...10...1819202122...304050...


Owner of The Intercept assisting accused NSA leaker’s legal defense – Atlanta Journal Constitution

The parent company of The Intercept online news outlet announced Tuesday that it is helping the legal defense of the Augusta suspect in the National Security Agency leak investigation. At the same time, The Intercept admitted some fault in Reality Winners predicament.

The ongoing criminal case prevents us from going into detail, Intercept editor-in-chief Betsy Reed wrote online Tuesday, but I can state that, at several points in the editorial process, our practices fell short of the standards to which we hold ourselves for minimizing the risks of source exposure when handling anonymously provided materials.

The U.S. Justice Department has accused Winner of leaking to The Intercept a top-secret NSA report about Russias meddling in the 2016 presidential election. The Intercept published the report, which says Russian military intelligence officials tried to hack into the U.S. voting system just before last Novembers election.

Owned by First Look Media, The Intercept provided federal officials a copy of the classified information, court records show. Investigators said the pages appeared "folded and/or creased, suggesting they had been printed and hand-carried out of a secured space." They quickly identified six people who had printed the materials, including Winner, and found she had email contact with the news agency.

The government has until Aug 2. to translate 302 pages from the former government contractor's handwritten notes from Farsi into English.

Excerpt from:

Owner of The Intercept assisting accused NSA leaker's legal defense - Atlanta Journal Constitution

Posted in NSA

Rajnath, NSA assess situation at high-level security meeting – Economic Times

NEW DELHI: Union home minister Rajnath Singh called a high-level meeting on Tuesday to review the situation in the wake of the killing of Amarnath pilgrims by terrorists and decided to focus on upgrading the technology used to gather intelligence and security apparatus of the country.

NSA Ajit Doval, top officials of the home ministry, intelligence agencies and central paramilitary forces attended the meeting.

Security experts present in the meeting said registration of vehicles carrying Amarnath pilgrims and a relook at the way forces were deployed in various parts of J&K were among the top priorities for the Centre. What is also important is that there should be no backlash in any part of the country. We have asked all states to monitor that, a senior official said.

Immediately after the meeting, NSA briefed PM Modi about the deliberations as well as steps taken to enhance security on the Amarnath route (see map), sources said. A high-level team led by MoS for home Hansraj Ahir visited J&K to assess the security situation. MHA officials also said they were in regular touch with Gujarat to ensure the families of the dead and injured were informed and assisted with necessary help.

Earlier in the day, J&K deputy CM Nirmal Singh admitted to security lapses, and said officials would investigate why the bus was allowed to travel after 5 pm. The security protocol for the annual pilgrimage bars vehicles from moving after sundown.

See more here:

Rajnath, NSA assess situation at high-level security meeting - Economic Times

Posted in NSA

How the intelligence community is decoding Donald Trump Jr.’s emails – Washington Examiner

Donald Trump Jr. is an odd fellow. Like his father, President Trump, Trump Jr. spends much of his time sending out emotional and somewhat confusing tweets.

Earlier today, however, Trump Jr. released emails confirming Trump campaign efforts to collude with the Russian government. We can say this with confidence because of his tweet below.

Note the email line from Rob Goldstone: "This obviously very high level and sensitive information but is part of Russia and its government's support for Mr. Trump helped along by Aras and Emin."

That line has relevance for three reasons.

First, because Aras and Emin Agalarov (father and son) are well-known intermediaries (or "cutouts, the formal intelligence community term) for the Kremlin. But this email indicates they were intermediaries for the most sensitive element of Russia's 2016 election intelligence operation: communications with the Trump campaign regarding the anti-Clinton effort.

As I explained last week, Russian intelligence, and Putin in particular, thrive on using cutouts to conduct sensitive intelligence activities. In effective terms, one could replace "helped along by Aras and Emin" with "helped along by Igor and Sergey" (the heads of Russia's GRU intelligence service).

Second, Goldstone's clarification ("part of Russia and it's government's support for Mr. Trump") is offered at face value. That strongly implies Goldstone already knew that Trump Jr. knew what the Russians were doing.

Third, the meeting took place after this email exchange. That's the crunch point. It shows that Trump Jr. was willing to meet with a hostile foreign government in the pursuit of information that would damage a U.S. political opponent.

Now don't get me wrong here, I recognize that campaigns often seek out "dirt" on opponents. But the difference in this case is quite simple. It's the Russian government. Only an idiot or a traitor would seek to form an alliance with Russian intelligence and hope it ends up positively.

There's one final takeaway here: The nature of Agalarov publicist and former British journalist, Rob Goldstone. Why is he relevant? Again, for intelligence reasons.

As I've noted before, there are major differences between the U.S. intelligence relationship with the Five-Eyes intelligence alliance and, say, France. But because Goldstone has a sustaining relationship with Russian intelligence intermediaries (Agalarovs), he has almost certainly been under the attention of British intelligence services.

Based on his failure to secure his Facebook profile, I would assess that Goldstone is not a very operationally secure man. Correspondingly, it is very likely that every phone and email conversation Goldstone had was recorded by GCHQ, the British equivalent of the NSA. There is likely much more to this story than we currently know.

What does all this mean?

As former NSA officer John Schindler, put it to Washington Examiner, "we are still in the early stages" of what will eventually become public. Still, Schindler adds that this is big news for a simple reason.

We've never had a key person in any administration a core person in Trump's business empire and the current First Family admit to collusion with a hostile government in a presidential election. Considering that government and its intelligence services are known by our spy agencies to have illegally and clandestinely aided in Trump's election in 2016, the implications of this revelation are obvious and deeply troubling.

Read the rest here:

How the intelligence community is decoding Donald Trump Jr.'s emails - Washington Examiner

Posted in NSA

Granting NSA permanent bulk surveillance authority would be a mistake – R Street

The following op-ed was co-authored by Ashkhen Kazaryan, an affiliated fellow at TechFreedom.

Early last month, Director of National Intelligence Dan Coatsreneged on a promisethat the National Security Agency would provide an estimate of just how many Americans have seen their communications collected under Section 702 of the Foreign Intelligence Surveillance Act. It was the same broken promise made to Congress by his predecessor, James Clapper.

Indeed, for the past six years, the NSA has flummoxed congressional oversight with its reluctance to give lawmakers this kind of hard data. And yet, despite this pattern of obfuscation of promising transparency and then dialing back said promisesCongress is now debating a bill that would give immense power to that same agency.

The legislation, which has left many privacy advocates aghast, comes in the form ofa proposalby Sen. Tom Cotton,R-Ark., for a so-called clean reauthorization that would leave the current Section 702 intact. Of course, it isnt actually clean, in that Cottons bill would remove the sunset provision that forces the program to expireDec. 31unless Congress explicitly re-authorizes it. In other words, even as Coats now deems it infeasible that the NSA will ever tell Congress how many Americans have been surveilled under Section 702a number that likely would shock the conscienceCotton wants to ensure 702 is never up for debate again.

