Written by Manish Sahu | Lucknow | Updated: August 17, 2017 2:22 am Among the three accused, Bhura alias Israil and Khalil alias Leelu have been in prison since June 26, while Inaam was sent to jail on July 23. Police are yet to file a chargesheet in the case. (File/Representational)

THE MUZAFFARNAGAR district administration has invoked the National Security Act (NSA) against three people arrested in June-July under the UP Cow Slaughter Act and various other charges. The accused are lodged in the district jail.

Station House Officer (SHO) of Janshath police station, Kamal Singh Chauhan, said: A recommendation was made to District Magistrate (Muzaffarnagar) G S Priyadarshi, requesting to invoke the NSA on the three accused along with a report containing details of the case. The request was accepted and I served the order invoking the NSA against the accused in Muzaffarnagar district jail on August 14.

Priyadarshi confirmed that the NSA had been invoked against the accused on the police recommendation.

Among the three accused, Bhura alias Israil and Khalil alias Leelu have been in prison since June 26, while Inaam was sent to jail on July 23. Police are yet to file a chargesheet in the case.

According to Chauhan, on the morning of June 24, police received information about the slaughter of a cow at Katka village. A team rushed to the spot, where the accused allegedly fired at them, injuring a constable. The police team, however, managed to nab Bhura and Khalil, residents of the neighbouring Khedi Firozabad village, added Chauhan.

The SHO further said that the team recovered flesh, skin and body parts of a bullock, knives used for slaughtering the animal and a country-made pistol from the spot. A bullock was also found tied with a rope near the spot, he added.

A case was lodged against Bhura, Khalil and others under the UP Cow Slaughter Act, the Prevention of Cruelty to Animals Act, the Arms Act and sections 148 (rioting, armed with deadly weapon) and 149 (common object) of the IPC.

The flesh seized from the place was not sent for lab tests as the district veterinary officer had visited the spot immediately after the raid. He had confirmed the meat as that of a bullock. Parts of the animals body as tail, skins and horns too had confirmed it was a bullock, said Chauhan.

On July 22, another accused, Inaam, was arrested from his house in the Kakroli area in Muzaffarnagar, the SHO added.

The superintendent of Muzaffarnagar district jail Arun Saxena said the NSA report has been received by the prison.

In June, DGP Sulkhan Singh had issued directions to take strict action against those involved in cow slaughter, smuggling of cows and their progeny by invoking the NSA and the Gangsters Act against them. The DGP had clarified that the district magistrate and police chief can decide what action needs to be taken after taking into consideration the gravity of the situation.

For all the latest India News, download Indian Express App

Link:

Muzaffarnagar: NSA against three held under cow slaughter Act - The Indian Express

Bareilly (Uttar Pradesh) [India], Aug 16 : After a Madrasa in Bareilly did not adhere the state government's order on singing the national anthem on Independence Day; Bareilly's Divisional Commissioner P.V. Jaganmohan said that charges can be slapped on the seminary under the National Security Act (NSA).

Speaking to , Jagmohan said, "So far on Independence Day every school, government organisation and Madrasa abided to the rule which had been initiated. But the Madrasa which did not sing national anthem will be probed and National Security Act (NSA) can be imposed against them. Only after finding solid proof about anti-national activities we will probe this matter in details".

Earlier in week, the Bareilly district magistrate, R. Vikram Singh, had issued a statement that said the refusal to sing the national anthem may lead to a law and order situation and any person or organisation doing so will attract action under section 144 of Code of Criminal Procedure (CrPC) if he or she hampers proceedings during singing/reading of national anthem or asks them not to respect it.

The Jamiat-ur-Raza Madrasa in Bareilly came under the radar after refraining from singing the national anthem and video-recording the day's events. Nearly 1,000 students of the Madrasa, before ending the day shouted "Humara Hindustan zindabad" and broke into 'Sare Jahan Se Accha'.

This came even as some madrasas sang the national anthem and said they had no problem doing so.

Original post:

UP: NSA likely against Madrasa over not singing national anthem on Independence Day - Outlook India

'He Sat On This': Judge Nap Reacts to Reports Obama Knew Russian Meddled in 2014

Antifa Protester: Trump's Denouncement of White Supremacists 'Too Little Too Late'

Former National Security Administration Technical Director Bill Binney told Tucker Carlson he has data showing that the Democrats' narrative regarding Russia hacking the DNC and 2016 election are untrue.

Binney, a member of Veteran Intelligence Professionals for Sanity (VIPS), said the story spread around the mainstream media that Russia is at fault can't necessarily be proven.

He said that during a prior Chinese hack of government systems, NSA agents were able to use "trace route programs" to track the "packets" of information back to a specific building in Shanghai.

Binney said that could be the reason Democrats did not want the FBI to look at their systems- ostensibly because they may not trace back to Russia.

He said a major file that was allegedly hacked from the DNC server was 1,976 megabytes in size and was transmitted in only 87 seconds.

"You made the point that it was moved too fast [that it] couldn't have gone out over the internet," Tucker Carlson surmised.

Binney said it likely was instead transmitted to a storage device.

"Many people are emotionally tied to this agenda, to tie the Russians to president Trump," Binney said.

He said that VIPS is nonpartisan and "tries to look at... the facts."

Watch more above.

Krauthammer: 'Shocking' Trump Didn't 'Reflexively' Call-Out Neo-Nazis on Saturday

Protesters Assemble in Front of Trump Tower Awaiting the President

See the article here:

Former NSA Technical Dir: Dems' Russia Hacking Story Likely Bogus - Fox News Insider

Aug 14, 2017-

In a decision that would shock country's swimming community, Nepal Swimming Association (NSA) has introduced a regulation barring swimmers from participating in more than four events, which according to NSA insiders serves a sole purpose to deny national teenage swimming sensation Gaurika Singh from participating in multiple events.

NSA intends to implement this new regulation in the upcoming National Swimming Championships scheduled to begin from August 17.

The National Swimming Competition organising committee under Vice Chairman Gita Rana, also a lawmaker, announced the competition dates and the regulation that would bar swimmers from participating in more than four events. The organising committee said such move was aimed at making the competition more inclusive.

Keeping in view the inclusiveness in the sport, we have introduced the regulation that no players will be allowed to participate in more than four events so that only one player will not win all the events, said NSA officials during a press meet on Sunday.

The final date for the submission of event participation form was August 26 and Singh had submitted application for entry form at the NSA, National Sports Council and Sports Ministry.

NSA, however, has also gone a step further and is mulling postponement of the national event in a bid to discourage the youngest Olympian in the history of the sport from participating in the competition. However, the association has not taken a final decision on the event postponement issue.

The associations one of a kind regulation is almost unheard in the swimming world.

Singh, 14, has 30 national records to her name and her competitors fear diving into the same pool with her as some of her timings fare much better even than her national male counterparts.

During the 12th South Asian Games, Singh won a record 4 medalsone silver and three bronze to better her own national recordat the age of 14.

Gaurika, who currently lives with her parents in London, England, arrived in Nepal on August 2 to take part in the national competition. Singh had reached the finals of English Age Group Championship and British Open Water Championship back in England but opted not to take part in it and instead fly to Nepal for the national competition.

Meanwhile, FINA (International Swimming Federation), the regulatory body for administering international competition in water sports, has no such regulation and allows athletes to participate in any events they wish to, even in the Olympics.

Katie Ledecky of the United States had won six medals at the World Swimming Championships that was held on July 30 in Hungary and legendary swimmer Michael Phelps also had won eight gold medals in the Beijing Olympics.

Likewise, in Nepal Karishma Karki had secured 12 gold medals in the 5th edition of national championships and and Shirish Gurung had claimed 14 gold medals in the 7th National Swimming Championships.

Similarly, Singh, during the 19th edition of the national swimming competition had won 8 gold and 1 silver medals along with national record in her belt at the age of 11 and on the 20th swimming championship she had won 6 gold medals.

