PRISM

For nearly a year, U.S. government officials have said revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures. Those officials haven't publicly given specific examples — but a tech firm based in Cambridge, Mass., says it has tangible evidence of the changes.

According to a new report to be released Friday by big data firm , a direct connection can be drawn: Just months after the Snowden documents were released, al-Qaida dramatically changed the way its operatives interacted online.

"We saw at least coming out with different organizations with al-Qaida and associated organizations fairly quickly after the Snowden disclosures," said Recorded Future's CEO and co-founder Christopher Ahlberg. "But we wanted to go deeper and see how big those changes were."

By "product releases," Ahlberg means new software. And for the first time, Recorded Future says, it can now codify just how big a change it was.

The company brought in a cyber expert, Mario Vuksan, the CEO of Reversing Labs, to investigate the technical aspects of the new software. Vuksan essentially reverse-engineered the 2013 encryption updates and found not only more sophisticated software but also newly available downloads that allowed encryption on cellphones, Android products and Macs.

To put that change into context, for years, al-Qaida has used an encryption program written by its own coders called Mujahideen Secrets. It was a Windows-based program that groups like al-Qaida's arm in Yemen and al-Shabab in Somalia used to scramble their communications. American-born radical imam Anwar al-Awlaki used it, too. Since Mujahideen Secret's introduction in 2007, there had been some minor updates to the program, but no big upgrades.

Ahlberg thought the fact that the group changed the program months after Snowden's revelations provided good circumstantial evidence that the former contractor had had an impact — but he wanted to see how much.

As it turns out, Recorded Future and Reversing Labs discovered that al-Qaida didn't just tinker at the edges of its seven-year-old encryption software; it overhauled it. The new programs no longer use much of what's known as "homebrew," or homemade algorithms. Instead, al-Qaida has started incorporating more sophisticated open-source code to help disguise its communications.

"This is as close to proof that you can get that these have changed and improved their communications structure post the Snowden leaks," Ahlberg said.

Others are less sure that you can draw a straight line from Snowden to the changes in al-Qaida's encryption program. Bruce Schneier, a technologist and fellow at the Berkman Center at Harvard, said it's hard to tell.

"Certainly they have made changes," Schneier said, "but is that because of the normal costs of software development or because they thought rightly or wrongly that they were being targeted?"

Whatever the reason, Schneier says, al-Qaida's new encryption program won't necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That's why he ended up resorting to couriers.

Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said.

"It is relatively easy to find vulnerabilities in software," he added. "This is why cybercriminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using."

The NSA, for its part, declined to comment.

Capt'n Midnight wrote: »

Smartphone apps that can detect vibrations can guess what keys are being pressed.

How paranoid do you want to be ?

Ever since The Intercept published this story about the US government's Terrorist Screening Database, the press has been writing about a "second leaker":

The Intercept article focuses on the growth in U.S. government databases of known or suspected terrorist names during the Obama administration.

The article cites documents prepared by the National Counterterrorism Center dated August 2013, which is after Snowden left the United States to avoid criminal charges.

Greenwald has suggested there was another leaker. In July, he said on Twitter "it seems clear at this point" that there was another.

Everyone's miscounting. This is the third leaker:

Leaker #1: Edward Snowden.

Leaker #2: The person that is passing secrets to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules. My guess is that this is either an NSA employee or contractor working in Germany, or someone from German intelligence who has access to NSA documents. Snowden has said that he is not the source for the Merkel story, and Greenwald has confirmed that the Snowden documents are not the source for the X-KEYSCORE rules. I have also heard privately that the NSA knows that this is a second leaker.

Leaker #3: This new leaker, with access to a different stream of information (the NTSC is not the NSA), who The Intercept calls "a source in the intelligence community."

Harvard Law School professor Yochai Benkler has written an excellent law-review article on the need for a whistleblower defense. And there's this excellent article by David Pozen on why government leaks are, in general, a good thing.

The data gathered by the unit included Palestinians’ sexual orientations, infidelities, money problems, family medical conditions and other private matters that could be used to coerce them into becoming collaborators, they said.

Rucking_Fetard wrote: »

"It's one of the biggest abuses we’ve seen," Bamford quoted Snowden as saying.

Jeez, it really is when you think about it. This has nothing to do with "protecting the country" blah blah, this is purly looking for dirt on people to get them to do your bidding.

Really should be more about this.

Laura Poitras’s closeup view of Edward Snowden.