Latest Leak Shows NSA Engaging In Economic Espionage — Not Fighting Terrorism
from the flying-pigs dept
As more and more information about the NSA’s global surveillance capabilities emerges through leaks of material obtained by Edward Snowden, the US authorities have been playing the terrorist card heavily. That is, they concede that they have been spying on pretty much everyone, but claim that it was only to fight terrorism, and thus to save lives. In particular, the NSA insists it is not spying on anyone for the purposes of industrial espionage — here’s what it wrote in an email to the Washington Post on the subject just a couple of weeks ago:
“The Department of Defense does engage” in computer network exploitation, according to an e-mailed statement from an NSA spokesman, whose agency is part of the Defense Department. “The department does ***not*** engage in economic espionage in any domain, including cyber.”
Despite the screaming asterisks, like many other statements on the subject from the NSA, this one turns out to be untrue, as the Brazlian TV program “Fantastico” revealed on Sunday, drawing on new leaked documents provided by Glenn Greenwald, who lives in the country:
The internal computer network of Petrobras, the Brazilian oil giant partly owned by the state, has been under surveillance by the NSA, the National Security Agency of the United States.
…
a top secret presentation dated May 2012 is used by the NSA to train new agents step-by-step how to access and spy upon private computer networks — the internal networks of companies, governments, financial institutions — networks designed precisely to protect information.
The name of Petrobras — Brazil’s largest company — appears right at the beginning, under the title: “MANY TARGETS USE PRIVATE NETWORKS.”
…
The name of Petrobras appears on several slides, as the training goes deeper in explaining how data from the target companies is monitored.
The Fantastico article goes on to give more information about the attacks on the company’s internal networks, and points out that Petrobras is hardly a terrorist organization:
The yearly profits of Petrobras are over 280 billion reais — US$ 120 billion. More than the GDP of many countries. And there are plenty of motives for spies to want access to the company’s protected network.
Here’s one of them:
For example, the details of each lot in an auction [of oil drilling rights] set for next month: for exploration of the Libra Field, in the Bay of Santos, part of the Pre-salt. Whether the spies had access to this information is one of the questions the Brazilian government will have to put to the United States.
Former Petrobras Director Roberto Villa considers this the greatest auction in the history of oil exploration. “It’s a very peculiar auction. The auction of an area where we already know there’s oil, there’s no risk”, he says. What no one else should know, Villa says, is which are the richest lots. “Petrobras knows. And I hope only they know.” He considers that such information, if stolen, could give someone an advantage. “Someone would have an edge. If this information was leaked and someone else has obtained it, he would be in a privileged position at the auction. He’ll know where to invest and where not to. It’s a handy little secret.”
Once again, the NSA’s rebuttal of these claims is weak and unconvincing:
It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.
We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.
Or, you know, it could provide US companies with insights about which were the best lots in the forthcoming auction of seabed areas for oil exploration, or about highly-specialized deep-sea oil extraction technology, in which Petrobas is a world leader. After all, why wouldn’t the NSA drop some useful hints about such things to US companies as a way of justifying its huge budget?
This latest attack on Brazil’s flagship enterprise will make the country’s already strained relationship with the US even more difficult. But the Fantastico story on the NSA program, which is apparently called “Royal Net”, is about much more than those bilateral relations:
Besides Petrobras, e-mail and internet services provider Google’s infrastructure is also listed as a target. The company, often named as collaborating with the NSA, is shown here as a victim.
Other targets include French diplomats — with access to the private network of the Ministry of Foreign Affairs of France — and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions.
There are also first details of other, hitherto unknown, spying programs and capabilities:
The NSA presentation contains documents prepared by the GCHQ — the British Spy agency, from a country that appears as an ally of the United States in spying. The British agency shows how two spy programs operate. “Flying Pig” and “Hush Puppy” also monitor private networks which carry supposedly secure information. These networks are known as TLS/SSL.
The presentation explains how data is intercepted, through an attack known as “Man in the Middle”. In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing.
This confirmation that man-in-the-middle attacks are used by the NSA to intercept data, along with detailed information about the high-level economic espionage that is going on, underlines why the Fantastico report is so important, and why it is well-worth reading in its entirety.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Filed Under: brazil, economic espionage, nsa, nsa surveillance, surveillance
Companies: petrobas
Comments on “Latest Leak Shows NSA Engaging In Economic Espionage — Not Fighting Terrorism”
So…
According to the Computer Misuse Act, every single agent of the NSA should be locked up for 35 years.
But no, they’ll just get a wink and a nod.
Disgusting.
Re: Re:
So elect a president whose DOJ will actually put these guys in prison.