If the NSA will not honor promises to Congress and civil-society groups nowwhen 702, a program Coats has called thecrown jewel of the intelligence community, is up for reauthorizationhow is the public to trust the agency will honor privacy and liberty when the program becomes law in perpetuity? Make no mistake, this is not fear mongering. This is a constitutional issue where the very notion of checks and balances between the branches of government is quietly under threat.

Coatsexplainedto the Senate Intelligence Committee last month that the NSA ended about collectionthat is, the practice of collecting digital communications in which a foreign target is mentioned, but is not the sender or recipientdue to technical limitations on the agencys ability to protect wholly domestic communications. However, he didnt rule out resuming about collection if the agency discovers a technological fix. Paul Morris, deputy general counsel for operation at the NSA,toldthe Senate Judiciary Committee several weeks later they might decide to come back to it anytime. NSA representatives also havewarnedthey would oppose a permanent legislative ban on this type of collection.

A recurring theme from law-enforcement and intelligence community representatives in recent House and Senate hearings is that technological developments can drastically change how government conducts surveillance. But even as agency representatives tell us how rapidly surveillance methods change, a permanent reauthorization of current surveillance methods presumes that future revolutions in technology wont affect Americans relative privacy. Not long ago, few could have conceived of an email or that it would become a major tool of communication.

If the intelligence community decides to resume about collection, a method proven to have violated Americans rights in the past, Congresss oversight role should not be hamstrung by a permanent reauthorization. Eliminating the laws sunset provision would limit Congresss ability to revisit these questions and examine exactly how surveillance methods might change in the future. With far-reaching technological change always looming, Congress must periodically revisit the legal authority behind these intelligence tools both to ensure they remain effective at protecting the nation, and that adapting an old law to new technologies doesnt open the door to abuse.

Establishing a sunset for the program shouldnt be anathema to those who are primarily concerned with national security. To the contrary, it is the best way to ensure the program remains viable and accomplishes the purpose of keeping Americans safe. Permanent reauthorization would limit any attempts to modify surveillance. It also increases the risk of another leak and public outcry, which easily leads to a knee-jerk reaction. Intelligence agencies could shy away from reasonable and effective procedures, absent any obligation to report to congressional oversight.

A kid genius working from a basement today may change the way our systems work tomorrow, crippling the effectiveness of Section 702 or opening the door to abuse. Giving law enforcement and the intelligence communitys great power without built in opportunities to revisit that authorization would be a disservice to the security and civil rights of the American people. In the end, the most critical reform to Section 702 might already be part of thestatus quo.

Image byg0d4ather

http://thehill.com/blogs/pundits-blog/technology/341230-granting-nsa-permanent-authority-for-bulk-surveillance-would-be#.WWOP7CFYzqU.twitter

The Hill

Read more here:

Granting NSA permanent bulk surveillance authority would be a mistake - R Street

Posted in NSA

In a Lawsuit Affidavit, NSA Whistleblower William Binney Confirms US Government Spies on Citizens – Truthdig

In a lawsuit filed during the Obama administration, plaintiff Elliott J. Schuchardt claims surveillance programs compromised his Gmail, Facebook and Dropbox accounts. (Darkside354 / Wikimedia)

Elliott J. Schuchardt is suing Donald Trump for violating Schuchardts rights under the Fourth Amendment. The Tennessee lawyer has filed a civil lawsuit in Pennsylvania against the president of the United States, the director of the Office of National Intelligence, the director of the Federal Bureau of Investigation and the director of the National Security Agency who is also chief of the Central Security Service. Schuchardt contends that the defendants are unlawfully intercepting, accessing, monitoring and/or [his] private communications.

The lawsuit represents a longstanding legal battle Schuchardt has waged against top U.S. intelligence officials that started when Barack Obama was president. William Binney, a former U.S. intelligence official and NSA whistleblower, is supporting Schuchardts most recent legal case.

The plaintiff claims that his Fourth Amendment rights have been violated by government surveillance programs. According to Ars Technica, Schuchardt argued in his June 2014 complaint that both metadata and content of his Gmail, Facebook, and Dropbox accounts were compromised under the PRISM program as revealed in the documents leaked by former National Security Agency (NSA) contractor Edward Snowden.

That case was dismissed for lack of standing, but Schuchardt has continued to file amended complaints related to U.S. intelligence activities.

Im making an allegation that no one else is making: Im contending that the government is collecting full content of e-mail, Schuchardt told Ars Technica in 2014. Im contending that theyre not doing it by PRISM but via [Executive Order] 12333. Im not saying that this is being done on a case by case basis but that theyre grabbing it all. Where is that email residing? Is it back at the Google servers? Im contending that this is on a government server. I am the only person in the U.S. who is objecting to those set of facts.

Schuchardt, whose legal works focuses on civil litigation, corporate law, personal injury, bankruptcy, divorce and child custody cases, felt compelled to challenge the highest levels of American government.

Ive been following the issue before Snowden came forward, Schuchardt said three years ago. Then I started to watch it for that first year, and then when Congress was dragging its feet, I decided I was going to file the case when nothing got done, and when nothing got done, I decided to move forward.

Last week, Binney, the NSA whistleblower, gave an affidavit in the 3rd U.S. Circuit Court of Appeals in Pennsylvania, opposing the defendants renewed motion to dismiss the second amended complaint.

2. I have reviewed the complaint in the complaint in the above-captioned civil lawsuit. It is my understanding, based on the Complaint, that the Plaintiff, Elliott Schuchardt, contends that the Defendants are unlawfully intercepting, accessing, monitoring and/or storing [his] private communications. (Complaint, 50.)

3. It is my understanding, based on the complaint, that Mr. Schuchardt is a consumer of various types of electronic communication, storage and internet-search services. These include the e-mail services provided by Google and Yahoo; the internet search service provided by Google; the cloud storage services provided by Google and Dropbox; the e-mail and instant message services provided by Facebook; and the cell phone and text communication service provided by Verizon Communications. (Complaint, 49.)

4. The allegations in the Complaint are true and correct: Defendants are intercepting, accessing, monitoring and storing the Plaintiffs private communications.

Read Binneys complete affidavit below.

Click the following links to see Exhibits 1, 3 and 6 from Binneys affidavit.

LISTEN: Robert Scheer Talks With William Binney About Blowing the Whistle on the NSA

Posted by Eric Ortiz.

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

See the original post:

In a Lawsuit Affidavit, NSA Whistleblower William Binney Confirms US Government Spies on Citizens - Truthdig

Posted in NSA

Rajnath Singh reviews situation of Amarnath yatra pilgrims; NSA briefs PM – Hindustan Times

Home Minister Rajnath Singh on Tuesday reviewed the security situation in Jammu and Kashmir and ordered enhanced security for Amarnath pilgrimage in the wake of the killing of seven devotees in a terror strike.