Meanwhile, Paras Bahadur Singh, Gaurikas father, has said that they may be compelled to search for other options if NSA keeps on obstructing Gaurikas participation in national events.

Gaurika has achieved so much for the country in a small age, said Paras, For her (Gaurika) Nepal and swimming matters the most but if the association keeps on creating hurdles then we have to look for other options as well.

Published: 14-08-2017 13:34

Read more from the original source:

NSA enforces regulation in bid to restrict Gaurka Singh's participation in multiple events - The Kathmandu Post

Following the news this that Fancy Bear the hacking group allegedly responsible for the Democratic National Committee (DNC) hack last year is using the leaked NSA EternalBlue exploit that was used for the WannaCry and NotPetya attacks to target the hospitality industry across Europe and the Middle East. Chris Wysopal, Co-Founder and CTO atVeracodecommented below.

Chris Wysopal, Co-Founder and CTO at Veracode:

After the havoc that arose from the WannaCry and NotPetya attacks, its not surprising that notorious cyber gangs are finding new ways to use the NSAs EternalBlue exploit to support their criminal activities. The EternalBlue exploit has been shown to be extremely effective at spreading malware infections to other unpatched Microsoft systems.

Microsoft has indicated that a number of different versions of Windows are vulnerable to the EternalBlue exploit, even those currently receiving support. It is imperative that IT teams from all businesses across all industries ensure that the version of Windows that they are using is not vulnerable to EternalBlue and, if so, take the necessary steps to remediate it. With three attacks using this exploit having occurred over just the past few months, were likely to see cybercriminals continuing to deploy it until devices are patched and it is no longer an effective vector for them to spread malware.

Visit link:

FancyBear Use Leaked NSA WannaCry Exploit To Target Hospitality Industry - ISBuzz News

Print Sunday 13th August, 2017 Accra, Aug. 11, GNA - StarTimes, official Broadcaster of the Ghana Premier League, on Friday, met the leadership of the National Sports Authority (NSA). The StarTimes delegation held fruitful discussion with the Director General of the NSA, Mr. Robert Sarfo Mensah concerning the development of sports in the country. As part of StarTimes' aim of getting involved in promoting all sports in Ghana,

Accra, Aug. 11, GNA - StarTimes, official Broadcaster of the Ghana Premier League, on Friday, met the leadership of the National Sports Authority (NSA).

The StarTimes delegation held fruitful discussion with the Director General of the NSA, Mr. Robert Sarfo Mensah concerning the development of sports in the country.

As part of StarTimes' aim of getting involved in promoting all sports in Ghana, the NSA boss was consulted to partner the dream.

According to the Country Director of StarTimes, Leo Hao, sports must have a new look in Ghana.

"It is our dream to help grow Ghana sports.

"We want a successful collaboration that will see all sports get a better face lift as we are committed to grow sports in all aspects."

Mr. Sarfo Mensah was delighted to meet the StarTimes delegation and confirmed his office's readiness to partner them.

"My office wants to give Ghana sports the best, in terms of development.

"We are actually preparing to host the National Sports Festival, where more talents will be identified and nurtured. "

"I am very glad to have you and am confident that we can together promote Ghana sports," he noted.

GNA

Read the original here:

StarTimes pay courtesy call on NSA boss - Ghana News Agency

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Your message has been sent.

There was an error emailing this page.

A Russian government-sponsored cyberespionage group has been accused of using a leaked NSA hacking tool in attacks against one Middle Eastern and at least seven European hotels in order to spy on guests.

Why reinvent the wheel, or a hacking tool, when the NSA created such an effective one? The NSAs EternalBlue was leaked online by the Shadow Broker in April. Now the security firm FireEye says it has a moderate confidence that Fancy Bear, or APT28, the hacking group linked to the Russian government and accused of hacking the Democratic National Committee last year, added EternalBlue to its arsenal in order to spy on and to steal credentials from guests at European and Middle Eastern hotels.

In a campaign aimed at the hospitality industry, attackers leveraged a malicious document in spear-phishing emails. The hostile hotel form, which Microsoft Threat Intelligence Center General Manager John Lambert tweeted about in July, appeared to be a hotel reservation document. If macros were allowed to run on the computers used by the hotel employees who opened it, then Fancy Bears Gamefish malware would be installed.

Fancy Bear, according to a report by the security firm FireEye, used novel techniques involving the EternalBlue exploit and the open source tool Responder to spread laterally through networks and likely target travelers. Once inside the network of a hospitality company, APT28 sought out machines that controlled both guest and internal Wi-Fi networks.

The Gamefish malware would download and run EternalBlue to spread to computers which were connected to corporate and guest Wi-Fi networks. After gaining access, Fancy Bear deployed Responder which listens for broadcasts from victim computers attempting to connect to network resources. Responder, FireEye explained, masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine.

Its definitely a new technique for Fancy Bear, FireEyes cyber espionage researcher Ben Read told Wired. Its a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.

While FireEye didnt observe business travelers credentials being stolen via hotel Wi-Fi networks in July, the security firm cited a similar hotel attack by Fancy Bear in 2016.

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

The latest hotel attacks, FireEye added, is the first time we have seen APT28 incorporate this exploit [EternalBlue] into their intrusions. While the investigation is still going on, FireEye told Reuters it is moderately confident that Fancy Bear is behind the attacks. We just don't have the smoking gun yet.

The targeted hotels were not named, but were described as the type where valuable guests would stay. FireEye told Wired, These were not super expensive places, but also not the Holiday Inn. Theyre the type of hotel a distinguished visitor would stay in when theyre on corporate travel or diplomatic business.

FireEye wants travelers, such as business and government personnel, to be aware of the threats like having their information and credentials passively collected when connecting to a hotels Wi-Fi. While traveling abroad, high value targets should take extra precautions to secure their systems and data. Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible. Wired suggested the safest approach for travelers is to bring their own hotspot and altogether skip connecting to the hotels Wi-Fi.

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Sponsored Links

Read more from the original source:

Russian hackers used NSA's leaked EternalBlue exploit to spy on hotel guests - CSO Online

Sugar Grove, West Virginia was, by the accounts of its residents, a fine place to live until the Pentagon shuttered the sprawling naval base that sustained the town for decades leaving it with a state secret as its sole remaining attraction. A new documentary film by director Elaine McMillion Sheldon, a longtime chronicler of West Virginian life, visitsSugar Grove after the base was decommissioned and being auctionedoff, and traces the abiding shadow of a nearby National Security Agency facility still looming over the town.

The film is embedded above.

Antennae at the NSA listening post, codenamed TIMBERLINE, were built to capture Soviet satellite messages as they bounced off the moon, imbuing a pristine stretch of Appalachia with a sort of cosmic gravity. Residents lived with the knowledge that something was hidden away on a hilltop above the town, even if it was something they could never know. TIMBERLINEs mission has, to say the least, changed in the intervening years, as submarine-laid internet cables have become a greater priority for American spies than foreign satellite communication.

TIMBERLINE remains operational, but the facility, known to locals as the off-limits Upper Base, was never what kept Sugar Grove alive. The towns heart was the sprawling Lower naval base that served as a robust employer and de facto community center until the Sept. 11 attacks, when residents say even the Navy gym and recreational areas theyd always enjoyed were sealed up, like forbidding TIMBERLINE. Sheldons film reveals a parcel of the country thats dealing not just with a faltering economy and collapsed job base hardly unique to Sugar Grove but also with a legacy thats literally unspeakable. One of the only moments the film captures of anyone talking about the NSAs presence in Sugar Grove comes from a General Services Administration auctioneer Kristine Carson in a vacant naval gymnasium. Asked about the Upper Base, Carson notes, with a small smile, Its underground, I understand. Of course I cant speak to that.

Top video: The film is directed and produced by Elaine McMillion Sheldon/Field of Vision.

Go here to read the rest:

Film: The Tiny West Virginia Town Haunted by an NSA Secret - The Intercept

Im beginning to wonder: Has Americas NSA has been too busy with spying on Americans to bother with North Korea and their nukes?

It was Bill Clinton, of course, who fixed the North Korean problem by paying them not to build nukes. Perhaps there was some language confusion, and they thought the money was to build nukes. That seems to be what happened. Maybe thats why Hillary was supposed to become president? To pay North Korea more to not build more nukes.

With the Obama administration, the NSA became fully weaponized as the tool of choice to conduct opposition research and provide the necessary blackmail evidence to destroy any non-elitist candidate who might still have thought that the NSAs targets were rogue regimes rattling nukes or stirring chemical weapons in other parts of the world.

Perhaps the real targets were always Americans; or rather, Americans with whom the reigning political party disagreed. As I asked at the beginning of Obamas reign of domestic terror, why would anyone expect Chicago politics to be any different once it moved from Chicago and into the White House?

The CIA and the FBI also wanted to get into the game of picking winners by destroying the competition. Both the CIA and the NSA had their entrails handed to them by their own leakers, who placed our software espionage tools Americans had paid billions of dollars to develop onto hacker sites worldwide. These organizations must be a complete joke among Russian, Chinese and probably North Korean intelligence agencies.

Or maybe the tools were intentionally released by NSA and CIA. Maybe those organizations wanted plausible deniability when variants of their tools were used to plant evidence on a political suspects computer. To change the texts or email contents. Whos to know who actually did the deed? The agency? The hackers? Or another agency battling for budgetary power against one with compromised code?

Maybe the FBI generates its warrants by using illegal intercepts from these agencies. Maybe they lie to the secret courts that issue the warrants. Is that where the FBIs warrants for Manafort came from? The Constitution is so burdensome by requiring evidence of a crime and descriptions of what is to be seized. Under constitutional law, it would be overly difficult for the administration in power to prevent a new one from winning the next election. Is that the real reason Hillary was convinced she couldnt lose?

If we had a Congress that was worth a penny on the dollar of what we actually pay for it, that congress would cancel its summer town-hall lovefests (its not an election year), go back to the Capitol and when they arrived begin discussing the amount of rope to buy and where to build the gallows. A coup is no less a coup because it is being conducted in secret. This behavior wont end until those perpetrating it are brought to justice.

Why are big media and the deep state so close together in the tank for this coup? Did they have something else in mind for America besides another election? Stop braying at the ideological idiots writing the news and the talking fools discussing it. The real problem is well above them in the organizations sponsoring this domestic terror. Its time for some housecleaning in the executive offices. These are publicly traded companies responsible to the public for their actions.

Paging Congress paging Congress.

The rest is here:

North Korea, nukes and NSA - WND.com - WND.com

WASHINGTON, D.C.The Electronic Frontier Foundation (EFF) asked the Supreme Court to review and overturn an unprecedented ruling allowing the government to intercept, collect, and storewithout a warrantmillions of Americans electronic communications, including emails, texts, phone calls, and online chats.

This warrantless surveillance is conducted by U.S. intelligence agencies under Section 702 of the Foreign Intelligence Surveillance Act. The law is exceedingly broadSection 702 allows the government to conduct surveillance of any foreigner abroadand the law fails to protect the constitutional rights of Americans whose texts or emails are incidentally collected when communicating with those people.

This warrantless surveillance of Americans is unconstitutional and should be struck down.

Yet the U.S. Court of Appeals for the Ninth Circuit, ruling in U.S. v. Mohamud, decided that the Fourth Amendment doesnt apply to Americans whose communications were intercepted incidentally and searched without a warrant. The case centered on Mohammed Mohamud, an American citizen who in 2012 was charged with plotting to bomb a Christmas tree lighting ceremony in Oregon. After he had already been convicted, Mohamud was told for the first time that information used in his prosecution was obtained using Section 702. Further disclosures clarified that the government used the surveillance program known as PRISM, which gives U.S. intelligence agencies access to communications in the possession of Internet service providers such as Google, Yahoo, or Facebook, to obtain the emails at issue in the case. Mohamud sought to suppress evidence gathered through the warrantless spying, arguing that Section 702 was unconstitutional.

In a dangerous and unprecedented ruling, the Ninth Circuit upheld the warrantless search and seizure of Mohamuds emails. EFF, the Center for Democracy & Technology, and New Americas Open Technology Institute filed a petition today asking the Supreme Court to review that decision.

The ruling provides an end-run around the Fourth Amendment, converting sweeping warrantless surveillance directed at foreigners into a tool for spying on Americans, said EFF Senior Staff Attorney Mark Rumold. Section 702 is unlike any surveillance law in our countrys history, it is unconstitutional, and the Supreme Court should take this case to put a stop to this surveillance.

Section 702, which is set to expire in December unless Congress reauthorizes it, provides the government with broad authority to collect, retain, and search Americans international communications, even if they dont contain any foreign intelligence or evidence of a crime.

We urge the Supreme Court to review this case and Section 702, which subjects Americans to warrantless surveillance on an unknown scale, said EFF Staff Attorney Andrew Crocker. We have long advocated for reining in NSA mass surveillance, and the incidental collection of Americans private communications under Section 702 should be held unconstitutional once and for all.

For the petition: https://www.eff.org/document/mohamud-eff-cert-petition

For more on Section 702: https://www.eff.org/document/702-one-pager-adv

For more on NSA spying:https://www.eff.org/nsa-spying

See the original post here:

EFF Urges Supreme Court to Take On Unconstitutional NSA Surveillance, Reverse Dangerous Ruling That Allows ... - EFF

A new report states categorically that the Democratic National Committee (DNC) was not hacked by Russiansor anyone elseas frequently alleged by the mainstream media, liberal intelligentsia and anti-Trump politicians.

The Nations Patrick Lawrence wrote a lengthy review of the findings made by various computer experts formerly with the NSA. Published this week, the left-wing magazines report notes two bases for their conclusion: (1) hard science shows that a remote hack of the DNC servers resulting in the breach that actually occurred would have been technologically impossible; (2) forensic review of the initial Guccifer 2.0 documents proves that they are poorly-disguised cut-and-paste jobsforgeriesintended to finger Russia.

Lawrence, by way of the experts findings, concludes that the so-called hack was actually an inside job by someone with internal access to the DNCs computer network. In other words, the DNC has (or had) a leak.

The report mostly relies on the work ofVeteran Intelligence Professionals for Sanity (VIPS), which was founded in 2003 in order to push back against the false claims of Iraqi WMD emanating from the second Bush White House. Despite mostly being ignored by the media so far, VIPS diligently set to work on unraveling the cocoon of misinformation surrounding Russiagate and the DNC hack narrative.

Four members of VIPS are currently concentrating on the task. They are: (1) William Binney, the NSAs former technical leader who also designed many of the programs now in use by the agency; (2) Kirk Wiebe, a former senior analyst with the NSAs SIGINT Automation Research Center; (3) Edward Loomis, the former technical director at the NSAs Office of Signal Processing; and (4) Ray McGovern, former chief of the CIAs Soviet Foreign Policy Branch.

First, VIPS noted, the NSA has the technical prowess to root out exactly what happened because their publicly known programs alone are capable of capturing any and all electronic transfers of data. As VIPS noted,If NSA cannot produce such evidenceand quicklythis would probably mean it does not have any.

Thats a drum VIPS has been beating for awhile, but, of course, thats not hard evidence. There simply wasnt much of anyuntil very recently. Those recent documents undergird the reports first contentionthe technological impossibility of the DNC breach having been a long-distance hack. Lawrence describes the impossibility like this:

The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNCs server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second. These statistics are matters of record and essential to disproving the hack theory. No Internet service provider, such as a hacker would have had to use in mid-2016, was capable of downloading data at this speed.

What is the top possible speed? Somewhere around 16 megabytes per second. According to Skip Folden, a former IBM program manager and independent analyst, 22.7 megabytes per second is beyond unlikely under the circumstancesunless youre downloading the files directly using a storage device like a USB drive. He said:

A speed of 22.7 megabytes is simply unobtainable, especially if we are talking about a transoceanic data transfer. Transfer rates of 23 MB/s are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance. Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when using a USB2 flash device (thumb drive).

