Sunday, 21 July 2013

Australian Pine Gap spy base contributes to NSA program codenamed X-Keyscore

Central Australia's Pine Gap spy base played a key role in the United States' controversial drone strikes involving the ''targeted killing'' of al-Qaeda and Taliban chiefs, Fairfax Media can reveal.
Former personnel at the Australian-American base have described the facility's success in locating and tracking al-Qaeda and Taliban leaders - and other insurgent activity in Afghanistan and Pakistan - as ''outstanding''.
A Fairfax Media investigation has now confirmed a primary function of the top-secret signals intelligence base near Alice Springs is to track the precise ''geolocation'' of radio signals, including those of hand-held radios and mobile phones, in the eastern hemisphere, from the Middle East across Asia to China, North Korea and the Russian far east.
This information has been used to identify the location of terrorist suspects, which is then fed into the United States drone strike program and other military operations.
The drone program, which has involved more than 370 attacks in Pakistan since 2004, is reported to have killed between 2500 and 3500 al-Qaeda and Taliban militants, including many top commanders.
But hundreds of civilians have been also killed, causing anti-American protests in Pakistan, diplomatic tensions between Washington and Islamabad and accusations the ''drone war'' has amounted to a program of ''targeted killing'' outside a battlefield.
This year, the Obama administration acknowledged four American citizens had been killed by strikes in Pakistan and Yemen since 2009.
The Taliban know we're listening but they still have to use radios and phones to conduct their operations; they can't avoid that, one former Pine Gap operator said. ''We track them, we combine the signals intelligence with imagery and, once we've passed the geolocation [intelligence] on, our job is done.
When drones do their job we don't need to track that target any more.''
The base's direct support of US military operations is much greater than admitted by Defence Minister Stephen Smith and previous Australian governments, new disclosures by former Pine Gap personnel and little-noticed public statements by US government officials have shown.
Australian Defence intelligence sources have confirmed that finding targets is critically dependent on intelligence gathered and processed through the Pine Gap facility, which has seen ''a massive, quantitative and qualitative transformation'' over the past decade, and especially the past three years.
The US will never fight another war in the eastern hemisphere without the direct involvement of Pine Gap,'' one official said.
Last week, secret documents leaked by US whistleblower Edward Snowden indicated Pine Gap also contributes to a broad US National Security Agency collection program codenamed ''X-Keyscore''.
Pine Gap controls a set of geostationary satellites positioned above the Indian Ocean and Indonesia. These orbit the earth at fixed points and are able to locate the origin of radio signals to within 10 metres. Pine Gap processes the data and can provide targeting information to US and allied military units within minutes.
Former US National Security Agency personnel who served at Pine Gap in the past two years have described their duties in unguarded career summaries and employment records as including ''signals intelligence collection, geolocation … and reporting of high-priority target signals'' including ''real time tracking''.
US Army personnel working at Pine Gap use systems codenamed ''Whami, SSEXTANT, and other geolocation tools'' to provide targeting information, warnings about the location of radio-triggered improvised explosive devices, and for combat and non-combat search and rescue missions.
Pine Gap's operations often involve sifting through vast quantities of ''noise'' to find elusive and infrequent signals. One former US Army signals intelligence analyst describes the ''collection and geolocation of an extremely hard to find target'' as a task that included ''manually sifting through hundreds of hours of collection''.
Last month Mr Smith assured Parliament that Pine Gap operates with the ''full knowledge and concurrence'' of the government.
He provided no details other than to say the facility ''delivers information on intelligence priorities such as terrorism, the proliferation of weapons of mass destruction, and military and weapons developments'' and ''contributes to the verification of arms control and disarmament agreements''.
The government is required by a number of agreements to consult with the US government before the public release of any new information about Pine Gap.
The federal government maintains a long-standing policy of not commenting on operational intelligence matters.

