- PRISM is a classified US government program to collect internet communications from major internet companies like Google and Facebook.
- It was revealed to the public in 2013 after former NSA contractor Edward Snowden leaked classified documents about the program.
- PRISM collects emails, photos, videos, logs of online chats, file transfers and more, with the stated goal of monitoring communications of non-US citizens outside the US.
Digital Anti-Forensics: Emerging trends in data transformation techniquesSeccuris Inc.
This paper explores two questions: What
methods can be used to deceive someone who is
in an investigative role into trusting an object
which has been exploited? What kind of impact
does operating system and application run-time
linking have on live investigations? After
experimenting with dynamic object
dependencies and kernel modules in the UNIX
environment, it is the opinion of the authors that
run-time linking can be exploited to alter the
execution of otherwise trusted objects. This can
be accomplished without having to modify the
objects themselves. If an investigator trusts an
inherently un-trusted object, it can result in the
possible misdirection of a digital investigation.
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and fix it. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information.
The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Digital Anti-Forensics: Emerging trends in data transformation techniquesSeccuris Inc.
This paper explores two questions: What
methods can be used to deceive someone who is
in an investigative role into trusting an object
which has been exploited? What kind of impact
does operating system and application run-time
linking have on live investigations? After
experimenting with dynamic object
dependencies and kernel modules in the UNIX
environment, it is the opinion of the authors that
run-time linking can be exploited to alter the
execution of otherwise trusted objects. This can
be accomplished without having to modify the
objects themselves. If an investigator trusts an
inherently un-trusted object, it can result in the
possible misdirection of a digital investigation.
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and fix it. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information.
The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Security Onion includes best-of-breed free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others. We created and maintain Security
OSINT: Open Source Intelligence gathering 101
Slides from my talk on OSINT. I listed examples in the slides about tools, legal methods for both online and physical information security reconnaissance.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
A college class in Network Security Monitoring at CCSF, based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Course website: https://samsclass.info/50/50_F17.shtml
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
Title: Welcome to the world of Cyber Threat Intelligence!
Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset.
Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu
Deep State Playbook 101: How Globalists Depopulate and Enslave HumanityThe Free School
This publication is about the Deep State and pursues four core objectives. This book:
Defines the notion of the so-called ‘Deep State’;
Outlines 101 tools that the Deep State uses to achieve short-term objectives;
Analyzes the mechanisms that the Deep State uses to pursue its arch objective;
Synthesizes an original diagram that summarizes the Deep State’s modus operandi.
This book is written for those with zero to little knowledge of the ‘Deep State’. It analyzes credible sources that claim a Deep State apparatus exists. Much discussion is cutting-edge. The Deep State’s existence has not mainstreamed in public knowledge during pre- or recorded history.
This book synthesizes the consensus that appears in various public sources. Examples include mainstream and alternative media reports, scholarly publications and institutional documents. Discussions are Western-centric. They focus on power structures in Europe, the Near East (e.g.
Israel) and the United States of America (USA). These are the core locations of Deep State bases.
This book aims to arm readers with the tools required to form their own opinions. Much language in this book unambiguously informs the audience of the author’s informed opinions. May critical readers conduct their own independent research and always draw their own conclusions.
OSINT - Open Source Intelligence by Rohit Srivastwa at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.htm
13 SATANIC BLOODLINES OF THE ILLUMINATI THAT RULE THE WORLD
ROCKEFELLER
ROTHSCHILD
KENNEDY
ASTOR
BUNDY
COLLINS
DuPONT
FREEMAN
LI
ONASSIS
Reynolds
RUSSELL
VAN DUYN
THE MEROVINGIAN
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
Durante l’intervento verranno presentati i cardini del processo di ricerca delle informazioni mediante la consultazione di fonti di pubblico accesso. Sarà illustrata la teoria alla base di questo processo che prevede l’identificazione delle fonti, la selezione e la valutazione del loro contenuto informativo per arrivare infine all’utilizzo stesso dell’informazione estratta. Nella seconda fase della presentazione verranno mostrati i tool e le metodologie per l’estrazione di informazioni mediante l’analisi di documenti, foto, social network e altre fonti spesso trascurate. In ultimo saranno mostrati sistemi in grado di correlare diverse informazioni provenienti dalle fonti aperte e verranno discussi i relativi scenari di utilizzo nonché le possibili contromisure.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
A honeypot is a fictitious vulnerable IT system used for the purpose of being attacked, probed, exploited and compromised
Rasool Irfan - Cyber Security Strategist
According to the NSA, Edward Snowden "fabricated keys" to obtain and exfiltrate top secret information.
Here is how he did it.
Venafi invites the NSA or Edward Snowden to provide more details so enterprises can better secure their most sensitive data and intellectual property.
Snowden as whistleblower - Future of Privacy ForumKathleen Clark
Provides a definition of whistleblowing; examines whether Edward Snowden is a whistleblower; discusses internal and external whistleblowing; draws a parallel between Snowden's audacious act of civil disobedience with the March 8, 1971 break-in of an FBI office in Media, Pennsylvania.
