New details of NSA’s Ragtime program appear in leaked files

(Image: ZDNet)A leaked document shines new light on a surveillance program developed by the National Security Agency.
The program, known as Ragtime, collects the contents of communications, such as emails and text messages, of foreign nationals under the authority of several US surveillance laws.
More security news
New NSA leak exposes Red Disk, the Army’s failed intelligence system
Microsoft says ASLR behavior in Windows 10 is a feature, not a bug
Google torches this nasty Tizi Android spyware it found on Play Store
Hackers are exploiting Microsoft Word vulnerability to take control of PCs
Details of the program are held in the highest tiers of secrecy, known as exceptionally controlled information, with only a few NSA staffers having access to the program and its data.
There were four known versions, according to a 2013 book, released just months before the first documents published from the cache of documents leaked by whistleblower Edward Snowden. Ragtime-A is said to involve the US-based collection of foreign-to-foreign counterterrorism data; Ragtime-B collects foreign government data that travels through the US; and Ragtime-C focuses on the nuclear counterproliferation effort.
Another program stands for Ragtime-P, which is said to stand for the Patriot Act, which authorizes the collection of bulk metadata on calls and emails sent over the networks of telecom providers. A leaked court order showed Verizon was ordered to turn over customer call records to the NSA on a daily basis. Dozens of other companies have also been compelled to provide data for Ragtime.
But the Ragtime program has many more versions – including one that appears to involve Americans’ data.
The document was found buried in a virtual hard disk, discovered by UpGuard’s Chris Vickery.
The document seen by ZDNet, dated November 2011, shows the Ragtime program has eleven variants, including the four that were already known. The document alludes to Ragtime-BQ, F, N, PQ, S, and T.
黑客可以破解加密无线、建立假冒AP、使用ARP欺骗等等来发起中间人攻击,进而窃密和控制移动终端设备。小心啦!
The eleventh version refers to Ragtime-USP. “USP” is a common term used across the intelligence community to refer to “US person,” like a US citizen or lawful permanent resident.
Americans are generally protected from government surveillance under the Fourth Amendment. A few exceptions exist, such as if the secretive Washington DC-based Foreign Intelligence Surveillance Court, which authorizes the government’s spying activities, issues a warrant based on probable cause, such as if there is evidence of an American working for a foreign power.
But the NSA has long “incidentally” collected data on Americans, reports and research have revealed.
Ragtime dates back to 2002, according toa previously-leaked document. The program forms part of a wider collection of systems and databases under the STELLARWIND umbrella of warrantless surveillance programs, launched under the authority of then-president George W. Bush in response to the September 11, 2001 terrorist attacks. After a series of leaks in 2008 detailing the scope and breadth of STELLARWIND’s domestic collection capability, Congress limited the government’s surveillance powers.
Changes to the law had an immediate impact on the Ragtime program. Although the government was barred from collecting new metadata on Americans under Ragtime-P, the NSA retained the data. Analysts with clearance were still permitted to search the database.
Only a fraction of NSA staffers have the appropriate security clearance to access Ragtime’s databases. One previously leaked document says analysts must have special “need to know” clearance to access the data, and any information relating to Ragtime is restricted from being shared to foreign intelligence partners. The exception is Ragtime-C, which the new document implies a level of co-operation from the UK government.
The data stored in Ragtime’s databases is so sensitive that their very existence is compartmentalized. The clearance level for each Ragtime version, according to the document, is “unpublished,” in an effort to ensure that the programs themselves aren’t widely known about across the agency.
The NSA said in internal security guidance that unpublished classification markings are set for some programs “due to sensitivity and restrictive access controls.”
When reached, an NSA spokesperson declined to comment on Ragtime, or its purpose.
“In accordance with longstanding policy, the National Security Agency will neither confirm nor deny that any of the purported information referenced in the article has any connection to NSA or the US government,” a spokesperson said. “The National Security Agency is focused on the protection of the United States, its citizens, and our allies through around-the-clock pursuit of valid foreign intelligence targets.”
“The Foreign Intelligence Surveillance Act makes clear that, except in limited circumstances, NSA must obtain a court order, based on probable cause, from the Foreign Intelligence Surveillance Court to conduct electronic surveillance targeting a US person,” the spokesperson added.
News of the leak comes just weeks before Congress has to pass reforms or a reauthorization of the US government’s surveillance laws.
安全意识教育的目的可以简单定义为“所有的组织成员必须了解自己最基本的安全责任”或“组织成员必须了解组织所面临的信息安全威胁,并养成良好的使用习惯来防御这些风险并保护信息系统”。
Lawmakers have until the end of the year to pass a bill to ensure powers under the Foreign Intelligence Surveillance Act are put back in the law books, or the NSA risks losing those powers at the end of the annual intelligence cycle. These are the same powers that authorized the controversial PRISM program, which collects data from servers of internet giants, the massive bulk collection of internet traffic, and the government’s computer and network hacking powers.
Several bills have already been floated by members of both the House and Senate.
US intelligence chiefs are pushing for a permanent reauthorization of the surveillance powers, while privacy groups are fighting for greater transparency.
Several members of Congress have vowed to fight the reauthorization until they learn how many Americans are swept up in section 702 surveillance.
The government’s spy chief has so far refused to say what that number is.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
Related Topics:
Security TV
Data Management
离职员工通常会带走公司的重要文件,进而带来损失,我们必须加强用户和权限管理,只给用户完成其工作所需最少权限,另外还要及时停止离职员工的系统访问权限。

猜您喜欢

涪陵信息技术学校参加全国第五届职业院校数字校园建设交流研讨会
网络安全宣教动漫——揭密社工黑客
Cyber Security Law 网络安全法宣传视频系列001
遗产税来了?财政部给出了权威说法
ALLABOUTSPAM MYSPRINGHILLGARDEN
中国现在走出去或者到海外投资,要快也要稳,风险控管战略指导: