Growing up in New York City, I always wanted to be a spy. But when I graduated from college in January 1968, the Cold War and Vietnam War were raging, and spying seemed like a risky career choice. So I became an electrical engineer, working on real-time spectrum analyzers for a U.S. defense contractor.

In 1976, during a visit to the Polish Army Museum in Warsaw, I saw an Enigma, the famous German World War II cipher machine. I was fascinated. Some years later, I had the good fortune of visiting the huge headquarters of the cipher machine company Crypto AG (CAG), in Steinhausen, Switzerland, and befriending a high-level cryptographer there. My friend gave me an internal history of the company written by its founder, Boris Hagelin. It mentioned a 1963 cipher machine, the HX-63.

Like the Enigma, the HX-63 was an electromechanical cipher system known as a rotor machine. It was the only electromechanical rotor machine ever built by CAG, and it was much more advanced and secure than even the famous Enigmas. In fact, it was arguably the most secure rotor machine ever built. I longed to get my hands on one, but I doubted I ever would.

Fast forward to 2010. I'm in a dingy third subbasement at a French military communications base. Accompanied by two-star generals and communications officers, I enter a secured room filled with ancient military radios and cipher machines. Voil! I am amazed to see a Crypto AG HX-63, unrecognized for decades and consigned to a dusty, dimly lit shelf.

I carefully extract the 16-kilogram (35-pound) machine. There's a hand crank on the right side, enabling the machine to operate away from mains power. As I cautiously turn it, while typing on the mechanical keyboard, the nine rotors advance, and embossed printing wheels feebly strike a paper tape. I decided on the spot to do everything in my power to find an HX-63 that I could restore to working order.

If you've never heard of the HX-63 until just now, don't feel bad. Most professional cryptographers have never heard of it. Yet it was so secure that its invention alarmed William Friedman, one of the greatest cryptanalysts ever and, in the early 1950s, the first chief cryptologist of the U.S. National Security Agency (NSA). After reading a 1957 Hagelin patent (more on that later), Friedman realized that the HX-63, then under development, was, if anything, more secure than the NSA's own KL-7, then considered unbreakable. During the Cold War, the NSA built thousands of KL-7s, which were used by every U.S. military, diplomatic, and intelligence agency from 1952 to 1968.

The reasons for Friedman's anxiety are easy enough to understand. The HX-63 had about 10600 possible key combinations; in modern terms, that's equivalent to a 2,000-bit binary key. For comparison, the Advanced Encryption Standard, which is used today to protect sensitive information in government, banking, and many other sectors, typically uses a 128- or a 256-bit key.

In the center of the cast-aluminum base of the HX-63 cipher machine is a precision Swiss-made direct-current gear motor. Also visible is the power supply [lower right] and the function switch [left], which is used to select the operating modefor example, encryption or decryption.Peter Adams

A total of 12 different rotors are available for the HX-63, of which nine are used at any one time. Current flows into one of 41 gold-plated contacts on the smaller-diameter side of the rotor, through a conductor inside the rotor, out through a gold-plated contact on the other side, and then into the next rotor. The incrementing of each rotor is programmed by setting pins, which are just visible in the horizontal rotor.Peter Adams

Just as worrisome was that CAG was a privately owned Swiss company, selling to any government, business, or individual. At the NSA, Friedman's job was to ensure that the U.S. government had access to the sensitive, encrypted communications of all governments and threats worldwide. But traffic encrypted by the HX-63 would be unbreakable.

Friedman and Hagelin were good friends. During World War II, Friedman had helped make Hagelin a very wealthy man by suggesting changes to one of Hagelin's cipher machines, which paved the way for the U.S. Army to license Hagelin's patents. The resulting machine, the M-209-B, became a workhorse during the war, with some 140,000 units fielded. During the 1950s, Friedman and Hagelin's close relationship led to a series of understandings collectively known as a gentleman's agreement" between U.S. intelligence and the Swiss company. Hagelin agreed not to sell his most secure machines to countries specified by U.S. intelligence, which also got secret access to Crypto's machines, plans, sales records, and other data.

But in 1963, CAG started to market the HX-63, and Friedman became even more alarmed. He convinced Hagelin not to manufacture the new device, even though the machine had taken more than a decade to design and only about 15 had been built, most of them for the French army. However, 1963 was an interesting year in cryptography. Machine encryption was approaching a crossroads; it was starting to become clear that the future belonged to electronic encipherment. Even a great rotor machine like the HX-63 would soon be obsolete.

That was a challenge for CAG, which had never built an electronic cipher machine. Perhaps partly because of this, in 1966, the relationship among CAG, the NSA, and the CIA went to the next level. That year, the NSA delivered to its Swiss partner an electronic enciphering system that became the basis of a CAG machine called the H-460. Introduced in 1970, the machine was a failure. However, there were bigger changes afoot at CAG: That same year, the CIA and the German Federal Intelligence Service secretly acquired CAG for US $5.75 million. (Also in 1970, Hagelin's son Bo, who was the company's sales manager for the Americas and who had opposed the transaction, died in a car crash near Washington, D.C.)

Although the H-460 was a failure, it was succeeded by a machine called the H-4605, of which thousands were sold. The H-4605 was designed with NSA assistance. To generate random numbers, it used multiple shift registers based on the then-emerging technology of CMOS electronics. These numbers were not true random numbers, which never repeat, but rather pseudorandom numbers, which are generated by a mathematical algorithm from an initial seed."

This mathematical algorithm was created by the NSA, which could therefore decrypt any messages enciphered by the machine. In common parlance, the machines were backdoored." This was the start of a new era for CAG. From then on, its electronic machines, such as the HC-500 series, were secretly designed by the NSA, sometimes with the help of corporate partners such as Motorola. This U.S.-Swiss operation was code-named Rubicon. The backdooring of all CAG machines continued until 2018, when the company was liquidated.

Parts of this story emerged in leaks by CAG employees before 2018 and, especially, in a subsequent investigation by the Washington Post and a pair of European broadcasters, Zweites Deutsches Fernsehen, in Germany, and Schweizer Radio und Fernsehen, in Switzerland. The Post's article, published on 11 February 2020, touched off firestorms in the fields of cryptology, information security, and intelligence.

The revelations badly damaged the Swiss reputation for discretion and dependability. They triggered civil and criminal litigation and an investigation by the Swiss government and, just this past May, led to the resignation of the Swiss intelligence chief Jean-Philippe Gaudin, who had fallen out with the defense minister over how the revelations had been handled. In fact, there's an interesting parallel to our modern era, in which backdoors are increasingly common and the FBI and other U.S. intelligence and law-enforcement agencies sporadically tussle with smartphone manufacturers over access to encrypted data on the phones.

Even before these revelations, I was deeply fascinated by the HX-63, the last of the great rotor machines. So I could scarcely believe my good fortune in 2020 when, after years of negotiations, I took possession of an HX-63 for my research for the Association des Rservistes du Chiffre et de la Scurit de l'Information, a Paris-based professional organization of cryptographers and information-security specialists. This particular unit, different from the one I had seen a decade before, had been untouched since 1963. I immediately began to plan the restoration of this historically resonant machine.

People have been using codes and ciphers to protect sensitive information for a couple of thousand years. The first ciphers were based on hand calculations and tables. In 1467, a mechanical device that became known as the Alberti cipher wheel was introduced. Then, just after World War I, an enormous breakthrough occurred, one of the greatest in cryptographic history: Edward Hebern in the United States, Hugo Koch in the Netherlands, and Arthur Scherbius in Germany, within months of one another, patented electromechanical machines that used rotors to encipher messages. Thus began the era of the rotor machine. Scherbius's machine became the basis for the famous Enigma used by the German military from the 1930s until the end of WW II.

To understand how a rotor machine works, first recall the basic goal of cryptography: substituting each of the letters in a message, called plaintext, with other letters in order to produce an unreadable message, called ciphertext. It's not enough to make the same substitution every timereplacing every F with a Q, for example, and every K with an H. Such a monoalphabetic cipher would be easily solved.

A rotor machine gets around that problem usingyou guessed itrotors. Start with a round disk that's roughly the diameter of a hockey puck, but thinner. On both sides of the disk, spaced evenly around the edge, are 26 metal contacts, each corresponding to a letter of the English alphabet. Inside the disk are wires connecting a contact on one side of the disk to a different one on the other side. The disk is connected electrically to a typewriter-like keyboard. When a user hits a key on the keyboard, say W, electric current flows to the W position on one side of the rotor. The current goes through a wire in the rotor and comes out at another position, say L. However, after that keystroke, the rotor rotates one or more positions. So the next time the user hits the W key, the letter will be encrypted not as L but rather as some other letter.

Though more challenging than simple substitution, such a basic, one-rotor machine would be child's play for a trained cryptanalyst to solve. So rotor machines used multiple rotors. Versions of the Enigma, for example, had either three rotors or four. In operation, each rotor moved at varying intervals with respect to the others: A keystroke could move one rotor or two, or all of them. Operators further complicated the encryption scheme by choosing from an assortment of rotors, each wired differently, to insert in their machine. Military Enigma machines also had a plugboard, which swapped specific pairs of letters both at the keyboard input and at the output lamps.

The rotor-machine era finally ended around 1970, with the advent of electronic and software encryption, although a Soviet rotor machine called Fialka was deployed well into the 1980s.

The HX-63 pushed the envelope of cryptography. For starters it has a bank of nine removable rotors. There's also a modificator," an array of 41 rotary switches, each with 41 positions, that, like the plugboard on the Enigma, add another layer, an unchanging scramble, to the encryption. The unit I acquired has a cast-aluminum base, a power supply, a motor drive, a mechanical keyboard, and a paper-tape printer designed to display both the input text and either the enciphered or deciphered text. A function-control switch on the base switches among four modes: off, clear" (test), encryption, and decryption.

In encryption mode, the operator types in the plaintext, and the encrypted message is printed out on the paper tape. Each plaintext letter typed into the keyboard is scrambled according to the many permutations of the rotor bank and modificator to yield the ciphertext letter. In decryption mode, the process is reversed. The user types in the encrypted message, and both the original and decrypted message are printed, character by character and side by side, on the paper tape.

While encrypting or decrypting a message, the HX-63 prints both the original and the encrypted message on paper tape. The blue wheels are made of an absorbent foam that soaks up ink and applies it to the embossed print wheels.Peter Adams

Beneath the nine rotors on the HX-63 are nine keys that unlock each rotor to set the initial rotor position before starting a message. That initial position is an important component of the cryptographic key.Peter Adams

To begin encrypting a message, you select nine rotors (out of 12) and set up the rotor pins that determine the stepping motion of the rotors relative to one another. Then you place the rotors in the machine in a specific order from right to left, and set each rotor in a specific starting position. Finally, you set each of the 41 modificator switches to a previously determined position. To decrypt the message, those same rotors and settings, along with those of the modificator, must be re-created in the receiver's identical machine. All of these positions, wirings, and settings of the rotors and of the modificator are collectively known as the key.

The HX-63 includes, in addition to the hand crank, a nickel-cadmium battery to run the rotor circuit and printer if no mains power is available. A 12-volt DC linear power supply runs the motor and printer and charges the battery. The precision 12-volt motor runs continuously, driving the rotors and the printer shaft through a reduction gear and a clutch. Pressing a key on the keyboard releases a mechanical stop, so the gear drive propels the machine through a single cycle, turning the shaft, which advances the rotors and prints a character.

The printer has two embossed alphabet wheels, which rotate on each keystroke and are stopped at the desired letter by four solenoids and ratchet mechanisms. Fed by output from the rotor bank and keyboard, mechanical shaft encoders sense the position of the alphabet printing wheels and stop the rotation at the required letter. Each alphabet wheel has its own encoder. One set prints the input on the left half of the paper tape; the other prints the output on the right side of the tape. After an alphabet wheel is stopped, a cam releases a print hammer, which strikes the paper tape against the embossed letter. At the last step the motor advances the paper tape, completing the cycle, and the machine is ready for the next letter.

As I began restoring the HX-63, I quickly realized the scope of the challenge. The plastic gears and rubber parts had deteriorated, to the point where the mechanical stress of motor-driven operation could easily destroy them. Replacement parts don't exist, so I had to build such parts myself.

After cleaning and lubricating the machine, I struck a few keys on the keyboard. I was delighted to see that all nine cipher rotors turned and the machine printed a few characters on the paper tape. But the printout was intermittently blank and distorted. I replaced the corroded nickel-cadmium battery and rewired the power transformer, then gradually applied AC power. To my amazement, the motor, rotors, and the printer worked for a few keystrokes. But suddenly there was a crash of gnashing gears, and broken plastic bits flew out of the machine. Printing stopped altogether, and my heartbeat nearly did too.

I decided to disassemble the HX-63 into modules: The rotor bank lifted off, then the printer. The base contains the keyboard, power supply, and controls. Deep inside the printer were four plastic snubbers," which cushion and position the levers that stop the ratchet wheels at the indicated letter. These snubbers had disintegrated. Also, the foam disks that ink the alphabet wheels were decomposing, and gooey bits were clogging the alphabet wheels.

I made some happy, serendipitous finds. To rebuild the broken printer parts, I needed a dense rubber tube. I discovered that a widely available neoprene vacuum hose worked perfectly. Using a drill press and a steel rod as a mandrel, I cut the hose into precise, 10-millimeter sections. But the space deep within the printer, where the plastic snubbers are supposed to be, was blocked by many shafts and levers, which seemed too risky to remove and replace. So I used right-angle long-nosed pliers and dental tools to maneuver the new snubbers under the mechanism. After hours of deft surgery, I managed to install the snubbers.

The ink wheels were made of an unusual porous foam. I tested many replacement materials, settling finally on a dense blue foam cylinder. Alas, it had a smooth, closed-cell surface that would not absorb ink, so I abraded the surface with rough sandpaper.