State Utilities Girding Their Cyber Defenses

Although the world enjoys unimagined accomplishments from digital communication, the dark side also compels our attention.
Cyber offense and defense are rapidly evolving forms of warfare. Our public utilities are among the targets foreign powers have penetrated. Our vital public services are vulnerable. U.S. national security leadership has seen the exercise of cyber probes and weaponry, some in overt military action and others, including foreign actions in the United States, more exploratory  "battlefield preparation," in military terms.
For public utilities and the states that regulate them, cyber threats risk denial of electricity, water, natural gas and telecommunications. Our state emergency managers include cyber threats in their portfolio of hurricanes, ice storms, other natural disasters and physical sabotage. Cyber threats present a new dimension to emergency management with potentially devastating consequences and without the certainty of adequate defenses.
The threats are serious and obviously unwelcome to utilities and their consumers, who have three basic interests at stake: assurance of high-quality service, resilient systems to deliver those services and reasonable cost. State regulators have enough work paying attention to all three, especially given aging infrastructure and the changes posed by cheap natural gas and the advent of renewable energy options. Hurricanes and the like already provide enough resiliency difficulties. What should state regulators do in light of this major challenge, which is a modern weapon, and therefore —- like other national security matters — appropriately in the hands of the intelligence community and military? Most utilities, and certainly Connecticut's larger utilities, take the threat seriously and manage protective systems, while intelligence officials are concerned by foreign penetration and the adequacy of our nation's utility security systems.
What should utilities spend to upgrade their defenses? To what extent should they engage one of our nation's greatest cyber assets — private sector firms — to assess and remedy security gaps?
The costs of defense are financial and social. Today, the cost of physical security — both systems and armed forces — at some nuclear generation facilities equals the cost of operations. Storm-related outages provoke public outrage over service interruption. How much more should the ratepayer contribute to cyber security, and how should the money be spent? How can state regulators determine where adequacy ends and unnecessary costs begin?
As for social costs, the tension between individual liberties and security is clearly at play. Stringent controls to thwart cyber disruption might significantly diminish civil liberties. The obviously unacceptable alternative of a police state would make us safer from cyber attacks. But how much risk can and should we accept to protect those freedoms that define who we are?
Firearms and automobiles have brought security and mobility, but the costs of death and suffering have compelled reckoning and regulation. Similarly, cyber threats are a dark side of the revolutionary life changes enabled by the computer, Internet and digital revolution. The possibility of a hacker or nation-state disabling a water system, gas pipeline or electric grid, or leaving us unable to communicate or access financial or health data, are real. The public deserves to know what the threats are, and how their government is responding.
We have work to do at all levels of government. At the federal level, we count on intelligence and defense officials to protect us — but also to communicate with us. Trust depends upon credibility and requires active, skilled management. Inadequate information and weak congressional oversight and partnership do not build public confidence.
State regulators cannot become national security officers to combat what is basically a national security challenge. But they can set standards, collaborate with public utilities and accept reasonable, well-designed expenses to enhance safety. Connecticut is intensifying its work with its public utilities, which long ago started their cyber defense programs and initiated planning for dealing with disruption. Several strengthening steps are possible, such as requiring utilities annually publish a statement from a reputable security company affirming (or not) that the company takes reasonable steps to ensure cyber security.
The most difficult adjustment lies with all of us — understanding and accepting the reality of cyber vulnerability and its unpredictable consequences. In the past, Americans have been able to take action, find reasonable solutions and do what makes sense without giving up the essential. We can do it with cyber, but it's time to kick into gear. The threat is real, and the work will be demanding