Re: Re: Re:
Excellent idea… but do you have any suggestions as to who or how? Considering that;
a/ As I understand it Obama promised at least steps in this direction and lied through his teeth even more than the average politician
and
b/ Any politician actually serious about such reform has about as much chance to getting as far as having people vote for him as I am of being in the running for Pope.
… it seems a rather forlorn hope.
Re: Re:
I’m really disgusted by the fact that the NSA hijacked, wired and bugged Humanity’s Brain, the internet. CPUs too. This kind of fucking up what pisses me off the most.
Imagine if every road route would be 2x longer because some agency’s whim.
Re: Espionage
George Soros keeps moving cash in and out of Petrobas. Sorows is financial muscle behind the demorcrat sites: moveon.org, mediamatters and motherjones. Hmmmm. One hand washes the other.
National Spying Agency.
How many lies and deceptions need to be uncovered?
The same pattern has emerged ever since the first leaks from Snowden (and if one includes Senator Wyden’s efforts, starting even before then):
1. Leaked document exposes dirty laundry of NSA.
2. People speculate on implications of said dirty laundry.
3. NSA denies that any of those implications are true.
4. New leaked document directly contradicts NSA’s denial.
5. GOTO 2, repeat.
It’s the same pattern, for months running. When are people (and Congress, and the President, and the Courts, our supposed public servants) going to finally realize that the entire setup is utterly corrupt and untrustworthy? That it needs to be removed in its entirety and maybe replaced (I’m in doubt that we even need the NSA).
Re: How many lies and deceptions need to be uncovered?
Yeah, you have to wonder how many of the documents in 1 or 4 are entirely fake, created from whole cloth by people who oppose the US…
let’s ask Comrade Snowden about it.
Re: Re: How many lies and deceptions need to be uncovered?
Evidence that Snowden opposes the US? Do you have any, or are you just going to speculate using whole cloth?
Re: Re: How many lies and deceptions need to be uncovered?
horse with no name just hates it when due process is enforced.
Financial Crisis
So according to this quote:
they have the ability to guess when financial crises may be coming? Yet they failed to do anything during the mortgage bubble when American and allied banks were taking actions that could negatively impact the global economy? Here could have been a chance to justify their budget and save millions, if not billions of dollars, but they missed that as well.
Re: Financial Crisis
Maybe there were hundreds or thousands of economic collapses that didn’t happen thanks to the NSA. Always watching our backs… Always.
Re: Re: Financial Crisis
Wouldn’t that make sense if they announced it? If they want to justify their budget (and their agency), they should show results. So far, all losses, though. Since we had economic busts, plus they said they need these programs to stop things like the Boston Marathon bombings. Only positive thing is that they’re consistent.
Re: Re: Financial Crisis
seems legit
Re: Re: Financial Crisis
How would NSA interfere? And more importantly:
If it involves private entities we are talking a preemptive bail for a lot of financial institutions to go wild… Not exactly a good thing.
If it is to inform companies about how to avert disaster, we are talking something equivalent to industrial espionage on roids.
If the informations are made public, well, then we are talking about rather benign activity but that seems completely unbelievable for what NSA has done in the past.
The only reasonable other use would be giving the informations to other parts of the government and then we can start this list again for that government entity, not to mention the whitewashing they have to do to get their information emissible in court…
Financial spying is incredibly easy to abuse, conciously or unconciously.
Therefore I think secret services should keep from spying in that field entirely…
Re: Financial Crisis
B-B-B-But they could prevent the next global catastrophy!
And there could be 1000 invisible teapots orbiting Saturn!
And monkeys could fly out of my butt!
Re: Financial Crisis
You took the words right out of my mouth. Basically, “approved” economy wreckers can proceed with impunity, but God forbid that anyone should spoil the party!
They had plenty of warning about the crash of ’08. It was actually Bush who warned about it, but he was ignored. When the revelations by Matt Taibbi came to light, no action was taken, even though the activities of BOA, etc., were publicly known.
Let’s face it, none of them give a damn whether our economy gets wrecked again or not, what they want is to be able to take advantage of insider knowledge so they can gamble on the stock exchange. Amirite?
Re: Financial Crisis
they have the ability to guess when financial crises may be coming? Yet they failed to do anything during the mortgage bubble when American and allied banks were taking actions that could negatively impact the global economy?
the answer is in your own question. There were the few that benefited greatly from the subprime festival. The bankers.
Re: Financial Crisis
http://www.youtube.com/watch?v=9utNnJgi6xk
Re: Financial Crisis
They missed the opportunity? Doesn’t that imply that they wanted to seize it?
How would we know what outcome they wanted. Perhaps that event worked to there advantage?
Given the extents of there abilities and intel, seems more likely to me than they simply ‘missed it’
The fact that many of the people inside of the NSA are just contractors for other companies who might have interests that benefit from this sort of thing is just coincidental.