After a few more such fixes, I faced just one more snafu: a bad paper-tape jam. I had loaded a new roll of paper tape, but I did not realize that this roll had a slightly smaller core. The tape seized, tore, and jammed under the alphabet wheels, deeply buried and inaccessible. I was stymiedbut then made a wonderful discovery. The HX-63 came with thin stainless-steel strips with serrated edges designed specifically to extract jammed paper tape. I finally cleared the jam, and the restoration was complete.

One of the reasons why the HX-63 was so fiendishly secure was a technique called reinjection, which increased its security exponentially. Rotors typically have a position for each letter of the alphabet they're designed to encrypt. So a typical rotor for English would have 26 positions. But the HX-63's rotors have 41 positions. That's because reinjection (also called reentry) uses extra circuit paths beyond those for the letters of the alphabet. In the HX-63, there are 15 additional paths.

Here's how reinjection worked in the HX-63. In encryption mode, current travels in one direction through all the rotors, each introducing a unique permutation. After exiting the last rotor, the current loops back through that same rotor to travel back through all the rotors in the opposite direction. However, as the current travels back through the rotors, it follows a different route, through the 15 additional circuit paths set aside for this purpose. The exact path depends not only on the wiring of the rotors but also on the positions of the 41 modificators. So the total number of possible circuit configurations is 26! x 15!, which equals about 5.2 x 1038. And each of the nine rotors' internal connections can be rewired in 26! different ways. In addition, the incrementing of the rotors is controlled by a series of 41 mechanical pins. Put it all together and the total number of different key combinations is around 10600.

Such a complex cipher was not only unbreakable in the 1960s, it would be extremely difficult to crack even today. Reinjection was first used on the NSA's KL-7 rotor machine. The technique was invented during WW II by Albert W. Small, at the U.S. Army's Signal Intelligence Service. It was the subject of a secret patent that Small filed in 1944 and that was finally granted in 1961 (No. 2,984,700).

Meanwhile, in 1953, Hagelin applied for a U.S. patent for the technique, which he intended to use in what became the HX-63. Perhaps surprisingly, given that the technique was already the subject of a patent application by Small, Hagelin was granted his patent in 1957 (No. 2,802,047). Friedman, for his part, had been alarmed all along by Hagelin's use of reinjection, because the technique had been used in a whole series of vitally important U.S. cipher machines, and because it was a great threat to the NSA's ability to listen to government and military message traffic at will.

The series of meetings between Friedman and Hagelin that resulted in the cancellation of the HX-63 was mentioned in a 1977 biography of Friedman, The Man Who Broke Purple, by Ronald Clark, and it was further detailed in 2014 through a disclosure by the NSA's William F. Friedman Collection.

After a career as an electrical engineer and inventor, author Jon D. Paul now researches, writes, and lectures on the history of digital technology, especially encryption. In the 1970s he began collecting vintage electronic instruments, such as the Tektronix oscilloscopes and Hewlett-Packard spectrum analyzers seen here. Peter Adams

The revelation of Crypto AG's secret deals with U.S. intelligence may have caused a bitter scandal, but viewed from another angle, Rubicon was also one of the most successful espionage operations in historyand a forerunner of modern backdoors. Nowadays, it's not just intelligence agencies that are exploiting backdoors and eavesdropping on secure" messages and transactions. Windows 10's telemetry" function continuously monitors a user's activity and data. Nor are Apple Macs safe. Malware that allowed attackers to take control of a Mac has circulated from time to time; a notable example was Backdoor.MAC.Eleanor, around 2016. And in late 2020, the cybersecurity company FireEye disclosed that malware had opened up a backdoor in the SolarWinds Orion platform, used in supply-chain and government servers. The malware, called SUNBURST, was the first of a series of malware attacks on Orion. The full extent of the damage is still unknown.

The HX-63 machine I restored now works about as well as it did in 1963. I have yet to tire of the teletype-like motor sound and the clack-clack of the keyboard. Although I never realized my adolescent dream of being a secret agent, I am delighted by this little glimmer of that long-ago, glamorous world.

And there's even a postscript. I recently discovered that my contact at Crypto AG, whom I'll call C," was also a security officer at the Swiss intelligence agencies. And so for decades, while working at the top levels of Crypto AG, C" was a back channel to the CIA and Swiss intelligence agencies, and even had a CIA code name. My wry old Swiss friend had known everything all along!

This article appears in the September 2021 print issue as The Last Rotor Machine."

The Crypto AG affair was described in a pair of Swedish books. One of them was Borisprojektet : rhundradets strsta spionkupp : NSA och ett svensk snille lurade en hel vrld [translation: The Boris Project: The Biggest Spy Coup of the Century: NSA and a Swedish genius cheated an entire world], 2016, Sixten Svensson, Vaktelfrlag, ISBN 978-91-982180-8-4.

Also, in 2020, Swiss editor and author Res Strehle published Verschlsselt: Der Fall Hans Bhler [translation: Encrypted: The Hans Bhler Case], and later Operation Crypto. Die Schweiz im Dienst von CIA und BND [Operation Crypto: Switzerland in the Service of the CIA and BND].

Link:

The Scandalous History of the Last Rotor Cipher Machine - IEEE Spectrum

In the latest phase of her record sentence for whistleblowing, former National Security Agency linguist Reality Winner is a short drive to the blazing hot summertime beaches on Texass Gulf coast. But she cant get near them. She cant even go into the yard of a neighbor who invited her to aid in his beekeeping project.

Convicted under the Espionage Act for having shared a classified document on threats to election security with the media, Winner has been released to home confinement but wears an unwieldy ankle bracelet. It beeps even if she strays too far within her familys yard.

Not wanting her to miss out, a high school friend showed up on a recent day with a kiddie swimming pool and some sand. Mom, Im going to the beach today, Winner said, her mother Billie Winner-Davis recalled. The pair filled the kids toy and Winner waded in.

Winners family and friends are thrilled to have her home after four years behind bars a stint that took miserable turns as her release date neared. Shecontracted Covid-19 as part of a mass infection in her prison, filed a sexual assault complaint against a guard, and went thirsty and cold when her facility lost heat and water in February during Texass deadly winter storm.

I really want the public to know that theyre not seeing Reality Winner, theyre not hearing from Reality Winner, because she is under some serious restrictions.

Despite their elation that she is out of prison, though, Winners family and friends say she is far from free. Every day is still marked by intrusions, like the app carceral authorities require her to put on her phone to monitor her and needing prior approval to go to Walmart with her mother for errands. Winner is projected to be transferred from home confinement to supervised release in November.

Thats why they are continuing their year-and-a-half-long campaign for a presidential pardon or clemency, saying the whistleblower is being gagged from telling her own story.

I really want the public to know that theyre not seeing Reality Winner, theyre not hearing from Reality Winner, because she is under some serious restrictions, Winner-Davis said.

Winner-Davis added that Reality, who is under a gag order, is also banned from using social media, a condition her attorney, Alison Grinter, said is normal and up to the discretion of halfway house authorities.

Grinter, speaking recently on Democracy Now, said a pardon for Winner is both something she and her country deserve.

Reality released a document that gave us information that we needed to know at a time that we absolutely needed to know it, Grinter said. And she was in prison not because the information was a danger or put anyone in danger. She was in prison to salve the insecurities of one man who was concerned about the validity of his election win.

Left/Top: Reality Winner sits on her bed at her mothers home while charging her ankle monitor as she serves a home confinement sentence in Kingsville, Texas, on July 3, 2021. Right/Bottom: A landscape near Reality Winners home in Kingsville, Texas, on July 3, 2021.Credit: Photos: Christopher Lee for The Intercept

Winner is currently serving the longest prison sentence of its kind under the Espionage Act, a World War I-era law used in recent years to send journalists sources to prison, even as comparable defendants have simply gotten probation for charges of mishandling classified information.

The government itself acknowledges that Winners intent was to send the document she leaked to journalists and therefore warn the American public, rather than use it for personal gain. The NSA report detailed phishing attacks by Russian military intelligence against local U.S. election officials and was published in a June 2017 article by The Intercept. (The Press Freedom Defense Fund which is part of The Intercepts parent company, First Look Institute supported Winners legal defense.)

Released from a Fort Worth, Texas, federal prison one day shy of the four-year anniversary of her June 3 arrest, Winners path to her parents remote southern Texas home was a bumpy one. The journey began with a 23-day quarantine with five other women in a hospital patient-sized room. After that, her family picked her up for a long drive down through Texas in which they had a matter of hours to deliver her to a halfway house, where she stayed for a week before being released toher rural childhood home. There, paper labels with Arabic vocabulary words are still taped to household items early remnants from the series of events that would lead her to prison when, as a teenager eager to learn foreign languages, she signed up for the military.

Taking advantage of the window of time they had with her as they drove her to the halfway house, her family and close friends planned a series of surprises. Winner met her infant niece, whom the whistleblower had only seen on video chats and Shutterfly-printed postcards, due to visitation bans at prisonamid the pandemic.

While sitting in her parents car and sorting through her belongings, she saw the blond hair of her sister, Brittany Winner, in the distance in a park and tried to jump out of the moving vehicle. She dropped everything on her lap and just ran, her mother said. She ran to Brittany and the baby.

Her sister said the whistleblower was trembling, still unnerved by a guard who had told her that morning that she would not be released. Just the look in her eyes, she almost looked, like, dead, so traumatized and not really believing that everything was happening, Brittany Winner said. And, at some point, I was talking to her, she just reached up in the middle of my sentence to touch my face, and she said, Youre real, right?'

At the southernmost point in their trip toward home, two other loved ones were waiting for her: Wendy Collins, a family friend from Philadelphia who spearheads a social media campaign calling for her pardon, and Collinss partner.

They ate at a Thai restaurant as they counted down the minutes to her report time to the halfway house. Collins hugged the whistleblower for the first time since their friendship and Collinss tireless advocacy began.

Collins said, I flew for the hug.

Reality Winner gives her dog a kiss as they play outside at her mothers home in Kingsville, Texas, on July 3, 2021.

Photo: Christopher Lee for The Intercept

Reality Winner sits in a tarp full of beach sand, brought to her by a friend, at her mothers home in Kingsville, Texas, on July 3, 2021.

Photo: Christopher Lee for The Intercept

At her familys quiet home, Winner schedules her days in an orderly way, similar to her life before the arrest time slots for online yoga courses, cycling exercise routines, and a new part-time job as a researcher for a documentary filmmaker. She relishes spending time with her family dog, Domino, and cat, Fiona, since Winner lost ownership of her own pets, a dog named Mickey and cat named Mina, in the chaos after her arrest. In her down time, she sorts through books supporters have sent her and boxes of belongings from her Augusta, Georgia, home, which was raided by a fleet of armed federal agents whose interrogation of Winner would later be characterized by the government as a voluntary interview one in which she was never read her Miranda rights.

When the heat breaks in the evenings, her mother says Reality prefers to not watch TV, opting instead to breathe in fresh air on the back patio.

Shes seen people from all walks of life just be completely taken advantage of by the system, especially people of color. And that is something that she just cant tune out.

Looking toward the future, when she can speak publicly and take more control over her life, her sister said she expects the whistleblower to advocate for incarcerated people. Shes seen people from all walks of life just be completely taken advantage of by the system, especially people of color, Brittany Winner said. And that is something that she just cant tune out. She cant just live her quiet life.

When shes free to go to the water the Gulf of Mexico, not the kiddie pool out back the whistleblower hopes to go the Texas shoreline to plant mangroves, something Winner, long an environmental advocate, told her sister she wants to do in order to heal coastal ecosystems.

Grateful for even this incomplete freedom, the sisters send each other a near-constant flurry of updates. Not a day goes by when she and her sister dont exchange50 or more text messages and phone calls, including baby photos and videos of Reality practicing yoga with her ankle bracelet in her parents garage. I feel lucky to have my sister back, Brittany Winner said. And one of the things that I was scared of was that she was going to be changed you know, like damaged, like she wasnt going to be the same person because of four years in prison.

How can that not mess you up? But despite the trauma, I feel like shes the same,she said. At least with me. Shes the same person.

Read more here:

Home, but Not Free: NSA Whistleblower Reality Winner Adjusts to Her Release From Prison - The Intercept

I laughed when Fox News host Tucker Carlson said a National Security Agency (NSA) whistleblower told him that agency was monitoring his emails to leak them in an attempt to take his show off the air. From my 19 years as a CIA analyst and five years with House Intelligence Committee staff, I found this impossible to believe, for three reasons.

First, I believed NSAs huge and lumbering bureaucracy would never agree to such a flagrant violation of the agencys foreign intelligence charter to spy on a leading conservative American journalist. Even if most NSA officials and analysts dislike Carlson, I assumed they would view violating NSA rules and the law to monitor him as too risky, since a leak was certain given how extremely controversial such an action would be and the large number of NSA personnel who would know about it.

Second, the NSA spying on Carlson would have to be approved at the highest level of the Biden administrationprobably by National Security Adviser Jake Sullivan. I believed Sullivan and other senior Biden officials were too risk-adverse to order NSA surveillance of Carlson. Third, I have little regard for high-profile NSA whistleblowers, too many of whom have been disgruntled former employees pursuing personal agendas.

I therefore dismissed Carlsons claim that the NSA was reading his emails. Then I saw this extraordinary denial from the NSA:

Carlson rejected this explanation by calling it an infuriating, dishonest formal statement. He added, Last night on this show, we made a very straightforward claim: NSA has read my private emails without my permission. Period, Carlson stated. Thats what we said. Tonights statement from the NSA does not deny that.

In a tweet, Rep. Justin Amash, R-Michigan, a longtime critic of NSA, also sharply criticized NSAs response, saying: Dont know whether NSA is *specifically* spying on Carlson, but this statement is worthless. 1st, it denies a compound allegation re monitoring *and* taking show off air. 2nd, it says hes not a target, which is a term of art. Real danger is so-called incidental collection.