Security Onion includes best-of-breed free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others. We created and maintain Security
OSINT: Open Source Intelligence gathering 101
Slides from my talk on OSINT. I listed examples in the slides about tools, legal methods for both online and physical information security reconnaissance.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
A college class in Network Security Monitoring at CCSF, based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Course website: https://samsclass.info/50/50_F17.shtml
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
Title: Welcome to the world of Cyber Threat Intelligence!
Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset.
Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu
Deep State Playbook 101: How Globalists Depopulate and Enslave HumanityThe Free School
This publication is about the Deep State and pursues four core objectives. This book:
Defines the notion of the so-called ‘Deep State’;
Outlines 101 tools that the Deep State uses to achieve short-term objectives;
Analyzes the mechanisms that the Deep State uses to pursue its arch objective;
Synthesizes an original diagram that summarizes the Deep State’s modus operandi.
This book is written for those with zero to little knowledge of the ‘Deep State’. It analyzes credible sources that claim a Deep State apparatus exists. Much discussion is cutting-edge. The Deep State’s existence has not mainstreamed in public knowledge during pre- or recorded history.
This book synthesizes the consensus that appears in various public sources. Examples include mainstream and alternative media reports, scholarly publications and institutional documents. Discussions are Western-centric. They focus on power structures in Europe, the Near East (e.g.
Israel) and the United States of America (USA). These are the core locations of Deep State bases.
This book aims to arm readers with the tools required to form their own opinions. Much language in this book unambiguously informs the audience of the author’s informed opinions. May critical readers conduct their own independent research and always draw their own conclusions.
OSINT - Open Source Intelligence by Rohit Srivastwa at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.htm
13 SATANIC BLOODLINES OF THE ILLUMINATI THAT RULE THE WORLD
ROCKEFELLER
ROTHSCHILD
KENNEDY
ASTOR
BUNDY
COLLINS
DuPONT
FREEMAN
LI
ONASSIS
Reynolds
RUSSELL
VAN DUYN
THE MEROVINGIAN
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
Durante l’intervento verranno presentati i cardini del processo di ricerca delle informazioni mediante la consultazione di fonti di pubblico accesso. Sarà illustrata la teoria alla base di questo processo che prevede l’identificazione delle fonti, la selezione e la valutazione del loro contenuto informativo per arrivare infine all’utilizzo stesso dell’informazione estratta. Nella seconda fase della presentazione verranno mostrati i tool e le metodologie per l’estrazione di informazioni mediante l’analisi di documenti, foto, social network e altre fonti spesso trascurate. In ultimo saranno mostrati sistemi in grado di correlare diverse informazioni provenienti dalle fonti aperte e verranno discussi i relativi scenari di utilizzo nonché le possibili contromisure.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
A honeypot is a fictitious vulnerable IT system used for the purpose of being attacked, probed, exploited and compromised
Rasool Irfan - Cyber Security Strategist
According to the NSA, Edward Snowden "fabricated keys" to obtain and exfiltrate top secret information.
Here is how he did it.
Venafi invites the NSA or Edward Snowden to provide more details so enterprises can better secure their most sensitive data and intellectual property.
Snowden as whistleblower - Future of Privacy ForumKathleen Clark
Provides a definition of whistleblowing; examines whether Edward Snowden is a whistleblower; discusses internal and external whistleblowing; draws a parallel between Snowden's audacious act of civil disobedience with the March 8, 1971 break-in of an FBI office in Media, Pennsylvania.
Edward Snowden : is a former National Security Agency subcontractor who made headlines in 2013 when he leaked top secret information about NSA surveillance activities.
Thanks to William Favre.
This presentation covers what I am calling the 'Snowden Scenario.' This is when a privileged insider uses their power to steal data from an organization. If it can happen to the NSA, your organization is at risk too. Background checks, credentials and insurance isn't enough if your most valuable assets are leaked to the world.
Krempley 1
POL 300
Google/Multi-National Corporations, International Surveillance, and Human Rights
Abstract
The many news reports on cyber security, identity theft, Wikileaks, and NSA intelligence gathering programs over the past few years have shown the international community that the World Wide Web is anything but a safe place to store sensitive information, or any information for that matter. This study will examine how closely multi-national corporations in the information technology sector, such as Google, are involved with national governments on these issues. The study will analyze events in the U.S. and China and attempt to uncover whether or not these have directly infringed upon peoples’ basic human rights.
Question
With emerging information regarding the NSA's PRISM program and China's "Golden Shield Project", has either country directly infringed on peoples' basic human rights?
Hypothesis
As more information is uncovered regarding the true nature of the aims of these internationally implemented programs, it has become increasingly clear that there have been multiple violations of peoples' human rights in both the United States and China with their respective monitoring programs.