As to the reports second contentionthat the Guccifer 2.0 documents were tainted to cast curious eyes toward RussiaFolden notes that a simple peeling away of the documents top layer of metadata shows the sloppy and intentional misattribution.

The report is lengthy and doesnt stop there. Lawrence notes multiple additional problems with the now-broken narrative: CrowdStrike is essentially an arm of the DNC itself; Dmitri Alperovitch, CrowdStrikes co-founder and chief technology officer is consumed by Russophobia; the FBI has never once examined the DNCs servers by themselves; that famousIntelligence Community Assessment breathlessly reported as the cumulative work of 17 national security agencies was actually the work of three hand-picked analysts.

Lawrence even raises the possibility that Guccifer 2.0 was a whole-cloth creation of the DNC used to deflect away from the leaks contents and send everyone scrambling to find Russians underneath all the nations laptops and ashtrays.

That question, for now, will have to remain unanswered, but it looks like the official story is swiftly crumbling away.

[image via Shutterstock]

Follow Colin Kalmbacher on Twitter: @colinkalmbacher

Original post:

BOMBSHELL: NSA Experts Say DNC 'Hack' Was Actually a Leak and Inside Job - LawNewz

Enlarge / Part of a booby-trapped Microsoft Word document that was sent to multiple hotels. Once infected, computers would attempt to compromise other computers connected to the same network.

FireEye

A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday.

Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

In the earlier attack, the APT 28 members used a hacking tool dubbed Responder to monitor and falsify NetBIOS communications passed over the infected networks.

"Responder masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine," the FireEye researchers wrote. "APT 28 used this technique to steal usernames and hashed passwords that allowed escalation of privileges in the victim network." The researchers continued:

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

We cannot confirm how the initial credentials were stolen in the 2016 incident; however, later in the intrusion, Responder was deployed. Since this tool allows an attacker to sniff passwords from network traffic, it could have been used on the hotel Wi-Fi network to obtain a users credentials.

The attack observed in July used a modified version of Eternal Blue that was created using the Python programming language and later made publicly available, Fire Eye researchers said in an e-mail. The Python implementation was then compiled into an executable file using the publicly available py2exe tool.

Fancy Bear used a spear phishing campaign to distribute a booby-trapped Microsoft Word document to several unnamed hotels, FireEye said. Once a computer was infected, it attempted to infect other computers connected to the same Wi-Fi network.

See original here:

Russian group that hacked DNC used NSA attack code in attack on hotels - Ars Technica

StarTimes and the NSA boss Hon. Robert Mensah

StarTimes, official Broadcaster of the Ghana Premier League, met the leadership of the National Sports Authority on Friday.

The StarTimes delegation held a fruitful discussion with the NSA boss Hon. Robert Sarfo Mensah concerning the development of sports in the country.

As part of StarTimes' aim of getting involved in promoting all sports in Ghana, the NSA boss was consulted to partner the dream.

According to the country director of StarTimes, sports must have a new look in Ghana.

"it's our dream to help grow Ghana sports."

"We want a successful collaboration that will see all sports get a better face lift as we are committed to grow sports in all aspects."

NSA Boss Robert Sarfo Mensah was delighted to have the StarTimes delegation and confirmed his office's readiness to partner StarTimes.

"My office wants to give Ghana sports the best in terms of development."

"We are actually preparing to host the National Sports Festival where more talents will be identified and nurtured. "

"I am very glad to have you and confident that we can together promote Ghana sports."

Read more from the original source:

StarTimes pay courtesy call on NSA boss - Ghanasoccernet.com

Weve reported for months on the frightening Obama Administration unmasking scandal and other Obama deep state efforts to sabotage the new Administration and undermine the Constitution and what we are doing about it.

The momentum is starting to shift.

Recent reports show that President Obamas National Security Advisor Susan Rice is being implicated in the unmasking scandal and leaking disgrace which is being exposed for what it is. We sent a Freedom of Information Act (FOIA) request to the National Security Agency (NSA). They ignored it, so we took them to federal court our second federal lawsuit against the NSA in the past few months.

Reports just this month reveal that Samantha Power President Obamas Representative to the United Nations is believed to have requested hundreds of so-called unmaskings of United States persons.

You read that right, President Obamas U.N. Representative is believed to have made hundreds of unmasking requests.

According to the Washington Free Beacon:

Former United Nations Ambassador Samantha Power is believed to have made hundreds of unmasking requests to identify individuals named in classified intelligence community reports related to Trump and his presidential transition team, according to multiple sources who said the behavior is unprecedented for an official in her position. . . .

Efforts by the former Obama administration to obtain the names of Trump allies included in raw intelligence reports have fueled speculation that subsequent leaks to the press were orchestrated by the former administration and its allies in a bid to damage the current White House and smear Trumps most senior confidantes.

House Intelligence Committee Chairman Devin Nunes, in a recent letter to Director of National Intelligence Daniel Coats, expressed the Committees findings, and alarm, that senior government officials offered remarkably few individualized justifications for access to this U.S. person information.

He went on:

For example, this Committee has learned that one official, whose position had no apparent intelligence-related function, made hundreds of unmasking requests during the final year of the Obama Administration. Of those requests, only one offered a justification that was not boilerplate and articulated why that specific official required the U.S. person information for the performance of his or her official duties.

That person, the one whose position had no apparent intelligence-related function, is believed to be Obama U.N. Representative, Samantha Power.

This is outrageous and despicable.

Interestingly, her attorney denied that she committed any of the leaks, but did not deny that she was the one implicated in the Washington Free Beacon report and Chairman Nunes letter.

Sometimes whats not said is more important than what is.

In the midst of misinformation and doublespeak, the ACLJ is pressing forward to get to the bottom of this latest shocking and embarrassing story, and to keep the pressure on to hold this lawless behavior accountable.

Today we took our next big step.

We sent what is now our third FOIA request to the NSA, seeking:

records pertaining to any and all requests former United Nations Ambassador Samantha Power made to National Security Agency (NSA) officials or personnel regarding the unmasking of the names and/or any other personal identifying information of then candidate and/or President-elect Donald J. Trump, his family, staff, transition team members, and/or advisors who were incidentally caught up in U.S. electronic surveillance.

We laid out several specific requests to make sure we cover all possible angles. Heres one example:

All records, communications or briefings created, generated, forwarded, transmitted, sent, shared, saved, received, or reviewed by any NSA official or employee, where one communicant was former United Nations Ambassador Samantha Power, including any communications, queries or requests made under an alias or pseudonym, and another communicant was the Director of the National Security Agency, the Chief of the Central Security Service, SIGINT production organization personnel, the Signals Intelligence Director, Deputy Signals Intelligence Director, or the Chief/Deputy/Senior Operations Officers of the National Security Operations Center, or any other NSA official or employee, referencing, connected to, or regarding in any way communication, request, query, submission, direction, instruction, or order, whereby Samantha Power sought access to or attempted to access SIGINT reports or other intelligence products or reports containing the name(s) or any personal identifying information related to [various individuals connected to President Trump] whether incidentally collected or otherwise . . . .

In the mean time, Attorney General Sessions recently announced that his Department of Justice is stepping up the investigations into illegal leaking. This is something weve been calling for and we applaud his announcement.

The momentum continues to build, and the ACLJ will stay at the forefront of the battle to protect the Constitution, defend our national security, fight government corruption, and demand accountability. We must preserve the integrity of our nations intelligence and national security apparatus. If we fail, the consequences would be devastating. Join us. Sign our Petition today.

Read the original post:

You read that right, President Obama's UN Representative is believed to have made hundreds of unmasking requests. - American Center for Law and...