The home minister took stock of the prevailing situation in Kashmir Valley, particularly the two routes to the shrine, located in the Himalayas at an altitude of 12,756 feet during the hour-long meeting, official sources said.

National Security Advisor Ajit Doval, top officials of the home ministry, intelligence agencies and central paramilitary forces attended the meeting.

Issues like security of Amarnath pilgrims and how to prevent such possible attacks in the future were discussed threadbare.

Sources said the home minister directed the officials to ensure enhanced security for the pilgrims. The pilgrimage started on June 29 and will conclude on August 7.

Immediately after the meeting, the NSA briefed Prime Minister Narendra Modi about the deliberations as well as the steps taken for the security of the Amarnath pilgrims, sources said.

A high-level central team led by Minister of State for Home Hansraj Ahir is also visiting Jammu and Kashmir to assess the security of the pilgrimage to the cave shrine of Lord Shiva.

Director General of the CRPF, R R Bhatnagar, has already reached Srinagar to review the deployment of central forces in the pilgrimage routes.

Terrorists yesterday killed seven Amarnath pilgrims, including six women, and injured 19 as they struck a bus in Kashmirs Anantnag district.

As many as 21,000 paramilitary personnel in addition to state police forces have been deployed for security of the pilgrimage routes.

The number of paramilitary personnel deployed this year is 9,500 more than last year.

However, the pilgrims were travelling in a bus which was not part of the convoy of vehicles taking the Amarnath pilgrims with adequate security.

The bus was attacked around 8.20 pm in Anantnag district when it was on its way to Jammu from Srinagar.

The police said the bus driver had violated rules for the pilgrimage, which state that no yatra vehicle should be on the highway after 7 pm as the security cover is withdrawn after that.

Read more from the original source:

Rajnath Singh reviews situation of Amarnath yatra pilgrims; NSA briefs PM - Hindustan Times

Posted in NSA

Maddow warns other media of fake NSA documents – The Hill

MSNBC host Rachel Maddow warned other media outletson Thursdaythat she believes she was provided forged National Security Agency documents alleging collusion between a Trump campaign official andRussia's efforts to influence last year's presidential election.

I feel like I need to send this up like a flare for other news organizations in particular, Maddow said on her programThursday night.

Somebody, for some reason, appears to be shopping a fairly convincing fake NSA document that purports to directly implicate somebody from the Trump campaign in working with the Russians in their attack in the election, she said.

Maddow explained that she and her producers compared the document they received with a leaked NSA document published last month by The Intercept. That document quickly resulted in the arrest of a 26-year-old federal contractor, Reality Winner.

Maddow said she thinks the document she received was created by copying elements of the document published by The Intercept.

The MSNBC host made a similar allegation back in March when she suggested Trump himself may have leaked his 2005 tax documents.

He's the only person who could leak it without concern of being sued by Trump or anyone else, she said at the time. They're trying to threaten us for publishing them which is complete bull.

David Cay Johnston, the reporter who obtained the tax documents, also said while discussing the documents on The Rachel Maddow ShowTuesdaythat Trump could have been behind the leak, as did MSNBC "Morning Joe"co-host Joe Scarborough.

View post:

Maddow warns other media of fake NSA documents - The Hill

Posted in NSA

GOP Lawmakers Aim to Continue NSA Foreign Surveillance Through New Bill – Truthdig

Sen. Tom Cotton, R-Ark., speaking during a Senate Intelligence Committee hearing last month about the Foreign Intelligence Surveillance Act. (Alex Brandon / AP Photo)

A controversial surveillance measure set to expire at the end of 2017 could be made permanent through a new piece of GOP legislation. Arkansas Sen. Tom Cotton proposed Senate Bill 1297 last month, which addresses a critical component of the National Security Agencys warrantless surveillance program.

At stake is Section 702 of the Foreign Surveillance Intelligence Act (amended in 2008), which allows U.S. surveillance of foreign communications. The Electronic Frontier Foundation explained:

Section 702 surveillance violates the privacy rights of millions of people. This warrantless spying should not be allowed to continue, let alone be made permanent as is.

As originally enacted, Section 702 expires every few years, giving lawmakers the chance to reexamine the broad spying powers that impact their constituents. This is especially crucial as technology evolves and as more information about how the surveillance authority is actually used comes to light, whether through government publication or in the press.

If Congress were to approve Cottons bill, lawmakers would not only be ignoring their constituents privacy concerns, but they would also be ceding their obligation to regularly review, debate, and update the law.

Cottons bill is receiving support from fellow Republican senators, although criticism of the bill does not fall neatly along partisan lines. On June 7, lawmakers discussed the legislation during a hearing in Washington. The New York Times reported:

This is a tool that is essential to the safety of this country, the F.B.I. director, James B. Comey, told Congress at a hearing on Wednesday. I did not say the same thing about the collection of telephone dialing information by the N.S.A. I think thats a useful tool; 702 is an essential tool, and if it goes away, well be less safe as a country. And I mean that.

Mr. Comey also warned that one of the proposed changes a new requirement that a warrant be obtained to search for Americans information in the surveillance repository risked a failure to connect dots about potential threats.

But Representative Ted Poe, Republican of Texas, sought to warn other lawmakers that Congress needed to impose a warrant requirement.

Privacy is being betrayed in the name of national security, Mr. Poe told congressional aides at an event to discuss Fourth Amendment issues and legislation late last month.

Cotton argued during the hearing that to allow this program to expire on December 31 would hurt both our national security and our privacy rights. He also used the London terror attack of early June as evidence for the need for increased surveillance. Cotton said:

The attacks in London last weekend exposed in a matter of minutes just how vulnerable our free societies truly are. All it takes is a van or a knife and an unsuspecting bystander to turn a fun night out on the town into a horrific nightmare. Course, we shouldnt need any reminders, but let me give one yet again: We are at war with Islamic extremists. We have been for years, and, Im sorry to say, theres no end in sight. Its easy to forget this as we go about our daily lives, but our enemies have not-and they will not. Theyve never taken their eyes off the ultimate target either: the United States.

Yes, were at war with a vicious and unyielding foe. And just as our enemy can attack us with the simplest of everyday tools, the strongest shield we have in our defense is just as basic: It is the intelligence information of knowing who is talking to whom about what, where, when, and why. After the 9/11 attacks, our national-security agencies developed cutting-edge programs that allowed us to figure out what the bad guys were up to and stop them before they could perpetrate such heinous attacks. Very often the intelligence theyve collected has made the difference between life and death for American citizens.

