> One classified document shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google.
This is real-time surveillance of website visitors & search terms to websites that governments don't like. I'm guessing it wouldn't take much for them to correlate those visitors to IP addresses, cookies, device IDs and cell tower signals to pinpoint people in real time too?
Knock knock
Who is it?
It's the police. We know you're browsing Wikileaks right now.
Edit: Looks like GCHQ's "ANTICRISIS GIRL" [0], the tool used to monitor Wikileaks visitors in real time, was based on Piwik [1]
Ok. The GCHQ affair is making me go crazy, since as soon as i read
>ANTICRISIS GIRL
my brain came to a screeching halt, because I GET THE REFERENCE!
I am possibly the only person on HN go get it, because it is unlikely that anybody else here is a fanatic adherent of the Eurovision Song Contest.
The 2009 entry of Ukraine by Svetlana Loboda is called "Be My Valentine! (Anti-crisis Girl)" and here is a link[1].
WARNING: While not strictly NSFW, that video has a half-naked woman yelling "you are sexy bum", background dancers that can only be described as sex-legionaries and a catchy tune. She starts repeatedly screaming "anti-crisis girl" at about 2:30.
Now back to meaningful discussion about total global surveillance.
Your observation is spot on. The people doing the work for GCHQ and the NSA are just like us. They are geeks and technologists. They are probably members of hacker news.
This is the most believable part of the fantastic film Enemy of the State - the geeks in the van doing the work.
>The people doing the work for GCHQ and the NSA are just like us.
That's the scariest part: it's the banality of evil, updated for the XXI century. Would you turn down a safe and well-paid government job? Would you be a contractor building the Death Star?
You could always take the job and then build a tiny vulnerability into the exhaust ports. It'd be incredibly difficult for anybody to take advantage of such a vulnerability, so you'd probably get away with it.
I turn them down in the sense that I have ruled out ever applying for those jobs. I've had enough angst when I thought my guild leadership in WoW was making unfair decisions, there is no way I could live with myself if I worked for one of these agencies.
The Death Star job would be almost impossible to turn down; space, lasers and stuff... but nope, working conditions suck, especially the boss who's a SERIOUS asshole.
Good catch. I feel slightly uncomfortable when individuals engage in too much superhero / I'm the One fantasy. Just a wee bit too much adrenaline and dopamine sometimes.
I sincerely hope GCHQ don't have superhero costume parties. Even if they think they're something like The Justice League.
It's "funny" how our western system hypocritically decries censorship in China, North Korea et al. when we do the exact same thing, just in a little bit more hidden/less detectable way.
Parent comment wasn't comparing UK to NK. Just pointing out that my Prime Minister has spoken in a luke warm sort of way about human rights in China and in a slightly more vigourous way about human rights in NK while knowing all the time that GCHQ were carrying out very detailed observation of oppositional Web sites. My perception was that the parent post was more about the hypocrisy of our political leaders than the UK being a totalitarian country.
I agree that any suggestion that the UK is similar to NK is absurd. However, George Orwell did once point out that a revolution and the subsequent imposition of terror in the UK would actually be very easy to do within our legal system...
He is talking solely about how the governments treat internet users, so your comment makes as little sense as me mentioning that the British empire killed far more innocent people than NK ever did.
Most NK residents don't have any access. The ones that do have very heavily filtered Internet access. North Koreans who watch a prohibited tv show are executed or repeatedly raped while in prison or starved while in prison.
Comparin the treatment of North Korean Internet users to the treatment of UK Internet users is obscene.
It dilutes the actual point: UK government should not monitor the activities of its citizens without judicial oversight and very narrow reasons. That is an abuse of human rights and it is justifiably something to get angry about. But comparing "monitoring what people send to a website that distributes state secrets" with "forcing a woman to drown her new born baby in a bucket because she read the wrong book" is sub-optimal.
