Arquivo da tag: Espionagem

A espionagem da Vale (Cartas da Amazônia)

Por Lúcio Flávio Pinto | Cartas da Amazônia – dom, 7 de jul de 2013

É legal ou legítimo que uma empresa privada tenha nos seus arquivos prontuários de pessoas que lhe interessam, incomodam ou são seus inimigos? Pois a Vale, a segunda maior mineradora do mundo, tem. Não se tratam de fichas, anotações ou clippings. A designação que a empresa deu a esses registros personalizados é mesmo de prontuários, consagrados pelo aparelho policial e tingidos de negro pelo aparato de repressão.

O batismo não deixa de ser um ato falhado, psicanaliticamente falando. O serviço de informações e inteligência da maior empresa privada do Brasil, da qual o país depende como nunca antes, é conduzido também por ex-agentes do serviço de informações do governo, novos ou mais antigos, remanescentes da era do SNI e integrantes da Abin, hibridismo da época da ditadura com a democracia.

A coordenadoria de serviços especiais corporativos, ligada à auditoria interna, subordinada, por sua vez, ao conselho de administração, foi criada em 2003. Seu objetivo era prevenir perdas e combater fraudes dentro da empresa. Parece que a princípio ela se circunscreveu a essa missão, mas logo deu início a atividades ilegais de espionagem, recorrendo a grampos telefônicos, quebra de sigilo bancário e invasão de privacidade. Além do pessoal próprio, utilizou consultorias privadas.

Em abril de 2010, a “atualização do prontuário do jornalista Lúcio Flávio de Farias Pinto” custou 10 reais à Vale. Não sei o que esse prontuário contém, mas já há um mau indício: colocaram um “s” excedente no meu sobrenome Faria.
Uma empresa do porte da Vale precisa ter o seu setor de inteligência. Ele cuida de informações e contrainformações para melhor atender a corporação na sua guerra de mercado, que envolve espionagem. Boicote e sabotagem, e nas relações com o mundo externo.

Mas desde que um ex-integrante desse serviço, o gerente de inteligência André Almeida, demitido em março deste ano por justa causa, repassou documentos que permitiram à revista Veja revelar os intestinos da mineradora, a questão é saber se a Vale atua dentro de limites legais ou os extrapola e viola, agindo como se fora uma entidade pública, com direito de exercer o poder de polícia.

Quando o Serviço Nacional de Informações, concebido pelo general Golbery do Couto e Silva, foi criado, logo depois do golpe militar de 1964, que derrubou o presidente João Goulart, Carlos Lacerda observou com maldade certeira que o SNI não funcionava às segundas-feiras. Nesse dia poucos jornais circulavam – e não os mais importantes. Os arapongas de então não podiam se armar de cola, papel e recortes de jornais para preparar seus relatórios e informes. Não havia o que cortar e colar.

Lacerda já estava avinagrado com seus ex-colegas de golpe, preocupado com a perspectiva de jamais se candidatar a presidente da república, a maior das suas aspirações, mas boa parte do trabalho de inteligência é feito assim mesmo, através de análises de informações correntes, sobretudo da imprensa.

Por sua própria razão de ser, o Estado vai muito além desse ponto, com seus agentes nas ruas, infiltrações e informantes, exercendo o poder de polícia que a sociedade lhe delega formalmente. Mas uma empresa privada pode agir assim? O regime democrático é compatível com esse procedimento?

A leitura de vários dos documentos vazados pelo informante da revista Veja não surpreende. Os arapongas da Vale também se baseiam em material da imprensa. Mas outros documentos dão a nítida sensação de que são produzidos por órgãos oficiais, não com o propósito legítimo de bem informar as autoridades públicas.

Estão contaminados pelo interesse de bisbilhotar, de invadir a privacidade alheia e de colocar etiquetas que definem e julgam os personagens visados, atribuindo-lhe carga de ilicitude e ilegalidade. Não é uma observação olímpica: o olhar discrimina o que vê como inimigos, merecedores, portanto, de punição. E assim eles são tratados.

A relação dos entes que estão sob a mira da inteligência da Vale compreende o MAB (que defende os atingidos por barragens), MST, Instituto Políticas Alternativas para o Cone Sul, Fase, Rede Brasileira de Justiça Ambiental, Instituto Rosa Luxemburgo, Forum Carajás, Campanha Justiça nos Trilhos, Conlutas, Movimento dos Atingidos pela Vale, CUT e Assembleia Popular, dentre outros.