Lets be very clear about what the NSA said in its statement. It denied targeting Carlson, but did not deny reading his emails. The NSA also did not deny that it may have accessed Carlsons communications through incidental collection.

These were huge omissions, since incidental collection is a well-known and controversial way the NSA collects vast amounts of Americans communications without warrants. This happens when an innocent American communicates with a legitimate NSA target, such as someone believed to be under the control of or to be collaborating with a hostile foreign power.

When this happens, the name of the innocent American is supposed to be redacted or masked. There are very strict rules on how incidentally collected communications of U.S citizens can be used.

Given the controversy that arose from Obama officials requesting the names of Trump campaign officials be unmasked in 2016, tougher rules were enacted to protect the identities of the communications of Americans that the NSA incidentally collected. In addition, in 2017 the NSA claims it ended its controversial upstream collection surveillance practice of collecting email traffic of American citizens merely because it contained an email address or phone number of a foreign target.

The NSAs non-denial of Carlsons allegations therefore raises some serious questions. Why did the NSA not flatly state it never accessed Carlsons communications? Were Carlsons communications unmasked at the request of White House officials?

Susan Rice admitted she unmasked Trump campaign aides during the Obama administration and now serves in the Biden White House. Has Rice resumed her previous efforts to weaponize NSA reporting against the political enemies of another Democratic president?

A more troubling question is whether this story, if true, indicates that NSA did not actually halt its upstream collection of emails, as it claimed in 2017.

So in response to the NSA statement, I admit that I may have been wrong and Carlson may be right. The NSA only denied Carlson was an intelligence target. It did not deny reading his emails or violating his privacy rights.

I was therefore pleased to learn that last Wednesday, House Minority Leader Kevin McCarthy, R-California, asked House Intelligence Committee Ranking Member Devin Nunes, R-California, to probe the allegation that NSA is spying on Carlson and other reports that NSA is being politicized. In his statement, McCarthy said he has seen disturbing trend . . . [f]or the past several months at NSA.

Stories like this undermine Americans faith in their government and the integrity of our foreign intelligence agencies, which exist to defend our nation against hostile foreign powers. For the good of the country, NSA needs to issue a better explanation ASAP either denying that it read Carlsons emails or provide an explanation for what actually happened.

Fred Fleitz is president and CEO of the Center for Security Policy. He served in 2018 as deputy assistant to the president and chief of staff of the National Security Council. Fleitz held national security jobs for 25 years with the CIA, DIA, Department of State, and the House Intelligence Committee staff. Twitter: @fredfleitz

See the rest here:

The NSA Does Not Deny Reading Tucker Carlsons Emails

The House Armed Services Committee has a new subcommittee this year, one aimed purely at the growing need for innovation in the Defense Department and the continued prominence of cyber as a dominant means of warfare.

The first-ever chairman of the Cyber, Innovative Technologies and Information Systems Subcommittee, Rep. Jim Langevin (D-R.I.), said over the next legislative session the panel will pursue an aggressive agenda focusing on cyber force structure, the newest combatant commands, artificial intelligence, cyber infrastructure and supply chain safety.

The era of technology has been growing at a rapid pace and becoming more and more important in the Pentagon, in Pentagon budgets and planning, Langevin told Federal News Network in an exclusive interview. House Armed Services Committee Chairman Adam Smith (D-Wash.) felt we needed more scope and depth regarding these issues. Cyber and AI information operations have become more and more important. We want to make sure that the right resources and attention is being given to oversight in all these areas.

In the most recent defense authorization act, Congress included more than 70 cyber-related provisions, so many that the committee had to create a cyber title in the legislation.

Our success in great power competition is going to rely on sophisticated coordinated digital capabilities, Langevin said. The House Armed Services Committee needed to dedicate staff and resources to face this challenge and exhibit the oversight that men and women in uniform deserves.

Langevin said one of his first priorities as chairman will be to ensure that DoD has the right amount of cyber forces.

Currently, DoD has a Cyber Mission Force of 133 teams, four Joint Force Headquarters-Cyber and one Cyber National Mission Force. Those forces focus on protecting DoDs information network and on defensive and offensive cyberspace operations.

I think we need to probably grow the national mission teams as we get more into defending forward, Langevin said. Thats the smallest number of teams that we have over the scope of the cyber mission force. Were going to be looking at this. Theres going to be a force structure assessment that U.S. Cyber Command is going to have to do and we want to make sure that we get this right.

Langevin wants to look further into roles of CYBERCOM, U.S. Space Command and the geographic commands to see if they need to streamline.

In terms of CYBERCOM, Langevin said hes interested in looking into how the combatant command and the National Security Agency are led. Currently, one person heads both of the organizations. There has been much discussion over whether there needs to be an individual head for each of the entities.

It may come a point where we split the hat, having two heads of those different agencies, but right now, Im not a fan of splitting the hat, Langevin said. You need that neutral arbiter to go strike the balance between intelligence and operations. What are the equities of NSA, their concerns? Whats the right steps to take in terms of defending forward and exposure to detection and a whole host of things that we have to balance the right way.

Langevin said there is value in keeping the roles together.

I need NSA and U.S. Cyber Command linked in a way where one will follow the work of the other, he said. I need CYBERCOM and NSA leader Gen. Paul Nakasone being the arbiter between offense and defense. I think his intelligence collection is important.

Langevin pointed to election security as one area where intelligence and operations need to work together and benefit from being housed under one roof.

Another issue Langevin will be keeping a close eye on, along with many others in the tech world, is the Pentagons JEDI contract which has gone through considerable contracting issues. The program is supposed to bring a general cloud to DoD.

Langevin said the bureaucracy, caused in part by drama between companies competing for the contract, is holding up the military from a much needed resource.

It really it troubles me, it frustrates me, he said. I understand this was a large contract. Theres obviously going to be challenges when the losing team doesnt go their way. But eventually weve got to make a decision to move forward on this. I hope that will prevail, and well get this done in the courts. And then when we get it green lighted it really does need to be a single cloud and we cant break it apart for multiple vendors.

As far as legislation goes, the chairman wants to continue implementing recommendations from the Cyber Solarium Commission and the National Security Commission on Artificial Intelligence.

Langevin said he will also be focusing on the Cyber Diplomacy bill, which establishes an international cyberspace policy office in the State Department.

See original here:

Congress newest subcommittee is focusing on cyber troops and JEDI - Federal News Network

President Trump was the most aggressive prosecutor of whistleblowers of any president in American history. The previous record was set by President Obama, but the Trump administration launched as many prosecutions in four years as Obama did in eight.

President Biden, as part of his campaign to undo many of his predecessor's worst policies, should pardon most of these folks, or at least commute their sentences. Disclosing classified information that the public deserves to know does not deserve a lengthy prison sentence.

Of all the candidates for a pardon, Reality Winner's case is most obviously convincing, though as yet has not gotten the wide attention it deserves. She did indeed leak classified documents to The Intercept (which horribly botched its security protocols and basically handed her to the FBI, though she probably would have been caught eventually), which is against the law. But the exposure of these documents did not even slightly harm national security.

Here's what seems to have happened. Winner listened to the Intercepted podcast in early 2017, including one episode in which former Intercept co-founder and journalist Glenn Greenwald expressed skepticism about the idea that Russia had hacked the DNC and John Podesta to boost Donald Trump in the 2016 campaign. Therefore she sent the publication classified material showing the NSA had evidence that not only was Russia behind those hacks, it had actually successfully hacked into an election software vendor. For that she was sentenced to five years and three months in prison. It was the longest sentence in history for simply leaking to the press and very obviously related to Trump's desire to punish people who pointed out his connection to the Russia hack.

Any reasonable American should favor her release because the public has a right to know when U.S. intelligence agencies think a hostile foreign power is trying to compromise America's electoral machinery. At bottom, she was simply doing what the NSA is supposed to do protect the country. Indeed, as Kerry Howley (a journalist who has been following the Winner story closely) points out, when The Intercept published its story on the leak, the federal agency in charge of assisting state election authorities put out a bulletin informing state governments what had happened for the first time. Several states were outraged that they hadn't been informed earlier, and justifiably so. It's not the first time that intelligence agencies' compulsive secrecy and over-classification has gotten in the way of doing their purported jobs.

In any case, all the important details Winner leaked were later published in the Mueller report. Her action was carried out in good faith; she did no harm and at least some good. And anyone who simply believes in proportional punishment must agree that, even on the harshest possible reading of events, Winner has already paid for what she did and then some. She should be pardoned immediately.

Edward Snowden's case may be less convincing for many. He, of course, is the former NSA contractor who leaked details of the agency's then-dragnet surveillance to Laura Poitras, Greenwald, and other reporters at The Guardian back in 2013. That was a more traditional whistleblower-style activity of exposing a program that was legally and constitutionally dubious, but nominally dedicated to protecting national security.

In reality, intelligence agencies later admitted in classified documents that the dragnet program was basically useless. Snowden's revelations led a U.S. court to declare the program illegal, and helped lead to NSA reform becoming law proving beyond question the public value of what he did. And once again, seven years being exiled in a rather dangerous foreign country (he has been stuck in Russia since 2013) is severe enough punishment on its own. He should be pardoned and allowed to return home.

Julian Assange is a more noxious personality, but the current U.S. effort to extradite and prosecute him should be dropped (following Obama administration precedent, which Biden so far has refused to do). Assange may have actively assisted Russia in its efforts to hack Democrats' emails in 2016, and he did push the disgusting Seth Rich conspiracy theory, but the Trump administration's moves against Assange had nothing to do with those things. Instead he is being prosecuted mostly for publishing classified material from Chelsea Manning a decade ago which, if successful, would blast a hole in the First Amendment and would put other journalists who do the same thing in every major news publication at risk.

There are at least five more people in jail, on probation, or facing some other punishment for clear whistleblower activity under Trump:

- John Fry is a former IRS employee who leaked Suspicious Activity Reports (a document in the Treasury department detailing suspect bank transactions) involving Trump's former lawyer Michael Cohen, and recently got five years probation. Revealing corruption among the ex-president's associates is good and he should be pardoned.

- Natalie Mayflower Sours Edwards is a former Treasury employee who leaked SARs detailing suspect transactions from Trump's former campaign chairman Paul Manafort to BuzzFeed News, and faces possible prison time. She should be pardoned for the same reason as Fry.

- Daniel Hale is a former intelligence analyst who leaked documents about drone warfare to The Intercept, and faces years in prison if convicted. The American people deserve to know about the operations of the U.S. military. He should be pardoned.

- Terry Albury, who was the only Black FBI agent in a detail assigned to look into the Somali-American community, sent documents about endemic racism in the agency to The Intercept, and was sentenced to 4 years in prison in 2018. The problem of racism in law enforcement speaks for itself these days; he should be pardoned.

- Navy Captain Brett Crozier commanded an aircraft carrier and was fired for desperately pointing out the fact his ship had a massive COVID-19 outbreak, which embarrassed Trump. He should get his job back.

President Trump wildly abused his pardon power deploying it mainly to protect his criminal friends from prosecution. President Biden could make a clean break with Trump's horrible reign by putting the pardon back to its intended use, and ending the U.S. government's war on whistleblowers.

The rest is here:

End the war on whistleblowers - The Week

Gen. Paul Nakasone, the National Security Agency director, told NPR ahead of the 2020 elections that the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves." Chip Somodevilla/Getty Images hide caption

Gen. Paul Nakasone, the National Security Agency director, told NPR ahead of the 2020 elections that the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves."

Back in November, Kevin Mandia, CEO of the cybersecurity firm FireEye, opened his mailbox to find an anonymous postcard. It had a simple cartoon on the front. "Hey look, Russians," it read. "Putin did it."

He might not have given it a second thought were it not for one thing: His company had recently launched an internal security investigation after officials discovered someone had tried to register an unauthorized device into its network. That inquiry eventually led to the discovery of something even more worrisome: the breach of a Texas-based network monitoring company called SolarWinds.

U.S. officials now believe that hackers with Russia's intelligence service, the SVR, found a way to piggyback onto one of SolarWinds' regular software updates and slip undetected into its clients' networks. That means potentially thousands of companies and dozens of government departments and agencies may have been compromised.

President Biden was concerned enough about the attack that he brought it up in his first official call as president on Tuesday with his Russian counterpart, Vladimir Putin. It is unclear how Putin responded, but Russia has denied involvement in the past.

"We'll be poised to act"

A little over a year ago, the head of U.S. Cyber Command and the NSA, Gen. Paul Nakasone, began to talk openly about America's cyber operations and something he called "defend forward." The strategy is aimed at going toe-to-toe with adversaries in their networks instead of waiting for them to come and hack Americans here at home.

"Defend forward is a DOD strategy that looks outside of the United States," Nakasone told NPR as Cyber Command prepared for the 2020 elections. To impact adversaries, he said, the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves. ... We're going to harden our defenses and ... we'll be poised to act."

At the time, the decision to talk about American cyber forces seemed like a classic deterrence strategy. Traditionally the NSA's mission was kept secret; Nakasone broke from that partly to assure Americans months before the 2020 elections that Cyber Command was prepared to defend U.S. networks while at the same time making clear to adversaries that U.S. cyber operators were primed.

Then Nakasone went a step further. He revealed in an NPR story large portions of Operation Glowing Symphony, an offensive cyber campaign the U.S. launched against ISIS that went a long way toward hobbling the terrorist organization's media and recruitment operation. If Russia were wondering just how skillful U.S. cyber operators were, Nakasone appeared to be saying, here's a little preview.

"It's a little bit different in cyberspace," Nakasone said at the time, "because you have foes that can come and go very, very quickly. They can buy infrastructure, they can develop their capabilities, they can conduct attacks. And what you have to do, from what I've learned, is you have to be persistent with that, and making sure that whenever they do that type of thing, you're going to be there and you're going to impact them."