The NSA and the PRISM Project
"Since September 11th, 2001, the United States government has dramatically increased the ability of its intelligence agencies to collect and investigate information on both foreign subjects and US citizens. Some of these surveillance programs, including a secret program called PRISM, capture the private data of citizens who are not suspected of any connection to terrorism or any wrongdoing." (Sottek&Kopstein, 2013) Under the guise of a "war on terror", the United States government has consistently upped its efforts to gather as much information as possible regarding the activities of international and domestic citizens alike. Most U.S. citizens were wholly unaware that the government had been running a secret filtration program to determine threat levels of individual citizens both domestically and abroad. This PRISM project and its intentions have recently been leaked in the Edward Snowden fiasco that took the country and the media by storm.
"PRISM is a tool used by the US National Security Agency (NSA) to collect private electronic data belonging to users of major internet services like Gmail, Facebook, Outlook, and others. It’s the latest evolution of the US government’s post-9/11 electronic surveillance efforts, which began under President Bush with the Patriot Act, and expanded to include the Foreign Intelligence Surveillance Act (FISA) enacted in 2006 and 2007." (Sottek&Kopstein, 2013) FISA, "...may be the most powerful court you have never heard of -- operating out of a bunker-like complex blocks from the Capitol and the White House -- sealed tightly to prevent eavesdropping.The FISA Court's larger mission is to decide whether to grant certain types of government requests-- wiretapping, data anal ...
Intelligence chief defends internet spying programabiross34
WASHINGTON (AP) — Eager to quell a domestic furor over U.S. spying, the nation’s top intelligence official stressed Saturday that a previously undisclosed program for tapping into Internet usage is authorized by Congress, falls under strict supervision of a secret court and cannot intentionally target a U.S. citizen. He decried the revelation of that and another intelligence-gathering program as reckless.
For the second time in three days, Director of National Intelligence James Clapper took the rare step of declassifying some details of an intelligence program to respond to media reports about counterterrorism techniques employed by the government.
‘‘Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a ‘playbook’ of how to avoid detection,’’ he said in a statement.
Reply to below posting in a paragraph of at least five sentences by.docxcarlt4
Reply to below posting in a paragraph of at least five sentences by asking questions, reflecting on your own experience, challenging assumptions, pointing out something new you learned, offering suggestions.
1)
Edward Snowden is a hero or a criminal
Edward Snowden, a low-level private contractor to the US-based National Security Agency (NSA), breached moral confidentiality and secrecy obligations by engaging in unauthorized accessing, retrieving and/or releasing of a large volume of confidential data from NSA to the press and, possibly, to foreign powers. Edward Snowden (born June 21, 1983) is a computer programmer who worked as a subcontractor for the National Security Agency (NSA). Snowden collected top-secret documents regarding NSA domestic surveillance practices that he found disturbing and leaked them. During his years of IT work, Snowden had noticed the far reach of the NSA's everyday surveillance.
“While working for Booz Allen, Snowden began copying top-secret NSA documents.”
(Biography.com, 2019) After he had compiled a large store of documents, Snowden told his NSA supervisor that he needed a leave of absence for medical reasons, stating he had been diagnosed with epilepsy. On May 20, 2013, Snowden took a flight to Hong Kong, China. (Biography.com, 2019)
As mentioned by author Rouse in her article referring, he leaked and also raised questions about data sovereignty and how secure a company's data really is if it's stored by a cloud provider based in the United States. In 2014, almost 90% of respondents to a survey commissioned by security consultancy NTT Communications said they were changing their cloud-buying behavior as a result of Snowden’s revelations. Just over half said they are carrying out greater due diligence on cloud providers than ever before, and more than four-fifths responded that they would seek out more training on data protection laws. (Rouse, 2015)
Snowden has also been accused of irregularities under the Espionage Law for knowingly discovering mysterious national security data. When these charges were opened, newspapers quickly guaranteed that he was accused of undercover work. Such cases are not exactly accurate. Undercover work is commonly characterized as
"the act of spying ... to acquire data on plans and exercises, particularly from an external government."
(Richa, (2015) Although there have been hypotheses as to whether the nations to which Snowden fled (Russia and China) have kept their records, there is still no evidence that he has continued to his advantage or helped them easily as would be the case. The situation with great recognition. (Richa, (2015)
Contrary to Snowden’s claim about wanting to stand up for his fellow Americans, the information he leaked actually created more harm than good.
“The majority of the information that he shared is about the U.S. spying on foreign nations and not its domestic operations.”
(Rachel Segal, 2019) As such, he risked damaging America’s relatio.
El Puerto de Algeciras continúa un año más como el más eficiente del continente europeo y vuelve a situarse en el “top ten” mundial, según el informe The Container Port Performance Index 2023 (CPPI), elaborado por el Banco Mundial y la consultora S&P Global.
El informe CPPI utiliza dos enfoques metodológicos diferentes para calcular la clasificación del índice: uno administrativo o técnico y otro estadístico, basado en análisis factorial (FA). Según los autores, esta dualidad pretende asegurar una clasificación que refleje con precisión el rendimiento real del puerto, a la vez que sea estadísticamente sólida. En esta edición del informe CPPI 2023, se han empleado los mismos enfoques metodológicos y se ha aplicado un método de agregación de clasificaciones para combinar los resultados de ambos enfoques y obtener una clasificación agregada.