These digital currencies might make fiat currencies look good. Thats how bad they are. Peter Schiff

Until proven otherwise, , and all cryptocurrencies for that matter, are faith-based currencies, just like the U.S. dollar or any other fiat currency. Instead of full faith and credit of the U.S. Government, cryptocurrencies require full faith in blockchain technology. The Daily Coin posted an interview with Ken Schortgen of The Daily Economist in its revealed that: The NSA developed blockchain technology and released the information in a white paper that has been uncovered by Ken Schortgen, Jr., The Daily Economist LINK. The white paper can found here: How To Make A Mint: The Crytotography Of Anonymous Electronic Cash NSA, Cryptology Division, June 18, 1996.

Built to be skeptics, we have been wondering why Governments and Central Banks tolerate Bitcoin and all of the other cryptos if indeed the cryptos are the digital equivalent of the gold standard. As it turns out, the NSA de facto has the ability to hack crypto blockchains. We are certain the NSA is not the only entity globally with that ability. Furthermore, the cryptocurrencies are absorbing a lot of fiat currency that likely would otherwise be flowing into gold and silver. It reminds us of GLD (NYSE:) and SLV, both of which have absorbed billions of institutional cash into two black hole vaults that have yet to withstand a bona fide independent audit.

In this episode of we bravely shred the Bitcoin and cryptocurrency mystique, which are more emblematic of the global asset bubble than a suitable substitute for gold and silvers monetary function:

Read more from the original source:

The Bitcoin Bubble: Hidden Risks And The NSA - Investing.com

Move over, Pixar theres a new CGI creature in town, and he comes from the most unlikely of places, the National Security Agency. Of the federal government agencies that youd expect to have an anthropomorphic mascot dedicated to reducing environmental waste, the NSA is probably near the bottom of the list.

The mascot, Dunk, became public knowledge in 2015, thanks to a menacing NSA tweet the agency sent to publicize its green efforts.

That effort included a school initiative teaching children how to conduct awaste audit, categorize trash, and figure out how effective they were at properly disposing of trash. Yes, the NSA wanted children to go snooping through trash, which seems almost too on the nose to be true. So youre asking me, hey Dunk, what is a waste audit? Well, youre going to dig through all of the trash in your school and then youre going to analyze it, the blue beastintonedin his nasal voice. Youll need to identify the types of trash making up the waste stream of your school and the amounts of each type of trash, by weight and volume.

Upon learning of Dunk, I submitted a Freedom of Information Act request for any communication and documents related to the development of Dunk. More than two years later, the NSA came through with a handful of unclassified documents.

On August 22, 2008, a graphic-design coordinator sent an email with the subject line, (U) Quick Idea. Attached was a file called recycle idea.pdf, which contained preliminary sketches for two waste-disposal bins with faces and arms. One is a round, green recycling bin, for soda cans and such; the other is an orange dumpster labeled WOOD ONLY thats disposing of a pallet. The slogan: Think Before You Throw.

The initiative was put on hold until the graphic-design coordinator returned from leave in early September. The next email exchange that the NSA included begins on October 1, when a waste-and-recycling manager inquires about the Dunk program. Just wanted to know if weve made any further progress Let me know

Two days later, the Dunk we all know and love appears in a file simply titled dunk.pdf, courtesy of the same graphic-design coordinator. Hes now a blue, rectangular recycling bin, who throws trash through a hole in the top of his head, rather than eating it via his mouth. Does the trash give him energy? What happened to his dumpster friend? Why is he called Dunk when hes clearly lobbing the trash?

The final page included in the NSAs response is the final Dunk, now with fancy purple shorts. The picture is not dated, but its presumably the type of office posting that is placed right over the trash bins. Years before Dunk was telling kids to dig through the trash, he was telling NSA workers to be mindful of their waste habits.

Think before you throw! the NSA warns. I mean, thatd be crazy, right? Imagine if your stuff ended up in the wrong place, and someone you didnt intend got ahold of it and used it improperly. Thatd be so embarrassing!

Commonly held best practices for password safety are going out the window.

Nothing (rose) gold can stay.

Including sweatproof, noise-canceling, and foldable versions several under $50.

How an actual person became a bot overnight.

Weve got your John Tucker Must Die sequel right here, folks.

Think before you throw.

We finally know who wrote the infamous document.

Because what the world needs right now is obviously another way to leave your friends on read.

The one about the media wanting him in a noose is really something.

A leaked internal document called the wage gap a myth and laid out all the reasons men are treated unfairly.

Weve heard this argument before.

How to eke a few more minutes out of your battery before everything goes dark.

Its called Stamp.

Including one for $250.

We might be getting a frowning poop emoji to go with the smiling one.

Robbie Tripp is getting owned on Twitter after posting a gushing Instagram about how much he loves his wifes curvy body.

The CMS wasnt cutting it.

It was only after a drivers dashboard went up in spontaneous flames that the company decided to do something.

Read the original here:

I FOIA'd the NSA's Recycling Mascot, and Now I Have More Questions Than Answers - New York Magazine

The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons the NSA/CYBERCOM dual-hat system (pursuant to which the Director of NSA/CSS and Commander of CYBERCOM are the same person). The report deserves attention, but also some criticism and context. Heres a bit of all three.

1. What is the dual-hat issue?

If you are new to the dual-hat issue, or in any event if youve not closely followed the developments of the past year, please read this recent post for an introduction and overview.

2. What was GAOs bottom line? Did they recommend keeping or abolishing the dual-hat?

Neither. The report does not purport to answer that question. It is, instead, no more no less than an attempt to convey the DOD perspective (and only the DOD perspective) on the pros and cons of keeping the dual-hat structure (as well as identifying some mitigation steps).

3. What method did GAO use to determine DODs perspective?

GAO did three things:

a. It reviewed documents previously generated by CYBERCOM and by the Joint Staff to educate their own leadership on the pros and cons.

b. It sent out questionnaires to various DOD components (with relevant responses received from CYBERCOM, 6 combatant commands, 4 combat support agencies, and 3 OSD offices, plus a collective response for DOD produced by DODs CIO); and

c. It conducted interviews with personnel from CYBERCOM, DOD CIO, and NSA/CSS.

4. Anything wrong with that methodology?

Not if your goal is to convey only DODs perspective. And to be fair, that was GAOs stated goal. But this approach is problematic.

One of the issues driving the dual-hat debate involves the tension that arises between intelligence-collection equities (which NSA would be inclined to favor) and disruption equities (which CYBERCOM would be inclined to favor), in the scenario in which access to enemy-controlled system could be used for either purpose. As a result, the Intelligence Community has a stake in this question. GAO should have reached out for input from ODNI in particular (and it also is odd that GAO only included NSA in one of the three methods mentioned above).

GAO might respond that its terms of reference were DOD-specific. Thats clearly true for certain other parts of the GAO report in question, dealing with other topics. Its less clearly the case with the dual-hat portion of the report. But even if it is, it does not follow that GAO could not include in its report any reference to possibly-competing perspectives from the IC. Indeed, I would go further and say it was a big mistake not to do so, for it was perfectly foreseeable that this report would be taken by many (especially the media) as conveying a general assessment of the dual-hat issue rather than just a DOD-specific summary of opinions, no matter how many caveats are given.

5. Fine, but it is what it is. So lets look at what GAO actually reported, starting with the three pros favoring preservation of the dual-hat arrangement. The first one asserts that the dual-hat promotes coordination and collaboration between NSA and CYBERCOM. Comments?

At bottom, this is a claim that having a common boss makes it relatively easy to collaborate when it comes to developing exploits and sorting out when and how they are used. That makes sense, and is consistent with conventional wisdom on the dual-hat situation.

6. The second pro is about how the dual-hat solves the deconfliction challenge mentioned above, but whats really interesting here is what the report implies about how that challenge would otherwise have to be managed.

As noted above, the need to deconflict when collection and disruption equities compete is a big part of this story. Here, GAO acknowledges that the status quo provides a ready-made solution. So far, so good. What is really interesting, though, is the comment GAO then makes regarding what would happen in such cases of tension in the absence of the dual-hat.