In that spirit of low-grade confrontation, a few weeks before Americans cast their ballots in the 2020 election, NSA operators gave their Russian counterparts a little tweak: They sent individualized emails to specific Russian hackers, just to let them know U.S. cyber forces had their eye on them. It was an electronic version, in a sense, of that postcard that went to FireEye's Mandia.

Did Nakasone's discussion of U.S. cyber capabilities inspire Russian hackers to do something epic just to prove they could? Kiersten Todt, managing director of the Cyber Readiness Institute, said that while that might have played a small role, Russian cyber forces hardly needed an excuse to try their hand at compromising American networks.

"I think the Russians are emboldened to work against us and come after us for lots of reasons," she said. "And not the least of which could be us saying, 'Hey we're going to, you know, have a secure and safe 2020 election,' that would inspire them to say, 'Oh, no you're not, and while you are focusing on the election, we're actually going to come into your networks.' "

And that's what SolarWinds did it gave them entree into a roster of networks so they could look around to see what they could find. Even without any prodding from Nakasone, cybersecurity experts say, it was inevitable a supply chain hack such as this would happen.

The next-generation hack

There was a simpler version of this kind of breach back in 2013 when criminal hackers, not nation-states, got into the electronic registers at Target Corp. and stole credit card information. The theft made national news, and, for many Americans, it was an early harbinger of how hacking could affect them directly.

It turns out, the hackers didn't compromise Target's network that was too hard. Instead, they cracked into the network of the company that serviced Target's heating, ventilation and air conditioning system and stole its credentials, which allowed them to roam around Target's system unnoticed.

The HVAC contractor was part of the store's vast supply chain. Experts say we should see the SolarWinds hack as a more sophisticated version of that. Breaking into the Treasury Department is too hard, so the intruders found a comparatively easier mark a company whose job it is to monitor the very networks that were compromised.

With the SolarWinds breach, hackers have made clear that something doomcasters have been warning about for years has finally arrived. If adversaries pick the right contractor to hack, everyone that company works with is potentially vulnerable, too, said Richard Bejtlich, a former military intelligence officer who is now the principal security strategist at Corelight, a cybersecurity firm.

"If you were one of those organizations that had enough money to say, 'We want to have inventory management, we wanted to have network management, let's go with SolarWinds,' well, suddenly, that's opened you up to a whole new set of problems," he said.

That's why this is called a supply chain hack.

Bejtlich expects that in the coming weeks more companies will come forward and disclose they were part of this hack, too. So far the tally includes not just SolarWinds but also Microsoft and a cybersecurity firm called Malwarebytes. The NSA and U.S. Cyber Command haven't said anything about the attack publicly and declined to comment for this article.

They are part of a roster of intelligence officials still trying to assess the damage. Cyber officials told NPR that the investigation is in its earliest stages, but what they have determined so far is that to launch the attack and not be noticed, the SolarWinds breach had to have been planned long in advance. They said that likely hundreds of Russian software engineers and hackers were involved and that they spent time in the various networks for at least nine months before FireEye and later Microsoft discovered the breach.

"We think they were surprised it worked so well," one source who is helping trace the damage told NPR. He declined to be identified further because he is not authorized to speak about what they are discovering. "We think that once they got into SolarWinds and were inside their clients' network they had trouble deciding where to go next. It was successful beyond their wildest imaginations, and they didn't have enough people to work it all."

Biden has asked his new national security team for an assessment of the SolarWinds attack. He wants to know how it happened, how far it went and how to fix it. These kinds of reviews are standard operating procedure when administrations change hands.

Among the questions officials will try to answer is whether the SolarWinds hack was a straightforward espionage operation or something more sinister. Were the hackers just looking for information, or have they inserted backdoors into systems across the country that could allow them to turn things off, or change information with just a couple of keystrokes?

Another thing investigators would like to know: whether the hackers themselves sent that postcard to FireEye's Mandia.

Read the rest here:

NSA Warned Russia to Stay Out Of 2020 Election And Got SolarWinds Hack Instead - NPR

Sullivan described the Quad and the Abraham Accords as examples of Trump administration actions that were positive and ones the current administration would build on

The new U.S. National Security Advisor (NSA) Jake Sullivan has said the Biden administration would like to carry forward the work of the Trump administration in strengthening the Quad grouping of countries India, the U.S., Japan and Australia.

His comments will bring some measure of clarity to discussions on the level of priority the new administration will assign the Indo-Pacific, which had been elevated by the Trump administration as a foreign policy priority, mostly as a reaction to Chinas growing assertiveness.

I think we really want to carry forward and build on that format, that mechanism which we see as fundamental a foundation upon which to build substantial American policy in the Indo Pacific region, Mr Sullivan said at a webcast discussion, Passing the Baton, organized by the U.S. Institute for Peace.

The discussion between Mr Sullivan and his predecessor Robert OBrien was moderated by Condoleezza Rice, Secretary of State from the George W. Bush administration.

Mr Sullivan described the Quad and the Abraham Accords deals signed in 2020 to normalize relations between Israel and certain West Asian and North African countries - as examples of Trump administration actions that were positive and ones the Biden administration would build on.

Earlier in the discussion, Mr OBrien had said the Quad may be the most important relationship the U.S. has established since NATO and an example of working with allies to confront China.

Mr Sullivan, however, said the Mr Trump and Mr Biden had some real differences in their approach to the relationship with Iran.

It starts from a sober analysis of the state of affairs, which is that Iran's nuclear program has advanced dramatically over the course of the past couple of years, they are significantly closer to a nuclear weapon than they were when the previous administration withdrew from the JCPOA [Joint Comprehensive Plan of Action or the Iran deal], Mr Sullivan said.

On Afghanistan, Mr Sullivan said that the Biden administration would take decisions on the withdrawal of the remaining 2,500 American troops by May 1 from the country, based on whether the Taliban were fulfilling their end of a U.S.-Taliban agreement from February last year.

So, what we're doing right now is taking a hard look at the extent to which the Taliban are, in fact, complying with those three conditions and in that context, we will make decisions about our force posture and our diplomatic strategy going forward, he said.

Mr Sullivan said three conditions in the agreement were of particular importance: the Taliban cutting ties with terror groups including Al Qaeda, reduction in violence, and third, the Taliban participating in a real way, not a fake way, in negotiations with the Afghan government.

The former and current NSAs also differed in their characterization of the top challenges facing the U.S. A very assertive, rising China was the biggest challenge to the U.S., according to Mr OBrien.

Iran, Russia and less high-profile challenges like cartels and transnational crime were some of the others.

For Mr Sullivan, the most pressing challenge was the turmoil within the U.S. itself.

It occurs to me something that Joe Biden has really reinforced for us, which is that foreign policy is domestic policy and domestic policy is foreign policy. And at the end of the day, right now, the most profound national security challenge facing the United States is getting our own house in order, is domestic renewal, Mr Sullivan said.

He described COVID-19, the economic crisis and acute threats to our basic constitutional republic and deep divisions as domestic challenges facing the country.

Investing in allies and re-establishing Americas place in multilateral forums like the World Health Organization and Paris Climate Accord were the next priority. Then the U.S. would be in a position to effectively deal with the China challenge , the climate crisis , the current and future pandemics and so forth, Mr Sullivan said.

You have reached your limit for free articles this month.

Find mobile-friendly version of articles from the day's newspaper in one easy-to-read list.

Enjoy reading as many articles as you wish without any limitations.

A select list of articles that match your interests and tastes.

Move smoothly between articles as our pages load instantly.

A one-stop-shop for seeing the latest updates, and managing your preferences.

We brief you on the latest and most important developments, three times a day.

Support Quality Journalism.

*Our Digital Subscription plans do not currently include the e-paper, crossword and print.

Read the original post:

Biden administration will build on the Quad: NSA Jake Sullivan - The Hindu

LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, today announced the addition of William (Bill) P. Crowell to its Advisory Board. This announcement is the first in a series of new appointments the company will be making toward advancing its vision and expertise in next-generation cybersecurity products.

Crowell served as Deputy Director of Operations at NSA, Chairman of the Director of National Intelligence (DNI) Senior Advisory Group, and as a member of the Department of Homeland Security (DHS) Science and Technology Advisory Board. Through these experiences, Crowell spent years investigating and improving military command and control, intelligence and security systems. Currently, Crowell is a partner at Alsop-Louie and an independent consultant specializing in information technology, security and intelligence systems. He brings a wide range of experience having served as Chairman, Director, President and CEO of a variety of technology companies, including Broadware Technologies, SafeNet, Inc., Cylink Corporation, ArcSight, Inc., Narus, Inc. and Six3 Systems, among others.

I have witnessed firsthand the expertise and insights Bill brings to the table, said LookingGlass CEO, Gilman Louie. With decades of experience and a deep understanding of both offensive and defensive cyber, Bill will serve a vital role in advising the growth and success of LookingGlass.

I have a long association with LookingGlass and consider them a leader in cyber threat intelligence, said Crowell. Im looking forward to joining the Advisory Board and am particularly excited about the LookingGlass products and capabilities which I believe have great appeal in todays market.

(Visited 18 times, 18 visits today)

Read the rest here:

William P. Crowell, Former Deputy Director of the National Security Agency, Joins LookingGlass Advisory Board - HSToday

With help from Martin Matishak

Editors Note: Weekly Cybersecurity is a weekly version of POLITICO Pros daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the days biggest stories. Act on the news with POLITICO Pro.

State and local officials are meeting this week to discuss how to approach cybersecurity and election security issues in a chaotic time.

Two House panels announced the lawmakers who will lead key cyber subcommittees during this Congress.

Democratic lawmakers want answers from the NSA about an old scandal that they say has taken on new urgency in light of SolarWinds.

HAPPY MONDAY and welcome to Morning Cybersecurity! Cant believe we banished Pluto from the planet club when it was already dealing with this. Send your thoughts, feedback and especially tips to [emailprotected] and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

STATES TAKE STOCK The 2020 election may (finally) be over, but election security remains a top issue for state officials, and its one of several cyber topics that they plan to discuss at a pair of conferences this week. The National Association of State Election Directors is meeting all week, while the National Association of Secretaries of State meets Tuesday through Friday. To say that officials have their plates full would be an understatement, but scattered in between panels about online notarization, corporate transparency and pandemic emergency orders are sessions that will help shape states cybersecurity priorities for the next year and beyond.

Secretaries of state will hear from the lawmakers whose committees oversee elections, including the Democrats pushing a sweeping election security and reform bill and the Republicans vehemently opposing it. House Administration Committee Chairwoman Zoe Lofgren (D-Calif.) and incoming Senate Rules Committee Chairwoman Amy Klobuchar (D-Minn.) are likely to receive a frosty reception as they discuss the For the People Act (H.R. 1 and S. 1), a Democratic bill that includes major election security provisions. State election officials have consistently opposed new federal rules covering voting technology and election administration.

NASS will also hear from Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, which coordinates cybersecurity assistance to states on issues including ransomware and election security. And secretaries will meet behind closed doors to discuss the cybersecurity lessons from the 2020 election cycle.

Over at NASED, two top CISA officials overseeing election security work will discuss lessons from 2020 and priorities for 2021. Other NASED sessions will cover information sharing, incident response, misinformation and pandemic disruptions. Speaking of misinformation, NASS will hold a session about strategies for correcting false election claims.

NASS cybersecurity committee will hear about the value of collaborating with independent security researchers. State IT officials will discuss their collaborations with security companies, including two that run vulnerability disclosure programs. Researchers have spent years urging state officials to launch VDPs so good-faith experts can report flaws in state government systems, and officials are increasingly overcoming their doubts about trusting outside researchers.

Election officials across the country are committed to protecting the sanctity and integrity of the vote, and Im looking forward to this opportunity to share best practices with my colleagues, Iowa Secretary of State Paul Pate, a co-chair of the cyber committee, told MC.

A second panel discussion during the cyber committee meeting will look at the state and local cybersecurity landscape. From ransomware to pandemic-related digital services, state and local officials face a growing array of cyber challenges, and multiple organizations have repeatedly urged Congress to provide grant funding.

MEET THE GAVEL-WIELDERS We now know who will be leading two key cyber-related subcommittees in the 117th Congress, giving outside experts, federal officials and fellow lawmakers a sense of who theyll need to persuade to advance priorities from international norms to bolstering CISA.

Yvette Clarke (D-N.Y.) will chair the House Homeland Security Committees Cybersecurity, Infrastructure Protection, and Innovation Subcommittee, panel chair Bennie Thompson (D-Miss.) announced on Friday. Clarke, who previously led the subcommittee during the 111th Congress, is no stranger to cyber issues, having sponsored or cosponsored bills to improve critical infrastructure security and expand the cyber workforce. She has also urged a focus on cyber hygiene and a nuanced approach to regulation informed by industry input.

Andrew Garbarino (R-N.Y.), a freshman lawmaker, will be the cyber subcommittees top Republican, according to a statement from panel ranking member John Katko (R-N.Y.). Republicans promised to prioritize cybersecurity as the pre-eminent national security threat of our time that demands an evolved approach. Fun fact: Three of the four leaders of the full committee and cyber subcommittee now hail from the same state for what appears to be the first time.

The homeland panels cyber subcommittee will have its hands full in this Congress as it deals with the SolarWinds cyber espionage campaign, CISAs response to SolarWinds and the agencys overall readiness, the supply chain threats posed by foreign-linked telecom companies and many other issues.

William Keating (D-Mass.) will lead the House Foreign Affairs Committees Europe, Energy, the Environment, and Cyber Subcommittee, according to the panels chair, Gregory Meeks (D-N.Y.). Democrats just added cyber to this subcommittees name for the first time, although it already handled the issue as part of its previous emerging threats mandate. Keating hasnt said much about cybersecurity, but in 2017, he criticized then-President Donald Trumps refusal to acknowledge Russias responsibility for its 2016 election cyberattacks.