An astonishing, first-of-its-kind, report by the NYT assessing damage in Ukraine. Even if the war ends tomorrow, in many places there will be nothing to go back to.
01062024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
03062024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
31052024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
‘वोटर्स विल मस्ट प्रीवेल’ (मतदाताओं को जीतना होगा) अभियान द्वारा जारी हेल्पलाइन नंबर, 4 जून को सुबह 7 बजे से दोपहर 12 बजे तक मतगणना प्रक्रिया में कहीं भी किसी भी तरह के उल्लंघन की रिपोर्ट करने के लिए खुला रहेगा।
2. SUMMARY
• ALSO KNOWN AS PRISM (PLANNING TOOL FOR RESOURCE INTEGRATION, SYNCHRONIZATION, AND MANAGEMENT).
• STARTED IN 2007 IN THE WAKE OF PASSAGE OF PROTECT AMERICA ACT UNDER BUSH ADMINISTRATION
• WHISTLEBLOWER “EDWARD SNOWDEN” LEAKED THE DETAILS ABOUT THE NSA PRISM AND DEEMED IT AS
“DANGEROUS” AND “CRIMINAL”.
• BARACK OBAMA PRESIDENT OF USA STATED THAT, “A CIRCUMSCRIBED, NARROW SYSTEM DIRECTED AT US BEING ABLE
TO PROTECT OUR PEOPLE."
2
3. HISTORY
• PRIOR TO THIS, TERRORIST SURVEILLANCE PROGRAM WAS IMPLEMENTED IN THE WAKE OF SEPTEMBER 11 ATTACKS.
BUT IT WAS CRITICIZED AND CHALLENGED ILLEGAL BECAUSE IT DID NOT INCLUDE WARRANTS OBTAINED FROM THE
FOREIGN INTELLIGENCE SURVEILLANCE COURT
• OTHERS INCLUDE
• PRISM – COOPERATION BETWEEN THE NSA AND INTERNET COMPANIES, WHEREBY THE COMPANIES ALLOW
THE NSA ACCESS (WHETHER DIRECT OR INDIRECT IS DISPUTED) TO THEIR SERVERS.
• BOUNDLESS INFORMANT – THE COMPUTER PROGRAM THAT PHYSICALLY PERFORMS THE DATA COLLECTION.
• X-KEYSCORE – A PROGRAM WHICH ALLOWS SEARCHING COLLECTED DATA IN A VARIETY OF WAYS
• DROPMIRE – A PROGRAM THAT SPECIFICALLY TARGETS FOREIGN EMBASSIES AND DIPLOMATS
• FAIRVIEW – A PROGRAM THAT TARGETS MOBILE PHONE USAGE (PARTICULARLY TEXT MESSAGES) IN FOREIGN
COUNTRIES.
3
4. • UPSTREAM AND TEMPORA – COLLECTING DATA FROM FIBER-OPTIC CABLES AND INTERNET BACKBONES.
• MAINWAY (CALL RECORDS), MAIN CORE (FINANCIAL RECORDS) – STORING THE COLLECTED DATA
• STELLAR WIND – MINING THE COLLECTED DATA
• ECHELON – INTERCEPTS COMMERCIAL SATELLITE TRUNK COMMUNICATIONS BY ALL OF THE FIVE EYES
SIGNATORIES
• TURBULENCE – INCLUDES CYBER-WARFARE CAPABILITIES, SUCH AS TARGETING ENEMIES WITH MALWARE
• INSIDER THREAT PROGRAM – POLICY REQUIRING FEDERAL EMPLOYEES TO REPORT "HIGH-RISK PERSONS
OR BEHAVIORS" FROM AMONG CO-WORKERS, AS WELL AS TO PUNISH THOSE WHO FAIL TO REPORT SUCH
COLLEAGUES.
4
5. ABOUT PRISM
• A SPECIAL SOURCE OPERATION AUTHORIZED BY FOREIGN INTELLIGENCE SURVEILLANCE COURT.
• STANDS FOR “PLANNING TOOL FOR RESOURCE INTEGRATION, SYNCHRONIZATION, AND MANAGEMENT”
WHAT IS IT?
• THE ACTUAL COMPUTER PROGRAM USED TO COLLECT AND ANALYZE DATA LEGALLY REQUESTED BY THE NSA AND
DIVULGED BY INTERNET COMPANIES
COMPANIES INVOLVED?
• MICROSOFT, YAHOO, AOL, FACEBOOK, GOOGLE, APPLE, PALTALK, YOUTUBE, AND SKYPE
• DROPBOX IS ALLEGEDLY "COMING SOON.“
• HOWEVER, 98 PERCENT OF PRISM PRODUCTION IS BASED ON JUST YAHOO, GOOGLE, AND MICROSOFT.
5
7. HOW DOES IT WORK?
• THE ATTORNEY GENERAL ISSUES A SECRET ORDER TO A TECH COMPANY TO HAND OVER ACCESS TO ITS DATA TO THE FBI.
THE FBI THEN HANDS THAT INFORMATION OVER TO THE NSA.
