U.S. hacker Kristian Erik Hermansen mailing list Noisebridge shared the experience of finding “under the hood” of U.S. intelligence services.

This is a rare but very valuable experience. Christian told what were the indicators of the ongoing effects of surveillance. At least, it was in his case.

For example, U.S. surveillance of the secret services carried out by means of so-called query NSL (National Security Letter) – without judicial procedures and queries to the prosecutor. Security services can start working any user at will, without any legal procedures, in accordance with the law of USA PATRIOT Act. A couple of days ago, a court declared unconstitutional NSL, and the powers of such documents for 90 days suspended, but may resume practice again on appeal. Electronic Frontier Foundation unsuccessfully fighting the NSL in 2005.

Having received the NSL, the provider gives information requested. By law, he has no right to tell the user about the fact of receipt of the letter NSL.

Kristian Erik Hermansen said that for him the first “bell” was the appearance of the menu on the Gmail website with a request to accept the Terms of Service. Almost ten years of using Gmail, he has never seen such a menu. Later, the attacker knew that in this way the company Google “warns, saying nothing” victims of surveillance. The company has no right to report the fact of obtaining NSL, but it has every right to always display a menu asking if the user accepts the agreement.

As explained to lawyers, if you suspect a security services in connection with terrorism, no amount of digital information can not be safe unless stored at home on of offline media in a securely encrypted. Even so, there is a risk that the security services can put a “bug” for personal electronic devices.

Kristian Erik Hermansen said that the stranger had access to his account Gmail, though it enabled two-factor authentication. When chatting online Google Talk reported that he had been online, but it was not. Hacker started getting letters from strange strangers with offers to sell oday-exploit, although he did not have any exploits. By then he had already discovered the fact of surveillance by the U.S. Secret Service, and realized that the agents are trying to extract from him the technical details.

When Hermansen returned from a trip to the country, one of his encrypted laptop was suddenly cleared, and RAID error occurred. He started calling people from unknown numbers at odd hours. The hacker did not quite understand why this tactic is used.

Looked through the contents of parcels sent in unknown before delivery. Not far from the house, a new police post.

Kristian Erik Hermansen – an expert in computer security, which has found a vulnerability in a public U.S. companies. Seems to have noticed suspicious activity, so the hacker sent to study. Fortunately, before the interrogation at Guantanamo is not reached, and it ended quite well. The Secret Service later told him that the surveillance was limited to only “electronic transactions”, it is quite legitimate, and all his personal information will be deleted after a short period of storage. Kristian though he doubts it, and mentions a strong technical illiteracy of field agents of the Secret Service. He even admits that for all of their communications can easily follow the foreign intelligence services, so that his personal information transmitted over insecure channels.

Links:

National Security Letters (NSLs)
The District Court’s Remarkable Order Striking Down the NSL Statute
National security letter: From Wikipedia

Advertisements