He concluded by noting the bill has the support of every Republican senator on the Intelligence Committee. Other members of the intelligence community have expressed support for the legislation as well. Tech Crunch provided further analysis of the June 7 hearing:

NSA Director Michael Rogers broke down two scenarios in which the core controversy, namely the incidental violation of the right to privacy for U.S. citizens, comes up. He claimed that in 90 percent of cases, that form of collection is a result of two foreign targets who talk about a third person who is in the U.S. As Rogers tells it, 10 percent of the time a foreign target ends up talking to an American citizen. Because American citizens have Fourth Amendment rights, running into Americans in the course of foreign surveillance creates the sticky situation known as incidental collection, a major focus for privacy advocates seeking reform.

In the course of justifying Section 702 as an invaluable tool for counterterrorism and counterproliferation efforts, Director of National Intelligence Dan Coats claimed that agencies have made herculean efforts to get a count on how many Americans have been affected, but in spite of those efforts it remains impossible. He went on to undermine his argument by implying that it probably would be possible, but that he chooses not to allocate resources to the task when the intelligence community could be focusing on imminent concerns in countries like Iran and North Korea. I cant justify such a diversion of critical resources, Coats said.

He went on to note that without Section 702, intelligence agencies would have to obtain a court order issued due to probable cause ostensibly the bar that needs to be cleared in order to surveil U.S. citizens. Thats a relatively higher threshold than we require to foreign intelligence information, Coats said, noting that hed prefer not to need to clear the Fourth Amendment bar when investigating foreign targets.

In a broad appeal on 702s utility, Rogers went so far as to claim that 702 [created] insights on the Russian involvement in 2016 election, providing intelligence that would otherwise not have been possible.

There is, however, growing opposition to the bill. The American Civil Liberties Union has argued against it, as has California Democrat Dianne Feinstein.

Sen. Dianne Feinsteinwho has historically been sympathetic to the intelligence communitysaid she could not support a bill that makes Section 702 permanent, according to the Electronic Frontier Foundation. We cannot accept lawmakers ignoring our privacy concerns and their responsibility to review surveillance law, and our lawmakers need to hear that.

Posted by Emma Niles.

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

Original post:

GOP Lawmakers Aim to Continue NSA Foreign Surveillance Through New Bill - Truthdig

Posted in NSA

PMO, NSA tracking impact of Chinese FDI in South Asia – The Hindu


The Hindu
PMO, NSA tracking impact of Chinese FDI in South Asia
The Hindu
PMO, NSA tracking impact of Chinese FDI in South Asia. Arun S. New Delhi, July 08, 2017 23:56 IST. Updated: July 08, 2017 23:56 IST. Share Article; PRINT; AAA. The Centre has begun its first ever in-depth assessment of Chinese investments in India's ...

and more »

Read this article:

PMO, NSA tracking impact of Chinese FDI in South Asia - The Hindu

Posted in NSA

Rachel Maddow Says Forged NSA Document Being Shopped … – HuffPost

MSNBCs Rachel Maddow said she had a strange scoop to share with audiences Thursday night after receiving what she believes is a meticulously forged document sent over her tip line with the intention to discredit her.

I feel like I need to send this up like a flare for other news organizations in particular, Maddow said. Thats part of what Im intending to do here with this story tonight.

Over the next 20 minutes, the MSNBC host discussed how her show received a document, purportedly from the National Security Agency,labeled as classified and filled with such bombshells about Russia that Maddow said if it were authentic, it would be a gun still firing proverbial bullets. But after careful examination, which she describes in great detail, her show deemed the document a forgery.

We believe now that the real story we have stumbled upon here is that somebody out there is shopping carefully forged documents to try to discredit news agencies reporting on the Russian attack on our election, and specifically on the possibility that the Trump campaign coordinated with the Russians in mounting that attack, she said.

The MSNBC host pointed to a recent report that led CNN to retract a story on Russia and ledthree top stafferswho worked on the story to resign, as well as Vice News retraction of two Trump-related stories just last week.

This is news because why is someone shopping a forged document of this kind to news organizations covering the Trump-Russia affair? Maddow asked.

The MSNBC host and her staff compared the document they received with the the leaked NSA document The Intercept published in early June, which led to the arrest of federal contractor Reality Leigh Winner.

Maddow and her staff believe the document they received was created by copying and pasting aspects of the document The Intercept published. There were additional elements that also raised red flags, Maddow said.

Watch the full MSNBC segment in the video above.

The Morning Email

Wake up to the day's most important news.

More:

Rachel Maddow Says Forged NSA Document Being Shopped ... - HuffPost

Posted in NSA

Tribune Editorial: Lawsuit should get to the truth about NSA spying in Utah – Salt Lake Tribune

Drake continued, "The new mantra to intercepting intelligence was 'just get it' regardless of the law."

Shameful.

It is becoming clear that such a lack of candor from our government officials has become a feature of our post-9/11 surveillance state, and not a bug. Perhaps the infringements of our freedoms necessitate an end to the entire post-9/11 project. But with the billion dollar Utah Data Center sitting right-smack in Salt Lake County, it's doubtful we could successfully kill the beast that is the surveillance industry.

Perhaps we, too, like Jonathan Swift, need "A Modest Proposal." It would be a shame to let the texts, emails, phone records and Google searches of Utah's most popular citizens go to waste. We paid for these records, let's make them public.

Just think, no one would need private investigators to catch husbands texting old girlfriends. You could easily recover your mom's old meatloaf recipe she emailed years ago.

And all those public officials who, when under investigation, manage to lose thousands of emails, as one-time IRS official Lois Lerner did. And former Utah Attorney General John Swallow, who just happened to leave his tablets on airplanes. Call up the NSA. Problem solved!

Think of the money newspapers and community watchdogs would save in GRAMA / FOIA requests. And how would life be different if police, prosecutors, legislators and other government officials knew their communications would be discoverable?

Deception begets deception, poison begets poison. The Fourth Amendment means what it says, and the government should not have power to spy on Americans without a warrant. In this current case, U.S. Department of Justice officials have until March to disclose relevant documents. Let's hope they can do so honestly.

Read this article:

Tribune Editorial: Lawsuit should get to the truth about NSA spying in Utah - Salt Lake Tribune

Posted in NSA

Mother of accused NSA leaker defends daughter – KRISTV.com | Continuous News Coverage | Corpus Christi – KRIS Corpus Christi News

KINGSVILLE -

The mother of a Kingsville native accused of leaking government information continues to stand up for her daughter. 25 year old Reality Winner remains in jail as she awaits her trial in federal court. She's charged with giving out information important to national security.

Billie Winner-Davis, her mother, wants people to wait for an outcome in that trial before judging her daughter.

"People, you know, just want to lock her up, throw away the key, or even hang her not knowing whether or not she did this, not knowing if she's guilty. She hasn't had a trial yet," Winner-Davis says.

Reality Winner is accused of sending classified information about Russian election meddling to a news outlet while she worked as a National Security Agency contractor in Georgia. The FBI says Winner admitted to leaking the information and prosecutors allege she said, "Mom, those documents. I screwed up.", in a recorded jail phone call.

"I really don't recall her saying those words to me. She could have, you know, maybe I've forgotten, you know?" Winner-Davis says.

