification and Control Markings Implementation Manual (pdf)
- The 2008 DNI Authorized Classification and Control Markings Register (pdf)
- The 2004 listing of Country Code Trigraphs and Coalition Tetragraphs (pdf)
- Article about Security Clearances and Classifications
- Some notes about Sensitive Compartmented Information
- About The 5 secret code words that define our era
- Marc Ambinder & D.B. Grady, Deep State, Inside the Government Secrecy Industry, 2013, p. 164-167.

Read More

School v. Students - Monitoring Social Media for Anti-Social Behavior

Authorities in California are now snooping on school students’ social media postings to catch law-breaking, bullying and other harmful activities. But parents worry the move is yet another example of Big Brother prying into ordinary Americans’ lives.

Glendale Unified School District, the third-largest in Los Angeles County, has paid Geo Listening Company over $40,000 to follow its students on social media networks. The stated aim is to prevent law-breaking, bullying and doing harm to themselves and others.

Under the scheme, the online activities of Glendale’s 13,000 middle-school and high-school students are closely monitored. (more)

Read More

Sometimes the Bird Really is a Spy

Over the past few years there have been a flock of spy stories about birds, the latest being a stork in Egypt. He was interrogated and let go, only to be found dead two days later. "...a wildlife organization claiming that it was 'eaten by local villagers.'" (more)

This story is different. Some birds do spy.

The John Downer Productions team created a set of highly realistic robotic penguins to spy on living birds for a recent BBC documentary. Some penguins are timid around humans, and may flee when a normal camera team approaches. So, these robots allow scientists and filmmakers to get up close with the colony and capture intimate details of day to day life in a penguin colony. 

The robots are more than simple spycams. They can:
• Remember the identities of individual penguins based on their patterns of spots.
• Get blown over and right themselves.
• Fall off a ledge without breaking.
• And even carry “egg-cams” to drop off at strategic locations (more)

Read More

Business Espionage: BMW Accused of Spying on Paris Electric Car-Share Company

The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars. 

The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.

BMW denied any wrongdoing...

The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars.

The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.

BMW denied any wrongdoing.

Read More

How to Check an iPhone for Spyware

a tip via Techlicious...
"The best way to detect if your iPhone has been hacked is to download an app like Lookout that tells you whether your phone has been "jailbroken". 

If the answer is yes (and you didn't jailbreak it), there's a good chance your suspected spy did. 

To remove an iPhone hack, simply update to the latest version of iOS. And to protect against future hacks, make sure that your phone is password protected so no one can get physical access to jailbreak it again...

Once you clear the hack, reset all of your passwords for social accounts and iCloud to prevent other means of spying on you."

Read More

The New York Times Quote of the Day :)

QUOTATION OF THE DAY

"This is the golden age of spying."

PAUL KOCHER, a cryptographer, on the National Security Agency's ability to circumvent encryption systems in gathering private Internet information.

Read More

IT Industry Admits ‘Losing Battle’ Against State-Backed Attacks

More than half of senior IT security professionals believe the industry is losing the battle against state-sponsored attacks, according to a survey.

Nearly 200 senior IT security professionals were surveyed by Lieberman Software Corporation at the Black Hat USA 2013 conference in Las Vegas, with 58 per cent of saying they believe the profession is losing the battle against state-sponsored attacks.

And 74 per cent of respondents were not even confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, while 96 per cent believe that the hacking landscape is going to get worse over time. (more)

FutureWatch: Look for a migration of sensitive information away from Internet connectivity, followed by a rise in traditional espionage techniques. This shift will amplify the need for traditional security countermeasures, such as TSCM.

Read More

An NSA eavesdropping case study

(Updated: September 28, 2013)

On September 1, the popular Brazilian television news magazine Fantástico reported about an NSA operation for wiretapping the communications of the presidents of Mexico and Brazil. Fantástico is part of the Globo network, which already disclosed various top secret NSA presentations last July.

Now, the Brazilian magazine showed some new top secret NSA documents, like a powerpoint presentation about the eavesdropping operation, which were all among the thousands of documents which Edward Snowden gave to Guardian journalist Glenn Greenwald in June.

Fantástico also published the slides on their website, but as that's only in portuguese, we show these slides too, because they give a nice graphical insight in how the NSA intercepts foreign communications.

The Fantástico news magazine started showing a cover sheet of a presentation which bears the logo of the SIGDEV Strategy and Governance division of the NSA, where SIGDEV stands for SIGINT Development. However, it's not quite clear whether this division is also responsible for the eavesdropping operation which is shown below.