• TECHNICAL QUESTIONS REMAIN, SUCH AS: WHEN GIVEN ACCESS, CAN THE NSA TAP DIRECTLY INTO THE COMPANIES'
SERVERS, AS WAS ORIGINALLY ALLEGED? IS THE DATA PRINTED OUT AND HANDED TO AN NSA OPERATIVE? IS AN NSA
OPERATIVE STATIONED ON THE COMPANY'S CAMPUS AT A SPECIFIC WORK STATION DESIGNED FOR SUCH
TRANSACTIONS?
• GOOGLE SPOKESMAN CHRIS GAITHER SAID, “WHEN REQUIRED TO COMPLY WITH THESE REQUESTS, WE DELIVER THAT
INFORMATION TO THE US GOVERNMENT -- GENERALLY THROUGH SECURE FTP TRANSFERS AND IN PERSON. THE US
GOVERNMENT DOES NOT HAVE THE ABILITY TO PULL THAT DATA DIRECTLY FROM OUR SERVERS OR NETWORK."
7
9. 9
Depending on the provider,
the NSA may receive live
notifications when a target
logs on or sends an e-mail, or
may monitor a voice, text or
voice chat as it happens
10. WHAT TYPE OF DATA IS MONITORED?
• ACCORDING TO "SLIDES AND OTHER SUPPORTING MATERIALS" GIVEN TO THE THE GUARDIAN AND THE WASHINGTON
POST BY SNOWDEN: "E-MAIL, CHAT, VIDEOS, PHOTOS, STORED DATA, VOIP, FILE TRANSFERS, VIDEO CONFERENCING,
NOTIFICATIONS OF TARGET ACTIVITY...LOG-INS, ETC., ONLINE SOCIAL NETWORKING DETAILS" -- SO, EVERYTHING.
SO SOMEONE HAS READ MY E-MAIL?
ASIDE FROM THE FACT THAT GOOGLE'S ALGORITHMS CRAWL YOUR E-MAIL ALL THE TIME TO TARGET ADS AT YOU,
"SOMEONE" WITHIN THE NSA MAY HAVE READ YOUR E-MAILS.
10
12. IS IT LEGAL?
• YES.
• UNDER SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT (FISA) OF 2008 AND THE
PROTECT AMERICA ACT OF 2007
• DIRECTOR OF NATIONAL INTELLIGENCE JAMES CLAPPER RELEASED A STATEMENT SAYING THAT
"SECTION 702 IS A PROVISION OF FISA THAT IS DESIGNED TO FACILITATE THE ACQUISITION OF
FOREIGN INTELLIGENCE INFORMATION CONCERNING NON-U.S. PERSONS LOCATED OUTSIDE THE
UNITED STATES. IT CANNOT BE USED TO INTENTIONALLY TARGET ANY U.S. CITIZEN, ANY OTHER U.S.
PERSON, OR ANYONE LOCATED WITHIN THE UNITED STATES." FISA WAS RENEWED LAST YEAR BY
CONGRESS.
12
13. IS THIS THE SAME AS THE DATA VERIZON IS GIVING TO THE NSA?
• NO. THIS IS SEPARATE. THE DATA VERIZON GIVES TO THE NSA IS ONLY METADATA, SO ALTHOUGH
THE GOVERNMENT CAN SEE WHO YOU CALL AND HOW LONG YOU TALK TO THEM, THEY ARE
NOT LISTENING IN ON YOUR VOICE MAILS AND PHONE CALLS. BUT AGAIN, THAT'S A SEPARATE
NSA PROGRAM
13
14. WHO IS EDWARD SNOWDEN?
• EDWARD JOSEPH SNOWDEN (BORN JUNE 21, 1983) IS AN AMERICAN FORMER INTELLIGENCE ANALYST WHO LEAKED
DETAILS OF SEVERAL TOP-SECRET UNITED STATES AND BRITISH GOVERNMENT MASS SURVEILLANCE PROGRAMS TO THE
PRESS.
• PRISM WAS FIRST PUBLICLY REVEALED WHEN CLASSIFIED DOCUMENTS ABOUT THE PROGRAM WERE LEAKED TO
JOURNALISTS OF THE THE WASHINGTON POST AND THE GUARDIAN BY EDWARD SNOWDEN – AT THE TIME AN NSA
CONTRACTOR – DURING A VISIT TO HONG KONG.