Winner-Davis says she doesn't know if her daughter did it, adding she wants to ask but hasn't been able to, since all conversations between them have been recorded.

"I don't know if she would risk her entire life, if she would risk her new job that she just got, her future, her entire life for something like this," Winner-Davis says.

Winner-Davis calls her daughter a patriot. She references her daughter's time in the Air Force and some shirts paid for by supporters. One of the shirts has hash tags on it that say #TRUEPATRIOT and #ISTANDWITHREALITY.

"I'm afraid that she won't get a fair trial in this. I'm afraid that they're going to try to make an example out of her and I want the American people to be watching," Winner-Davis says.

Winner-Davis says that mainly because of President Trump's vow to crack down on leakers.

Reality Winner's trial is set for late October in Georgia. Her mom returned from there a few weeks ago and plans on going back in August. Billie Winner-Davis says she plans on staying through the end of her daughter's trial.

Read more:

Mother of accused NSA leaker defends daughter - KRISTV.com | Continuous News Coverage | Corpus Christi - KRIS Corpus Christi News

Posted in NSA

Another View: NSA needs to secure its files and techniques more tightly – Press Herald

The phenomenon of a recent widespread cyberattack, using weapons developed by the U.S. National Security Agency to disrupt major computer operations all over the globe, is not surprising, but it does call for urgent action on the federal governments part.

Weapons proliferation grew much more lethal when the United States developed the atomic bomb, intended to end World War II more rapidly. The technology then got handed to the Soviet Union. Nuclear weapons eventually ended up in the hands of China, France, India, Israel, North Korea, Pakistan, Russia and the United Kingdom, as well as the United States.

More recently, Americas and others cyberweapons creatively have been used to mess up Irans nuclear enrichment program, using the computer worm known as Stuxnet. It also appears that U.S. cyberaction has been used to gum up North Koreas rocket launches.

The problem now is that some of the clever procedures that NSA developed have leaked out, or have been developed independently by people in basements and elsewhere in Kiev, Moscow and Pyongyang, and are being used as they were last week from Ukraine to sabotage important systems, as well as to try to shake down computer system users across the world.

The NSA witness contractor-defector Edward J. Snowden is showing itself to be leaky. Its having difficulty protecting what it knows and preventing unintended use of the skills it develops.

The NSA must button up its files and techniques much more tightly. And whatever cyberweapons we have, we must also stay ahead in that game in our capacity to protect our own cyber infrastructure.

The penalty for falling behind in that development is chaos and danger in our society and country, incredibly high stakes given our vulnerability.

Read the original:

Another View: NSA needs to secure its files and techniques more tightly - Press Herald

Posted in NSA

DROPLEX [DROP] secure NSA bulletproof blockchain ICO – newsBTC

Droplex Platform Financial instruments are digitize as apermissioned blockchain,here is a possibility to rapidly createtrading venues with astablevalue. And after that reduce operational overhead.Digital solutionsFull system run as a digital exchange, with fully-hosted optionsavailable. Custom deployments may be launched in less than a fewweeks.ExchangeAutomated market-making tool has got more than just one-party liquidity pool. We are honored that we can give you briliantthird-party liquidity sources. Supports multiple source exchanges and smart routing, with automated account management.Quantum defenderFeel safety with a quantum defender ! Weve already set up ameeting with D-wave company. Why ? Because Were going to beoneof the first platforms which soon tests the security systemagainstthe quantum pc. The quantum defender, is not just focused on theidea of being a wall against quantum computing attacks, but it isinpreparation to become a network of options for safe and trustedplace. We believe that blockchain needs to be involved in long-termassets and transactions, it has to think long-term. Long-term includes thinking about quantum computing and dealing with thattricks and threats.

Originally posted here:

DROPLEX [DROP] secure NSA bulletproof blockchain ICO - newsBTC

Posted in NSA

NSA Property Holdings Acquires Tri-State Self Storage in Castle County, DE – Inside Self-Storage

NSA Property Holdings LLC, an affiliate of real estate investment trust National Storage Affiliates Trust (NSAT), has acquired a three-property Tri-State Self Storage portfolio in Castle County, Del., from Tri-State Realty Associates L.P. The facilities sit on approximately 28.3 acres of land, according to a press release from SkyView Advisors, the investment-sales and advisory firm that brokered the deal.

Overall, the properties comprise 264,237 rentable square feet of storage space in 2,428 units, 568 of are climate-controlled. They also contain 109 parking spaces and miscellaneous units, the release stated.

Its not often that a portfolio of this size becomes available in this region of the country, and it garnered multiple bids from national self-storage buyers, said Ryan Clark, director of investment sales for SkyView Advisors and a broker in the transaction.

Last month, NSA Property Holdingsacquired Stor-N-More Self Storage in Tampa, Fla., for $19 million. The property comprises 117,655 net rentable square feet in 1,105 units.

SkyView is a boutique firm specializing in self-storage acquisition, development, facility expansion and renovation, refinancing, and sales. Based in Tampa, the firm also has offices in Cleveland and Milwaukee.

Headquartered in Greenwood, Colo., NSAT is a self-administered and -managed REIT focused on the acquisition, operation and ownership of self-storage properties within the top 100 U.S. Metropolitan Statistical Areas throughout the United States. The company has ownership interest in 456 storage facilities in 23 states. Its portfolio comprises approximately 28 million net rentable square feet. It's owned by its affiliate operators, who are contributing their interests in their self-storage assets over the next few years as their current mortgage debt matures.

Read more:

NSA Property Holdings Acquires Tri-State Self Storage in Castle County, DE - Inside Self-Storage

Posted in NSA

Obamas NSA rebuked for snooping on Americans; journo says it …

The secret court that oversees government snooping took the Obama administration to task late last year, suggesting it created "a very serious Fourth Amendment issue" by violating rules the government itself had implemented regarding the surveillance of Americans.

According to top-secret documentsmade public by the Foreign Intelligence Surveillance Court often referred to as the FISA court the government admitted that, just days before the 2016 election, NSA analysts were violating surveillance rules on a regular basis. This pattern of overreach, coupled with the timing of the governments disclosure, resulted in an unusually harsh rebuke of the administrations practices and principles.

A former CBS journalist suing the federal government for allegedly spying on her said the documents prove the illegal snooping was pervasive and widely abused.

POTENTIAL 'SMOKING GUN' SHOWING OBAMA ADMINISTRATION SPIED ON TRUMP TEAM, SOURCE SAYS

"Sources of mine have indicated that political players have increasingly devised premises to gather intel on political targets by wrapping them up in 'incidental' collection of foreigners, as if by accident," Sharyl Attkisson, who is pursuing a federal lawsuit the Department of Justice has tried to dismiss, told the Fox News Investigative Unit.

According to the FISA Court opinion, it was on September 26, 2016 that the government submitted an undisclosed number of "certifications" for the court to review. The review process was supposed to be completed within 30 days, or by October 26, 2016.