Re: Re:
“The fact that many of the people inside of the NSA are just contractors for other companies who might have interests that benefit from this sort of thing is just coincidental.”
I’m surprised why this hasn’t been explored further. Their loyalty is not toward the government or its citizens but to their bottom line. i wonder what immunities if any these contracting companies have with the NSA or our government.
Re: Re: Re:
Well they made all of them immune from the check of ‘odd activity’ in the system. Only actual NSA workers were checked and they found like what 4000 incidents?
They gave the telcos total immunity to anything happening to them, even as they were well aware what they were doing violated the Constitution and the law… so…
Re: Re:
Damn … you beat me to that one ..
Re: Re:
It would be interesting to see how NSA contractors’ stock portfolios perform compared to the market. Congress does quite well.
‘ it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy.
it might even be able to warn the USA and elsewhere of an impending global, financial disaster.
what do you mean, we’ve already had one! when did we miss that, then??’
Wait wait wait… why don’t these encryption methods have validation of non-interception? For example, a Diffie-Hellman key exchange.
I kinda assumed that that was part of SSL…
Re: Thanks for turning me onto Diffie-Hellman.
Part of the problem is that non-experts (and some experts!) don’t actually know what we can do.
That is a notion I learned about programming is that learning a language was to determine what I could do with it. How was a just a matter of consulting the manuals and algorithms.
Re: Re:
Diffie-Hellman part of the encryption, to set up a secure connection over an insecure channel. The authentication is provided by ‘certificates’ who are owned by ‘certificate authorities’. Hack / subvert / demand with a NSL & gag order and you can seamlessly do a MitM by pretending to be the person you’re trying to communicate with.
This weakness of centralized certificate authorities isn’t new. In fact we knew about it the second someone came up with the idea. Yet here we are 🙂
Re: Re:
They’re using man in the middle attacks. So, you’re securely talking to a NSA computer which is then talking to the real server.
The hard part is for the NSA computer to pretend to be the real server. There are three ways for them to do so. First, they could have demanded/stolen the secret key and certificate from the server they’re trying to intercept traffic to. Second, they could have a trusted Certificate Authority (CA) tell the user that they are the server. Third, they could use their massive supercomputers to fake a valid certificate.
We’ve heard a decent bit about the first one. The second one happens because browsers operate on a chain of trust that is completely invisible to a normal user. It would be easiest for them to go this route. The third method was actually demonstrated by a couple of researchers. They used a bunch of PS3s to sign a valid md5 based certificate. It’s an old attack, but someone on that huge invisible chain of trust is probably still vulnerable.
Like Snowden said. The problem isn’t the encryption, it’s everything else. In this case, web browsers relying on public key cryptography with some major flaws.
Yeah, smashing job you guys did over the last decade or so of keeping the economy healthy. No massive unemployment or out of control national debt or anything going on over here. Everything’s fine over in Europe too, no problems over there.
Great job, NSA. Great job.
A grain of healthy skepticism
Like the rest of you, this Internet Zen Master has been rather outraged by the NSA’s blatant disregard for the right to privacy of the everyday American, I think we should all step back, take a deep breath, and look at the bigger picture of the US Government before we start accusing the NSA of actually providing US-based companies with information they got from their surveillance of Petrobras.
Unless we have actual proof of this, all that’s happening is rampant speculation, which gives the NSA’s defenders the ability to say: “See! The people attacking the NSA are nothing more than a bunch of conspiracy theorists making baseless accusations!”
… At least until the next leak comes out.
So I’d hold off on saying that the NSA shares information with/drops hints to American companies until there’s some evidence to (at least partially) support those claims.
But that’s just me. And until Guardian/Spiegel/NYT/WaPo stops publishing stories based on information from the Snowden Documents, we won’t know if there’s any actual proof about that or not.
As the Zen Master says, “We’ll see.’
how Hard Would It Be To Just Quietly use The Economic Information You Learn To MakE A Few Stock Market Trades On Your Own Accounts?
Re: Re:
Could this Anonymous Coward really be Francis Bacon?! Your comment looks like a Baconian cipher (ummm… Baconian…), why else would be it formatted so strangely?
HWIBTJQTEIYLTMEAFSMTOYOA – does anyone see the hidden message?
"Flying Pig"
Now we know. Pink Floyd is behind all of this.
This obviously looks bad for the NSA, but it doesn’t look good for Petrobras either.
Right, a “handy little secret” that Petrobras wanted to keep to themselves. Nice to know that crony capitalism is alive and well in other countries too.
Re: Re:
Umm did you rtfa? Of course Petrobras knew. It was the seller.
Huh?