• THE LEAKED DOCUMENTS INCLUDED 41 POWERPOINT SLIDES
• SNOWDEN'S SUBSEQUENT DISCLOSURES INCLUDED STATEMENTS THAT GOVERNMENTS SUCH AS THE UNITED
KINGDOM'S GCHQ ALSO UNDERTOOK MASS INTERCEPTION AND TRACKING OF INTERNET AND COMMUNICATIONS DATA
14
15. • SNOWDEN EXPLAINED HIS ACTIONS SAYING: "I DON'T WANT TO LIVE IN A SOCIETY THAT DOES THESE SORT OF THINGS
[SURVEILLANCE ON ITS CITIZENS]... I DO NOT WANT TO LIVE IN A WORLD WHERE EVERYTHING I DO AND SAY IS
RECORDED.“
• SNOWDEN'S IDENTITY WAS MADE PUBLIC BY THE GUARDIAN AT HIS REQUESTON JUNE 9. HE EXPLAINED HIS REASONING
FOR FORGOING ANONYMITY: "I HAVE NO INTENTION OF HIDING WHO I AM BECAUSE I KNOW I HAVE DONE NOTHING
WRONG."HE ADDED THAT “BY REVEALING HIS IDENTITY HE HOPED TO PROTECT HIS COLLEAGUES FROM BEING
SUBJECTED TO A HUNT TO DETERMINE WHO HAD BEEN RESPONSIBLE FOR THE LEAKS”
15
16. SNOWDEN LEFT HAWAII FOR HONG KONG ON MAY 20, 2013, AND TRAVELED ON TO MOSCOW ON SUNDAY, JUNE 23, 2013,
AS HONG KONG AUTHORITIES WERE DELIBERATING THE US GOVERNMENT'S REQUEST FOR HIS EXTRADITION
WHY HONGKONG?
• SNOWDEN EXPLAINED HIS CHOICE OF HONG KONG THUS:
“NSA EMPLOYEES MUST DECLARE THEIR FOREIGN TRAVEL 30 DAYS IN ADVANCE AND ARE MONITORED. THERE
WAS A DISTINCT POSSIBILITY I WOULD BE INTERDICTED EN ROUTE, SO I HAD TO TRAVEL WITH NO ADVANCE BOOKING
TO A COUNTRY WITH THE CULTURAL AND LEGAL FRAMEWORK TO ALLOW ME TO WORK WITHOUT BEING IMMEDIATELY
DETAINED. HONG KONG PROVIDED THAT. ICELAND COULD BE PUSHED HARDER, QUICKER, BEFORE THE PUBLIC COULD
HAVE A CHANCE TO MAKE THEIR FEELINGS KNOWN, AND I WOULD NOT PUT THAT PAST THE CURRENT US
ADMINISTRATION.”
16
17. REACTIONS
• UNITED STATES OF AMERICA
• THE U.S. DIRECTOR OF NATIONAL INTELLIGENCE, JAMES R. CLAPPER, DESCRIBED THE DISCLOSURE OF PRISM AS
"RECKLESS“
• THE NSA FORMALLY REQUESTED THAT THE DEPARTMENT OF JUSTICE LAUNCH A CRIMINAL INVESTIGATION INTO
SNOWDEN'S ACTIONS. ON JUNE 14, 2013, US FEDERAL PROSECUTORS FILED A SEALED COMPLAINT, MADE PUBLIC ON
JUNE 21, CHARGING SNOWDEN WITH THEFT OF GOVERNMENT PROPERTY, UNAUTHORIZED COMMUNICATION OF
NATIONAL DEFENSE INFORMATION, AND WILLFUL COMMUNICATION OF CLASSIFIED INTELLIGENCE TO AN
UNAUTHORIZED PERSON; THE LATTER TWO ALLEGATIONS ARE UNDER THE ESPIONAGE ACT OF 1951
17
18. CONGRESS:
• REACTIONS TO SNOWDEN'S DISCLOSURES AMONG MEMBERS OF CONGRESS WERE LARGELY NEGATIVE. SPEAKER OF THE
HOUSE JOHN BOEHNER AND SENATORS DIANNE FEINSTEIN AND BILL NELSON CALLED SNOWDEN A TRAITOR, AND
SEVERAL SENATORS AND REPRESENTATIVES JOINED THEM IN CALLING FOR SNOWDEN'S ARREST AND PROSECUTION.
18
19. PUBLIC
• A GALLUP POLL CONDUCTED JUNE 10–11, 2013, SHOWED 44 PERCENT OF AMERICANS THOUGHT IT WAS RIGHT FOR
SNOWDEN TO SHARE THE INFORMATION WITH THE PRESS WHILE 42 PERCENT THOUGHT IT WAS WRONG.
• A USA TODAY/PEW RESEARCH POLL CONDUCTED JUNE 12–16 FOUND THAT 49 PERCENT THOUGHT THE RELEASE OF
INFORMATION SERVED THE PUBLIC INTEREST WHILE 44 PERCENT THOUGHT IT HARMED IT. THE SAME POLL FOUND
THAT 54 PERCENT FELT A CRIMINAL CASE SHOULD BE BROUGHT AGAINST SNOWDEN, WHILE 38 PERCENT THOUGHT
ONE SHOULD NOT BE BROUGHT
• NSA SURVEILLANCE IS AN ATTACK ON AMERICAN CITIZENS, SAYS NOAM CHOMSKY
19
20. EUROPE:
• BRITISH FOREIGN MINISTER WILLIAM HAGUE ADMITTED THAT BRITAIN'S GCHQ WAS ALSO SPYING AND
COLLABORATING WITH THE NSA, AND DEFENDED THE TWO AGENCIES' ACTIONS AS "INDISPENSABLE.“
• EUROPEAN GOVERNMENTS REACTED ANGRILY, WITH GERMAN AND FRENCH LEADERS ANGELA MERKEL AND FRANÇOIS
HOLLANDE BRANDING THE SPYING AS 'UNACCEPTABLE' AND INSISTING THE NSA STOP IMMEDIATELY,
PUBLIC
• AN OPINION POLL CARRIED OUT BY EMNID AT THE END OF JUNE REVEALED THAT 50% OF GERMANS CONSIDER
SNOWDEN A HERO, AND 35% WOULD HIDE HIM IN THEIR HOMES.