Tellingly, the report observes that, in that case, deconfliction issues would have to be taken to the Secretary of Defense and/or Director of National Intelligence for resolution (emphasis added). I love the use of and/or in that sentence. It perfectly captures a critical point: absent a dual-hat, there has to be a new deconfliction system, and yet the lead contenders for that role each have a dog in the fight. Let me expand on that a bit.

Assume we decide to end the dual-hat system, without first settling on a new deconfliction system. What then? In that case, CYBERCOM usually will win over NSA. Why? Think about it. NSA wants to use existing access to keep collecting, but CYBERCOM wants to use it to disrupt the platform. If NSA barrels ahead with its preference, nothing really changes; the target remains operational and the enemy is none the wiser, hopefully. But if CYBERCOM barrels ahead with its preference, in most instances that will shut down the target (or at least make it clear to the enemy that the target has been penetrated); no more collection at that point. NSA will lose such battles, except when DIRNSA manages to see the issue coming and gets someone over CYBERCOMs head to make them back off.

Sounds like we would need a formal system to replace the dual-hat for deconfliction then. But what would that look like? If the solution is to charge the DNI with making the call, CYBERCOM wont likely be happy. If the solution instead is to charge SecDef (or USD(I) or the like), NSA (and DNI) wont likely be happy. If the solution instead is to convene a committee of some kind with stakeholders from both sidesand that committee works by majority votethen the same problem arises (unless you find some third-party player, like the National Security Adviser, to ensure there is not a tie and that the IC and military have equal voting power).

The point being: this issue needs serious attention. I dont doubt a decent solution can be developed, but care must be taken lest we stumble into the default scenario mentioned above.

7. The third pro involves the efficient allocation of resources, but its really about the idea that NSA makes CYBERCOM possibleand that reminds us that the dual-hat isnt going away soon.

The third pro noted by GAO is that the dual-hat facilitates NSA and CYBERCOM sharing operational infrastructure (translated: hacking tools, accesses, staging servers, personnel, etc.), as well as the infrastructure for training. Of course, its pretty much a one-way street; this traditionally is all about NSA sharing its expertise with CYBERCOM as it has stood up. Legislation currently forbids separation of the dual hat until DOD can certify that CYBERCOM is truly ready to operate independently. Thats supposed to be the case by September next year, but of course its one thing to say it and quite another to achieve it.

8. Turning now to the cons, GAO introduces the idea that the dual-hat may give CYBERCOM an unfair advantage over other commands.

This one was phrased very carefully. Without saying that this problem already exists, GAO says that CYBERCOM thinks that other commands are worried that the dual-hat may in the future unduly favor CYBERCOM requests for NSA support over the requests that come from other military commands. This is an interesting twist on the more-familiar concern that military equities in general will trump collection equities. This is military-vs-military instead. At any rate, again note that it is framed as speculation rather than a current observation. That might be politeness, or it might really be purely speculative. You really cant tell from the GAO report (see my last point below, on whether any of the reports observations have strong evidentiary foundations).

9. The second con GAO lists is a bombshell: The dual-hat creates [i]ncreased potential for exposure of NSA/CSS tools and operations.

Wow. In an almost cavalier way, the GAO report links the dual-hat issue directly to the fierce, ongoing debate over the security of NSAs tools, a topic that goes to the very heart of NSAs mission. Because of the importance of that latter debate, GAOs assertion will constitute a heavy thumb on the scale in favor of separating the dual-hat, if it catches on. Time will tell if it will. For now, lets just take a closer look at the claim.

First, here is what GAO says on the subject:

The dual-hat command structure has led to a high-level of CYBERCOM dependence on NSA/CSS tools and infrastructure. According to NSA/CSS officials, the agency shares its tools and tactics for gaining access to networks with a number of U.S. government agencies, but CYBERCOMs dependence on and use of the tools and accesses is particularly prevalent. CYBERCOMs dependence on NSA/CSS tolls increases the potential that the tools could be exposed.

Lets parse the two claims here.

Does the dual-hat create CYBERCOM dependence on NSA, as the first sentence indicates? I think that has things backwards. As noted in the prior con, CYBERCOM badly needed NSA at first, and still needs it to no small extent. Thats not caused by the dual-hat. It is caused by lack of capacity. The dual-hat has been part of the solution to that need. Perhaps DOD meant to convey a different point: that keeping the status quo has become a crutch that prevents CYBERCOM from pressing faster to build its own capacities. That makes more sense.

Does CYBERCOM use of NSA tools and accesses (i.e., exploits and penetrations) increase the risk of their exposure? Put that way, the answer must be yes. Every instance of use of any exploit or access creates a new opportunity for others to discover it, and so the risk must go up each time (you might say each use increases the exposure surface). But note that weve just put the question in a non-nuanced way, without any attempt to quantify the degree of increase in the risk, let alone to place it in context with offsetting benefits or with reference to mitigation strategies for this problem. All that emerges from the GAO Report is the bottom line: CYBERCOM relies on NSA tools ostensibly because of the dual-hat, and therefore the dual-hat increases the risk of those tools getting loose. And any suggestion that a policy exacerbates that risk is bound to draw attention.

The possibility of loose NSA tools has become a flashpoint for debate, in a manner that threatens for better or worse to create new limits on the ability of NSA to develop or keep certain capacities (particularly knowledge of zero-day vulnerabilities). NSA received a substantial black eye when a Russian intelligence agency the mysterious entity identifying itself as the Shadowbrokers somehow acquired a cache of NSA-created exploits and then began dumping them publiclyespecially after one of those exploits was used in connection with WannaCry and NotPetya. Both WannaCry and NotPetya received a vast amount of media attention, much of it pinning the blame in large part on NSA. This fueled arguments to the effect that NSA should not be allowed to create or preserve such tools (or at least that current procedures for balancing the competing equities involved (building NSAs collection capacity, vs improving the security of commercially-available products) should be altered significantly so as to reduce NSAs capacities in this area).

That argument was out there before WannaCry and NotPetya broke, in fact, but once those stories broke it received a strong boost from Microsoft. As this June piece in the New York Times from Nicole Perlroth and David Sanger underscores, this perspective has gained considerable momentum with some in private industry, Congress, and foreign governments. Just this morning, former NSA Deputy Director Rick Ledgett wrote a post here at Lawfare fighting back against this argument, highlighting how important the issue is.

Whether you agree or disagree with this argument, you no doubt can appreciate how it has made the government acutely sensitive to questions about the security of NSAs tools. As a result, the argument that the dual-hat creates significant security risks for those tools has the potential to have an outsized impact on the dual-hat debate. Which is a good thing, if the argument is a persuasive one. Unfortunately, the GAO report does not come anywhere close to giving us enough information to judge the matter. And yet this part of the report grabbed headlines in some quarters (see this piece in NextGov, titled GAO: Keeping NSA and CyberCom Together Makes Hacking Tool Leaks More Likely).

10. The next con listed by GAO: NSA and CYBERCOM are too much for any one person to manage.

Thats a familiar and serious concern, and it is unsurprising that it arose here. It is entangled to some extent with the deconfliction issue, of course, but at the end of the day being Director of NSA and Commander of CYBERCOM both concern vastly more than deconfliction.

11. The next con on the list? Strangely, its the deconfliction issue, which we already discussed above as a pro for the dual-hat. What gives?

It is telling that the deconfliction issue pops up both as a pro and a con. As noted above, the dual-hat is a good thing for deconfliction insofar as one thinks there ought to be a single decision-maker who takes both collection and disruption equities seriously. But here we now see the flip-side of the argument, as GAO reports that personnel from both NSA and CYBERCOM (including a senior-level official) told GAO that the dual-hat leads to increased tension between NSA and CYBERCOM staffs, because their respective collection and disruption missions may not always be mutually achievable.

You know what Im going to say, I suspect. The tension is caused by the combination of incompatible missions and shared tools/accesses. Thats not the dual-hats fault. The dual-hat is one solution to resolving the tension. As I have noted here, there clearly is a view in some circles that the fix is in with the dual-hat, in favor of NSAs collection mission. Maybe thats right, maybe its not. But at any rate, listing the dual-hat as a con here seems to be a reflection of that perspective.