A Vale não se restringe a acompanhar a movimentação dessas entidades: manda espiões se infiltrarem em suas atividades, com a missão de gravar, fotografar e anotar o que acontece. Foi assim que agiu em relação ao 1º Encontro dos Atingidos pela Vale, que acompanhou o lançamento da Caravana Minas, no Rio de Janeiro, em 2010.

Os líderes, identificados, foram acompanhados pelo olheiro, que também esteve ao lado dos participantes do encontro quando eles fizeram uma manifestação diante do condomínio de luxo em que morava o então presidente da Vale, Roger Agnelli, na rua mais famosa de Ipanema, a Vieira Souto.

As despesas com esse serviço custaram à Vale, em abril de 2010, 184 mil reais. Parte desse dinheiro foi gasto na inspeção de andares da sede da empresa, no Rio de Janeiro. O escritório Norte absorveu R$ 25 mil. Uma equipe básica II precisou de R$ 859 para cobrir o seminário “O Maranhão de volta ao século XIX: grandes projetos e seus impactos socioambientais”, em São Luiz. Um informante quilombola em Barcarena saiu por quase R$ 4,4 mil. Naturalmente, esse informante é um espião. Já os dois que atuam em Carajás e Parauapebas têm carteira assinada, cada um deles recebendo R$3,7 mil.

Um ano depois, em abril de 2011, o mesmo serviço pulou para R$ 230 mil, com itens semelhantes. Mas a presença na região norte, entre Pará e Maranhão, se tornou ainda mais forte: além do informante quilombola de Barcarena e dos dois agentes de Carajás/Parauapebas, surgiu um “colaborador e agente” em Marabá (a R$3,4 mil) e uma rede em Açailândia (R$ 1,6 mil).

Ao que tudo indica, o frenesi pela espionagem, interna e externa, abrangendo tanto aqueles considerados inimigos da empresa quanto seus funcionários, dirigentes e até acionistas, foi uma das marcas da gestão de uma década de Agnelli. Em março de 2012 as despesas do setor diminuíram ligeiramente, para R$ 224 mil, embora mantendo a mesma estrutura e reajustando os rendimentos das equipes.

Em setembro caíram mais, para R$ 197 mil. Talvez, quem sabe, desinflem para um patamar saudável – e, mais do que isso, legal. Mas para isso certamente é preciso iluminar as dependências sombrias da antiga Companhia Vale do Rio Doce, que permanece estatal nas suas estranhas impenetráveis.

Para dar consequência às denúncias, o MST e a Justiça nos Trilhos entregaram um pedido formal de investigação a várias instituições públicas. Mais recentemente, outra grande empresa, o consórcio que arrematou a hidrelétrica de Belo Monte, no Xingu, a maior obra em andamento no país, também foi flagrado em atividade de espionagem junto a grupos que se opõem à obra.

Esses dois são os exemplos mais graves. Quantos, porém, existem no desconhecimento público? A crescente promiscuidade entre os aparatos de segurança do governo e os das grandes corporações econômicas parece ser crescente, talvez tão acentuado quanto no período da ditadura, embora sem os mesmos objetivos, já que não há a repressão política aberta, estatizada.

Mas há uma circulação de pessoas entre os dois níveis de poder, desempenhando funções semelhantes ou, em muitas situações, numa distinção que inexiste, embora formalmente devessem ser separadas. O setor de segurança pública fornece quadros para a inteligência corporativa e vice-versa. Essa circulação é perigosa. As dependências desse aparato devem ser iluminadas e higienizadas.

Anúncios

NSA Prism program taps in to user data of Apple, Google and others (Guardian)

• Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook
• Companies deny any knowledge of program in operation since 2007
• Obama orders US to draw up overseas target list for cyber-attacks
Glenn Greenwald and Ewen MacAskill
The Guardian, Friday 7 June 2013
Prism

A slide depicting the top-secret PRISM program.

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program calledPrism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”

Several senior tech executives insisted that they had no knowledge ofPrism or of any similar scheme. They said they would never have been involved in such a program. “If they are doing this, they are doing it without our knowledge,” one said.

An Apple spokesman said it had “never heard” of Prism.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

PrismThe program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world’s largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan “Yourprivacy is our priority” – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

Prism 

The extent and nature of the data collected from each company varies.

Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers. The NSAdocument notes the operations have “assistance of communications providers in the US”.

The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.

When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

PRISM slide crop
The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.

