The Biggest NSA Whistleblower Ever
Jakari Jackson reports: NSA WHISTLEBLOWER: #39;WE #39;RE NO LONGER A COUNTRY WITH A GOVERNMENT, WE #39;RE A GOVERNMENT WITH A COUNTRY #39; ...

By: TheAlexJonesChannel

Continue reading here:

The Biggest NSA Whistleblower Ever - Video

Wikipedia Suing The NSA and The Large Hadron Collider Reborn - Downstream
Downstream is Al Jazeera #39;s weekly look at the top stories from the world of science and tech with Tarek Bazley. Join in on the conversation on Twitter: #AJDownstream In this episode (March...

By: Al Jazeera English

Read the original:

Wikipedia Suing The NSA and The Large Hadron Collider Reborn - Downstream - Video

The ability to hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies. Millions of machines contain basic BIOS vulnerabilities that letanyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSAs efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computers operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specializedoperating systems like Tailsused by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking toolby Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which theyre calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventuallystopped counting the vulns it uncovered because there were too many.

Theres one type of vulnerability, which theres literally dozens of instances of it in every given BIOS, says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few peoplehave applied them.

Because people havent been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker, he notes. We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they dont hear a lot about it being attacked in the wild.

An attacker could compromise the BIOS in two waysthrough remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moments access to a system to compromise it.

Link:

Hacking BIOS Chips Isnt Just the NSAs Domain Anymore

One of the most successful U.S. National Security Agency spying programs involved intercepting IT equipment en route to customers and modifying it.

At secret workshops, backdoor surveillance tools were inserted into routers, servers and networking equipment before the equipment was repackaged and sent to customers outside the U.S.

The program, run by the NSAs Tailored Access Operations (TAO) group, was revealed by documents leaked by former NSA contractor Edward Snowden and reported by Der Spiegel and Glenn Greenwald.

It was one of many revelations about the NSA that caused widespread suspicion that U.S. technology products shouldnt be trusted, even if companies strenuously denied helping the agency.

And it appears some Cisco Systems customers have since taken steps to prevent NSA tampering.

The company has shipped equipment to addresses that are unrelated to a customer, said John Stewart, Ciscos chief security and trust officer, on Wednesday during a panel session at the Cisco Live conference in Melbourne.

In theory, that makes it harder for the NSA to target an individual company and scoop up their package. But supply chains are tough to secure, Stewart said, and once a piece of equipment is handed from Cisco to DHL or FedEx, its gone.

Still, the risk of such tampering is pretty low for most customers. Cisco has been working on better ways for customers to verify the integrity of the systems it ships, but there will always be certain amount of risk that cant be mitigated, Stewart said.

If a truly dedicated team is coming after you, and theyre coming after you for a very long period of time, then the probability of them succeeding at least once does go up, Stewart said. And its because theyve got patience, theyve got capacity and more often than not, theyve got capability.

One of the leaked Snowden documents, dated June 2010, has two photos of an NSA interdiction operation, with a box that said Cisco on the side.

Originally posted here:

To avoid NSA, Cisco gear gets delivered to strange addresses

The National Security Agencys top lawyer has left the government and returned to private practice as a partner at Mayer Brown LLP in Washington D.C., running the firms global privacy and security practice.

Since 2012, Rajesh De served as the NSAs chief legal officer and principal legal adviser to its current director, Michael Rogers, and Mr. Rogerss predecessor, Gen. Keith Alexander.

At the NSA, Mr. De stood at the nexus between national security policy and law as the agency was dealing with the fallout from former agency contractor Edward Snowdens exposure of the governments broad-scale surveillance programs.

In an interview this week with the Washington Post, Mr. De declined to talk about Mr. Snowden, who was granted asylum in Russia, but told the paper that he believes that no person, a king or an IT guy, should consider themselves above our democratic system.

Before joining the NSA, Mr. De worked at the White House as staff secretary and deputy assistant to the president. He also served in the Department of Justices Office of Legal Policy. Before that, the Harvard Law School graduate was a partner at Mayer Brown.

With the rapid evolution of the cybersecurity landscape, its an exciting time to return to private practice, he said in a statement released by his firm.

See original here:

NSAs General Counsel Joins Mayer Brown