Among the issues on Keatings plate will be scrutinizing the State Departments creation of its new cyber diplomacy bureau. The outgoing Trump administration green-lit a plan to create the bureau in its final days, but Democratic lawmakers, the Government Accountability Office and some former officials have raised concerns about the plan, saying it fails to coordinate the full spectrum of cyber issues. Republicans have not yet announced their ranking member for the foreign affairs panels cyber subcommittee.

ONCE IS A FLUKE, TWICE IS A COINCIDENCE A group of House and Senate Democrats is pressing the NSA for answers about the spy agencys involvement in the creation of a digital vulnerability that made its way into the firewalls of technology vendor Juniper Networks. Their missive signals a growing awareness on the Hill of the dangers of supply chain attacks, in which hackers compromise software used by their real targets. In a Jan. 28 letter to NSA Director Gen. Paul Nakasone, the lawmakers led by incoming Senate Finance Committee Chair Ron Wyden (D-Ore.) and including new House cyber subcommittee chair Clarke asked for details about the NSAs probe of the Juniper breach.

The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks, the lawmakers wrote. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the companys software updates.

The group asked Nakasone to answer a series of questions and made requests for additional information, including a Juniper lessons learned report that an NSA official mentioned to Wyden, a senior member of the Senate Intelligence Committee, during a 2018 briefing. The spy agency has yet to make the report available.

MAKING GOOD PROGRESS A U.N. group charged with developing international norms of responsible behavior in cyberspace wrapped up its latest session last week, and the State Departments cyber team praised the groups chief for presiding over a valuable meeting. We appreciate Brazilian Ambassador Guilherme Patriota for effectively chairing the latest session of the @UN Group of Government [sic] Experts on #cyber this week, the cyber office said on Twitter, adding that the GGEs work will help all UN member states understand the importance of cyber norms and the value of helping developing nations build the capacity to defend themselves.

The GGE, a small group championed by the U.S. and other Western nations, faces competition from a separate U.N. body created in 2018 at the urging of Russia. The newer Open-Ended Working Group, or OEWG, has drawn criticism from Western diplomats and independent cyber experts, who accuse Russia of using it to launder dangerous policies that would restrict internet freedom.

HERES TO YOU Colorados chief election official has bestowed an award on former CISA Director Chris Krebs for his leadership of the governments cyber agency during the 2020 election cycle. Krebs fought back against election domestic and foreign misinformation, and fortified election cybersecurity, Colorado Secretary of State Jena Griswold (D) said in a statement. At times Krebs pushed back on misinformation spread by the former President, which ultimately cost him his job. His courage, commitment, and leadership are one of the reasons the 2020 Election was the most secure in our nations history.

PEOPLE ON THE MOVE:

Ian Wallace has joined the State Department as a senior adviser in its cyber office. Wallace previously served as a senior fellow in the digital innovation and democracy program at the German Marshall Fund.

TWEET OF THE DAY Patch your bodies as soon as possible!

Nearly a third of victims in the SolarWinds campaign didnt use SolarWinds software and were instead hacked through a different vector. (Wall Street Journal)

By breaching the federal court system, the SolarWinds hackers may have accessed highly sensitive sealed documents. (Associated Press)

A far-right activist with a security clearance helped Russian hackers spread hacked documents stolen during Frances 2017 election. (Southern Poverty Law center)

A social media campaign used fake, AI-generated profiles to attack Belgiums plan to ban Huawei from its 5G network. (CyberScoop)

If hackers stole your identity and used it to get unemployment benefits, you might soon get a shocking tax bill. (Krebs on Security)

Thats all for today.

Stay in touch with the whole team: Eric Geller ([emailprotected], @ericgeller); Bob King ([emailprotected], @bkingdc); Martin Matishak ([emailprotected], @martinmatishak); and Heidi Vogt ([emailprotected], @heidivogt).

Read more from the original source:

What to expect from NASS and NASED conferences - Politico

Let our journalists help you make sense of the noise: Subscribe to the Mother Jones Daily newsletter and get a recap of news that matters.

In mid-January, a week before being sworn in as president, Joe Biden announced that he would appoint Anne Neuberger as the deputy national security adviser for cyber and emerging technology on the National Security Council. Cybersecurity experts praised the move, citing it as a clear sign the Biden White House would be serious about countering cyber-threats. The New York Times described Neuberger, who became the National Security Agencys cybersecurity chief in 2019, as a rising official at the agency. She had run its Russia Small Group, which launched a preemptive strike against the Kremlins cyber operatives during the 2018 elections, and in addition to focusing on preventing cyber-assaults on the US government and military, she had overseen the development of new impenetrable cryptography. But the glowing reviews left out an unusual piece of her story: In recent years, Neuberger, through a family foundation, has donated hundreds of thousands of dollars to American Israel Public Affairs Committee, the pro-Israel lobby known as AIPAC, for its efforts to influence the US government and public opinion.

National security experts tellMother Jones that the hefty donations from Neubergers foundation to AIPACa strong ally of an Israeli government that is deeply involved in cyber and intelligence issues of importance to the US government and that has spied on the United States and been a target of US spyingraise concerns. (NBC News reports the same.)*

Neuberger hails from one of the wealthiest families in the United States. Her father is billionaire investor George Karfunkel, who was in the news last summer for making a curious donation of Kodak stockworth up to $180 millionto an Orthodox Jewish synagogue in Brooklyn that seemed to barely exist. Karfunkel was listed in New York State records as the synagogues president and chief financial officer, and the transfer of this stockwhich would have yielded Karfunkel a tremendous tax deductionoccurred during a wild buying spree of Kodak stock triggered by a leaked announcement that the Trump administration might be handing Kodak an unprecedented $765 million loan. (That deal never came through.) Members of Congress have demanded answers about Karfunkels highly unusual stock transfer.

From 1993 to 2007, Anne Neuberger worked at American Stock Transfer and Trust, a financial services firm cofounded by her father in 1971, eventually becoming a senior vice president of operations. Her husband, Yehuda Neuberger, was also a top official at the firm and a board member. Anne Neuberger then switched from the private sector to the government. After serving as a White House fellow and working for the secretary of the Navy as an adviser on IT programs, she landed at the NSA in 2009 and helped develop its Cyber Command. Media profiles of her in the years since have focused on the novelty of an Orthodox Jewish woman who grew up in a Hassidic neighborhood in Brooklyn (and whose grandparents on both sides were Holocaust survivors) becoming a leader at the NSA and have noted that her parents were on the 1976 Air France flight that was hijacked by the Palestinian Liberation Organization and diverted to Uganda, where the passengers were eventually rescued by Israeli commandos.

Twelve years ago, Neuberger and her husband created the Anne and Yehuda Neuberger Foundation to carry out the charitable and religious purposes of the Associated Jewish Community Federation of Baltimore, according to its tax records. Neuberger was vice-president of the foundation; her husband, the president. Neither received compensation from the outfit.

In 2010, the foundations first full year of operations, it received $1,183,050 in contributions and handed out $383,100. Of that, a quarter of a million went to the Womens Network for Single Parents in Brooklyn. (Neuberger is the founder of Sister to Sister, a group that assists divorced women within Orthodox Jewish communities.) The foundation made an $83,000 gift to the Associated Jewish Community Federation of Baltimore. Computer Sciences for the Blind in Brooklyn was awarded $25,000. And the foundation donated $25,000 to AIPAC for operating support.

The following year, the Anne and Yehuda Neuberger Foundation dished out $284,500 in gifts, according to its tax filings. The list included another $25,000 to AIPAC and also $3,500 to the Foundation for the Defense of Democracies, a hawkish, pro-Israel think-tank in Washington.

In subsequent years, the foundation upped its contributions to AIPAC. From 2012 through 2018the last year for which tax records for the foundation are availablethe Neubergers provided $559,000 to AIPAC. And this money, according to those filings, financed lobbyingeither lobbying to influence a legislative body or to influence public opinion. The tax records do not provide any specifics about the AIPAC activity the foundation financed. (The contribution amounts listed for AIPAC on the Neuberger Foundations IRS submissions line up exactly with the amounts the foundation declared as expenditures for lobbying. A nonprofit charitable foundation is allowed to pass money to a lobbying shop, as long as the amount donated is a moderate percentage of its overall giving.)

There is a Neuberger family connection to AIPAC. Yehuda Neuberger is chair of AIPACs Baltimore executive council. In 2011, Rabbi Steven Weil, then executive vice president of the Orthodox Union, hailed his outstanding reputation as a leader of AIPAC. Four years later, as part of a fierce AIPAC effort, Yehuda Neuberger lobbied Sen. Ben Cardin (D-Md.) to oppose the multilateral Iran nuclear deal the Obama White House had negotiated. (During the political fight over the Iran deal, the NSA, according to theWall Street Journal,eavesdropped on Israeli officials, including Prime Minister Benjamin Netanyahu, who opposed the accord, and revealed to the White House how Mr. Netanyahu and his advisers had leaked details of the U.S.-Iran negotiationslearned through Israeli spying operationsto undermine the talks and had coordinated talking points with Jewish-American groups against the deal.)

Around 2014, the management of the Neuberger Foundation shifted. Anne Neuberger, who was still at the NSA, moved from vice president to secretary/treasurer, and Yehuda Neuberger, the president, became vice president. Marc Terrill, the president of the Associated Jewish Community Federation of Baltimore, who had previously been a director of the Neubergers foundation, took over as president. (According to tax records for 2014, Terrill made $700,109 in total compensation as head of the Associated Jewish Community Federation of Baltimore that year.) The Neuberger Foundation and the Associated Jewish Community Federation of Baltimore share an address and phone number in the Charm City.

In its 2015 tax filing, the Anne and Yehuda Neuberger Foundation reported a major development: it received a $93 million gift. The source of this large contributionwhich came in the form of stock in one publicly traded companywas the Chesed Foundation of America, an organization run by George Karfunkel that started that fiscal year with assets of $148 million. (The tax filings do not disclose what stock was involved in this transfer.) In subsequent years, the Anne and Yehuda Neuberger Foundation increased its donations into the seven-figures range.

In fiscal year 2017, the foundation experienced another significant change in its finances: it started the year with $88 million in assets but ended with $33 million. It handed out about $1.5 million in donations that year, and its tax filing did not explain this drop. Still, in assets, it remained over 30 times the size it was at its inception in 2010.

As the Neubergers foundation grewbolstered by this large infusion from George Karfunkels foundationAIPAC remained a beneficiary. In fiscal year 2018, it doled out $1,925,000 in donations, which included $75,000 for AIPAC.

In Washington, AIPAC is regarded as a powerhouse lobbying force. It describes its mission as a bipartisan effort to strengthen and expand the U.S.-Israel relationship in ways that enhance the security of the United States and Israel. But a top AIPAC official once said that its job is generally to support the policies of the government of Israel. In 2005, two senior AIPAC officials were charged with espionage and accused of handing US defense secrets to an Israeli official, but four years later, the case was dropped when pre-court rulings complicated the Justice Departments case by compelling prosecutors to prove the pair had intended to harm US interests.

In recent years AIPAC has been widely seen as a supporter of Benjamin Netanyahu and his far-right and hardline policiesperhaps to such an extent that it has, as one critic put it, engaged in mission-distortion or mission-neglect. AIPAC, for example, has provided Netanyahu a platform for attacking Democrats and US policies with which it disagrees. The Israeli government has moved right. AIPAC has gone with it, Ilan Goldenberg, a senior fellow at the Center for a New American Security, a think tank in Washington, noted last year. In his new memoir, former President Barack Obama criticized AIPAC for reflexively siding with Israel in policy disputes. He wrote that AIPAC embraces the view that there should be no daylight between the U.S. and Israeli governments, even when Israel took actions that were contrary to U.S. policy. He observed that US officials who adopted a different approach could expect to be targeted by the AIPAC and its political arm: Those who criticized Israeli policy too loudly risked being tagged as anti-Israel (and possibly anti-Semitic) and confronted with a well-funded opponent in the next election.

On cyber mattersAnne Neubergers fieldIsrael is an important player. It has become a cybersecurity powerhouse. The nation is home to NSO Group, one of the most notorious cyber-surveillance firms, which manufactures the infamous Pegasus phone spyware, which can allow a security service or other actor to gain total control of a mobile phone and use the device to surveil its user. According to a 2018 report, At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates. Last year,Haaretzreported that the Israeli government had encouraged NSO to sell Pegasus to the United Arab Emirates and several Persian Gulf states.

Though Israel is a US ally, it has spied on the US government, and the CIA has considered Israel a top counterintelligence threat. And it is not hard to conceive of cyber-related conflicts that could arise between the two states. So should a Biden administration national security official in charge of US cyber policy be supporting an influence group aligned with the Israeli government? Its unwise at best, says John Sipher, a former CIA official. In her world, when people think of cyber-threats, Israel is always there, even if its an ally. It is surprising that someone in cyber who understands Israeli capabilities would not want to steer clear of these politics.

Several other national security expertswho asked not to be namedsay that the foundations donations to AIPAC create, at the least, an appearance problem for Anne Neuberger. They point out that the Israeli government does maintain an aggressive campaign of espionage against the United States and has a deep interest in US cyber policy.

A former senior intelligence official says, Anne is a very smart and competent professional. I was very impressed with her work and never had any question about her integrity That said, such a donation, if true and publicized, would raise a lot of eyebrows within the government and beyond, especially since the two dimensions involvedIsrael and cyberhave their own history. A second former senior intelligence official adds, Is this disqualifying? Probably not. But its not good.

A senior congressional aide who oversees national security issues says, If you donate half a million dollars to a lobbying group, that indicates a pretty strong preference. And a foreign policy expert with close ties to the Biden administration notes, One question this presents is whether she would recuse herself from decisions that could impact Israel.