12. The last con on the list has to do with difficulties in tracking expenditures the NSA makes on behalf of CYBERCOM

This may well be a very important issue, but it seems to me the sort of thing to be addressed through improved procedures, and should not matter much in deciding whether to keep the dual-hat.

13. How strong is the evidence supporting the various pro and con claims?

I recommend caution. We get a description of GAOs methods, as noted above, but of course we do not also get the underlying documents, interview notes, etc. And the reports narrative on each point is exceedingly thin, no longer really than what Im providing here. Note, too, my earlier observation that GAO does not appear to have sought the views of ODNI, and only sought NSA views to a limited extent. None of which is to say that any of the observations are incorrect, of course.

Originally posted here:

Separating NSA and CYBERCOM? Be Careful When Reading the GAO Report - Lawfare (blog)

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

At the outdoor hacker camp and conference SHA2017, which is taking place in the Netherlands, NSA whistleblower William Binney gave the talk, How the NSA tracks you.

As a former insider, Binney knew about this long before Snowden dropped the documents to prove it is happening. Although he didnt say anything new, Binney is certainly no fan of the NSAs spying he calls the NSA the New Stasi Agency. If you are no fan of surveillance, then his perspective from the inside about the total invasion of the privacy rights of everybody on the planet will fuel your fury at the NSA all over again.

In todays cable program, according to Binney, the NSA uses corporations that run fiber lines to get taps on the lines. If that fails, they use foreign governments to get taps on the lines. And if that doesnt work, theyll tap the line anywhere that they can get to it meaning corporations or governments wont even know about the taps.

The companies are involved at the next step the PRISM program, which includes collection directly from the servers of U.S. service providers. However, Binney said PRISM is the minor program when compared to Upstream, which includes collecting data from the taps on fiber-optic cables in hundreds of places around the world. Thats where they are collecting off the fiber lines all the data and storing it.

PRISM was for show-and-tell purposes, to show Congress and courts what the NSA was doing and to say we have warrants and are abiding by the laws. Upstream was the one that allowed the NSA to take everything off the line.

Regarding worldwide SIGINT, CNE (computer network exploitation) was the big one. Implants in hardware or software, lets say switches or servers, make them do anything they want because the NSA pwned them.

That feeds the NSAs Treasure Map, which provides a map of the entire internet in near real-time; any device, anywhere, all the time every minute of every day. As Binney put it, So its not just collecting what youre saying encrypted or not but its also monitoring where you are when you do it.

Treasure Map is also how intelligence agencies use GPS from cell phones to target drone attack victims. Binney noted there are at least 1.2 million people on the drone hit list.

He also mentioned the programs that include the input of all phone data, fixed, mobile, satellite any kind of phone which both the FBI and CIA can directly access so that when they want to see who did what, they have an index, all, to everything they ever said in their database.

All the data is collected without warrants so its a basic violation of the rights of every human, Binney said.

He also covered how other agencies can directly access the NSAs data, Five Eyes, CIA, FBI, DEA and DIA. The police can access it via the FBIs system.

The NSA could choose to look at the right targets, but doesnt. The NSA may collect it all, but thats not the same as intelligence, as understanding all of what was collected. If you use one of the hot keywords in an email, for example, it will get flagged for review. But planned attacks happen because analysts are so buried beneath the data they cant see the attacks coming. Binney previously tried to convince the U.K. that bulk data kills people.

While all this data isnt helping to stop attacks, having all the data gives the intelligence community the power to manipulate anyone they want. Its like J. Edgar Hoover on super steroids all the collected data gives intelligence agencies the means to target anyone. Then parallel construction is used after the fact to go back and build a separate basis for an investigation to cover up the fact that the data was obtained unconstitutionally.

Before taking questions from conference attendees, Binney pointed out an icon on a slide as a teaser to his startup, which will advise on ways you can do privacy and security by design. He came to Europe, since they cant get anything done in the U.S. The U.S. and U.K. are too dense to realize it can be done it also goes against their agenda for more money, power and control.

Can we expect more NSA employees to blow the whistle? Perhaps, but the people in power there are corrupt, Binney said. During the portion of the talk when attendees could ask questions, he talked about how the NSA has employed a lot of introverts, people with ISTJ personalities, making them easy to threaten. Binney added that the See Something, Say Something (about your fellow workers) program inside the NSA is what the Stasi did. Theyre picking up all the techniques from the Stasi and the KGB and the Gestapo and the SS; they just arent getting violent yet that we know of internally in the U.S.; outside is another story.

Originally posted here:

NSA whistleblower discusses 'How the NSA tracks you' - CSO Online

When Americas enemies hide behind closed doors, the best military strategy could be stealthily picking the lock under the cover of night. Or it could be blowing the door to smithereens with an M203 in broad daylight.

Same goes for electronic warfare: some situations requires finesse, others demand brute force.

That, as much as anything, explains why the Pentagon is planning to separate U.S. Cyber Command from the National Security Agency the two entities that have the most influence over Fort Gordon and, by extension, Augustas fledgling cyber economy.

If the split happens as expected in the coming years, the impact would be a positive for Augusta. More on that later.

First, some background: The nearly decade-old Cyber Command focuses on digital warfare and oversees Army Cyber Command, which is gradually being moved from Fort Belvoir, Md., to a 324,000-square-foot facility under construction next to NSA-Georgias massive cryptologic center at Fort Gordon, which gathers intelligence from Europe, Africa and the Middle East.

Cyber and NSA directives differ, but both report to the same commander, Admiral Michael S. Rogers.

Cyber, being the new kid on the block, has essentially borrowed the NSAs tools. That made sense when the command was brand new in 2009, but now cyber warriors need battle-specific gear, military experts say.

One of those experts is Bill Leigher, director of government cybersecurity solutions for defense contractor Raytheon, which has an office in Augusta. Leigher will be one of nearly 3,300 attendees at the Armed Forces Communications and Electronics Associations TechNet show in Augusta later this week.

During a phone interview on the eve of the event, the retired Navy rear admiral explained the difference between Cybers needs and NSAs.

Using network capabilities to collect good intelligence, and not get caught while youre doing it, is the secret part of what our Department of Defense does, Leigher said. But when you go to war, that measure of performance changes. (The technology) needs to behave like a weapon. It needs to be measurable. It needs to be legal in the context of conducting war.

Leigher believes a Cyber-NSA split is about two years from becoming a reality. The two would, of course, continue to collaborate, but he said Cyber Command would be free to start adapting things used successfully in the intelligence community to create new tools that are more in line with the responsibilities of conducting war.

Leigher, who spent many years working with Fort Gordon as the commanding officer of Naval Information Operations Command and deputy commander for U.S. Fleet Cyber Command/U.S. 10th Fleet, said Cyber Command could and should become the Defense Departments 10th unified combatant command. It currently falls under U.S. Strategic Command, the Omaha, Neb.-based command that also oversees U.S. nuclear capabilities and space operations.

Though the Cyber-NSA separation would be transparent from the laymans point of view at Fort Gordon, a newly independent Cyber Command would likely create more opportunities for private industry to develop new cyberwarfare weapons or battle-focused adaptations of existing intelligence gathering.

Leigher noted increased outreach already is occurring through events such as last months Cyber Quest, where 27 companies put out more than three dozen products for road testing at the bases cyberwarfare school, the Army Cyber Center of Excellence.

He said a sharper focus on digital warfare technologies could speed development of private industry.

The best analogy I can give you is I happened to be working at NSA in Fort Meade on Sept. 11, Leigher said. What we now call Annapolis Junction a three-quarter-mile long, half-mile wide cluster of defense contractors and IT companies did not exist before the war on terrorism started. It has all emerged to stand up and support the intelligence needs around NSA. So I just have to believe that you guys in Augusta are going to see growth too.

TONS O TOURISTS: The TechNet show, with an estimated economic impact of nearly $2.8 million, is one of the biggest annual conferences in Augusta. And it keeps getting bigger.