20
21. HUMAN RIGHTS ORGANIZATIONS
• AFTER AMNESTY INTERNATIONAL MET EDWARD SNOWDEN IN MOSCOW IN MID JULY 2013, SAID:
"WHAT HE HAS DISCLOSED IS PATENTLY IN THE PUBLIC INTEREST AND AS A WHISTLEBLOWER HIS ACTIONS
WERE JUSTIFIED. HE HAS EXPOSED UNLAWFUL SWEEPING SURVEILLANCE PROGRAMMES THAT UNQUESTIONABLY
INTERFERE WITH AN INDIVIDUAL’S RIGHT TO PRIVACY. STATES THAT ATTEMPT TO STOP A PERSON FROM
REVEALING SUCH UNLAWFUL BEHAVIOR ARE FLOUTING INTERNATIONAL LAW. FREEDOM OF EXPRESSION IS A
FUNDAMENTAL RIGHT.“
21
22. CHINA AND HONG KONG
REACTIONS OF INTERNET USERS IN CHINA WERE MIXED BETWEEN VIEWING A LOSS OF FREEDOM WORLDWIDE AND
SEEING STATE SURVEILLANCE COMING OUT OF SECRECY
THE SPOKESWOMAN OF MINISTRY OF FOREIGN AFFAIRS OF THE PEOPLE'S REPUBLIC OF CHINA SAID, "CHINA
STRONGLY ADVOCATES CYBER SECURITY.“
HONG KONG LEGISLATORS GARY FAN AND CLAUDIA MO WROTE A LETTER TO OBAMA STATING, "THE REVELATIONS
OF BLANKET SURVEILLANCE OF GLOBAL COMMUNICATIONS BY THE WORLD'S LEADING DEMOCRACY HAVE
DAMAGED THE IMAGE OF THE U.S. AMONG FREEDOM-LOVING PEOPLES AROUND THE WORLD."
22
23. INDIA
• MINISTER OF EXTERNAL AFFAIRS SALMAN KHURSHID DEFENDED THE PRISM PROGRAM SAYING,
"THIS IS NOT SCRUTINY AND ACCESS TO ACTUAL MESSAGES. IT IS ONLY COMPUTER ANALYSIS OF
PATTERNS OF CALLS AND EMAILS THAT ARE BEING SENT. IT IS NOT ACTUALLY SNOOPING SPECIFICALLY ON
CONTENT OF ANYBODY'S MESSAGE OR CONVERSATION. SOME OF THE INFORMATION THEY GOT OUT OF
THEIR SCRUTINY, THEY WERE ABLE TO USE IT TO PREVENT SERIOUS TERRORIST ATTACKS IN SEVERAL
COUNTRIES."
23
24. CORPORATE COMPANIES INVOLVED
• MICROSOFT: "WE PROVIDE CUSTOMER DATA ONLY WHEN WE RECEIVE A LEGALLY BINDING ORDER OR SUBPOENA TO DO SO, AND NEVER
ON A VOLUNTARY BASIS. IN ADDITION WE ONLY EVER COMPLY WITH ORDERS FOR REQUESTS ABOUT SPECIFIC ACCOUNTS OR IDENTIFIERS.
IF THE GOVERNMENT HAS A BROADER VOLUNTARY NATIONAL SECURITY PROGRAM TO GATHER CUSTOMER DATA WE DON'T PARTICIPATE
IN IT.“
• YAHOO!: "YAHOO! TAKES USERS' PRIVACY VERY SERIOUSLY. WE DO NOT PROVIDE THE GOVERNMENT WITH DIRECT ACCESS TO OUR
SERVERS, SYSTEMS, OR NETWORK." "OF THE HUNDREDS OF MILLIONS OF USERS WE SERVE, AN INFINITESIMAL PERCENTAGE WILL EVER
BE THE SUBJECT OF A GOVERNMENT DATA COLLECTION DIRECTIVE."
• FACEBOOK: "WE DO NOT PROVIDE ANY GOVERNMENT ORGANIZATION WITH DIRECT ACCESS TO FACEBOOK SERVERS. WHEN FACEBOOK IS
ASKED FOR DATA OR INFORMATION ABOUT SPECIFIC INDIVIDUALS, WE CAREFULLY SCRUTINIZE ANY SUCH REQUEST FOR COMPLIANCE
WITH ALL APPLICABLE LAWS, AND PROVIDE INFORMATION ONLY TO THE EXTENT REQUIRED BY LAW."