Kathleen Clark, a law professor at Washington University in St. Louis and an expert on government ethics, notes that ethics laws are primarily aimed at preventing an officials financial interests from having an impact on his or her government work. Neubergers past financial contribution to AIPAC does not create that kind of ethics issue, she says. But Clark notes that it could raise raise a question regarding her impartiality. Clark points out that because cybersecurity issues involve Israel and because AIPAC promotes strong US-Israeli cooperation on a wide range of issues, including cyber, the public needs to know whether the actions of Neubergers foundation overlap with her government responsibilities. She adds, Will we know what the foundation has spent or is spending its money on? Will we know what projects the foundation is supporting? Will the foundation accept donations?

Marc Terrill, the president of the Neuberger Foundation, did not respond to multiple requests for comment. When reached byMother Jones, Yehuda Neuberger said he was not available to discuss the foundation.

On Monday, Mother Jones sent a list of questions about the Neuberger Foundation and its AIPAC donations to the NSC and Anne Neuberger. The queries included: Did Neuberger or her foundation know specifically what lobbying the donations subsidized? What was the source of the initial $1,183,050 the foundation kicked off with? What was the stock valued at $93 million that her fathers foundation donated to the Neuberger Foundation? Why did the foundation receive such a large gift? Does the Neuberger Foundation consult with Karfunkel regarding any of its donations? Has Neuberger filed a financial disclosure form regarding her new position at the NSC? Does it include information related to the Neuberger Foundation? Did she file a financial disclosure form at the NSA?Did it include information related to the Neuberger Foundation?

Mother Jones also asked, Is it appropriate for a high-ranking intelligence official or a NSC official to contribute hundreds of thousands of dollars to AIPAC, a lobby regarded by critics as often aligned with the policy interests of a foreign government? Is there a potential conflict of interest for a senior official in charge of cyber policy who donates money to an American group that is seen as supportive of a foreign government highly involved in cyber-surveillance and cyber-warfare issues?

An NSC spokesperson said that she would respond to the query and requested time to do so. Two days later the NSC declined to answer any of those questions. The NSC spokesperson said, As a senior NSC employee, Ms. Neuberger will abide by the Executive Order on Ethics Commitments By Executive Branch Personnel.

The NSA did not respond to a similar set of questions.

UPDATE: After this article was published, Emily Horne, an NSC spokesperson, sent Mother Jones the following statement: We note that NBC has pulled down their own version of this story, saying it fell short of their reporting standards, and look forward to Mother Jones doing the same. The women and men of the NSC are patriotic, dedicated, and serve their country with distinction. Being forced to endure public smear campaigns should not be part of working on behalf of the American people. NBC News moved its story on Neuberger to its archives and said that the article did not meet the networks reporting standards because it cited only unnamed sources raising questions about the Neuberger Foundations donations to AIPAC and because Neuberger was not given adequate time to respond to our reporting. This Mother Jones article cited both named and unnamed sources, and Mother Jones gave Neuberger two days to respond to a query about her foundation and the AIPAC donations. She did not respond. Mother Jones also contacted the president of the foundation, and he did not respond to repeated requests for comment. Mother Jones stands by our reporting.

See the rest here:

A Top Biden Cybersecurity Aide Donated Over $500000 to AIPAC as an NSA Official Mother Jones - Mother Jones

[co author: Markus Speidel]

Berlitz and CLCI admitted to violating 18 U.S.C. 371 by discussing, agreeing to, and facilitating the submission of false and misleading information to the National Security Agency (NSA) between March and December 2017. The charges relate to a multiple award indefinite delivery, indefinite quantity (IDIQ) contract vehicle for foreign language instruction, under which the NSA awarded three prime contracts. To qualify as technically acceptable, offerors needed the capacity to provide language training in all six specified geographic areas. Following award of the IDIQ contracts, the awardees would then compete against each other for individual delivery orders to provide training in a particular language at particular locations.

According to their stipulations, Berlitz and CLCI submitted invoices and received payments based on non-competitive bids. In furtherance of the conspiracy, and to qualify as technically acceptable when it otherwise would have been ineligible for award, CLCI falsely and misleadingly claimed the capacity to perform training services at a particular facility in Odenton, Maryland a facility that turned out to be solely owned and operated by its competitor, Berlitz. Berlitz provided CLCI with a floor plan to the Odenton facility, which CLCI submitted as our Odenton, MD location in its proposal. In exchange for this favor, CLCI agreed not to bid against Berlitz for any delivery orders involving language training near the Odenton facility. CLCI memorialized the agreement with a draft letter in an email to Berlitz. On two separate occasions in August 2017, the companies maintained the agreement by email exchanges, confirming that CLCI would not bid on a delivery order NSA sent out for instruction in Maryland.

Under the deferred prosecution agreements, which resolved the charges, both companies agreed to cooperate fully in any related criminal investigation and prosecution, and to implement a compliance and ethics program to detect and prevent future violations. Both companies also agreed to pay criminal penalties, $147,000 for Berlitz and $140,000 for CLCI, and victim compensation to NSA to the tune of $57,000. Violations of 18 U.S.C. 371 carry a maximum company fine of $500,000.

Takeaway: Contractors and prospective contractors would do well to heed the lessons here. When submitting information to the government, truthfulness is paramount. And it should go without saying that colluding with other competitors to stifle competition is illegal. Companies that violate these legal and ethical norms not only face criminal penalties, but also may end up suspended or debarred from government contracting. Companies should ensure their regular ethics training addresses these and other aspects of integrity in the bidding process.

*Markus Speidel is a Law Clerk in our Washington, D.C. office and not admitted to the bar.

[View source.]

Original post:

Companies Pay Criminal Penalties And Compensation For Undermining Competition - JD Supra

Last month, the private security firm FireEye discovered a widespread breach of government and corporate computer networks through a so-called "supply chain" exploit of the network management firm SolarWinds, conducted by nation-state-level hackers, widely thought to be Russia. Most coverage of the breach featured ominous headlines and quotes from current and former government officials describing it as the biggest hack of modern times. Occasionally, buried in one of the closing paragraphs, there was an official quoted admitting that, so far, only "business networks" were known to be compromisedsensitive but unclassified email systems and data on job descriptions and HR functions.

"Like our nuclear policy before it, the stated goal is deterrence, but the actual goal is to create a cover for unchecked aggression and dominance."

These stories lack context of the true state of cyber espionage over the last few decades. The SolarWinds hack is certainly a large and very damaging breach, but one could almost pick at random any five or ten of the hundreds of codename programs revealed in the Snowden documents that would top it. The mother of all supply chain attacks (that we know of publicly) may have been the clandestine American role behind CryptoAGwhich allowed the NSA to sell scores of foreign governments broken cryptographic systems through which it was possible to crack the encryption on their top-level government and military communications for decades. And of course the first, and one of the only, actual cyberattacks in history was the Stuxnet program conducted by Israeli and American services against Iranian nuclear centrifuges.

Yet the American public may be left with the impression that Russian hacking poses a uniquely aggressive and destabilizing threat to the international order, and therefore must be punished. News coverage has been leadened with apoplectic quotes from senior officials and lawmakers that the breach represents "virtually a declaration of war," that we need to "get the ball out of their hands and go on offense," that "we must reserve our right to unilateral self-defense," and even that "all elements of national power must be placed on the table" (All elements? Tanks? Nuclear weapons?). This kind of hyperbolic reaction cannot be driven by sincere shock at the idea of a government hacking into and spying on another governments networks. More plausibly, it is driven by outrage at the idea of any other nation challenging the United States' overwhelming dominance to date in network espionage.

The Pentagon has so far responded to the breach by proposing a rearrangement of the organizational chart for our cyber army. And if history is any guide, Congress will respond as they have to past intelligence failures: by throwing more money at the bureaucracy to feed its legion of private contractors. In other words: more of what contributed to this breach in the first place. The ever-growing feeding frenzy for beltway bandits not only increases the attack surface for foreign hackers, it ensures that Congress does not have the capacity (even if it had the will) to understand and oversee increasingly complex supply chains to ensure basic security standards for the very companies who will be called on to fix these vulnerabilities. Few were even aware of the ubiquity of SolarWinds presence across so many of our government networks, and the lax security practices of this key software provider have only come under scrutiny retroactively. According to reports, the update server for SolarWinds softwarean incredibly sensitive key piece of any software supply chainwas publicly accessible by a default password that had leaked to the internet in 2019, and the company had been warned both by its employees and by independent security researchers.

Here another tragic irony emerges: whatever internal channels were used to warn of these security lapses were clearly not effective, but if a whistleblower had taken this kind of sensitive national security information to the presspublication of which perhaps could have forced action and prevented a major act of espionage against our governmentthey would have put themselves at risk of prosecution under the Espionage Act.

"If reports are true that Russia was behind SolarWinds, and was using its access to case physical infrastructure networks in the U.S., their motivation may have been to gain a small measure of deterrence against the overwhelming superiority of American offensive capabilities."

So while the pundits clamor for retaliation and Washington bickers about rearranging the desks at Fort Meade, we still do not get a debate on alternatives that might better serve the American people. In secret, and without public consultation, the NSA long ago decided to use our privileged position sitting atop the internet backbone not to secure it; to level up the safety of key systems for all its users (but to poke more holes in it); and to stockpile exploits and hoard vulnerabilities in order to dip its hands into nearly every network, communications protocol, and computer system of consequence on the planet, both foes and allies alike.

Even our defensive strategy has become a policy of aggression. Dubbed "defend forward," it has us maintaining backdoors and software implants on key infrastructure systems around the world, as a way of keeping a loaded gun pointed at any real or potential adversary. Like our nuclear policy before it, the stated goal is deterrence, but the actual goal is to create a cover for unchecked aggression and dominance. If reports are true that Russia was behind SolarWinds, and was using its access to case physical infrastructure networks in the U.S., their motivation may have been to gain a small measure of deterrence against the overwhelming superiority of American offensive capabilities.

The wisdom of such an aggressive posture towards the global internet was one of the key questions Edward Snowden posed to the public after his disclosures. We should not fail to consider it as we increasingly get a taste of what the rest of the world has been subjected to by American spies for decades.

Link:

SolarWinds Is Not the 'Hack of the Century.' Its Blowback for the NSA's Longtime Dominance of Cyberspace - Common Dreams

Sports News of Monday, 1 February 2021

Source: GNA

Coronavirus active cases are rising in Ghana

The National Sports Authority (NSA) has expressed dissatisfaction over the unacceptable behaviour of fans and the blatant disregard for COVID-19 safety protocols during a match-day 11 encounter between Hearts of Oak and Great Olympics played at the Accra Sports Stadium, last Saturday.

In a press statement signed by Mr Charles Amofah, Head of Public Relations of NSA, it said despite all the measures that have been put in place such as spaced out marked seats to ensure social distancing, fans were found jubilating, singing, hugging each other when their team scored, thus ignoring the safety protocols.

"In view of this, the Authority is using this medium to inform the Ghana Football Association(GFA) and the clubs using the facility that it would not hesitate to resort to matches being played behind closed doors, in order to ensure total adherence to the COVID-19 safety protocols.

"The Authority would like to assure the general public of its commitment to ensuring strict compliance with the COVID-19 safety protocols, in collaboration with the law enforcement agents deployed to our facility," the statement said.

In other related development, the President of the Republic, Nana Addo-Dankwa Akufo-Addo has entreated the NSA and GFA to ensure the compliance with a 25% capacity rule in our stadium with spectators adhering to social distancing rule and the wearing of masks.

Read this article:

NSA fumes over the violation of coronavirus safety protocols - GhanaWeb

The lack of conclusive upstream intelligence about Russias long-running, recently discovered digital espionage effort suggests a need to rethink how the U.S. is organized to meet cyber threats and in particular, the dual-hat leadership of the National Security Agency and U.S. Cyber Command.

To be sure, the United States has worked to improve its national security focus on cybersecurity in recent years, spurred by Russian efforts to interfere in the 2016 election and recognition that more adversaries can and will want to use offensive cyber methods and tools. These efforts include strategy documents, executive orders, and legislation yet more work remains to be done. Insights about the SolarWinds attack underscore a number of cybersecurity gaps and vulnerabilities that were exploited. These include shortcomings in virtual supply chains from the private sector to the government, incomplete information-sharing between and within both these sectors, and the limitations of federal cyber threat detection measures like the Department of Homeland Securitys Einstein program.

The next step should be acting on a long-debated proposal to split the job of leading the NSA and CYBERCOM. On Dec. 19, officials with the lame-duck Trump administration sent the Joint Chiefs of Staff a plan to do so. The plan would need the defense secretary and Joint Chiefs Chairman to certify that it meets Congressional requirements; it is not clear whether they will do so before the next administration begins.

Critics of splitting the job note that the two agencies enjoy a very close relationship, sharing people, expertise, resources, and even a physical campus. Separate organizations with different chains of command would develop this level of integration and collaboration slowly, if ever.

But from our vantage point as former professionals with significant experience and insights on how national security reforms have unfolded since 9/11, we believe the nation could be served by the split. Such a move would have a rough precedent in the 2004 Intelligence Reform and Terrorism Prevention Act, which established the Office of the Director of National Intelligence and created the Director of National Intelligence (DNI) position. The law allowed the Central Intelligence Agency to retain its authorities and responsibilities, but its director was no longer forced to lead both an operational agency and the entire U.S. intelligence community.

Splitting up the leadership of NSA and CYBERCOM could allow the latter commander to fully focus on the organizations attention on training, equipping, and organizing military forces to conduct the full spectrum of operations to support national security priorities. It could also eliminate potential conflicts of interest in which the CYBERCOM would advocate conducting warfare against a cyber target (i.e., taking it down) while the NSA would be more interested in collecting intelligence from it (i.e., leaving it up but subverting it). Such decisions would be elevated to an interagency forum such as the National Security Council, where competing equities could be debated in a rigorous manner.

