Jacob Appelbaum: NSA aims for absolute surveillance
There are a multitude of backdoors, monitoring programs and products that already have been and could continue to be compromised by the National Security Agency (NSA).
This is according to Jacob Appelbaum, independent computer security researcher, hacker and core member of the Tor project, speaking during his keynote at the ITWeb Security Summit 2014.
He said the NSA aims to have utter surveillance of everything it wants, and there is no boundary or limit to what it wants to do.
Appelbaum spoke of a NSA program that allows its analysts to search through vast databases containing e-mails, IMs and the browsing histories of millions of people. Called XKeyscore, the program was designed to develop intelligence from the Internet.
He said other systems used by the NSA, called Turmoil and Turbine, are used for what is essentially deep packet inspection and deep packet injection. Turmoil is a passive, deep-packet inspection system that feeds data into another system called Turbine, which releases a number of off-the-shelf or zero-day exploits that are injected into a data stream to compromise a vulnerable machine.
Turmoil and Turbine feed the XKeyscore surveillance database, which is controlled by the NSA. These systems are kitted out with packaged exploits that take advantage of the ability the agency has to be a "man in the middle" at Internet bottlenecks.
He says systems such as these exist, and work because people are kept vulnerable. Another instance of this, he says is the US government's practice of buying vulnerabilities and exploits under non-disclosure agreements that make sure the vulnerabilities will be kept from the specific vendor, and therefore never patched.
We need to reframe the issues so that freedom and openness come first.Jacob Appelbaum
Appelbaum said there are also number of tools used for surveillance not only to exploit endpoints and networks, but to link contacts between targets, maintain persistence and monitor communication such as phone calls, email and Internet surfing and searches.
More open source, free software should be written, and we need to get more people to use it - software written with freedom and security in mind.Jacob Appelbaum
He added that hardware is also vulnerable. "Compromises for server hardware from a number of vendors, such as Cisco, also exist because the NSA tampers with hardware either in shipping or through actual physical access."
The power to change
Appelbaum says we do have the power to change things, largely through encryption, open source, legal reform and anonymity.
"We need to reframe the issues so that freedom and openness come first," he explains. More open source, free software should be written, and we need to get more people to use it - software written with freedom and security in mind.
He says Tor is also an element, as are others such as the GNOME project, FreedomBox and similar. "At the end of the day, what is needed is freedom for everybody, without exception. Obtaining that freedom will mean a push for open standards, free software, legal reform and open hardware."