Just two days before that review was to be completed and less than two weeks before the 2016 election the government informed the court that NSA analysts had been violating rules, established in 2011, designed to protect the internet communications of Americans.

The NSA has suggested these were inadvertent compliance lapses, and points out that the agency "self-reported" these problems, meaning they were the ones to bring this issue to the attention of the court.

There was just one problem.

The violations that the government disclosed on October 24, 2016, were based on a report from the NSA's Inspector General that had been released 10 months earlier, in January 2016. This means that when the government submitted its certifications for review in September, they were likely aware of that IG report but failed to mention the malpractice going on at the NSA.

The Court at the time blamed an institutional lack of candor" for the government's failure to disclose that information weeks earlier, and gave the government until April 28, 2017, to come up with a solution. After failing to come to an agreement, the NSA announced that it was stopping the type of surveillance in question.

The so-called lapses among NSA staffers had to do with Section 702 of the Foreign Intelligence Surveillance Act, and the upstream surveillance of what the intelligence community refers to as about communications.

REPORT: OBAMA LIED AND OBAMA SPIED

According to the NSA, Section 702 "allows the intelligence community to conduct surveillance on only specific foreign targets located outside the United States to collect foreign intelligence, including intelligence needed in the fight against international terrorism and cyber threats."

Upstream surveillance, according to the ACLU, was first disclosed by NSA leaker Edward Snowden, and involves the NSAs bulk interception and searching of Americans international internet communications including emails, chats, and web-browsing traffic.

This Thursday, June 6, 2013, file photo, shows a sign outside the National Security Administration (NSA) campus in Fort Meade, Md. (AP Photo)

Until the NSA stopped it, the upstream snooping program notified them directly if someone inside the U.S. composed an email that contained the email address of a foreign intelligence agent who was being monitored. According to an NSA declaration reportedly made during the Bush administration, these communications did not have to be to or from the foreign agent, they simply had to mention the email address.

According to the FISA Court documents just made public, the notifications sent to the NSA often led to the unmasking of American citizens caught up in monitoring. And as the court pointed out, many of the requests being made to unmask the Americans taking part in these communications were in direct violation of safeguards established by the Obama administration.

According to the FISA Court documents, so-called minimization procedures adopted in 2011 to curb unlawful surveillance have prohibited use of U.S.-person identifiers to query the results of upstream Internet collections under Section 702.

And, according to the governments October 26, 2016 admission, NSA analysts had been conducting such queries in violation of that prohibition, with much greater frequency than had been previously disclosed.

The suspended surveillance program has been a target of fierce criticism from Republican and Democratic lawmakers, as well as journalists and even Snowden.

Sen. Rand Paul, R-Kentucky, told Fox & Friends on Wednesday that the terrible program was basically a back doorway to sort of get at Americans' privacy without using a warrant.

When the NSA announced it was stopping certain Section 702 activities, Senate Intelligence Committee member Ron Wyden, D-Oregon, said he had raised concerns for years that this amounted to an end run around the Fourth Amendment.

Snowden tweeted that the NSAs actions represented the most substantive of the post-2013 NSA reforms, if the principle is applied to all other programs.

Attkisson, who sued to determine who had access to a government IP address that she says was discovered on her CBS work computer during a forensics exam, said shes concerned the truth will never come out.

"I'm told by sources that it should only take a day or a week, at most, for the intel community to provide [lawmakers with] the details of which Americans, journalists and public officials were 'incidentally' surveilled, which ones were unmasked, who requested the unmaskings, when, and for what supposed purpose," Attkisson said. "Yet months have gone by. Im afraid that as time passes, any evidence becomes less likely to persist."

Original post:

Obamas NSA rebuked for snooping on Americans; journo says it ...

Posted in NSA

Snowden Leak Reveals NSA Traffic Shaping Tech That Diverts US Internet Routing For Spying – Hot Hardware

Geopolitical borders have softened in various ways thanks to the prevalence of the Internet. An email sent by an American could cross multiple international borders before being received by another American. A recent study by the Century Foundation revealed that the National Security Agency (NSA) reportedly utilizes various traffic shaping techniques to survey and store American communications.

Internet traffic does not travel along the shortest route, but instead favors the fastest, least congested, or least expensive course. Data from various countries is backed up in data centers around the world. Sharon Goldberg of the Century Foundation noted, An email sent from San Jose to New York may be routed through Internet devices located in Frankfurt, or be backed up on computers located in Ireland. The NSA could potentially reroute Internet communications to gather information.

The NSA is responsible for monitoring and processing data for foreign intelligence and counterintelligence purposes. American citizens are generally protected by the 4th Amendment and the rules of the Foreign Intelligence Surveillance (FISA) Court. Executive Order 12333, however, allows the collection, retention, and dissemination of information, obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation or incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws.

It is important to note that this study was largely speculation. An NSA spokesperson remarked, We do not comment on speculation about foreign intelligence activities; however, as we have said before, the National Security Agency does not undertake any foreign intelligence activity that would circumvent US laws or privacy protections.

Read this article:

Snowden Leak Reveals NSA Traffic Shaping Tech That Diverts US Internet Routing For Spying - Hot Hardware

Posted in NSA

The NSA’s inadvertent role in Petya, the cyberattack on Ukraine. – Slate Magazine

Should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes?

Wikimedia Commons

Theres a moment in Dr. Strangelove, Stanley Kubricks dark Cold War comic masterpiece, when President Merkin Muffley (played by Peter Sellers) learns that an insane general has exploited a loophole in the militarys command-control system and launched a nuclear attack on Russia. Muffley turns angrily to Air Force Gen. Buck Turgidson (played by George C. Scott) and says, When you instituted the human reliability tests, you assured me there was no possibility of such a thing ever occurring. Turgidson gulps and replies, I dont think its quite fair to condemn a whole program because of a single slip-up.

The National Security Agency currently finds itself in a similar situation.

One of the NSAs beyondtop secret hacking tools has been stolen. And while the ensuing damage falls far short of an unauthorized nuclear strike, the thieves have wreaked cybermayhem around the world.

The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy.* In May, some entitywidely believed to be North Koreansused the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.

Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members ofor criminal hackers affiliated witha Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.

Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server.

Jake Williams, founder of Rendition InfoSec LLC (and a former NSA analyst), told me on Thursday, two days after the attack, The ransomware was a cover for disrupting Ukraine; we have very high confidence of that. This disruptive attack shut down computers running Ukrainian banks, metro systems, and government ministries. The virus then spread to factories, ports, and other facilities in 60 countriesthough Williams says its unclear whether this rippling effect was deliberate. (Because computers are connected to overlapping networks, malware sometimes infects systems far beyond a hackers intended targets.)