We would also advocate for moving the NSA from its organizational home in the Defense Department. It should be led by a Presidentially-appointed, Senate-confirmed civilian who reports to the DNI. Such a move would improve NSAs existing authorities and capabilities, place it under the intelligence umbrella for which its best suited, and improve its ability to serve national-level and military-specific intelligence requirements.

Javed Ali is a Towsley Policymaker in Residence at the Gerald R. Ford School of Public Policy at the University of Michigan. He previously had over 20 years professional experience in Washington, DC on national security issues, to include senior roles at the Federal Bureau of Investigation, Office of the Director of National Intelligence, and National Security Council.

Adam Maruyama is a national security professional with more than 15 years of experience in cyber operations, cybersecurity, and counterterrorism. He served in numerous warzones and co-led the drafting of the 2018 National Strategy to Counterterrorism. Adam currently manages cybersecurity softwaredeployments for a number of federal customers.

Go here to read the rest:

Split Up NSA and CYBERCOM - Defense One

The most surprising thing about the failure of U.S. intelligence to discover for nearly nine months the SolarWinds penetration of U.S. government agencies, reportedly including the State, Energy, and Homeland Security Departments as well as private contractors, is that anyone is surprised. After all, the National Security Agency, responsible for protecting the communications of the U.S. government, had such a massive hole punched in its capabilities by a breach in 2013 that Michael McConnell, the former director of first the NSA and then the Office of National Intelligence, assessed This [breach] will have an impact on our ability to do our mission for the next 20 to 30 years.

The proximate cause of the damage was Edward Snowdens theft of NSA files in June 2013. He was never apprehended because he fled first to Hong Kong, where he met with journalists, and then Russia, where he received sanctuary from Putin. How could such a loss of intelligence not do immense damage to the NSAs counterintelligence for many years?

According to the unanimous report of the House Permanent Select Committee on Intelligence, Snowden removed from the NSA digital copies of 1.5 million files, including 900,000 Department of Defense documents concerning, among other things, the newly created joint Cyber Command. Other stolen files contained documents from GCHQthe British signal intelligence service to which Snowden had access. One NSA file, a 31,000-page database, included requests to the NSA made by the 16 other agencies in the Intelligence Community for coverage of foreign targets.

NSA Deputy Director Rick Ledgett, who headed the NSAs damage assessment, warned that this database reveals the gaps in our knowledge of Russia, thus provides our adversaries with a roadmap of what we know, what we dont know, and gives themimplicitlya way to protect their information from the U.S. intelligence communitys view.

Snowdens theft dealt a savage blow to U.S. intelligence. Whenever sensitive compartmentalized information (SCI) is removed without authorization from the NSAs secure facilities, as it was by Snowden, it is, by definition, compromised, regardless of what is done with it. Whether Snowden gave these files to journalists, Russians, or Chinese intelligence, or whether he erased them or threw them in the Pacific Ocean, all the sources in them had to be considered compromisedand shut down. So did the methods they revealed.

The Pentagon did a more extensive damage assessment than the NSA, assigning hundreds of intelligence officers, in round-the-clock shifts, to go through each of the 1.5 million files to identify all the fatally compromised sources and methods they contained, and shut them down. This purge reduced the capabilities of the NSA, the Cyber Command, the British GCHQ, and other allied intelligence services to see inside Russia and China.

The damage was deepened by Snowdens defection to Russia. In a televised press conference on September 2, 2013, Vladimir Putin gloated, I am going to tell you something I have never said before, revealing that, while in Hong Kong, Snowden had been in contact with Russian diplomats. While Snowden denies giving any stolen secrets to Russia, U.S. intelligence further determined, according to the bipartisan House Permanent Select Intelligence Committee, that he was in contact with the Russian intelligence services after he arrived in Moscow and continued to be so for three years. Both Mike Rogers, the committees chair, and Adam Schiff, its ranking minority member, confirmed this finding to me. Fiona Hill, an intelligence analyst in both the Obama and Trump administrations, told the The New Yorker in 2017 that The Russians, partly because they have Edward Snowden in Moscow, possess a good idea of what the U.S. is capable of knowing. They got all of his information. You can be damn well sure that [Snowdens] information is theirs.

After the NSA, CIA, and the Cyber Command shut down the sources and methods Snowden had compromised, McConnell pointed out that entire generations of information had been lost. The resulting blind spots in our surveillance of Russia gave Moscows intelligence services full latitude to carry out mischief. Russian intelligence services have no shortage of operatives and tools to carry out long-term operations in cyberspace and elsewhere.

In the 2020 SolarWinds penetration, which Secretary of State Mike Pompeo attributes to Russian intelligence, the gaps allowed Russian spies to masquerade as authorized system administrators and other IT workers. The spies could use their forged credentials to copy any material of interest, plant hidden programs to alter the future operations of thousands of workstations in networks inside and outside the government, cover their tracks, and plant hidden backdoors for future access. Though it may take years to find and unravel all the malicious code implanted in these systems, the Cybersecurity and Infrastructure Security Agency has already determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.

This immense compromise of government networks is the inevitable price for allowing a large part of our counterintelligence capability to be compromised in 2013. The perverse irony here is that while Vladimir Putin rewarded Snowden for his contributions with permanent residency, Donald Trump says that he is looking into pardoning Snowden for his intrusion into NSA files and betrayal of American secrets.

Edward Jay Epsteins most recent book was How America Lost Its Secrets: Edward Snowden, the Man and the Theft.

Photo by Rosdiana Ciaravolo/Getty Images

More:

Edward Snowden Pardon and the SolarWinds Hack | - City Journal

Edward J. Snowden and his wife, Lindsay Mills, announced the birth of their first child Friday amid a push for President Trump to pardon the fugitive leaker of crimes keeping him from returning to the U.S.

The couple, who have resided in Russia for the last several years, shared photos on social media showing them holding their newborn child.

Happy Holidays from our newly expanded family, Ms. Mills said on Instagram where she posted the photos. The greatest gift is the love we share, Mr. Snowden added on Twitter where he shared one of them.

Mr. Snowden, a former CIA employee and National Security Agency contractor, admittedly leaked a trove of classified documents to the media in 2013 exposing the NSAs vast operations and capabilities.

The Department of Justice under former President Barack Obama accordingly charged Mr. Snowden with stealing and violating the U.S. Espionage Act, putting him at risk of serving up to 30 years in prison.

However, Mr. Snowden has successfully avoided the long arm of the law during the last 7.5 years as a result of residing in Russia, which does not have an extradition agreement with the U.S. government.

Mr. Snowden said while his wife was expecting that they were both applying for dual citizenship to avoid the possibility of being legally separated from their son, a Russian citizen by birth.

After years of separation from our parents, my wife and I have no desire to be separated from our son. Thats why, in this era of pandemics and closed borders, were applying for dual US-Russian citizenship, Mr. Snowden said last month on Twitter.

Anatoly Kucherena, a lawyer for Mr. Snowden, said on Saturday that both Ms. Mills and her newborn son are in excellent health, Russias Interfax news agency reported over the weekend.

Mr. Snowden, 37, has previously said he will return to the U.S. if given a trial he deems fair, although some of his defenders are now pushing the president to have the case against him dropped entirely.

Sen. Rand Paul of Kentucky and Rep. Matt Gaetz of Florida, both Republicans closely allied with Mr. Trump, each advocated recently for Mr. Trump to pardon Mr. Snowden before his presidency ends.

Mr. Trump, who called Mr. Snowden a traitor prior to becoming president, said in August that he was considering granting him a pardon. He has since pardoned dozens of others.

Read the original post:

Edward Snowden and wife share photos of newborn son amid push for Trump to pardon NSA leaker - Washington Times

The pandemic affected everyone this year, but our mission didnt slow down. As our Director, GEN Paul Nakasone said, we are one team, and each of us contributes our unique expertise to a mission that is all the more critical in times of crisis.

Throughout 2020, our workforce contributed our expertise in many ways:

NSA worked to secure our elections

The security of the2020 Presidential electionwas NSAs top priority in 2020. We were part of the Whole-of-Government effort to identify and counter foreign interference and malign influence threats to the 2020 U.S. elections. NSA generated vital insights and shared them with partner agencies like U.S. Cyber Command, the Department of Homeland Security and the Federal Bureau of Investigation.Our efforts strived to assure all audiences, and most importantly, the American public, that NSA, USCYBERCOM, and other U.S. government partners together protected the U.S. elections from foreign interference and influence campaigns.

NSA shared cybersecurity guidance and advisories

MarylandGovernor Hoganrecognized our cybersecurity expertise to keepCOVID-19 research protectedas part of the U.S. Government-wide Operation Warp Speed (OWS). In addition to our support to OWS, as the pandemic shifted the workplace to home, NSA helped teleworkerswork from home safely,secure their home office, and evenlimit their mobile device exposurethanks to guidance developed by our Cybersecurity mission.

NSA continued our steady provision ofcybersecurity advicefor the Department of Defense, National Security Systems and the Defense Industrial Base. These specificadvisories and guidancealso helped system administrators and other cyber specialists across the cybersecurity field by providing information that was timely, relevant, and actionable throughout the year.

NSA drove innovative solutions

While the world faced new challenges this year, we didnt stop creating solutions. We contributed to the evolution of5G, were involved in how to keep theInternet of Thingssecure, planned for the future of national security when applyingquantumcomputing, we developed aQuBIT Collaboratory, and stood up theCenter for Cybersecurity Standards.

NSA invested in our nations future

We look forward to starting the New Year and the future looks bright, thanks to our investments in the future. TheOnRamp II programprovides the scholarships for students who will be developing the newest solutions to keep our nation safe. NSA worked in partnership with the DoD Office of Small Business Programs and created theCybersecurity Education Diversity Initiativeto assist minority serving institutions. This allows Historically Black Colleges and Universities with no existing cybersecurity program to obtain access to and educational resources from designated National Centers of Academic Excellence in Cybersecurity Institutions. We were pleased to announce that theU.S. Naval Academyreceived its designation as an NSA Center of Academic Excellence in Cyber Operations to develop new cyber warriors.

NSA personnel recognized for excellence

While many NSA personnel serve in silence, several of our staff and former personnel were publicly recognized this year for their dedication to our nations security. Former NSA Executive DirectorHarry Cokerwas recognized by the Intelligence Community for his commitment to improving diversity, equality, and inclusion.MSgt Frances Dupris,Dr. Ahmad Ridley,LaNaia JonesandJanelle Romanowere recognized for showing the importance of STEM education and career development. OurTech Transfer Teamwas recognized by the DoD for creating an efficient process for releasing NSA-developed capabilities to the open-source software community.

For more details on our efforts to protect our nation and secure our future, check out our Twitter,@NSAGov, throughout the month.

Read more at NSA

(Visited 97 times, 7 visits today)

Visit link:

NSA Year in Review: Election Security, Cybersecurity, and More - HSToday

In the wake of the SolarWinds incident, critics have pointed to budget and personnel imbalances between offensive and defensive missions. As Alex Stamos pointed out in the Washington Post, the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security has only 2,200 employees for a mission that includes protecting all sixteen critical infrastructure sectors and all federal agencies while the National Security Agency (NSA) alone has more than 40,000 employees. The Department of Defenses (DOD) Cyber Command has over 12,000 personnel, including 6,000 military members.

While total spending on cyber missions at NSA is classified, what is known about federal spending suggests priorities skewed toward offense. As Jason Healey pointed out last spring, the DODs cybersecurity budget is significantly larger than the cybersecurity budgets of all civilian components combined. The federal government spends more than half a billion dollars per year on the headquarters elements of Cyber Command alone and only $400 million on cyber diplomacy at the State department. All of CISAs budget adds up to about half of what DOD spends on just offensive cyber operations.

More on:

Cybersecurity

U.S. Department of Defense

Homeland Security

Defense and Security

The SolarWinds disaster clearly indicates that CISA and federal agencies will need more money in order to develop the capabilities necessary to detect and contain adversaries as capable as Russias Foreign Intelligence Service. Additional funds are also badly needed to scale out efforts to coordinate with the private sector, fund research that the market will not support, and bolster the security of critical infrastructure. That funding, however, should not come out of the current budgets or future budget growth on the offensive side of the equation.

Net Politics

CFR experts investigate the impact of information and communication technologies on security, privacy, and international affairs.2-4 times weekly.

Since cybersecurity first became an issue of national import, cyber policy has been predicated on the idea of a public-private partnership, a term that is now nauseating to much of the community. Yet the phrase captures the reality that the federal government, unlike in other domains, does not assume ultimate responsibility for the security of systems it does not own or operate, including critical infrastructure. In terms of dollars and cents, what this means is that total spending on U.S. cybersecurity is actually heavily skewed toward defense not offense because all the cybersecurity spending in the private sector goes in the defense column.

Alongside DHSs 2,200 employees at CISA, the 6,000 cyber warriors in the Defense Department suggest an imbalance towards offense over defense until you recognize that only about 2,000 of these 6,000 are in units that carry out offensive cyber missions and these 2,000 people are the only people in the United States that are authorized to carry out offensive cyber operations. Even the NSAs 40,000 employees, only a fraction of which are focused on intelligence collection against adversary cyber operators, pale alongside the total cybersecurity workforce estimated at 750,000.

While estimates of total private sector spending in the United States range from $40 billion to $120 billion, even the lower end of that range is more than ten times the Pentagons budget for cyber operations and four times what data leaked from the Snowden disclosures suggested was the NSA's budget. Microsoft alone says that it spends $1 billion a year on cybersecurity, and JP Morgan also spends close to that amount.

No doubt CISA needs to grow several times over to carry out its mission, and other civilian agencies will need a large influx of funds to secure themselves, but relative percentages between defense and offense in the federal budget could look largely the same.