If it was GPL you might be able to argue that they violated the derivatives clause. I doubt it would help since this is top secret intel work and I'm sure they have legal loop holes that essentially allow them to ignore things as trivial as copyright when it suits them.
Seeing as they talk about the pirate bay as an example of a target I would suspect they care A LOT about copyright issues and would do anything in their power to distribute their source code for the greater good.
A less paranoid interpretation is to recognise that governments think that releasing secret documents poses a risk to the security of the country and so the government security agencies will want to know who is providing information to, not consuming information from, Wikileaks.
I'm sure this rationale could be used to justify targeting the Pirate Bay, too. And dropbox/file sharing services. And webmail services. Google docs and similar services. Blogs. (...)
I wonder what Merkel and Hollande's new "European Internet" will do to stop GCHQ from tapping the cables like they do now and then just hand over the info to US.
I'm not sure, but the fact that they want to 'do something' indicates a reaction to the status quo.
In the UK, we have a sort of passive acceptance of high levels of surveillance of the home population going back to the Northern Ireland Emergency starting 1968. It will need a lot to move the politicians away from that.
>Illustrating how far afield the NSA deviates from its self-proclaimed focus on terrorism and national security, the documents reveal that the agency considered using its sweeping surveillance system against Pirate Bay, which has been accused of facilitating copyright violations. The agency also approved surveillance of the foreign “branches” of hacktivist groups, mentioning Anonymous by name.
Good to know that the NSA is on top of that Pirate Bay threat! I was worried for a little bit. Good thing they're keeping tabs on script kiddies too. And of course WikiLeaks; that's just information terrorism. Better go ahead and classify them all as malicious foreign actors:
>any communication with a group designated as a “malicious foreign actor,” such as WikiLeaks and Anonymous, would be considered fair game for surveillance.
>When NSA officials are asked in the document if WikiLeaks or Pirate Bay could be designated as “malicious foreign actors,” the reply is inconclusive: “Let us get back to you.” There is no indication of whether either group was ever designated or targeted in such a way.
Knowing Greenwald, I've got a suspicion that he already knows the answer to that question. Gonna go grab some popcorn. Y'all want anything from the concession stand?
EDIT:
Notice of course that it doesn't really matter if the NSA classifies any of them as malicious foreign actors or not. They can always count on the GCHQ to scrape up US citizens' data for them:
Now we know what we've speculated darkly about all long: the NSA and GCHQ actively track users who visit sites they don't like.
Presumably your visit to The Intercept and First Look are similarly tracked and correlated with your other online and offline activity.
I for one will visit this site and open every linked document from each IP I have access to. These tactics of mass surveillance and intimidation must be resisted.
Launch a bunch of t1.micros or tiny dockers or something and have them constantly curl or wget all the links. Setup a spot request with an autoscale script which will constant request spot instances from the cheapest zone where they are spawned and curl/wget to dev null then die and get a new spot spawn.
Well, if they already have most of that data (ip/connection metadata from backbone isps) -- and the provider/target site is small enough that traffic analysis is enough to defeat the vpn -- all bets are off anyway. This is a basic problem with VPNs -- you need to assume all data going in and out is logged -- if you're the only one visiting omghowcanimakebombsforeal.com at any given hundreds of a second -- then you're pretty much done for.
I don't know about you guys, but these two quotes together with the events in the life of Assange seems to paint some picture.
According to the Post, officials “realized that they have what they described as a ‘New York Times problem’” – namely, that any theory used to bring charges against Assange would also result in criminal liability for the Times, The Guardian, and other papers which also published secret documents provided to WikiLeaks.
USA [...] urged other nations with forces in Afghanistan [...] to consider filing criminal charges against J.A. [...] focus the legal elements of national power upon non-state actor Assange, and the human network that supports Wikileaks (from https://prod01-cdn02.cdn.firstlook.org/wp-uploads/2014/02/as...)
Not that this came as a surprise for people who read things outside NYT.
