Tuesday, December 31, 2013

Mish's Global Economic Trend Analysis

Mish's Global Economic Trend Analysis


Happy New Year (and Some British Humor)

Posted: 31 Dec 2013 06:44 PM PST

Looking for a laugh? Play the video below "Putting Out the Dog"



Link if video does not play: Mrs. Brown's Boys

Happy new year to you and your loved ones!

Wishing 2014 to be your best year ever.

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com

Apple Denies Working With NSA on iPhone Backdoors; NSA Toolbox Catalog; Celebrate the New Year: 1984

Posted: 31 Dec 2013 11:51 AM PST

Today Apple denied creating backdoors on the iPhone for the NSA to exploit. First let's review some articles that preceded the denial.

Within the last few days came numerous reports NSA Reportedly Has Total Access To The Apple iPhone.

Back in September, Der Spiegel online reported iSpy: How the NSA Accesses Smartphone Data

AppleInsider notes "New documents revealed on Monday show the U.S. National Security Agency has the capability of deploying software implants on Apple's iPhone that grants remote access to on-board assets like SMS messages, location data and microphone audio."

NSA Toolbox

Please consider Der Spiegel article Shopping for Spy Gear: Catalog Advertises NSA Toolbox by Jacob Appelbaum, Judith Horchert and Christian Stöcker.
After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.

According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency.

A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.

A 50-Page Catalog

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000.
Inside TAO

A second Der Spiegel article takes a look Inside TAO a top-secret National Security Agency team known as Tailored Access Operations.
In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410.

Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again.

It was thanks to the garage door opener episode that Texans learned just how far the NSA's work had encroached upon their daily lives.

An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry's BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a "sustained TAO operation," one document states.

Having Fun at Microsoft's Expense

One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers.



When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.

The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.
NSA Intercepts Packages to Install Bugs

The NSA does not stop there. The Verge reports NSA intercepts laptops purchased online to install spy malware before routing to the customer.

OK, but what is Apple's, Google's, and Microsoft's response as to whether backdoors are purposely built into the phones and computers?

Apple Denies Working With NSA

Today, Techcrunch reports Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Is Unaware Of Alleged DROPOUTJEEP Snooping Program.
Apple has contacted TechCrunch with a statement about the DROPOUTJEEP NSA program that detailed a system by which the organization claimed it could snoop on iPhone users.

Apple says that it has never worked with the NSA to create any 'backdoors' that would allow that kind of monitoring, and that it was unaware of any programs to do so.

Here is the full statement from Apple:

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security.  Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements.  Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.  We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.

The statement is a response to a report in Der Spiegel Sunday that detailed a Tailored Access Operations (TAO) unit within the NSA that is tasked with gaining access to foreign computer systems in order to retrieve data to protect national security.

Among these options was a program called DROPOUTJEEP — a program by which the NSA could theoretically snoop on 'any' Apple iPhone with '100% success'. The documents were dated 2008, implying that these methods were for older devices. Still, the program's detailed capabilities are worrisome.

Researcher and hacker Jacob Applebaum — the co-author of the articles, coinciding with a speech he gave at a conference about the programs — pointed out that the '100% success rate' claimed by the NSA was worrisome as it implied cooperation by Apple. The statement from the company appears to preclude that cooperation.

This year has been an eventful one for NSA spying program revelations. Apple joined a host of large companies that denied that they had been willing participants in the PRISM data collection system — but later revelations of the MUSCULAR program indicated that the NSA could get its hands on data by monitoring internal company server communications anyway. This spurred targets like Google and Yahoo to implement internal encryption.
Operations Muscular and Prism

Inquiring minds may also be interested in these Tech Crunch articles.

Operation "Muscular": NSA Infiltrates Google And Yahoo Networks

Operation "Prism": Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL And Apple Deny Participation In NSA PRISM Surveillance Program

Reflections on NSA Gag Orders

Unfortunately, the NSA has made it difficult or even impossible for companies to comment on precisely what the NSA requires of them.

Clearly these gag orders makes backdoor denials at least somewhat suspicious. 

Apples Files Suit

On November 5, Tech Crunch reported Apple Files With U.S. Government For More Information Request Transparency As It Releases First Report.
Today, Apple has released its first ever report on government information requests, detailing exact numbers of account information and data requests internationally. The report highlights how restrictive the rules are for Apple in the US, as only ranges of 1,000 are represented there.

[Mish note: the link does not work. Three possibilities - I highly doubt the first: Either the link was in error, Apple took it down for its own reasons, or the NSA forced Apple to take it down. Tech Crunch has some of the details.]

Apple also specifies the exact FBI letters and requests that it had to comply with. In the report, Apple goes into detail about what it would like to see changed about the process.

"This report provides statistics on requests related to customer accounts as well as those related to specific devices. We have reported all the information we are legally allowed to share, and Apple will continue to advocate for greater transparency about the requests we receive," the report states. "At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed."
Open Letter on Government Surveillance

Recently AOL, Apple, Facebook Google LinkedIn, Microsoft, Twitter, and Yahoo sent an Open Letter on Global Government Surveillance seeking reforms that would limit government authority to collect user information.

Will anything come of it? I highly doubt it.

Celebrate the new year: 1984 is here.

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com

France in Review: Perfect Track Record of Economic Ineptitude

Posted: 31 Dec 2013 01:09 AM PST

In 2013 France stood out as the perfect model of economic ineptitude. It's very difficult to be perfect at anything, even failure. France managed. Here are some headlines.

  1. December 19, 2013: 50 Foreign Companies Operating in France Sound the Alarm
  2. December 16, 2013: Sharp Decline in France PMI; Private Sector Employment Drops 21st Time in 22 Months
  3. December 10, 2013: French Industrial Output Drops Unexpectedly; France Finance Minister in Complete Denial; Expect the Unexpected
  4. December 04, 2013: Taxed to the Point of No Recovery; France Plans Tougher "Exit Tax"November 17, 2013: France Tax Revenues €5.5 Billion Lower than Expected; Poll Shows 92% Do Not Believe Hollande's Tax Promises 
  5. November 29, 2013: Montebourg Targets UGAP Over "Made in France" 
  6. November 03, 2013: "France is Not a Cash Cow"; Riots Over Ecotax Continue; Is Anyone Happy? 
  7. October 25, 2013: Made in France: Montebourg Ridiculed in Text and Pictures; France Goes After "Red Bull" Energy Drinks to Finance Social Security
  8. October 18, 2013: Still More France Economic Idiocies: New Rent Price Controls, Mandatory Rental Insurance, "Unfair Competition" Laws
  9. October 10, 2013: Law of Career Security: France's Minister of Digital Economy Orders Telecom Companies "to be Virtuous and Patriotic" and to Use Alcatel-Lucent to Prevent Layoffs
  10. October 03, 2013: France Vows to "Save the Bookstores", Fixes Price of Books, Bans Free Shipping by Amazon
  11. August 20, 2013: Socialist Delusion: France Promises Full Employment, a Third Industrial Revolution, an Affordable Housing Utopia in 10 Years
  12. May 31, 2013: Bad Weather in France to Blame For ...
  13. May 30, 2013: Simmering Feud Between France and Germany Erupts Into Verbal Warfare; France Tells Brussels to Shove It
  14. May 24, 2013: France Private Sector Implosion Continues
  15. May 15, 2013: Triple Dip Recession in France; It's Not the Weather
  16. May 11, 2013: Germany France Feud Erupts Again; German Central Bank Head Blasts France
  17. April 02, 2013: Hollande Orders Employers to Pay 75% Tax; Top Executives Join France Exodus
  18. March 21, 2013: Le Monde Headline "No, France is Not Bankrupt"
  19. March 12, 2013: Housing Construction in France Lowest in 50 Years; Hollande Responds With Measures to Support Building "For the Public Good"
  20. March 10, 2013: France Postpones Austerity and Deficit Targets for Rest of 2013
  21. February 27, 2013: France Unemployment Highest Since 1997
  22. February 21, 2013: France Sinks Further Into Gutter; PMI Accelerates to 4-Year Low; "Core" of Europe Now Consists of Germany Only
  23. February 19, 2013: Incredible Letter from CEO of Titan to France Minister of Industrial Renewal, Blasting French Unions and USA: "How Stupid Do You Think We Are?"
  24. January 28, 2013: Hard Times: Dijon France Sells Half of Prized Wine Collection to Help Those Appealing for Social Aid
I will post my thoughts (not just links) on the global economy shortly.

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com 

No comments:

Post a Comment