Tuesday February 25, 2020
Home Lead Story US Cyber Spie...

US Cyber Spies Unmasks Identities of Citizens who in Contact with Foreign Intelligence Targets

Alex Joel, a DNI official, said it was likely that the higher number of U.S. persons unmasked last year was inflated by names of victims of malicious cyber activity

0
//
cyber spies, identities
FILE - A man types on a computer keyboard in this illustration, Feb. 28, 2013. VOA

U.S. cyber spies last year unmasked the identities of nearly 17,000 U.S. citizens or residents who were in contact with foreign intelligence targets, a sharp increase from previous years attributed partly to hacking and other malicious cyber activity, according to a U.S. government report released on Tuesday.

The unmasking of American citizens’ identities swept up in U.S. electronic espionage became a sensitive issue after U.S. government spying on communications traffic expanded sharply following the Sept. 11, 2001 attacks and started sweeping up Americans’ data.

The report by the U.S. Director of National Intelligence (DNI) said that in 2018 cyber spies at the National Security Agency (NSA) unmasked the identities of 16,721 “U.S. persons,” compared to 9,529 unmaskings in 2017 and 9,217 between September 2015 and August 2016.

cyber spies, identities
U.S. person used by spy agencies includes actual individuals, email addresses and internet protocol (IP) addresses. Pixabay

According to U.S. intelligence rules, when the NSA intercepts messages in which one or more participants are U.S. citizens or residents, the agency is supposed to black out American names. But the names can be unmasked upon request of intelligence officers and higher-ranking government officials, including presidential appointees.

Alex Joel, a DNI official, said it was likely that the higher number of U.S. persons unmasked last year was inflated by names of victims of malicious cyber activity. Another official said the definition of U.S. person used by spy agencies includes actual individuals, email addresses and internet protocol (IP) addresses.

The expanded collection of data that affected Americans was exposed by whistleblowers like former NSA contractor Edward Snowden, prompting politicians and the public to demand greater accountability.

cyber spies, identities
The report says that the number of “non-US persons” targeted by the U.S. for foreign intelligence surveillance rose to 164,770 in calendar year 2018 compared to 129,080 the year before. Pixabay

Annual reports on the extent of NSA and other government electronic surveillance were one notable reform. NSA’s operations historically were so secretive that agency employees joked its initials stood for “No Such Agency.”

ALSO READ: Apple Envisions to Launch Apple TV+ Streaming Service

Not long after President Donald Trump took office, Devin Nunes, the Republican who then chaired the House Intelligence Committee, touched off a political flap by claiming intercepted messages involving members of Trump’s transition team had been unmasked at the direction of top Obama administration officials.

The report says that the number of “non-US persons” targeted by the U.S. for foreign intelligence surveillance rose to 164,770 in calendar year 2018 compared to 129,080 the year before. The report adds that not a single FBI investigation was opened on U.S. persons based on NSA surveillance in either 2017 or 2018. (VOA)

Next Story

Vulnerability in 4G May Help Hackers To Impersonate You: Researchers

For a successful attack, the attacker must be in the vicinity of the victim's mobile phone, said the researchers

0
Attacker
An attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator. Pixabay

Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.

The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.

For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.

“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.

Only changing the hardware design would mitigate the threat. The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.

“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.

The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.

However, it is possible to modify the exchanged data packets. “We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht. By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.

Hackers
Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity. Pixabay

They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.

The researchers from Bochum used so-called software-defined radios for the attacks. These devices enable them to relay the communication between mobile phone and base station. Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.

ALSO READ: India’s Cooperation With Russia For AI Innovation May Reach Level of Strategic Sector Soon

For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. (IANS)