The secret court that oversees government snooping took the Obama administration to task late last year, suggesting it created "a very serious Fourth Amendment issue" by violating rules the government itself had implemented regarding the surveillance of Americans.

According to top-secret documentsmade public by the Foreign Intelligence Surveillance Court often referred to as the FISA court the government admitted that, just days before the 2016 election, NSA analysts were violating surveillance rules on a regular basis. This pattern of overreach, coupled with the timing of the governments disclosure, resulted in an unusually harsh rebuke of the administrations practices and principles.

A former CBS journalist suing the federal government for allegedly spying on her said the documents prove the illegal snooping was pervasive and widely abused.

POTENTIAL 'SMOKING GUN' SHOWING OBAMA ADMINISTRATION SPIED ON TRUMP TEAM, SOURCE SAYS

"Sources of mine have indicated that political players have increasingly devised premises to gather intel on political targets by wrapping them up in 'incidental' collection of foreigners, as if by accident," Sharyl Attkisson, who is pursuing a federal lawsuit the Department of Justice has tried to dismiss, told the Fox News Investigative Unit.

According to the FISA Court opinion, it was on September 26, 2016 that the government submitted an undisclosed number of "certifications" for the court to review. The review process was supposed to be completed within 30 days, or by October 26, 2016.

Just two days before that review was to be completed and less than two weeks before the 2016 election the government informed the court that NSA analysts had been violating rules, established in 2011, designed to protect the internet communications of Americans.

The NSA has suggested these were inadvertent compliance lapses, and points out that the agency "self-reported" these problems, meaning they were the ones to bring this issue to the attention of the court.

There was just one problem.

The violations that the government disclosed on October 24, 2016, were based on a report from the NSA's Inspector General that had been released 10 months earlier, in January 2016. This means that when the government submitted its certifications for review in September, they were likely aware of that IG report but failed to mention the malpractice going on at the NSA.

The Court at the time blamed an institutional lack of candor" for the government's failure to disclose that information weeks earlier, and gave the government until April 28, 2017, to come up with a solution. After failing to come to an agreement, the NSA announced that it was stopping the type of surveillance in question.

The so-called lapses among NSA staffers had to do with Section 702 of the Foreign Intelligence Surveillance Act, and the upstream surveillance of what the intelligence community refers to as about communications.

REPORT: OBAMA LIED AND OBAMA SPIED

According to the NSA, Section 702 "allows the intelligence community to conduct surveillance on only specific foreign targets located outside the United States to collect foreign intelligence, including intelligence needed in the fight against international terrorism and cyber threats."

Upstream surveillance, according to the ACLU, was first disclosed by NSA leaker Edward Snowden, and involves the NSAs bulk interception and searching of Americans international internet communications including emails, chats, and web-browsing traffic.

This Thursday, June 6, 2013, file photo, shows a sign outside the National Security Administration (NSA) campus in Fort Meade, Md. (AP Photo)

Until the NSA stopped it, the upstream snooping program notified them directly if someone inside the U.S. composed an email that contained the email address of a foreign intelligence agent who was being monitored. According to an NSA declaration reportedly made during the Bush administration, these communications did not have to be to or from the foreign agent, they simply had to mention the email address.

According to the FISA Court documents just made public, the notifications sent to the NSA often led to the unmasking of American citizens caught up in monitoring. And as the court pointed out, many of the requests being made to unmask the Americans taking part in these communications were in direct violation of safeguards established by the Obama administration.

According to the FISA Court documents, so-called minimization procedures adopted in 2011 to curb unlawful surveillance have prohibited use of U.S.-person identifiers to query the results of upstream Internet collections under Section 702.

And, according to the governments October 26, 2016 admission, NSA analysts had been conducting such queries in violation of that prohibition, with much greater frequency than had been previously disclosed.

The suspended surveillance program has been a target of fierce criticism from Republican and Democratic lawmakers, as well as journalists and even Snowden.

Sen. Rand Paul, R-Kentucky, told Fox & Friends on Wednesday that the terrible program was basically a back doorway to sort of get at Americans' privacy without using a warrant.

When the NSA announced it was stopping certain Section 702 activities, Senate Intelligence Committee member Ron Wyden, D-Oregon, said he had raised concerns for years that this amounted to an end run around the Fourth Amendment.

Snowden tweeted that the NSAs actions represented the most substantive of the post-2013 NSA reforms, if the principle is applied to all other programs.

Attkisson, who sued to determine who had access to a government IP address that she says was discovered on her CBS work computer during a forensics exam, said shes concerned the truth will never come out.

"I'm told by sources that it should only take a day or a week, at most, for the intel community to provide [lawmakers with] the details of which Americans, journalists and public officials were 'incidentally' surveilled, which ones were unmasked, who requested the unmaskings, when, and for what supposed purpose," Attkisson said. "Yet months have gone by. Im afraid that as time passes, any evidence becomes less likely to persist."

Original post:

Obamas NSA rebuked for snooping on Americans; journo says it ...

Geopolitical borders have softened in various ways thanks to the prevalence of the Internet. An email sent by an American could cross multiple international borders before being received by another American. A recent study by the Century Foundation revealed that the National Security Agency (NSA) reportedly utilizes various traffic shaping techniques to survey and store American communications.

Internet traffic does not travel along the shortest route, but instead favors the fastest, least congested, or least expensive course. Data from various countries is backed up in data centers around the world. Sharon Goldberg of the Century Foundation noted, An email sent from San Jose to New York may be routed through Internet devices located in Frankfurt, or be backed up on computers located in Ireland. The NSA could potentially reroute Internet communications to gather information.

The NSA is responsible for monitoring and processing data for foreign intelligence and counterintelligence purposes. American citizens are generally protected by the 4th Amendment and the rules of the Foreign Intelligence Surveillance (FISA) Court. Executive Order 12333, however, allows the collection, retention, and dissemination of information, obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation or incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws.

It is important to note that this study was largely speculation. An NSA spokesperson remarked, We do not comment on speculation about foreign intelligence activities; however, as we have said before, the National Security Agency does not undertake any foreign intelligence activity that would circumvent US laws or privacy protections.

Read this article:

Snowden Leak Reveals NSA Traffic Shaping Tech That Diverts US Internet Routing For Spying - Hot Hardware

Should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes?

Wikimedia Commons

Theres a moment in Dr. Strangelove, Stanley Kubricks dark Cold War comic masterpiece, when President Merkin Muffley (played by Peter Sellers) learns that an insane general has exploited a loophole in the militarys command-control system and launched a nuclear attack on Russia. Muffley turns angrily to Air Force Gen. Buck Turgidson (played by George C. Scott) and says, When you instituted the human reliability tests, you assured me there was no possibility of such a thing ever occurring. Turgidson gulps and replies, I dont think its quite fair to condemn a whole program because of a single slip-up.

The National Security Agency currently finds itself in a similar situation.

One of the NSAs beyondtop secret hacking tools has been stolen. And while the ensuing damage falls far short of an unauthorized nuclear strike, the thieves have wreaked cybermayhem around the world.

The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy.* In May, some entitywidely believed to be North Koreansused the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.

Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members ofor criminal hackers affiliated witha Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.

Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server.

Jake Williams, founder of Rendition InfoSec LLC (and a former NSA analyst), told me on Thursday, two days after the attack, The ransomware was a cover for disrupting Ukraine; we have very high confidence of that. This disruptive attack shut down computers running Ukrainian banks, metro systems, and government ministries. The virus then spread to factories, ports, and other facilities in 60 countriesthough Williams says its unclear whether this rippling effect was deliberate. (Because computers are connected to overlapping networks, malware sometimes infects systems far beyond a hackers intended targets.)

By the way, the attack left the ransomware victims, marginal as they were, completely screwed. Once the email address was disconnected, those who wanted to pay ransom had no place to send their bitcoins. Their computers remain frozen. Unless they had back-up drives, their files and data are irretrievable.

Its not yet clear how the Shadow Brokers obtained the hacking tool. One cybersecurity specialist involved in the probe told me that, at first, he and others figured that the theft had to be an inside job, committed by a second Snowden, but the forensics showed otherwise. One possibility, he now speculates, is that an unnamed NSA contractor, who was arrested last year for taking home files, either passed them onto the Russians or was hacked by the Russians himself. The other possibility is that the Russians hacked into classified NSA files. Its a toss-up which theory is more disturbing; the upshot of both is, it could happen again.

So should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes? This remedy is probably unreasonable. After all, spy agencies spy, and the NSA spies by intercepting communications, including digital communications, and some of that involves hacking. In other words, the cyber equivalent of Gen. Turgidson would have a point if he told an angry superior its unfair to condemn a whole program for a single slip-up.

It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway.

Besides, the NSA doesnt do very many hacks of the sort that the Shadow Brokers stolehacks that involve zero-day exploits, the discovery and use of vulnerabilities (in software, hardware, servers, networks, and so forth) that no one has previously discovered. Zero-day exploits were once the crown jewels of the NSAs signals-intelligence shops. But theyre harder to come by now. Software companies continually test their products for security gaps and patch them right away. Hundreds of firms, many created by former intelligence analysts, specialize in finding zero-day vulnerabilities in commercial productsthen alerting the companies for handsome fees. Often, by the time the NSA develops an exploit for a zero-day vulnerability, someone in the private sector has also found it and already developed a patch.

More and more, in recent years, the NSA chooses to tell companies about a problem and even help them fix it. This trend accelerated in December 2013, when a five-member commission, appointed by President Obama in the wake of the Snowden revelations, wrote a 300-page report proposing 46 reforms for U.S. intelligence agencies. One proposal was to bar the government from doing anything to subvert, undermine, weaken, or make vulnerable generally available commercial software. Specifically, if NSA analysts found a zero-day exploit, they should be required to patch the hole at once, except in rare instances when the government could briefly authorize the exploit for high-priority intelligence collection, though, even then, only after approval not by the NSA directorwho, in the past, made such decisionsbut rather in a senior interagency review involving all appropriate departments.

Obama approved this recommendation, and as a result his White House cybersecurity chief, Michael Daniel, drafted a list of questions that this senior review panel must ask before letting the NSA exploit, rather than patch, the zero-day discovery. The questions: Would this vulnerability, if left unpatched, pose risks to our own societys infrastructure? If adversaries or crime groups knew about the vulnerability, how much harm could they inflict? How badly do we need the intelligence that the exploit would provide? Are there other ways to get this intelligence? Could we exploit the vulnerability for just a short period of time, then disclose and patch it?

A 2016 article in Bloomberg News reported that, due in part to this new review process, the NSA keepsand exploits for offensive purposesonly about two of the roughly 100 zero-day vulnerabilities it finds in the course of a year.

The vulnerability exploited in the May ransomware attack was one of those zero-days that the NSA kept for a while. (It is not known for how long or what adversaries it allowed us to hack.) The vulnerability was in a Microsoft operating system. In March, the government notified Microsoft of the security gap. Microsoft quickly devised a patch and alerted users to install the software upgrade. Some users did; others didnt. The North Koreans were able to hack into the systems of those who didnt. Thats how the vast majority of hacks happenthrough carelessness.

It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway. Both are necessary for modern life, and both advance freedoms, but they also carry responsibilities and can do great harm if misused. It would be excessive to require the equivalent of drivers licenses to go online; a government that can take away such licenses for poor digital hygiene could also take them away for impertinent political speech. But its not outrageous to impose regulations on product liability, holding vendors responsible for malware-infected devices, just as car companies are for malfunctioning brakes. Its not outrageous to force government agencies and companies engaged in critical infrastructure (transportation, energy, finance, and so forth) to meet minimal cybersecurity standards or to hit them with heavy fines if they dont. Its not outrageous to require companies to program their computers or software to shut down if users dont change or randomize their passwords or if they dont install software upgrades after a certain amount of time. Or if this goes too far, the government could require companies to program their computers or software to emit a loud noise or flash a bright light on the screen until the users take these precautionsin much the same way that drivers hear ding-ding-ding until they fasten their seatbelts.

Some of these ideas have been kicking around for decades, a few at high levels of government, but theyve been crushed by lobbyists and sometimes by senior economic advisers who warned that regulations would impede technical progress and harm the competitive status of American industries. Resistance came easy because many of these measures were expensive and the dangers they were meant to prevent seemed theoretical. They are no longer theoretical. The cyberattack scenarios laid out in government reports decades ago, dismissed by many as alarmist and science fiction, are now the stuff of front-page news stories.

Cyberthreats will never disappear; cybervulnerabilities will never be solved. They are embedded in the technology, as its developed in the 50 years since the invention of the internet. But the problems can be managed and mitigated. Either we take serious steps now, through a mix of regulations and market-driven incentivesor we wait until a cybercatastrophe, after which far more brutal solutions will be slammed down our throats at far greater cost by every measure.

*Correction, June 30, 2017: This article originally misstated that the NSA tool stolen by the Shadow Brokers was called WannaCry. It was called Eternal Blue, and its code was used to create WannaCry. (Return.)

Visit link:

The NSA's inadvertent role in Petya, the cyberattack on Ukraine. - Slate Magazine

Enlarge / A computer screen displaying Eternalromance, one of the NSA exploits used in Tuesday's NotPetya outbreak.

Update:This post was revised throughout to reflect changes F-Secure made to Thursday's blog post. The company now says that the NotPetya component was probably completed in February, and assuming that timeline is correct, it didn't have any definitive bearing on when the NSA exploits were obtained. F-Secure Security Advisor Sean Sullivan tells Ars that the component weaves in the NSA exploits so well that it's likely the developers had access to the NSA code. "It strongly hints at this possibility," he said. "We feel strongly that this is the best theory to debunk." This post has been revised to make clear that the early access is currently an unproven theory.

Original Story:The people behind Tuesday's massive malware outbreak might have had access to two National Security Agency-developed exploits several weeks before they were published on the Internet, according to clues researchers from antivirus F-Secure found in some of its code.

On Thursday, F-Secure researchers said that unconfirmed timestamps left in some of the NotPetya malware code suggested that the developers may have had access to EternalBlue and EternalRomance as early as February, when they finished work on the malware component that interacted with the stolen NSA exploits. The potential timeline is all the more significant considering the quality of the component, which proved surprisingly adept in spreading the malware from computer to computer inside infected networks. The elegance lay in the way the component combined the NSA exploits with three off-the-shelf tools including Mimikatz, PSExec, and WMIC. The result: NotPetya could infect both patched and unpatched computers quickly. Code that complex and effective likely required weeks of development and testing prior to completion.

"February is many weeks before the exploits EternalBlue and EternalRomance (both of which this module utilizes) were released to the public (in April) by the Shadow Brokers," F-Secure researcher Andy Patel wrote in a blog post. "And those exploits fit this component like a glove."

Whereas the two other main components of NotPetyaan encryption component and a component for attacking a computer's master boot recordwere "pretty shoddy and seem kinda cobbled together," Patel said the spreading component seems "very sophisticated and well-tested." It remains possible that the February timestamps found in some of the code was falsified. Assuming the stampsare correct, they suggest that developers may have had access, or at least knowledge of, the NSA exploits by then. By contrast, Patel added:

WannaCry clearly picked [the NSA] exploits up after the Shadow Brokers dumped them into the public domain in April. Also WannaCry didn't do the best job at implementing these exploits correctly.

By comparison, this "Petya" looks well-implemented, and seems to have seen plenty of testing. It's fully-baked.

The weeks leading up to the possible February completion of the NotPetya spreader was a particularly critical time for computer security. A month earlier, the Shadow Brokers advertised an auction that revealed some of the names of the exploits they had, including EternalBlue. NSA officials responded by warning Microsoft of the theft so that the company could patch the underlying vulnerabilities. In February, Microsoft abruptly canceled that month's Patch Tuesday. The unprecedented move was all the more odd because exploit code for an unpatched Windows 10 flaw was already in the wild, and Microsoft gave no explanation for the cancellation.

"Meanwhile, 'friends of the Shadow Brokers' were busy finishing up development of a rather nifty network propagation component, utilizing these exploits," Patel wrote.

When Patch Tuesday resumed in March, Microsoft released a critical security update that fixed EternalBlue. As the WCry outbreak would later demonstrate, large numbers of computersmainly running Windows 7failed to install the updates, allowing the worm to spread widely.

If the timeline is correct, it might mean the NotPetya developers had some sort of tie to the Shadow Brokers, possibly as customers, colleagues, acquaintances, or friends. It might also make NotPetya the first piece of in-the-wild malware that had known early access to the NSA exploits. Patel didn't speculate how the NotPetya developers might have gotten hold of EternalBlue and EternalRomance prior to their public release in April.

Early speculation was that Shadow Brokers members acquired a small number of hacking tools that NSA personnel stored on one or more staging servers used to carry out operations. The volume and sensitivity of the exploits and documents released over the next several months slowly painted a much grimmer picture. It's now clear that the group has capitalized on what is likely the worst breach in NSA history. There's no indication that the agency has identified how it lost control of such a large collection of advanced tools or that it knows much at all about the Shadow Brokers' membership. The group, meanwhile, continues to publish blog posts written in deliberately broken English, with the most recent one appearing on Wednesday.

The F-Secure theory adds a new, unsettling entry tothe Shadow Brokers' resume. The world already knew the group presided over a breach of unprecedented scope and leaked exploits to the world. Now, we know it also provided crucial private assistance in developing one of the most virulent worms in recent memory.

Read the original post:

NotPetya developers may have obtained NSA exploits weeks before their public leak [Updated] - Ars Technica

The Trump administration wants to make some of the National Security Agencys vast spying powers permanent. Thats a dangerous proposition, and Ill tell you why.

Since 9/11, Americans have been asked to sacrifice their freedoms on the altar of national security. Weve had our phone calls monitored, our emails read, our movements tracked, and our transactions documented.

Every second of every day, the American people are being spied on by the U.S. governments vast network of digital Peeping Toms, electronic eavesdroppers and robotic snoops.

These government snoops are constantly combing through and harvesting vast quantities of our communications.

They are conducting this mass surveillance without a warrant, thus violating the core principles of the Fourth Amendment which protects the privacy of all Americans.

PRISM and Upstream, two of the spying programs conducted under Section 702 of the Foreign Intelligence Surveillance Act, are set to expire at the end of this year.

Heres why they should be allowed to expire.

PRISM lets the NSA access emails, video chats, instant messages, and other content sent via Facebook, Google, Apple, and others.

Upstream lets the NSA worm its way into the internet backbone the cables and switches owned by private corporations like AT&T that make the internet into a global network and scan traffic for the communications of tens of thousands of individuals labeled targets.

Ask the NSA why its carrying out this warrantless surveillance on American citizens, and youll get the same Orwellian answer the government has been trotting out since 9/11 to justify its assaults on our civil liberties: to keep America safe.

Yet warrantless mass surveillance by the government and its corporate cohorts hasnt made America any safer. And it certainly isnt helping to preserve our freedoms.

Frankly, America will never be safe as long as the U.S. government is allowed to shred the Constitution.

Now the government wants us to believe that we have nothing to fear from its mass spying program because theyre only looking to get the bad guys who are overseas.

Dont believe it.

The governments definition of a bad guy is extraordinarily broad, and it results in the warrantless surveillance of innocent, law-abiding Americans on a staggering scale.

Under Section 702, the government collects and analyzes over 250 million internet communications every year. There are estimates that at least half of these contain information about U.S. residents, many of whom have done nothing wrong.

The government claims its spying on Americans is simply incidental, as though it were an accident but it fully intends to collect this information.

Indeed, this sensitive data is not destroyed after the NSA vacuums it up. Rather, the government has written its own internal rules called minimization procedures that allow spy agencies such as the NSA to retain Americans private communications for years.

Far from minimizing any invasion of privacy, the rules expressly allow government officials to read our emails and listen to our phone calls without a warrant the very kinds of violations that the Fourth Amendment was written to prohibit.

Finally, once this information collected illegally and without any probable cause is ingested into NSA servers, other government agencies can often search through the databases to make criminal cases against Americans that have nothing to do with terrorism or anything national security-related. One Justice Department lawyer called the database the FBIs Google.

In other words, the NSA, an unaccountable institution filled with unelected bureaucrats, operates a massive database that contains the intimate and personal communications of countless Americans.

Warrantless mass surveillance of American citizens is wrong, un-American, and unconstitutional.

Its time to let Section 702 expire or reform the law to ensure that millions and millions of Americans are not being victimized by a government that no longer respects its constitutional limits.

Constitutional attorney John W. Whitehead, author of Battlefield America: The War on the American People, is the president of The Rutherford Institute, a civil liberties and human rights organization that is one of the plaintiffs in a lawsuit challenging Upstream surveillance under Section 702. Contact Whitehead at johnw@rutherford.org.

Go here to read the rest:

John W. Whitehead column: A dangerous proposition: Making the NSA's powers permanent - Richmond.com

A pared-down version of President Trumps travel ban took effect Thursday night, barring immigrants and refugees from six majority-Muslim countries from entering the United States unless they can prove a relationship with a U.S. citizen or entity; late adjustments to the administrations rules included fiancs but not grandparents and other extended family. In an emergency filing, the state of Hawaii asked a federal court to clarify the scope of the ban, saying the governments latest restrictions go further than the Supreme Court allowed. [Tony Romm / Recode]

This weeks international malware attack has raised concerns that the National Security Agency has rushed to create digital weapons that it cannot keep safe or disable. [The New York Times]

Airbnb is launching a new service for luxury vacation rentals at mega-homes, mansions and penthouses. Airbnb Lux will begin testing in some markets at the end of the year. [Bloomberg]

Meal-kit delivery company Blue Apron raised $300 million in its first day of trading on the New York Stock Exchange, opening at about $10 a share. The five-year-old New York City-based company slashed its IPO price amid questions about the long-term feasibility of its model. [Jason Del Rey / Recode]

Blue Apron CEO Matt Salzberg will join Bonobos CEO Andy Dunn and Williams-Sonoma CEO Laura Alber at Septembers Code Commerce event in New York City, where retail and commerce industry leaders will explore the convergence of digital and physical in the realm of buying and selling stuff. [Jason Del Rey / Recode]

No single device will have as much impact as the iPhone in the next 10 years. Heres a look at which products in the market today might have a comparable effect over the next decade. [Jan Dawson / Recode]

A former Binary Capital employee is suing Justin Caldbeck and the VC firm.

Ann Lai alleges defamation and other claims.

Facebooks internet-beaming drone completed its second test flight and landed perfectly.

Its first Aquila flight ended in a crash landing.

A new drone route is now open in Malawi.

Drones can soar over roads in the flood-prone region to help deliver supplies to remote areas.

This new movie about an Instagram stalker looks both hilarious and terrifying.

Remember: People can see your public social media posts.

Google is still mostly white and male.

Thats according to the latest diversity report.

Kids these days.

On the latest Too Embarassed to Ask, Kara Swisher and Lauren Goode talk with The Verges Casey Newton and Karas older son, Louie Swisher, about how teens are using (or not using) apps like Instagram, Snapchat, Musical.ly and more.

Nice day for a Crunchwrap Supreme wedding

This lucky couple won a glamorous, all-expenses-paid wedding at Taco Bells chic Las Vegas Cantina location, catered with Doubledillas, Gorditas and a hot-sauce-packet bouquet. They werent the first; the fast-food company is now offering anyone the chance to get married at the Vegas franchise for $600. [Eric Vilas-Boas / Thrillist]

View post:

Recode Daily: Trump's 'travel ban' goes into effect, and can the NSA control the cyber weapons it creates? - Recode

Today Democratic Congressman Ted Lieu of California wrote to the NSA in an appeal for the agency to do anything in its power to stop the spread of the globalransomware (or potentially just disguised as ransomware) attack that began yesterday.

Lieu seeks to hold the NSA accountable for its leaked exploit, known as EternalBlue, which appears to have facilitated the malwares spread. Last month, the ransomware known as WannaCry also leveraged EternalBlue in order to spread between networked machines that have not been updated to protect them from the vulnerability, which Microsoft issued a patch for back in March (MS17-010).

Based on various reports, it appears these two global ransomware attacks likely occurred because the NSAs hacking tools were released to the public by an organization called the ShadowBrokers, Lieu wrote.

My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help stop the attack, then NSA should immediately disclose it. If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.

Lieu went on to implore the spy agency to communicate more openly with major tech companies about the vulnerabilities that it discovers in their systems. In the case of EternalBlue, the NSA is believed to have known about the exploit for years. Naturally that makes one wonder what other massive exploits the agency has up its sleeve and how easily those could be exposed in a new Shadow Brokers leak.

Given the ongoing threat, I urge NSA to continue actively working with companies like Microsoft to notify them of software vulnerabilities of which the Agency is aware, Lieu said.I also urge the NSA to disclose to Microsoft and other entities what it knows that can help prevent future attacks based on malware created by the NSA.

Some things about yesterdays ransomware attack make it even nastier than its predecessor WannaCry. As IEEE Senior Member and Ulster University Cybersecurity Professor Kevin Curran explained to TechCrunch: One key difference from WannaCry is that Petya does not simply encrypt disk files but rather locks the entire disk so nothing can be executed. It does it by encrypting the filesystems master file table so the operating system cannot retrieve files.

The other big difference: WannaCry had a kill switch, even if it wasserendipitous.

It does seem to have the same deadly replication feature of WannaCry which enables it to spread quickly across an internal network infecting other machines, Curran said. It seems to also be finding passwords on each infected computer and using those to spread as well. There seems to be no kill switch on this occasion.

We reached out to the NSA with questions about its ability to stop the spread of the current ransomware and its perceived responsibility moving forward. You can read Lieus full letter, embedded below.

Here is the original post:

In aftermath of Petya, congressman asks NSA to stop the attack if it knows how - TechCrunch

It is hard to imagine more fitting names for code-gone-bad than WannaCry and Eternal Blue. Those are just some of the computer coding vulnerabilities pilfered from the National Security Agencys super-secret stockpile that have been used in two separate global cyber attacks in recent weeks. An attack on Tuesday featuring Eternal Blue was the second of these to use stolen NSA cyber toolsdisrupting everything from radiation monitoring at Chernobyl to shipping operations in India. Fort Meades trove of coding weaknesses is designed to give the NSA an edge. Instead, its giving the NSA heartburn. And its not going away any time soon.

As with most intelligence headlines, the story is complicated, filled with good intentions and unintended consequences. Home to the nations codebreakers and cyber spies, the NSA is paid to intercept communications of foreign adversaries. One way is by hunting for hidden vulnerabilities in the computer code powering Microsoft Windows and and all sorts of other products and services that connect us to the digital world. Its a rich hunting ground. The rule of thumb is that one vulnerability can be found in about every 2,500 lines of code. Given that an Android phone uses 12 million lines of code, were talking a lot of vulnerabilities. Some are easy to find. Others are really hard. Companies are so worried about vulnerabilities that manyincluding Facebook and Microsoftpay bug bounties to anyone who finds one and tells the company about it before alerting the world. Bug bounties can stretch into the hundreds of thousands of dollars.

Writing the Rules of Cyberwar

The NSA, which employs more mathematicians than any organization on Earth, has been collecting these vulnerabilities. The agency often shares the weaknesses they find with American manufacturers so they can be patched. But not always. As NSA Director Mike Rogers told a Stanford audience in 2014,the default setting is if we become aware of a vulnerability, we share it, but then added, There are some instances where we are not going to do that. Critics contend thats tantamount to saying, In most cases we administer our special snake bite anti-venom that saves the patient. But not always.

In this case, a shadowy group called the Shadow Brokers (really, you cant make these names up) posted part of the NSAs collection online, and now its O.K. Corral time in cyberspace. Tuesdays attacks are just the beginning. Once bad code is in the wild, it never really goes away. Generally speaking, the best approach is patching. But most of us are terrible about clicking on those updates, which means there are always victimslots of themfor cyber bad guys to shoot at.

WannaCry and Eternal Blue must be how folks inside the NSA are feeling these days. Americas secret-keepers are struggling to keep their secrets. For the National Security Agency, this new reality must hit especially hard. For years, the agency was so cloaked in secrecy, officials refused to acknowledge its existence. People inside the Beltway joked that NSA stood for No Such Agency. When I visited NSA headquarters shortly after the Snowden revelations, one public-affairs officer said the job used to entail watching the phones ring and not commenting to reporters.

Now, the NSA finds itself confronting two wicked problemsone technical, the other human. The technical problem boils down to this: Is it ever possible to design technologies to be secure against everyone who wants to breach them except the good guys? Many government officials say yes, or at least no, but In this view, weakening security just a smidge to give law-enforcement and intelligence officials an edge is worth it. Thats the basic idea behind the NSAs vulnerability collection: If we found a vulnerability, and we alone can use it, we get the advantage. Sounds good, except for the part about we alone can use it, which turns out to be, well, dead wrong.

Thats essentially what the FBI argued when it tried to force Apple to design a new way to breach its own products so that special agents could access the iPhone of Syed Rizwan Farook, the terrorist who, along with his wife, killed 14 people in San Bernardino. Law-enforcement and intelligence agencies always want an edge, and there is a public interest in letting them have it.

As former FBI Director James Comey put it, There will come a dayand it comes every day in this businesswhere it will matter a great deal to innocent people that we in law enforcement cant access certain types of data or information, even with legal authorization.

Many leading cryptographers (the geniuses who design secure communications systems) and some senior intelligence officials say that a technical backdoor for one is a backdoor for all. If theres a weakness in the security of a device or system, anyone can eventually exploit it. It may be hard, it may take time, it may take a team of crack hackers, but the math doesnt lie. Its nice to imagine that the FBI and NSA are the only ones who can exploit coding vulnerabilities for the good of the nation. Its also nice to imagine that Im the only person my teenage kids listen to. Nice isnt the same thing as true. Former NSA Director Mike Hayden publicly broke with many of his former colleagues last year. I disagree with Jim Comey, Hayden said. I know encryption represents a particular challenge for the FBI. ... But on balance, I actually think it creates greater security for the American nation than the alternative: a backdoor.

Hayden and others argue that digital security is good for everyone. If people dont trust their devices and systems, they just wont use them. And for all the talk that security improvements will lock out U.S. intelligence agencies, that hasnt happened in the 40 years of this raging debate. Thats right. 40 years. Back in 1976, during the first crypto war, one of my Stanford colleagues, Martin Hellman, nearly went to jail over this dispute. His crime: publishing his academic research that became the foundational technology used to protect electronic communications. Back then, some NSA officials feared that securing communications would make it harder for them to penetrate adversaries systems. They were right, of courseit did get harder. But instead of going dark, U.S. intelligence officials have been going smart, finding new ways to gather information about the capabilities and intentions of bad guys through electronic means.

The NSAs second wicked problem is humans. All the best security clearance procedures in the world cannot eliminate the risk of an insider threat. The digital era has supersized the damage that one person can inflict. Pre-internet, traitors had to sneak into files, snap pictures with hidden mini-cameras, and smuggle documents out of secure buildings in their pant legs or a tissue box. Edward Snowden could download millions of pages onto a thumb drive with some clicks and clever social engineering, all from the comfort of his own desktop.

There are no easy solutions to either the technical or human challenge the NSA now faces. Tuesdays global cyber attack is a sneak preview of the movie known as our lives forever after.

Talk about WannaCry.

Go here to see the original:

The NSA Confronts a Problem of Its Own Making - The Atlantic

In January, Shelby rejected an attempt by the Department of Justice to dismiss the case.

In late May, a declaration by former NSA official Thomas A. Drake, affirming the allegations, was forwarded by Anderson to Justice Department attorneys.

Drake's statement contradicted assertions by Michael Hayden, the former director of the NSA, that said neither the President's Surveillance Program (PSP) nor any other NSA intelligence-gathering activity was involved in indiscriminate and wholesale surveillance in Salt Lake City or other Olympic venues during the 2002 Winter Games.

"I have reviewed the declaration of Michael V. Hayden dated March 8, 2017," Drake's statement said. "As a result of personal knowledge I gained as a long-time contractor and then senior executive (1989-2008) of the NSA, I know the statements made by Hayden in that declaration are false or, if not literally false, substantially misleading."

The NSA has the capability to seize and store electronic communications passing through U.S. intercept centers, according to the statement from Drake.

After Sept. 11, 2001, "the NSA's new approach was that the president had the authority to override the Foreign Intelligence Surveillance Act (FISA) and the Bill of Rights, and the NSA worked under the authority of the president," Drake said. "The new mantra to intercepting intelligence was 'just get it' regardless of the law."

Additional information on the NSA's intelligence-gathering came to light in 2013 when Edward Snowden, a contractor working for the agency, revealed to the Guardian newspaper the scope of U.S. and British global surveillance programs.

csmart@sltrib.com

See more here:

Utah judge orders NSA to provide documents and data on 2002 ... - Salt Lake Tribune

National Security Agency (NSA) Director Mike Rogers is frustrated that he has not yet convincedPresident Trump thatU.S. intelligence indicatesRussia interferedin the 2016 presidential election, CNN reported Wednesday.

Rogers vented frustration over his fruitlessefforts to lawmakers during a recent closed-door briefing on Capitol Hill,a congressional source familiar with the meeting told the news network.

The intelligence community continues to brief the president on new informationon Russia's election involvementas itcomes to light.

An intelligence official told CNN that while Trump does not seem less engaged when being briefed on the matter, he has expressed frustration outside of the briefings that too much attention is being paid to the ongoing probe into Russia's interference in the election.

Russia, as well as other countries such as China, Iran and North Korea are consideredpotential threats by U.S. intelligence.

CNN reported that other top administration officials have also tried to emphasize the importance of a foreign nation attempting to meddle in the U.S. elections.

The president has taken to social mediato criticize formerPresident Barack ObamaBarack ObamaOvernight Energy: Trump vows to bring American energy dominance Fox News anchor rips RNC chair for defending Trump attack on Brzezinski CBO: Debt ceiling will be hit in October MORE after a bombshell report by The Washington Post revealed his predecessor was briefed about Russia's activities in August 2016 and was slow to respond.

"I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it," Trump told Fox News in an interview that aired Sunday. "To me -- in other words -- the question is, if he had the information, why didn't he do something about it? He should have done something about it."

Trump has also repeatedly called the ongoing probe into Russia and possible ties between the Kremlin and hiscampaign a "witch hunt."

Read more:

NSA director frustrated Trump won't accept Russia interfered in election: report - The Hill

But the witnesses sidestepped Mr. Grahams question, saying only that they were working on his request. That provoked an angry intervention from the committee chairman, Senator Charles E. Grassley, Republican of Iowa, who banged his gavel and told Mr. Graham, his voice rising, I want you to proceed until you get an answer.

Mr. Graham eventually ended his questioning without getting one. But later in the hearing, Senator Richard J. Durbin, Democrat of Illinois, suggested that the senators emotion at the thought that their government could invade their privacy and use the information against them was just part of the bigger picture.

What about the privacy of the Americans who are not in this room? he asked.

The warrantless surveillance program traces back to President George W. Bushs Stellarwind program, introduced after the Sept. 11, 2001, attacks. Stellarwind permitted the National Security Agency to wiretap Americans international phone calls without the court orders required by the Foreign Intelligence Surveillance Act, or FISA, of 1978.

After it came to light, Congress legalized a form of the program in 2008 with the FISA Amendments Act. It permits the government to collect, from American internet or phone providers and without warrants, the communications of foreigners abroad who have been targeted for any foreign intelligence purpose even when they are talking to Americans.

Privacy advocates want Congress, as part of any bill extending the law, to require warrants before officials may use Americans identifiers, like their email addresses, to search the repository of messages previously collected by the program. But Stuart J. Evans, a top intelligence official at the Justice Department, testified on Tuesday that imposing such a limit would grind the entire FISA process to a halt because investigators need to quickly search a large volume of such queries to process leads, and because such queries are typically undertaken at an early stage, when investigators have not yet found evidence to establish probable cause of wrongdoing.

Several lawmakers also pressed the officials about a decision by Dan Coats, the director of national intelligence, to shelve an N.S.A. effort to estimate how much incidental collection of Americans information the program sweeps up. Bradley Brooker, the acting general counsel to Mr. Coats, said that systematically determining who is using email accounts that are not of foreign intelligence interest would invade peoples privacy and divert resources.

To underscore their message that the program is too valuable to curtail, Mr. Brooker and other officials disclosed several additional examples where the program had been useful. They included detecting an unidentified country that was smuggling goods in violation of sanctions, and finding someone in Western Europe who was talking to a member of the Islamic State about purchasing material to build a suicide belt.

Mr. Ghattas said the government had used the program to investigate Shawn Parson, a Trinidadian social media propagandist for the Islamic State whose network distributed prolific amounts of English-language recruiting pitches and calls for attacks before he was killed in Syria in August 2015.

The F.B.I. had been investigating Mr. Parson since October 2013 based on his online postings, Mr. Ghattas said, and information it shared from that collection with unspecified allies had helped them identify other Islamic State supporters and had potentially prevented attacks in those countries.

Follow Charlie Savage on Twitter @charlie_savage.

A version of this article appears in print on June 28, 2017, on Page A14 of the New York edition with the headline: Up-and-Down Hearing On Surveillance Program.

Continue reading here:

NSA Warrantless Surveillance Aided Turks After Attack, Officials Say - New York Times

Lawyers gather in court for the NSA contractor accused in top secret leak, Reality Winner, on June 27. Richard Miller

Attorney Titus Nichols told reporters outside court Tuesday afternoon that the discussion over the order centered on both sides knowing the rules of engagement regarding any potentially classified information.

That way if there is any type of information that is classified at any level, that everyone knows what the rules of engagement will be, so there is not going to be a risk of accidental release of information and definitely not going to be any intentional release of information thats classified, he said.

Prosecutor Jennifer Solari said during the hearing that a note pad with handwriting in Farsi was being reviewed and translated. Nichols told reporters after the hearing that the defense had not seen the notebook and thus was not able to discuss anything about it at the time.

Prosecutors are also examining two computers, hard drives, a tablet and four phones seized from Winner. They agreed to have all evidence discovery filed by August 25.

Nichols added that Winner was maintaining pretty well and that every conversation he had had with her has been positive, as his client remains in jail awaiting her trial.

Earlier this month,

Terry Pickard reported from Augusta, Georgia, and Daniella Silva reported from New York.

Read more here:

Alleged NSA Leaker Reality Winner Appears in Federal Court, Trial ... - NBCNews.com

The seals of the U.S. Cyber Command, the National Security Agency and the Central Security Service are pictured outside the campus the three organizations share in Fort Meade, Maryland. | Getty

By Eric Geller

06/27/2017 12:16 PM EDT

Updated 06/27/2017 05:49 PM EDT

A potent ransomware attack has gripped organizations around the world for the second time in less than two months.

And like the first outbreak in mid-May which claimed hundreds of thousands victims in a game-changing cyberattack Tuesday's outburst is spreading via a Microsoft flaw originally exposed in a leak of apparent NSA hacking tools.

Story Continued Below

The latest malicious software battered companies in Russia, Ukraine and many other countries in Europe, according to cybersecurity researchers, sending law enforcement officials scrambling and sparking fears about how the world would contain the outbreak of the malware, which locks up computer systems and demands ransom payments.

While the U.S. has been largely unscathed to this point, major multinational energy, shipping, banking, pharmaceutical and law firms, as well as government agencies, have confirmed they are fighting off cyberattacks.

Security firm Kaspersky Lab estimated it had seen 2,000 victims, and counting, throughout the day. While the estimate is significantly lower than the massive numbers tied to May's attack which relied on malware dubbed WannaCry some researchers noted technical details of the new malware that might make it harder to kill.

Researchers have also not yet linked the latest attack to any specific hacking group or nation-state, unlike May's digital ambush, which technical specialists and reportedly intelligence officials in the U.S. and U.K. traced to North Korean-backed hackers.

But security specialists have been warning for weeks that the recent WannaCry ransomware virus was only the beginning of these fast-spreading digital sieges.

WannaCry was powered by a variant of apparent NSA cyber weapons that were dumped online, raising questions about whether the secretive hacking agency should sit on such powerful tools instead of alerting companies like Microsoft to the deficiencies in their software.

Experts say hackers have likely been working to tweak the WannaCry malware, potentially allowing new versions to skirt the digital defenses that helped stall the first global assault.

Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

Indeed, the virus that proliferated Tuesday shares many similarities with WannaCry, but contains some striking differences.

For starters, Tuesday's virus proliferated using the same Microsoft Windows flaw as WannaCry, according to digital security firms Symantec and Bitdefender Labs. But researchers noted the malware is also capable of hopping around using multiple Microsoft flaws, not just the most famous one exposed in the online dump of the purported NSA cyber weapons.

Additionally, like WannaCry, this new malware demands that victims pay a ransom using the digital currency Bitcoin before their files can be unlocked. As of Tuesday evening, 32 victims had paid a ransom, with the number steadily climbing.

Unlike WannaCry, however, the rapidly spreading malware does not merely encrypt files as part of its ransom scheme. Rather, it changes critical system files so that the computer becomes unresponsive, according to John Miller, a senior manager for analysis at the security firm FireEye, which reviewed the malware.

Some researchers identified the infection as a novel variation of the so-called Petya malware, which has been around since 2016. But researchers at Kaspersky believe it is a totally new strain they are dubbing ExPetr.

A sample of the malware initially went undetected by nearly all antivirus software.

The digital weapon cloaks itself as a file that Microsoft has already approved as safe, helping it avoid detection, Costin Raiu, director of global research efforts at Kaspersky, said on Twitter.

The malware was written on June 18, according to a sample that Kaspersky has analyzed.

Most of the infections on Tuesday were in Ukraine, with Russia the next hardest hit, according to Kasperskys analysis. Russia was also a major victim during the WannaCry outbreak. Raiu told POLITICO that Belarus, Brazil, Estonia, the Netherlands, Turkey and the United States were also affected, but that those countries accounted for less than 1 percent of all victims.

A Department of Homeland Security spokesman said the agency was "monitoring reports" of the ransomware campaign and coordinating with international authorities.

Researchers suspect that Ukraine became the nexus of the outburst after companies using a popular tax program unknowingly downloaded an update that contained the ransomware. From there, the virus could have spread beyond those companies using various flaws in Windows.

The ransomware eruption may be responsible for several major cyber incidents that began Tuesday.

The global shipping and logistics firm Maersk which is based in Denmark confirmed that it was dealing with a intrusion affecting "multiple sites and business units." And the Russian oil company Rosneft said it was responding to "a massive hacker attack."

Ukraine's central bank and its capital city's main airport also said they were dealing with cyberattacks. The virus appeared to be hitting the country's government computers as well.

The cyberattack also forced the Ukraine-based Chernobyl nuclear power plant to revert to manual radiation monitoring, according to a Ukrainian journalist citing the country's state news service.

Elsewhere, the German pharmaceutical giant Merck said its network was compromised in the outbreak and that it was still investigating the incident.

A daily briefing on politics and cybersecurity weekday mornings, in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

But the U.S. has been largely spared so far.

The American Gas Association said in a statement that no U.S. natural gas utilities have reported infections.

However, in Pennsylvania, the Heritage Valley Health System which operates two hospitals and 60 physician offices said it was grappling with a cyberattack. The incident is widespread and is affecting the entire health system, said spokeswoman Suzanne Sakson.

Multinational law firm DLA Piper was also experiencing computer and phone outages in multiple offices, including in Washington, D.C. The company did not respond to a request for comment.

But a photo shared with POLITICO showed a sign outside the firm's Washington office that read, "All network services are down, do not turn on your computers! Please remove all laptops from docking stations and keep turned off. No exceptions."