The Prism program allows the NSA, the world’s largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

The presentation claims Prism was introduced to overcome what the NSAregarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a “home-field advantage” due to housing much of the internet’s architecture. But the presentation claimed “Fisa constraints restricted our home-field advantage” because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

“Fisa was broken because it provided privacy protections to people who were not entitled to them,” the presentation claimed. “It took a Fisa courtorder to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all.”

The new measures introduced in the FAA redefines “electronic surveillance” to exclude anyone “reasonably believed” to be outside the USA – a technical change which reduces the bar to initiating surveillance.

The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities’ requests.

In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.

The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming “access is 100% dependent on ISP provisioning”.

In the document, the NSA hails the Prism program as “one of the most valuable, unique and productive accesses for NSA”.

It boasts of what it calls “strong growth” in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was “exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype”. There was also a 131% increase in requests for Facebook data, and 63% for Google.

The NSA document indicates that it is planning to add Dropbox as aPRISM provider. The agency also seeks, in its words, to “expand collection services from existing providers”.

The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.

Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.

“The problem is: we here in the Senate and the citizens we represent don’t know how well any of these safeguards actually work,” he said.

“The law doesn’t forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can’t say and average Americans can’t know.”

Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.

When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.

When the NSA reviews a communication it believes merits further investigation, it issues what it calls a “report”. According to the NSA, “over 2,000 Prism-based reports” are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.

In total, more than 77,000 intelligence reports have cited the PRISMprogram.

Jameel Jaffer, director of the ACLU’s Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.

“It’s shocking enough just that the NSA is asking companies to do this,” he said. “The NSA is part of the military. The military has been granted unprecedented access to civilian communications.

“This is unprecedented militarisation of domestic communications infrastructure. That’s profoundly troubling to anyone who is concerned about that separation.”

A senior administration official said in a statement: “The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.

“The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.

“This program was recently reauthorized by Congress after extensive hearings and debate.

“Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.

“The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target.”

Additional reporting by James Ball and Dominic Rushe

Frankenstein Programmers Test a Cybersecurity Monster (Science Daily)

ScienceDaily (Aug. 27, 2012) — In order to catch a thief, you have to think like one.

UT Dallas computer scientists are trying to stay one step ahead of cyber attackers by creating their own monster. Their monster can cloak itself as it steals and reconfigures information in a computer program.

In part because of the potentially destructive nature of their technology, creators have named this software system Frankenstein, after the monster-creating scientist in author Mary Shelley’s novel,Frankenstein; or The Modern Prometheus.

“Shelley’s story is an example of a horror that can result from science, and similarly, we intend our creation as a warning that we need better detections for these types of intrusions,” said Dr. Kevin Hamlen, associate professor of computer science at UT Dallas who created the software, along with his doctoral student Vishwath Mohan. “Criminals may already know how to create this kind of software, so we examined the science behind the danger this represents, in hopes of creating counter measures.”

Frankenstein is not a computer virus, which is a program that can multiply and take over other machines. But, it could be used in cyber warfare to provide cover for a virus or another type of malware, or malicious software.

In order to avoid antivirus software, malware typically mutates every time it copies itself onto another machine. Antivirus software figures out the pattern of change and continues to scan for sequences of code that are known to be suspicious.

Frankenstein evades this scanning mechanism. It takes code from programs already on a computer and repurposes it, stringing it together to accomplish the malware’s malicious task with new instructions.

“We wanted to build something that learns as it propagates,” Hamlen said. “Frankenstein takes from what is already there and reinvents itself.”

“Just as Shelley’s monster was stitched from body parts, our Frankenstein also stitches software from original program parts, so no red flags are raised,” he said. “It looks completely different, but its code is consistent with something normal.”

Hamlen said Frankenstein could be used to aid government counter terrorism efforts by providing cover for infiltration of terrorist computer networks. Hamlen is part of the Cyber Security Research and Education Center in the Erik Jonsson School of Engineering and Computer Science.

The UT Dallas research is the first published example describing this type of stealth technology, Hamlen said.

“As a proof-of-concept, we tested Frankenstein on some simple algorithms that are completely benign,” Hamlen said. “We did not create damage to anyone’s systems.”

The next step, Hamlen said, is to create more complex versions of the software.

Frankenstein was described in a paper published online (https://www.usenix.org/conference/woot12/frankenstein-stitching-malware-benign-binaries) in conjunction with a presentation at a recent USENIX Workshop on Offensive Technologies.

The research was supported by the National Science Foundation and Air Force Office of Scientific Research.