Snowden’s four-laptops story

In a letter to a former senator released this week, NSA leaker Edward Snowden swore that there is no way the Russian government can get any sensitive information from him despite the fact that he has been camped out in the Moscow airport for the past few weeks, carrying four laptops that he had supposedly used to lift the NSA’s secrets.
“No intelligence service not even our own has the capacity to compromise the secrets I continue to protect,” Snowden wrote to former senator Gordon Humphrey, R-N.H., in an email published by the Guardian. “You may rest easy knowing (that) I cannot be coerced into revealing that information, even under torture.”
At first glance, the message seems like more braggadocio from a man who has appeared to lay it on thick before, from his self-proclaimed ability to bug the president to his claims of being able to “shut down the surveillance system in an afternoon.” It’s widely assumed in both the business and the intelligence communities that any electronics brought into Moscow (or Hong Kong, for that matter) are going to be compromised by the country’s spy agency. Perhaps he is underestimating the technical prowess of the Russian security services; perhaps he is overestimating his own.
But there’s a third possibility: that Snowden is telling the truth. That there really is no way for him to give up any more information, other than the stuff in his head. Snowden may have left the United States with “four computers that enabled him to gain access to some of the U.S. government’s most highly classified secrets,” as the Guardian put it. But he may not have those secrets now. The laptops could very well be empty and the secrets could be somewhere else.
Ever since Snowden’s leaks began to appear in the press, Washington has been debating whether the former systems administrator is a whistleblower or some sort of spy. The latter position appeared to be radically strengthened when Snowden appeared in Hong Kong (where, presumably, the Chinese could get access to his laptops) and then in Moscow. Even if he didn’t willfully cooperate with the governments there, they would drain his laptops of every last file. If those files were encrypted, that might slow things down  but eventually, the secrets would be theirs.
The interpretation relies on Snowden, a veteran of a host of American intelligence agencies, being completely oblivious to Russia and China’s well-known capacities to hack or planning from the start to be an agent of a foreign power. Neither seems likely. Spies don’t ask for asylum in a couple dozen countries. And former counterintelligence pros like Snowden aren’t that out to lunch. As Snowden told Humphrey, “one of my specializations was to teach our people at DIA (Defense Intelligence Agency) how to keep such information from being compromised even in the highest threat counter-intelligence environments (like) China.”
Of course, the best way to keep that information from being compromised is not to have it at all.
The closer you look at the “four laptops” story, the more it seems like a ruse designed to keep spies in Washington and Moscow guessing. Why would Snowden need four computers to carry the NSA data when a portable hard drive the size of a hand can carry terabytes of information? Why would he hold on to such information when he knew he would be a target for Western intelligence agencies entities that “no one can meaningfully oppose,” as Snowden put it. “If they want to get you, they’ll get you in time.” Sure, the data could be a bargaining chip in a negotiation for political asylum. But what good is a bargaining chip, if it can be snatched from your hands?
The smarter play would be to give someone else that leverage to let one of Snowden’s interlocutors, like Glenn Greenwald or Laura Poitras, hold on to the data. Or to split it up among a dozen different players. Snowden’s team says they’ve already engineered a kind of digital dead man’s switch, which can release a torrent of sensitive information in case the United States engages in “extremely rogue behavior,” as Greenwald puts it. The metaphorical switch is designed to be flipped in Snowden’s absence, not his presence.
In a sane world, the contents of Snowden’s laptops would have legal ramifications. It’s a more serious violation of the Espionage Act to deliver classified information into the hands of a foreign power than it is to simply make off with secrets that could be used to hurt the U.S. (One is punishable by death, the other by 10 years in prison.) But this world isn’t always sane. On Thursday, a military judge allowed Wikileaker Bradley Manning to be charged with “aiding the enemy,” since Osama bin Laden might have read one of the documents he disclosed on a news site. Whatever is on Snowden’s computers, he’s likely to face harsh punishment if he ever returns to the United States.
But there could be consequences in the way Snowden and future leakers is perceived, depending on whether his laptops are empty or full. Past U.S. government whistleblowers have already worried publicly that Snowden could damage the cause of tomorrow’s crop allowing them to be branded them as traitors because Snowden supposedly put American secrets in Vladimir Putin’s hands. What if he had no more secrets to give?