The presentation was prepared in June 2012 by a hitherto unknown division of the NSA, which is still only known by the abbreviation SATC. The Fantástico website says this stands for "Secure and Trustworthy Cyberspace" (SaTC), but that's actually a program of the US National Science Foundation. Brazilian television briefly showed the name of the author of the presentation, but here we blacked that out.

This slide shows the overall classification level of the presentation: TOP SECRET // COMINT // REL TO USA, AUS, CAN, GBR, NZL. This means the information is Top Secret, contained in the COMINT (Communications Intelligence) control system and is only to be released to the US and it's "Five Eyes" or UKUSA partners: the UK, Canada, Australia and New Zealand.


The presentation starts with two slides, showing the benefits of searching for contacts by using graphs:

The next three slides show some more details of the specific elements of the process:

The Mexican target

The first target of the operation was the then Mexican candidate for the presidency, Enrique Peña Nieto. The information was analysed by NSA unit S2C41 which is the Mexican Leadership Team and is also part of the S2C production line for International Security.

This slide shows the process of searching for contacts and communications of the mexican president:

1. Selectors, like known e-mail adresses or phone numbers related to EPN (Enrique Peña Nieto) are used as seeds to start the process.

2. The initial seeds lead to 2-hop graphs, apparently based upon metadata which are in the databases mentioned below the graph: MAINWAY is the NSA's database of bulk phone metadata, CIMBRI is seen here for the first time, and could be another kind of metadata database. JEMA probably stands for Joint Enterprise Modeling and Analytics, which is a tool that allows analysts to create more complex analytic scenarios.

3. Next, addresses discovered by creating the contact graphs can act as selectors for collecting SMS messages. For this the MAINWAY database is used too, just like ASSOCIATION, which, according to the Fantástico website, filters text messages (SMS) to mobile phones.

4. Finally, these messages go to DISHFIRE, which is NSA's database for text messages and can be searched for certain keywords.

This slide shows two "interesting messages", proving that content of text messages was collected. In the two quoted passages, the Mexican presidential candidate Enrique Peña Nieto is in discussion with some of the designated ministers of his future government. Parts of the messages are blacked out by Brazilian media.


The Brazilian target

The second target of the operation were the Brazilian president Dilma Rousseff and her key advisers. The information was analysed by NSA unit S2C42 which is focussed on the Brazilian leadership. This unit is part of the NSA's S2C production line for International Security.

This slide shows the process of searching for contacts and communications of the Brazilian president. The intelligence gathering starts with a few DNI Selectors (like e-mail or IP addresses) which act as seeds growing into a 2-hop contact graph. This graph shows all the addresses which had 2-hop or 2-step contacts with the original seed addresses.

Below the graph is the word SCIMITAR, seen here for the first time, which could be a tool to create such contact graphs, or maybe a database containing metadata from which these contacts can be derived.

From the 2-hop contact graph NSA apparently discovered new selectors (e-mail or IP addresses) associated with the Brazilian president and her advisers. Another slide, which was not published, is said to show all the names associated with the colored dots in this graph.

The presentation concludes that there was a successful cooperation between the mysterious unit SATC and the Latin American units from the S2C International Security division. This led to a successful implementation of contact filtering by using graphs, resulting in the interception of communications of high-profile, security-savvy Brazilian and Mexican targets.


This presentation gives insight in a specific eavesdropping operation, but also gives a good idea of how NSA is collecting information from the internet in general, for example through PRISM and various other programs which gather data from internet backbone cables.

Allthough the presentation is clarifying, it could also have been published without mentioning the specific targets involved. Showing that this operation targeted the presidents of Mexico and Brazil did not serve a public interest, but unnecessarily damaged the relationship between the United States and both countries.

Glenn Greenwald seemed to justify the publication by saying that the presentation proved that NSA was also intercepting the content of phone calls and e-mail messages. After earlier disclosures, the US had said that they only collect bulk metadata from Brazil and no content. But of course this statement only applied to ordinary citizens, as eavesdropping on foreign political and military leaders is generally considered to be a legal activity of (signals) intelligence agencies.

Greenwald, who lives in Rio de Janeiro, also said that "most of the spying they [= the US] do does not have anything to do with national security, it is to obtain an unfair advantage over other nations in their industrial and commerce economic agreements". But with this motive he also acts more in the national interest of Brazil, or at least like an activist, than as a journalist working for the public interest.

(Updated by rearranging the slide order and some related minor corrections - see the comment below)


Links and Sources
- Globo.com: Documentos revelam esquema de agência dos EUA para espionar Dilma
- Cryptome.org: Translation in English
- The slides with Portuguese description: Veja os documentos ultrassecretos que comprovam espionagem a Dilma
- Bloomberg.com: U.S. Spied on Presidents of Brazil and Mexico, Globo Reports

Read More