But its not the months biggest event. That distinction goes to 2017 Military Worlds Softball Tournament, which is bringing an estimated 5,500 attendees and $3.4 million in economic impact to the region. This years United States Specialty Sports Association-sanctioned tournament is about the same size as it was last year, when it came to Diamond Lakes Regional Park in south Augusta for the first time in its 15-year history.

August in general is a big month for visitors, according to the Augusta Convention &Visitors Bureau and Augusta Sports Council, which said events like the tournament and TechNet will pump nearly $10.5 million into the economy. Other major events for the month include the the Georgia-South Carolina Bulls Soccer Clubs 2017 Aiken Soccer Cup (3,500 participants, $1,8 million impact) Georgia United States Tennis Associations 2017 Georgia State Mixed Doubles Championship (1,400 participants; $865,000 impact).

MELTING DOWN: Id be smiling more if our nuclear power industrys long-term outlook was as rosy as tourism s.

Heres two bombshells from this past week: South Carolinas SCANA and Santee Cooper canceled construction plans for their two new reactors at the V.C. Summer nuclear plant, and Atlanta-based Southern Co. said its Plant Vogtle expansion project will cost at least $25 billion and wont be finished until 2023.

For those of you keeping track, the Vogtle reactors should have been completed by now for $14 billion. Ay caramba!

Southern Co.s Georgia Power is said to be mulling whether to pull the plug Vogtle. Just two weeks ago it took project management at the site away from Westinghouse Electric Co., which has had numerous problems getting its super-advanced AP1000 reactor built. The subsidiary of Toshiba Corp. filed for bankruptcy in March, largely because of its problems at Vogtle and VC Summer.

Whats been described as Americas nuclear renaissance began in Georgia and South Carolina, and it may end there too.

Other companies that were planning to build new reactors may now be putting on the brakes. And those that havent, such as Utahs Blue Castle Project, have sought companies other than Westinghouse to build their AP1000 units.

Thats sort of like saying you love Fords new F-150 you just prefer it was built by General Motors.

Weve been well aware of the construction issues Westinghouse has been having as contractor at those (Vogtle and Summer) sites, Aaron Tilton, CEO of Blue Castle Holdings, told The Daily Sentinel in Grand Junction, Colo., earlier this year.

Vogltes woes coincide with this summers 30th anniversary of its units 1 and 2, which began operation in 1987 and 1989.

Meanwhile, the rest of the world plows ahead in nuclear. More than 9 gigawatts of new electricity, the largest increase in 25 years, were brought on last year according to the World Nuclear Association.

Four AP1000s under construction in China, two in Sanmen and two in Haiyang are scheduled to start commercial operation next year, with Sanmen being the first.

I predict that a couple of years after that, Chinas state-owned electric utility will probably start building its own reverse-engineered AP1000 knockoff. Maybe China will then sell the pirated technology back to us at discount prices?

Thats one way to grow the industry. Were certainly not going to be able to power our factories and homes or charge our precious smartphones on renewables .

SPEAKING OF PHONES: Xfinity Mobile, a wireless phone service through Comcast, is now available through the Xfinity store in the Augusta Exchange shopping center at 222 Robert C. Daniel Jr. Parkway.

Comcast is introducing the service in its retail stores market-by-market, and this location is among the first in the Southeast to offer Xfinity Mobile, the comapny said in a statement. Xfinity Mobile combines Verizons 4G LTE network with a Wi-Fi network of more than 17 million hotspots nationwide to support a seamless internet and entertainment experience.

The company said it offers straightforward data options: an unlimited $45 per month, per line plan up to five lines with no usage limits; and a $12 by the gig plan with hared cellular data across all lines on an account each month.

SCHOOL DAZE: Are your kids faces buried in a smartphone screen? Put the device to work for you looking into some free back-t0-school apps.

Mike Kinney at Verizons Evans store recommends the following: Family Locator, which lets you track your kids whereabouts; Brainscape, a digital version of flash cards that can be used to improve math and language skills; Easybib, a tool high schoolers can use to make bibliography citations; Todoist, a class, sports and chore task-management app; and Google Goals, a Google Calendar app that lets you schedule, defer or complete goals.

TAX TROUBLE In last weeks column I pointed out the trouble county officials will face dividing up taxes at the new Jim Hudson Lexus dealership under construction on the Richmond-Columbia county line near Washington and Pleasant Home roads.

My mistake was noting that car sales would become part of that headache. Not so, says a friendly neighborhood CPA, who reminded me sales taxes on cars were eliminated by 2013s Title Ad Valorem Tax, which is remitted to the county where the vehicle will be registered, not where the sale occurred.

Shows you how often I buy new cars I still pay the old birthday tax, where the cars taxable value decreases with age.

Car dealers lobbied the state for a title fee for more than 20 years before finally persuading them in 2012 to phase out sales and property taxes on cars. And theres been gripes about it ever since.

People complained the tax was killing the leasing business. Then they complained dealers were gaming the system by artificially inflating the value of trade-ins. Then they complained high-mileage, late model cars were being overvalued. Then Mercedes-Benz executives got an exemption for moving the companys U.S. headquarters to Atlanta while other people who moved away and then returned to Georgia got double taxed.

The tax started at 6.5 percent. Its now 7 percent. The law allows it to go as high as 9 percent.

Remind me, again, what was wrong with the old birthday tax?

ASK STEVEN: Have a local tax question? Youll be able to ask Richmond County Tax Commissioner Steven Kendick on Aug. 21 at 6:30 p.m. at the Warren Road Community Center at 300 Warren Road, where hell be the guest speaker at the West Augusta Alliance meeting, which is open to the public.

Reach Damon Cline at (706) 823-3352 or damon.cline@augustachronicle.com.

View original post here:

Scuttlebiz: Separating Cyber from NSA could speed private-sector development in Augusta - The Augusta Chronicle

If American judicial authorities are going after British security researcher Marcus Hutchins for allegedly writing malware, then they will also have to indict people at the NSA who were responsible for creating Windows exploits that then leaked and led to massive ransomware attacks.

Those attacks have left some companies incapable of returning to full production even now, with a case in point being the pharmaceutical giant Merck.

Hutchins has pleaded not guilty to all six counts on his indictment. He has been charged with creating a banking trojan known as Kronos and also selling it, among other charges.

In Hutchins' case, the malware he is charged with creating Kronos barely raised a blip on the screen when it was being used.

Nobody in the US has ever said that someone in the NSA needs to be held responsible for their slip-ups. In other words, if you leave a slab of meat lying in the open and dogs attack it, then the dogs are to blame.

Another category that should come under scrutiny is businesses like Immunity, led by former NSA man Dave Aitel, which pay for vulnerabilities that are not publicly known and then protect only their own clients against them. There is no disclosure for the greater good.

But then in the US, there is one kind of justice meted out to government organisations that screw up and leave a mess that others drown in, and an entirely different kind of justice served to the average man/woman in the street.

One would expect much lauded mainstream media outlets like The New York Times and the Washington Post to come out screaming about things like this. But there has not been a peep from either of these brave defenders of democracy.

Every security researcher creates proof of concept code to understand how a particular vulnerability works and how it can endanger the average computer user. Only then can patches be devised.

Else, there is no way of testing anything. We will all have to live with thousands of vulnerabilities that remain unpatched if authorities get red under the collar every time someone creates PoC code.

Anti-virus researchers do it every day. So too do researchers at bigger security companies.

In the NSA, they do it to create exploits that can be used to target other countries. The NSA often does not inform companies that their products have vulnerabilities - else how would they exploit the same vulnerabilities when they want to?

Exploits like ETERNALBLUE leaked out of the NSA because the security agency was unable to look after its own creations.

The move against Hutchins looks very much like the US wants to make an example of someone to scare the bejesus out of all and sundry. Meanwhile, the professionals who live off the proceeds of malware and ransomware are laughing all the way to the bank.

Follow this link:

If Hutchins is at fault, then the NSA needs to be pulled up too - iTWire