24
25. • GOOGLE: "GOOGLE CARES DEEPLY ABOUT THE SECURITY OF OUR USERS' DATA. WE DISCLOSE USER DATA TO
GOVERNMENT IN ACCORDANCE WITH THE LAW, AND WE REVIEW ALL SUCH REQUESTS CAREFULLY. FROM TIME TO TIME,
PEOPLE ALLEGE THAT WE HAVE CREATED A GOVERNMENT ‘BACK DOOR' INTO OUR SYSTEMS, BUT GOOGLE DOES NOT
HAVE A BACKDOOR FOR THE GOVERNMENT TO ACCESS PRIVATE USER DATA." "ANY SUGGESTION THAT GOOGLE IS
DISCLOSING INFORMATION ABOUT OUR USERS' INTERNET ACTIVITY ON SUCH A SCALE IS COMPLETELY FALSE."
• APPLE: "WE HAVE NEVER HEARD OF PRISM. WE DO NOT PROVIDE ANY GOVERNMENT AGENCY WITH DIRECT ACCESS TO
OUR SERVERS, AND ANY GOVERNMENT AGENCY REQUESTING CUSTOMER DATA MUST GET A COURT ORDER."
• DROPBOX: "WE'VE SEEN REPORTS THAT DROPBOX MIGHT BE ASKED TO PARTICIPATE IN A GOVERNMENT PROGRAM
CALLED PRISM. WE ARE NOT PART OF ANY SUCH PROGRAM AND REMAIN COMMITTED TO PROTECTING OUR USERS'
PRIVACY."
25
26. APPLICABLE LAW AND PRACTICE
• SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT (FISA) SECTION 702 PROVIDES THAT "THE ATTORNEY
GENERAL AND THE DIRECTOR OF NATIONAL INTELLIGENCE MAY AUTHORIZE JOINTLY, FOR A PERIOD OF UP TO 1 YEAR
FROM THE EFFECTIVE DATE OF THE AUTHORIZATION, THE TARGETING OF PERSONS REASONABLY BELIEVED TO BE
LOCATED OUTSIDE THE UNITED STATES TO ACQUIRE FOREIGN INTELLIGENCE INFORMATION." IN ORDER TO AUTHORIZE
THE TARGETING, THE ATTORNEY GENERAL AND DIRECTOR OF NATIONAL INTELLIGENCE NEED TO OBTAIN AN ORDER
FROM THE FOREIGN INTELLIGENCE SURVEILLANCE COURT (FISA COURT) PURSUANT TO SECTION 702 OR CERTIFY THAT
"INTELLIGENCE IMPORTANT TO THE NATIONAL SECURITY OF THE UNITED STATES MAY BE LOST OR NOT TIMELY
ACQUIRED AND TIME DOES NOT PERMIT THE ISSUANCE OF AN ORDER."
26
27. LITIGATIONS
AMERICAN CIVIL LIBERTIES UNION (JUNE 11, 2013)
• LAWSUIT FILED AGAINST THE NSA CITING THAT THE "MASS CALL TRACKING PROGRAM" (AS THE CASE TERMS PRISM)
"VIOLATES AMERICANS' CONSTITUTIONAL RIGHTS OF FREE SPEECH, ASSOCIATION, AND PRIVACY" AND CONSTITUTES
"DRAGNET" SURVEILLANCE, IN VIOLATION OF THE FIRST AND FOURTH AMENDMENTS TO THE CONSTITUTION, AND
THEREBY ALSO "EXCEEDS THE AUTHORITY GRANTED BY 50 U.S.C. § 1861, AND THEREBY VIOLATES 5 U.S.C. § 706."
27
28. FREEDOMWATCH USA (JUNE 11, 2013):
• CLASS ACTION LAWSUIT AGAINST GOVERNMENT BODIES AND OFFICIALS BELIEVED RESPONSIBLE FOR PRISM, AND 12
COMPANIES (INCLUDING APPLE, MICROSOFT, GOOGLE, FACEBOOK, AND SKYPE AND THEIR CHIEF EXECUTIVES) WHO
HAVE BEEN DISCLOSED AS PROVIDING OR MAKING AVAILABLE MASS INFORMATION ABOUT THEIR USERS'
COMMUNICATIONS AND DATA TO THE NSA UNDER THE PRISM PROGRAM OR RELATED PROGRAMS. THE CASE CITES THE
FIRST, FOURTH, AND FIFTH AMENDMENTS TO THE CONSTITUTION, AS WELL AS BREACH OF 18 U.S.C. 2702
(DISCLOSURE OF COMMUNICATIONS RECORDS), AND ASKS THE COURT TO RULE THAT THE PROGRAM OPERATES
OUTSIDE ITS LEGAL AUTHORITY (S.215 OF THE PATRIOT ACT).
28
29. HOW CAN I AVOID THIS?
• YOU CAN'T.
SHOULD I BE OUTRAGED?
• PROBABLY! BUT MAYBE NOT. PRESIDENT OBAMA ADDRESSED PRISM AND ESSENTIALLY SAID, "DON'T WORRY. YOU CAN
TRUST US."
29