By the way, the attack left the ransomware victims, marginal as they were, completely screwed. Once the email address was disconnected, those who wanted to pay ransom had no place to send their bitcoins. Their computers remain frozen. Unless they had back-up drives, their files and data are irretrievable.

Its not yet clear how the Shadow Brokers obtained the hacking tool. One cybersecurity specialist involved in the probe told me that, at first, he and others figured that the theft had to be an inside job, committed by a second Snowden, but the forensics showed otherwise. One possibility, he now speculates, is that an unnamed NSA contractor, who was arrested last year for taking home files, either passed them onto the Russians or was hacked by the Russians himself. The other possibility is that the Russians hacked into classified NSA files. Its a toss-up which theory is more disturbing; the upshot of both is, it could happen again.

So should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes? This remedy is probably unreasonable. After all, spy agencies spy, and the NSA spies by intercepting communications, including digital communications, and some of that involves hacking. In other words, the cyber equivalent of Gen. Turgidson would have a point if he told an angry superior its unfair to condemn a whole program for a single slip-up.

It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway.

Besides, the NSA doesnt do very many hacks of the sort that the Shadow Brokers stolehacks that involve zero-day exploits, the discovery and use of vulnerabilities (in software, hardware, servers, networks, and so forth) that no one has previously discovered. Zero-day exploits were once the crown jewels of the NSAs signals-intelligence shops. But theyre harder to come by now. Software companies continually test their products for security gaps and patch them right away. Hundreds of firms, many created by former intelligence analysts, specialize in finding zero-day vulnerabilities in commercial productsthen alerting the companies for handsome fees. Often, by the time the NSA develops an exploit for a zero-day vulnerability, someone in the private sector has also found it and already developed a patch.

More and more, in recent years, the NSA chooses to tell companies about a problem and even help them fix it. This trend accelerated in December 2013, when a five-member commission, appointed by President Obama in the wake of the Snowden revelations, wrote a 300-page report proposing 46 reforms for U.S. intelligence agencies. One proposal was to bar the government from doing anything to subvert, undermine, weaken, or make vulnerable generally available commercial software. Specifically, if NSA analysts found a zero-day exploit, they should be required to patch the hole at once, except in rare instances when the government could briefly authorize the exploit for high-priority intelligence collection, though, even then, only after approval not by the NSA directorwho, in the past, made such decisionsbut rather in a senior interagency review involving all appropriate departments.

Obama approved this recommendation, and as a result his White House cybersecurity chief, Michael Daniel, drafted a list of questions that this senior review panel must ask before letting the NSA exploit, rather than patch, the zero-day discovery. The questions: Would this vulnerability, if left unpatched, pose risks to our own societys infrastructure? If adversaries or crime groups knew about the vulnerability, how much harm could they inflict? How badly do we need the intelligence that the exploit would provide? Are there other ways to get this intelligence? Could we exploit the vulnerability for just a short period of time, then disclose and patch it?

A 2016 article in Bloomberg News reported that, due in part to this new review process, the NSA keepsand exploits for offensive purposesonly about two of the roughly 100 zero-day vulnerabilities it finds in the course of a year.

The vulnerability exploited in the May ransomware attack was one of those zero-days that the NSA kept for a while. (It is not known for how long or what adversaries it allowed us to hack.) The vulnerability was in a Microsoft operating system. In March, the government notified Microsoft of the security gap. Microsoft quickly devised a patch and alerted users to install the software upgrade. Some users did; others didnt. The North Koreans were able to hack into the systems of those who didnt. Thats how the vast majority of hacks happenthrough carelessness.

It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway. Both are necessary for modern life, and both advance freedoms, but they also carry responsibilities and can do great harm if misused. It would be excessive to require the equivalent of drivers licenses to go online; a government that can take away such licenses for poor digital hygiene could also take them away for impertinent political speech. But its not outrageous to impose regulations on product liability, holding vendors responsible for malware-infected devices, just as car companies are for malfunctioning brakes. Its not outrageous to force government agencies and companies engaged in critical infrastructure (transportation, energy, finance, and so forth) to meet minimal cybersecurity standards or to hit them with heavy fines if they dont. Its not outrageous to require companies to program their computers or software to shut down if users dont change or randomize their passwords or if they dont install software upgrades after a certain amount of time. Or if this goes too far, the government could require companies to program their computers or software to emit a loud noise or flash a bright light on the screen until the users take these precautionsin much the same way that drivers hear ding-ding-ding until they fasten their seatbelts.

Some of these ideas have been kicking around for decades, a few at high levels of government, but theyve been crushed by lobbyists and sometimes by senior economic advisers who warned that regulations would impede technical progress and harm the competitive status of American industries. Resistance came easy because many of these measures were expensive and the dangers they were meant to prevent seemed theoretical. They are no longer theoretical. The cyberattack scenarios laid out in government reports decades ago, dismissed by many as alarmist and science fiction, are now the stuff of front-page news stories.

Cyberthreats will never disappear; cybervulnerabilities will never be solved. They are embedded in the technology, as its developed in the 50 years since the invention of the internet. But the problems can be managed and mitigated. Either we take serious steps now, through a mix of regulations and market-driven incentivesor we wait until a cybercatastrophe, after which far more brutal solutions will be slammed down our throats at far greater cost by every measure.

*Correction, June 30, 2017: This article originally misstated that the NSA tool stolen by the Shadow Brokers was called WannaCry. It was called Eternal Blue, and its code was used to create WannaCry. (Return.)

Visit link:

The NSA's inadvertent role in Petya, the cyberattack on Ukraine. - Slate Magazine

Posted in NSA

NotPetya developers may have obtained NSA exploits weeks before their public leak [Updated] – Ars Technica

Enlarge / A computer screen displaying Eternalromance, one of the NSA exploits used in Tuesday's NotPetya outbreak.

Update:This post was revised throughout to reflect changes F-Secure made to Thursday's blog post. The company now says that the NotPetya component was probably completed in February, and assuming that timeline is correct, it didn't have any definitive bearing on when the NSA exploits were obtained. F-Secure Security Advisor Sean Sullivan tells Ars that the component weaves in the NSA exploits so well that it's likely the developers had access to the NSA code. "It strongly hints at this possibility," he said. "We feel strongly that this is the best theory to debunk." This post has been revised to make clear that the early access is currently an unproven theory.

Original Story:The people behind Tuesday's massive malware outbreak might have had access to two National Security Agency-developed exploits several weeks before they were published on the Internet, according to clues researchers from antivirus F-Secure found in some of its code.

On Thursday, F-Secure researchers said that unconfirmed timestamps left in some of the NotPetya malware code suggested that the developers may have had access to EternalBlue and EternalRomance as early as February, when they finished work on the malware component that interacted with the stolen NSA exploits. The potential timeline is all the more significant considering the quality of the component, which proved surprisingly adept in spreading the malware from computer to computer inside infected networks. The elegance lay in the way the component combined the NSA exploits with three off-the-shelf tools including Mimikatz, PSExec, and WMIC. The result: NotPetya could infect both patched and unpatched computers quickly. Code that complex and effective likely required weeks of development and testing prior to completion.