Not directly related to the article, but more to the issue at large: One thing many people fail to realize is that humans can be terribly, terribly corrupt. There are those among us who, without a drop of guilt or compassion, would take the life of another. Given the means, we are capable of carrying out some heinous acts. Many believe that there is some moral or ethical boundary that these spy agencies will not cross. That given all the information that's been leaked, all the lies that've been exposed, there is still an area of corrupt behavior that is off-limits.
I have no doubt in my mind that there are those within these agencies that have abused their access to information for political, financial, and personal benefit, eg insider trading, selling damaging information to political candidates, suppressing journalists, etc. I'm not sure if it'll ever be brought to the public light, but I'm certain it's happened and is happening. The stuff that we read about is peanuts.
I think this is something that Hollywood movies such as Enemy of the State promotes. So that when it does come out non of us are surprised it really exists. We should just make sure that our lack of surprise doesn't turn into disinterest and apathy.
The proportion of sociopaths is usually estimated to be at least around 1%, so that's almost 70 million potential guilt-free killers out there, 3 million of them American.
I find it really interesting that a huge number of GCHQ internal training documents, giving away an awful lot about their operations and systems, was available on demand with no logging to poorly vetted contractors at US sites. They don't even know what he took. Contractors like Booz Allen Hamilton are a huge, soft target with a constantly changing roster of workers.
That lack of any significant firewall between the allies, combined with a huge army of contractors in the US with top secret access, means China/Russia etc have probably had access to this information for years, if not decades, and could feed CGHQ and the NSA misinformation at will, because they'll know exactly what their capabilities and aspirations are.
These findings illustrate the difference between surveillance and a surveillance state. The GCHG and by relation the NSA had plenty of information about who visited or donated to Wikileaks, but did not act on any of that information [1]. These documents could easily be construed as a vote of confidence for the agencies in question. People love to throw around the phrase "Orwellian" these days, but his seminal work does not appear to be relevant here. We all know that the government could be surveilling us at any time. We should all be afraid of it taking widespread action based upon that information. This day has not come yet.
The government can listen to what you say and watch what you do all they want. The moment they move from surveilling to censoring, from watching to interfering, the average citizen will come down on them with righteous fury. No one is coming to your door or telling you what lawful websites you can and can't look at or what you can say to people. It's a testament to the strength of our ideals that government agents can tap your phone and hear you say how much you hate them, and yet still not lift a finger against you [1].
Keeping an eye on quasi-legal websites and organizations is the government's job. Using force to harm them is a line that we cannot allow them to cross. There are many, many more documents that have yet to come to light and I'm sure that this community will be the first to point out any serious abuses of power.
Assuming that the government reaction would be to beat down your door is naive. The government knows, as you do, that down that path lies insurrection. Beating down doors and imprisoning dissidents is a crude tool.
There are other tools for influencing individuals and controlling society, much more targeted, silent and insidious.
It's a testament to the strength of our ideals that government agents can tap your phone and hear you say how much you hate them, and yet still not lift a finger against you
Parallel Construction is widely abused (or so it has been reported). So while it may not be about, 'government haters', and they may not be publicly abusing the information collected from wiretapping, it is being abused none the less.
>No one is coming to your door or telling you what lawful websites you can and can't look at or what you can say to people.
Actually they do it all the time. In the EU country I'm from it's a regular occurence -- using surveillance like this to arrest and harass people the government don't like, and it has only been getting worse in the past years.
In what parallel universe do people live, who think that the government does not do such things? Perhaps they are not kept current on stuff that's not on the 9 o clock news, but either appears on the middle pages in newspapers or only registers in smaller circles.
So, as he put it "No one is coming to your door or telling you what lawful websites you can and can't look at or what you can say to people".
Well, the key word here is "lawful".
We have for example cases where people were arrested and tried for merely linking to another website (e.g a news aggregator operator was arrested for the content of a linked news article).