More on:

Cybersecurity

U.S. Department of Defense

Homeland Security

Defense and Security

Digital and Cyberspace Update

Digital and Cyberspace Policy program updates on cybersecurity, digital trade, internet governance, and online privacy.Bimonthly.

While the defense clearly failed, it is becoming increasingly clear that the intelligence community either failed to detect this campaign or lacked the ability to understand and communicate what they saw. Its also possible that the NSA supplied indications and warnings of the campaign to Cyber Command but offensive operators were spread too thin to engage and disrupt the activity. Either way, more spending, not less on offense, could be in the cards.

Here is the original post:

No, the United States Does Not Spend Too Much on Cyber Offense - Council on Foreign Relations

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but thats wrong on two accounts. It wasnt a cyber-attack in international relations terms, it was espionage. And the victim wasnt just the US, it was the entire world. But it was massive, and it is dangerous.

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isnt at all targeted, the entire world is at risk and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.

Heres what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR previously known as the KGB hacked into SolarWinds and slipped a backdoor into an Orion software update. (We dont know how, but last year the companys update server was protected by the password solarwinds123 something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks.

This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself and can affect all of a suppliers customers. Its an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone.

SolarWinds has removed its customers list from its website, but the Internet Archive saved it: all five branches of the US military, the state department, the White House, the NSA, 425 of the Fortune 500 companies, all five of the top five accounting firms, and hundreds of universities and colleges. In an SEC filing, SolarWinds said that it believes fewer than 18,000 of those customers installed this malicious update, another way of saying that more than 17,000 did.

Thats a lot of vulnerable networks, and its inconceivable that the SVR penetrated them all. Instead, it chose carefully from its cornucopia of targets. Microsofts analysis identified 40 customers who were infiltrated using this vulnerability. The great majority of those were in the US, but networks in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE were also targeted. This list includes governments, government contractors, IT companies, thinktanks, and NGOs and it will certainly grow.

Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data. Not being a SolarWinds customer is no guarantee of security; this SVR operation used other initial infection vectors and techniques as well. These are sophisticated and patient hackers, and were only just learning some of the techniques involved here.

Recovering from this attack isnt easy. Because any SVR hackers would establish persistent access, the only way to ensure that your network isnt compromised is to burn it to the ground and rebuild it, similar to reinstalling your computers operating system to recover from a bad hack. This is how a lot of sysadmins are going to spend their Christmas holiday, and even then they cant be sure. There are many ways to establish persistent access that survive rebuilding individual computers and networks. We know, for example, of an NSA exploit that remains on a hard drive even after it is reformatted. Code for that exploit was part of the Equation Group tools that the Shadow Brokers again believed to be Russia stole from the NSA and published in 2016. The SVR probably has the same kinds of tools.

Even without that caveat, many network administrators wont go through the long, painful, and potentially expensive rebuilding process. Theyll just hope for the best.

Its hard to overstate how bad this is. We are still learning about US government organizations breached: the state department, the treasury department, homeland security, the Los Alamos and Sandia National Laboratories (where nuclear weapons are developed), the National Nuclear Security Administration, the National Institutes of Health, and many more. At this point, theres no indication that any classified networks were penetrated, although that could change easily. It will take years to learn which networks the SVR has penetrated, and where it still has access. Much of that will probably be classified, which means that we, the public, will never know.

And now that the Orion vulnerability is public, other governments and cybercriminals will use it to penetrate vulnerable networks. I can guarantee you that the NSA is using the SVRs hack to infiltrate other networks; why would they not? (Do any Russian organizations use Orion? Probably.)

While this is a security failure of enormous proportions, it is not, as Senator Richard Durban said, virtually a declaration of war by Russia on the United States While President-elect Biden said he will make this a top priority, its unlikely that he will do much to retaliate.

The reason is that, by international norms, Russia did nothing wrong. This is the normal state of affairs. Countries spy on each other all the time. There are no rules or even norms, and its basically buyer beware. The US regularly fails to retaliate against espionage operations such as Chinas hack of the Office of Personal Management (OPM) and previous Russian hacks because we do it, too. Speaking of the OPM hack, the then director of national intelligence, James Clapper, said: You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I dont think wed hesitate for a minute.

We dont, and Im sure NSA employees are grudgingly impressed with the SVR. The US has by far the most extensive and aggressive intelligence operation in the world. The NSAs budget is the largest of any intelligence agency. It aggressively leverages the USs position controlling most of the internet backbone and most of the major internet companies. Edward Snowden disclosed many targets of its efforts around 2014, which then included 193 countries, the World Bank, the IMF and the International Atomic Energy Agency. We are undoubtedly running an offensive operation on the scale of this SVR operation right now, and itll probably never be made public. In 2016, President Obama boasted that we have more capacity than anybody both offensively and defensively.

He may have been too optimistic about our defensive capability. The US prioritizes and spends many times more on offense than on defensive cybersecurity. In recent years, the NSA has adopted a strategy of persistent engagement, sometimes called defending forward. The idea is that instead of passively waiting for the enemy to attack our networks and infrastructure, we go on the offensive and disrupt attacks before they get to us. This strategy was credited with foiling a plot by the Russian Internet Research Agency to disrupt the 2018 elections.

But if persistent engagement is so effective, how could it have missed this massive SVR operation? It seems that pretty much the entire US government was unknowingly sending information back to Moscow. If we had been watching everything the Russians were doing, we would have seen some evidence of this. The Russians success under the watchful eye of the NSA and US Cyber Command shows that this is a failed approach.

And how did US defensive capability miss this? The only reason we know about this breach is because, earlier this month, the security company FireEye discovered that it had been hacked. During its own audit of its network, it uncovered the Orion vulnerability and alerted the US government. Why dont organizations like the departments of state, treasury and homeland security regularly conduct that level of audit on their own systems? The governments intrusion detection system, Einstein 3, failed here because it doesnt detect new sophisticated attacks a deficiency pointed out in 2018 but never fixed. We shouldnt have to rely on a private cybersecurity company to alert us of a major nation-state attack.

If anything, the USs prioritization of offense over defense makes us less safe. In the interests of surveillance, the NSA has pushed for an insecure cellphone encryption standard and a backdoor in random number generators (important for secure encryption). The DoJ has never relented in its insistence that the worlds popular encryption systems be made insecure through back doors another hot point where attack and defense are in conflict. In other words, we allow for insecure standards and systems, because we can use them to spy on others.

We need to adopt a defense-dominant strategy. As computers and the internet become increasingly essential to society, cyber-attacks are likely to be the precursor to actual war. We are simply too vulnerable when we prioritize offense, even if we have to give up the advantage of using those insecurities to spy on others.

Our vulnerability is magnified as eavesdropping may bleed into a direct attack. The SVRs access allows them not only to eavesdrop, but also to modify data, degrade network performance, or erase entire networks. The first might be normal spying, but the second certainly could be considered an act of war. Russia is almost certainly laying the groundwork for future attack.

This preparation would not be unprecedented. Theres a lot of attack going on in the world. In 2010, the US and Israel attacked the Iranian nuclear program. In 2012, Iran attacked the Saudi national oil company. North Korea attacked Sony in 2014. Russia attacked the Ukrainian power grid in 2015 and 2016. Russia is hacking the US power grid, and the US is hacking Russias power grid just in case the capability is needed someday. All of these attacks began as a spying operation. Security vulnerabilities have real-world consequences.

Were not going to be able to secure our networks and systems in this no-rules, free-for-all every-network-for-itself world. The US needs to willingly give up part of its offensive advantage in cyberspace in exchange for a vastly more secure global cyberspace. We need to invest in securing the worlds supply chains from this type of attack, and to press for international norms and agreements prioritizing cybersecurity, like the 2018 Paris Call for Trust and Security in Cyberspace or the Global Commission on the Stability of Cyberspace. Hardening widely used software like Orion (or the core internet protocols) helps everyone. We need to dampen this offensive arms race rather than exacerbate it, and work towards cyber peace. Otherwise, hypocritically criticizing the Russians for doing the same thing we do every day wont help create the safer world in which we all want to live.

Read the original here:

The US has suffered a massive cyberbreach. It's hard to overstate how bad it is - The Guardian

Kevin Mandia, CEO of the cybersecurity firm FireEye, testifies before the Senate Intelligence Committee in 2017. Mandia's company was the first to sound the alarm about the massive hack of government agencies and private companies on Dec. 8. Susan Walsh/AP hide caption

Kevin Mandia, CEO of the cybersecurity firm FireEye, testifies before the Senate Intelligence Committee in 2017. Mandia's company was the first to sound the alarm about the massive hack of government agencies and private companies on Dec. 8.

The first word that hackers had carried out a highly sophisticated intrusion into U.S. computer networks came on Dec. 8, when the cybersecurity firm FireEye announced it had been breached and some of its most valuable tools had been stolen.

"We escalated very quickly from the moment I got the first briefing that, 'Hey, we have a security incident of some magnitude,' " FireEye CEO Kevin Mandia told All Things Considered co-host Mary Louise Kelly. "My gut was telling me it was something we needed to put people on right away."

Mandia was right. Within days, the scope of the hack began to emerge.

Multiple U.S. agencies were successfully targeted, including the departments of State, Treasury, Commerce, Energy and Homeland Security as well as the National Institutes of Health.

The hackers attached their malware to a software update from Austin, Texas-based company SolarWinds, which makes software used by many federal agencies and thousands of private companies to monitor their computer networks.

The SVR, Russia's foreign intelligence agency, is considered the most likely culprit, according to Secretary of State Mike Pompeo and some members of Congress who have been briefed by the U.S. intelligence community. But the Trump administration has not formally attributed blame.

"What I've seen is 2020 has been about the hardest year, period, to be an information security officer," Mandia said. "It's time this nation comes up with some doctrine on what we expect nations' rules of engagement to be, and what will our policy, or proportional response, be to folks who violate that doctrine. Because right now there's absolutely an escalation in cyberspace."

Here are excerpts from Mandia's interview:

What was that moment like when you're figuring out it's your cybersecurity company that has been hacked?

If you wrote down the reasons why another nation might want to compromise FireEye, you can come up with some reasons. What we do is we track attackers and quite frankly, we out them. We try to figure out here's their fingerprints, let's share those fingerprints with everybody so they can't get away with what they're doing.

[Early on] there was enough operational security by the attacker that I knew it was professional. This wasn't the first rodeo for these attackers. In fact, they followed a tradecraft that the more I learned, the more this was a unit that's been operational for a decade or more. They knew what they were doing, they had novel techniques. So we knew we would have to do the full-court press on our investigation. And we did.

Who is behind this attack?

For me, it's definitely a nation. In regards to the supply chain compromise at SolarWinds, they did an innocuous addition of code in October 2019 inside the supply chain, saw that it was provisioned and deployed so they knew that their techniques on offense to hack the supply chain were efficient and effective. They went live with actual malicious code inside of the SolarWinds in March through June of this year.

So this is somebody who is patient, professional, and what made this interesting to me is I felt they were more interested in staying surreptitious and clandestine than they were about accomplishing their mission.

What nations have this kind of capability?

Not a lot. It's very consistent with what Russia could do. There might be a group out of China that might be able to do it. And that's probably it.

Is there any signature to this attack that would be consistent with other hacks you've seen?

There's probably about six to eight technical details that made me realize this is a nation, and most likely a foreign intelligence service doing this breach. One of them is this: They used an infrastructure to attack FireEye. The IP addresses or systems they use to attack FireEye were not used in any other incident we're aware of.

In other words, the attackers set up an infrastructure to attack FireEye that was wholly unique to attacking FireEye. That takes a lot of maintenance. That takes a lot of coordination. That's an operation not just a hack. Most threat groups, when they attack, will use shared infrastructure to attack many companies. This group does not do that. That in and of itself made me realize it was an operation.

What should we take from the fact that it was FireEye, a private cybersecurity firm, that alerted the U.S. government and not the other way around?

We're all in this together, period. And there's different visibility at different places. When the attacks were happening against FireEye, all the IP addresses used to attack us [were] all inside the United States. And I'm pretty aware that the [National Security Agency] does not do collections within the United States. So we were the ones, kind of on our own, to be able to see this and detect it.

So you're saying you were able to see things that the NSA, despite all of its vast resources, have firewalls against being able to see, domestically?

Well, I wouldn't call it firewalls necessarily. It's just legal remit. You know, when you look at what these attackers do, they're attacking U.S. companies from the United States. That doesn't necessarily mean the attackers are sitting in the United States but the infrastructure they're setting up to attack companies like FireEye are all in the United States. So the malicious intent may not be visible outside the United States and may only be visible inside.

We have thousands and thousands of computers that we inspected for evidence that they were compromised, and we couldn't get anything earlier in the time frame than a SolarWinds system. We sat there looking at the SolarWinds system saying, "We can't find anything bad on it right now, but it's our earliest evidence of compromise. Something's wrong."

So we then had to turn it over to our reverse engineers. This is something most companies can't do. We went through 14 gig of information, over 18,000 files in the update that we got from SolarWinds, over 4,000 executable files. We decompiled them into millions of lines. And then with real malware analysts, we found the needle in the haystack.

Do we know whether the NSA itself was hacked?

I don't have any idea.

So what now? There's a statement from the FBI and the director of national intelligence and the cybersecurity arm of Homeland Security that says this breach is ongoing.

I think as folks are being notified or learning that they're compromised, they're going to have a lot of work to do. All these organizations are both going to have to investigate what happened and figure out the scale and scope of it, and then they're going to have to eradicate the attackers from their network if they're still active.

Even if they're not active, you're going to flex your muscle a little bit to do a lot of remediation. That's going to take months.

But one thing that's definitely clear to me: The attackers have no idea what is the envelope of behavior, what are the rules of engagement.

We're a nation losing billions of dollars to ransomware. And we are a nation that just had potentially one of the most successful cyberespionage campaigns ever done on it.

Read the original post:

How A Cybersecurity Firm Uncovered The Massive Computer Hack - NPR