"February is many weeks before the exploits EternalBlue and EternalRomance (both of which this module utilizes) were released to the public (in April) by the Shadow Brokers," F-Secure researcher Andy Patel wrote in a blog post. "And those exploits fit this component like a glove."

Whereas the two other main components of NotPetyaan encryption component and a component for attacking a computer's master boot recordwere "pretty shoddy and seem kinda cobbled together," Patel said the spreading component seems "very sophisticated and well-tested." It remains possible that the February timestamps found in some of the code was falsified. Assuming the stampsare correct, they suggest that developers may have had access, or at least knowledge of, the NSA exploits by then. By contrast, Patel added:

WannaCry clearly picked [the NSA] exploits up after the Shadow Brokers dumped them into the public domain in April. Also WannaCry didn't do the best job at implementing these exploits correctly.

By comparison, this "Petya" looks well-implemented, and seems to have seen plenty of testing. It's fully-baked.

The weeks leading up to the possible February completion of the NotPetya spreader was a particularly critical time for computer security. A month earlier, the Shadow Brokers advertised an auction that revealed some of the names of the exploits they had, including EternalBlue. NSA officials responded by warning Microsoft of the theft so that the company could patch the underlying vulnerabilities. In February, Microsoft abruptly canceled that month's Patch Tuesday. The unprecedented move was all the more odd because exploit code for an unpatched Windows 10 flaw was already in the wild, and Microsoft gave no explanation for the cancellation.

"Meanwhile, 'friends of the Shadow Brokers' were busy finishing up development of a rather nifty network propagation component, utilizing these exploits," Patel wrote.

When Patch Tuesday resumed in March, Microsoft released a critical security update that fixed EternalBlue. As the WCry outbreak would later demonstrate, large numbers of computersmainly running Windows 7failed to install the updates, allowing the worm to spread widely.

If the timeline is correct, it might mean the NotPetya developers had some sort of tie to the Shadow Brokers, possibly as customers, colleagues, acquaintances, or friends. It might also make NotPetya the first piece of in-the-wild malware that had known early access to the NSA exploits. Patel didn't speculate how the NotPetya developers might have gotten hold of EternalBlue and EternalRomance prior to their public release in April.

Early speculation was that Shadow Brokers members acquired a small number of hacking tools that NSA personnel stored on one or more staging servers used to carry out operations. The volume and sensitivity of the exploits and documents released over the next several months slowly painted a much grimmer picture. It's now clear that the group has capitalized on what is likely the worst breach in NSA history. There's no indication that the agency has identified how it lost control of such a large collection of advanced tools or that it knows much at all about the Shadow Brokers' membership. The group, meanwhile, continues to publish blog posts written in deliberately broken English, with the most recent one appearing on Wednesday.

The F-Secure theory adds a new, unsettling entry tothe Shadow Brokers' resume. The world already knew the group presided over a breach of unprecedented scope and leaked exploits to the world. Now, we know it also provided crucial private assistance in developing one of the most virulent worms in recent memory.

Read the original post:

NotPetya developers may have obtained NSA exploits weeks before their public leak [Updated] - Ars Technica

Posted in NSA

John W. Whitehead column: A dangerous proposition: Making the NSA’s powers permanent – Richmond.com

The Trump administration wants to make some of the National Security Agencys vast spying powers permanent. Thats a dangerous proposition, and Ill tell you why.

Since 9/11, Americans have been asked to sacrifice their freedoms on the altar of national security. Weve had our phone calls monitored, our emails read, our movements tracked, and our transactions documented.

Every second of every day, the American people are being spied on by the U.S. governments vast network of digital Peeping Toms, electronic eavesdroppers and robotic snoops.

These government snoops are constantly combing through and harvesting vast quantities of our communications.

They are conducting this mass surveillance without a warrant, thus violating the core principles of the Fourth Amendment which protects the privacy of all Americans.

PRISM and Upstream, two of the spying programs conducted under Section 702 of the Foreign Intelligence Surveillance Act, are set to expire at the end of this year.

Heres why they should be allowed to expire.

PRISM lets the NSA access emails, video chats, instant messages, and other content sent via Facebook, Google, Apple, and others.

Upstream lets the NSA worm its way into the internet backbone the cables and switches owned by private corporations like AT&T that make the internet into a global network and scan traffic for the communications of tens of thousands of individuals labeled targets.

Ask the NSA why its carrying out this warrantless surveillance on American citizens, and youll get the same Orwellian answer the government has been trotting out since 9/11 to justify its assaults on our civil liberties: to keep America safe.

Yet warrantless mass surveillance by the government and its corporate cohorts hasnt made America any safer. And it certainly isnt helping to preserve our freedoms.

Frankly, America will never be safe as long as the U.S. government is allowed to shred the Constitution.

Now the government wants us to believe that we have nothing to fear from its mass spying program because theyre only looking to get the bad guys who are overseas.

Dont believe it.

The governments definition of a bad guy is extraordinarily broad, and it results in the warrantless surveillance of innocent, law-abiding Americans on a staggering scale.

Under Section 702, the government collects and analyzes over 250 million internet communications every year. There are estimates that at least half of these contain information about U.S. residents, many of whom have done nothing wrong.

The government claims its spying on Americans is simply incidental, as though it were an accident but it fully intends to collect this information.

Indeed, this sensitive data is not destroyed after the NSA vacuums it up. Rather, the government has written its own internal rules called minimization procedures that allow spy agencies such as the NSA to retain Americans private communications for years.

Far from minimizing any invasion of privacy, the rules expressly allow government officials to read our emails and listen to our phone calls without a warrant the very kinds of violations that the Fourth Amendment was written to prohibit.

Finally, once this information collected illegally and without any probable cause is ingested into NSA servers, other government agencies can often search through the databases to make criminal cases against Americans that have nothing to do with terrorism or anything national security-related. One Justice Department lawyer called the database the FBIs Google.

In other words, the NSA, an unaccountable institution filled with unelected bureaucrats, operates a massive database that contains the intimate and personal communications of countless Americans.

Warrantless mass surveillance of American citizens is wrong, un-American, and unconstitutional.

Its time to let Section 702 expire or reform the law to ensure that millions and millions of Americans are not being victimized by a government that no longer respects its constitutional limits.

Constitutional attorney John W. Whitehead, author of Battlefield America: The War on the American People, is the president of The Rutherford Institute, a civil liberties and human rights organization that is one of the plaintiffs in a lawsuit challenging Upstream surveillance under Section 702. Contact Whitehead at johnw@rutherford.org.

Go here to read the rest:

John W. Whitehead column: A dangerous proposition: Making the NSA's powers permanent - Richmond.com

Posted in NSA


...10...1819202122...304050...