We also have made up charges for people viewing "child pornography". For example one well known activist had such charges made up against him by the police for revenge, AFTER he had testified and provided evidence of police involvment in sexual trafficking.
There are also cases of people arrested for having a blog with religious satire.
We have cases where a advisor to the PM threatens people contributing donations to a certain news site.
Or the same advisor giving the real name of an anonymous (critical to the government) blogger on Twitter.
We had a case (recently) of a politician suing (and getting injunction measures) against a Wikipedia editor, for mentioning a well known fact about him (already published in numerous newspapers and books).
> We all know that the government could be surveilling us at any time. We should all be afraid of it taking widespread action based upon that information.
Now thats positively orwellian. I recommend you read the book first.
Who are you, Jim Hacker[1]? We are to believe that the government is spending millions on collecting information that they are then not going to use? That sounds completely wasteful of tax money.
We also already know that the US do use the information they collect. It is called "background check" and is performed in airports and government job applications. They might not be so open about it that they go and break down peoples door, but is secret files hidden in bunkers better?
Who gave the order to monitor Wikileaks and its visitors? What I'd like to see at the very least is that these agencies get reformed to the point where if we do find out about an abuse of theirs, we can put pressure on the so called "oversight committees" who clearly aren't doing their jobs, to uncover exactly who monitored Wikileaks and who gave the order to do it. And then fire them.
Right now even if there was such a pressure on them, there's probably no way to link to who did it, because NSA and GCHQ seem to be run in a very chaotic way and that's on purpose, so there are no ties for specific operations to anyone.
I guess that bitcoin donation to wikileaks I sent a few years back means I should probably dump my computer's bios and ssd firmware physically out of flash with a logic analyzer and compare it with others of the same model.
I know this guy, let's call him hypothetical Fritz, who was seen talking in public to a WL spokesperson after an event a few years back. I don't know if he should be worried, but from listening to him when he talks of it, I know that he is.
Firefox: browser of choice for neurotic introverts!
(I use Firefox:)
Actually that whole slide deck is interesting. Watch how "Squeaky Dolphin" help us go from "real-time" monitoring of likes on facebook and youtube/blogger views to splunk powered(?)[1] "Battle Damage Assessment Demonstrator - City Activity"...
[1] Slide 26-32. Splunk is namedropped, wonder if NSA are big customers of http://www.splunk.com ? I guess all PR is good PR...
Click through to the actual WaPo article. It isn't exactly a huge endorsement of US press freedom.
The article has a graph showing US press freedom bouncing between sort of OK down to "less than Lithuania" levels over a period of decades. In other words, mediocre levels of press freedom happen regularly in the US. That does not actually contradict the notion that, currently, it sucks.
What Snowden taught us, the lesson we all have now, is that those with that level of internet/computer skills are not citizens of a single country but RATHER citizens of the Internet and its our actions that determine the future of the internet and its freedom.
Piwik works in the same way as Google Analytics and uses an injected JavaScript to report the stats back to the server. If they didn't modify Piwik a lot it means that the script should be visible and the address of the server too.
Just tested, not seeing any suspicious JavaScript tags from inside the UK.
Javascript is only needed for more detailed information about their browser. The analytics appear to collect only header information and the ip address suggesting that they don't require Javascript to be injected.
This is real-time surveillance of website visitors & search terms to websites that governments don't like. I'm guessing it wouldn't take much for them to correlate those visitors to IP addresses, cookies, device IDs and cell tower signals to pinpoint people in real time too?
Knock knock
Who is it?
It's the police. We know you're browsing Wikileaks right now.
Edit: Looks like GCHQ's "ANTICRISIS GIRL" [0], the tool used to monitor Wikileaks visitors in real time, was based on Piwik [1]
[0] https://prod01-cdn01.cdn.firstlook.org/wp-uploads/2014/02/pi...
[1] http://piwik.org/