No one ever, ever said that NSA was not involved in general Intelligence gathering!
Terrorism was the justification (or excuse) *only* for gathering very broad data on private citizens, as distinguished from foreign governments, officials and institutions.
One of the problems with this issue is the failure of the media and many of the commentators to draw the simplest of distinctions. Another is apparent refusal to learn what the law is and the history of the issue.
It strains credulity to believe they are ***not*** engaging in corporate espionage
As an article in Mother Jones Magazine (to name one example) clearly indicated almost 20 years ago….
Given the plethora of examples demonstrating the complete disregard for the law (US Constitutional, international, privacy, and otherwise) on the part of the NSA, it would be naive to believe that cavalier attitude stopped at the boardroom doors.
“What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.”
-James Clapper
If the alleged felonious liar pinky swears and crosses his heart, while stating that this corporate espionage information will not be abused. Well, who are we to question his honesty, credibility, and integrity on such matters?
But… but… NSA needs to protect the children.
Dissidents
my bet is they are after dissidents,– anyone organizing resistance…
There’s a small fact that is going unnoticed here. Fantastico is a mainstream ‘news’ program that could be compared to the worst news parrot from Fox News and the likes. I’m Brazilian and I’ve been following politics and power long enough to know that Globo, the network behind Fantastico) is very, very biased towards what suits their interests. Just by watching their coverage on the recent protests this is made very clear. There’s also the cases of corruption from the current Federal Government (dubbed “Mensal?o”), mainly orchestrated and operated by politicians from the PT party (labor party, left winged). They got a shitload of attention but when the same issues happened with the right winged party (PSDB) they were “surprisingly” silent. They are also known to be pro-USA generally speaking.
I’m saying all this because if this made it into their main Sunday show that has a whole lot of audience then you can bet it’s damn critical AND it’s got enough mainstream outrage to justify showing.
It’s interesting indeed!
LIBOR rigging? HSBC?
Why didn’t the NSA step up to the plate and put a halt to the rigging of the London Inter-Bank Offering Rate that went on for years under their very noses?
How did they manage to miss the massive money-laundering HSBC did for drug cartels?
And what hiccup caused them to ignore HSBC’s part in illegal transfers to Iranian banks?
Who is being protected, and from whom?
Quid custodiet impossible custodes? Indeed.
Typo...
Aargh.
It’s “ipsos” not “impossible.” Durn newfangled idiot auto-complete.
Mission Creep
The NSA has the worst case of mission creep since Hitler took over the German Worker’s Party.
Catalyst
NSA using their power for economic espionage- in other words, politicians and bureaucrats helping their buddies in the petro-agri-war industry to deal their dirty business. Not surprising, really, since their money is all tied up in one big clusterf#@%.
Perhaps the media coverage of their dirtier business dealings will be what helps the world kick our fossil fuel dependence.
Wall Street got away with what they did (and do). NSA is getting away with what they did (and do). The US forgot how to We The People.
Hush Puppy
From novel “Enemies foreign and domestic” (Matthew Bracken):
“Hush puppy times two” meant that the recon team had taken care of the Edmondses? two watch dogs, with sound-suppressed weapons.
Blackmail is a lovely business model for those who can wield the process successfully among the wealthiest members of society, because the victims never report the crime and the payoff is always extremely large.
By knowing the “extra-curicular” activities of CEOs, politicians, lawyers, high-ranking gangsters, presidents and kings, via communications interception, one can easily push one’s own agenda internationally, by simply NOT telling what you know, and making your “targets” aware of what you’re not telling.
For a government to indulge in this type of high-stakes extortion is especially effective, as the capital gained is unrecorded and can be used for other less-than-legal operations without fear of oversight, and the results of the process take place in the real world as if they were entirely natural.
It is the favourite passtime of Organized Crime, in all of its myriad legitimate disguises.
That’s what the NSA wants you to think
Where is the evidence?
Where is the evidence in anything you wrote or the newspaper wrote that the NSA is engaged in economic spying, that is, spying on a company, an American economic competitor AND THEN handing the information gleaned to an American company so the American company can prevail, in bids, in contract negotiations, even employee recruitment or product development?
Because I looked for it in your story, but I saw no evidence of that at all.
It’s in the nature of spying that it can’t respect the artificial walls that divide one human-defined activity from another; they go where the spies are or could be without exception, subject only to judicial limitations (limitations which are being very poorly attended to, we all agree).
So far as I can tell, neither you nor Glen Greenwald nor Snowden have produced the smoking evidentiary gun which shows economic espionage has occurred here, except as you have defined it downward to mean- spying on business computers and networks.
This from a group of people who loudly decry trials during which flimsy charges with insufficient evidence are used to convict actually innocent people.