DLA Pipers secure document storage system for clients also went down, though the firm may have done that as a precaution. A bit stressed at moment as I am unsure if our docs there are safe, one client told POLITICO.

Tim Starks contributed to this report.

Missing out on the latest scoops? Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

Original post:

NSA-linked tools help power second global ransomware outbreak - Politico

Photo: Michael Cummo / Hearst Connecticut Media

Purdue Pharma is headquartered at 201 Tresser Blvd., in downtown Stamford, Conn.

Purdue Pharma is headquartered at 201 Tresser Blvd., in downtown Stamford, Conn.

Purdue, sheriffs association launch next phase of naloxone initiative

STAMFORD Purdue Pharma and the National Sheriffs Association announced this week the second round of a partnership that gives officers across the country overdose kits and training for the naloxone drug, which can reverse opioid overdoses.

NSA officials credit the Purdue-funded initiative with helping to save some 120 lives since its late 2015 pilot-phase launch. In the first stage, NSA officers distributed 500 naloxone kits to 12 local law enforcement agencies in several states.

The program has also allowed NSA to reach more than 600 deputies and officers through on-site training at nine law enforcement agencies across the country.

Purdue remains committed to combating opioid abuse and equipping our communities with the tools and resources they need to do so, Gail Cawkwell, Purdues chief medical officer, said in a statement. We are motivated by the results weve seen since the launch of the pilot program and are proud to continue our partnership with NSA.

Purdue, whose drugs include the opioid OxyContin, has contributed $850,000 so far to the initiative and $500,000 will support the next phase. The NSA plans to provide during the next year the Narcan nasal spray brand of naloxone and training to at least 50 law enforcement agencies across the country.

Law enforcement officers know firsthand the impact that the right tools can have in saving lives within our communities, Sheriff Keith Cain, NSA board member and chairman of the NSAs Drug Enforcement Committee, said in a statement. NSA has identified naloxone as one of the most effective weapons in our arsenal for combatting opioid overdose, and we are continuing our work to train law enforcement and implement effective solutions on a national scale.

The U.S. Department of Health and Human Services has also endorsed naloxone.

Since 1999, the national rate of overdose deaths involving opioids including prescription drugs and heroin nearly quadrupled, and more than 165,000 people have died from prescription opioid overdoses, according to an HHS factsheet.

In a May report on the initiative, the NSA pointed to the need for a comprehensive strategy for tackling the opioid epidemic that includes raising awareness about its impact and solutions that help those affected by the crisis.

We need to have a pointed discussion that regularly and openly identifies what works, what doesn't, and where communities can go for solutions, NSA officials wrote in the report. Right now, we need to come together as a country to figure out what is already working and what we can do to implement these solutions on a national scale.

While NSA praised Purdue for its support of the naloxone program, the Stamford-based pharmaceutical company also faces a wave of litigation alleging it made false claims about OxyContin that fueled the opioid crisis. During the past month, Ohios attorney general and a group of district attorneys general in Tennessee have filed such complaints. Purdue has denied those lawsuits allegations.

pschott@scni.com; 203-964-2236; twitter: @paulschott

View original post here:

Purdue, sheriffs association launch next phase of naloxone initiative - The Advocate

The Shadow Brokers is once again trying to sell yet more stolen NSA cyber-weapons, raising the asking price in the process. And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.

In the now-traditional broken English statement, the smug miscreants said they had so many punters throwing money at them for their June exploit sale that they are jacking up their prices. If you want to get hold of the forthcoming July batch, it'll set you back 200 ZEC (Zcash) ($65,000) or 1,000 XMR (Monero) ($46,000), which is a rather bizarre pricing policy and double the amount the crew were charging before.

What's also slightly bizarre is that there has been, seemingly, zero fallout from that sale last month, and no evidence anyone paid up or got any code.

"Another global cyber attack is fitting end for first month of theshadowbrokers dump service," it said. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"

That's referring to this week's Petya/NotPetya outbreak and last month's WannaCry drama: both of these strains of malware used NSA exploits from the Shadow Brokers' April leak to attack Windows PCs around the world. The group, which is thought to be linked to Russian intelligence, claims the cyber-weapons it is now flogging off were nicked from the Equation Group, which is understood to be a moniker for an NSA hacking team.

In addition to its very expensive exploit-of-the-month club, the group is offering a VIP service, where it will offer specific exploits that people ask for. This doesn't come cheap however: the entry price is 400 ZEC ($131,000) and the group says "VIP Service is no guarantee of future good or services, negotiation for those is being separate."

In its latest screed the Shadow Brokers also take issue with someone they refer to as the "Doctor," who isn't a time lord but a hacker the group claims was working for the Equation Group. The brokers are apparently miffed that this person has been tweeting bad things about them.

"TheShadowBrokers is thinking 'doctor' person is former EquationGroup developer who built many tools and hacked organization in China. TheShadowBrokers is thinking 'doctor' person is co-founder of new security company and is having much venture capital," they said.

"TheShadowBrokers is hoping 'doctor' person is deciding to subscribe to dump service in July. If theshadowbrokers is not seeing subscription payment with corporate email address of doctor@newsecuritycompany.com then theshadowbrokers might be taking tweets personally and dumping data of 'doctor' person's hacks of China with real id and security company name."

While not identifying the doctor as yet, one man thinks it might be him they are referring to. Daniel Wolfford, a specialist working for Middle Eastern mobile security firm DarkMatter, denied that he was involved in the Equation Group and does only defensive hacking.

The price increase is bad news for white-hat security researchers, who had been planning to crowdfund buying up Shadow Broker exploits and fix them. Then again, the group could just dump the exploits on the market for free, as they have done in the past.

View original post here:

Shadow Brokers hike prices for stolen NSA exploits, threaten to out ex-Uncle Sam hacker - The Register

Illustrative image of cyber counter-terrorism. (photo credit:INGIMAGE PHOTOS)

The foundation of civilization is under cyber attack, said the former commander of Israel's elite intelligence Unit 8200 Nadav Zafir on Monday.

Zafir claimed that the electoral process can be tampered with by unlawful cyber activity and damage infrastructure, putting democratic civilizations at risk.

Zafir, headed what is considered to be the Israeli NSA between 2009 - 2013, made the comments during Cyber Week at Tel Aviv University.

The current chief of the Shin Bet, Nadav Argaman, is scheduled to give a rare talk on Tuesday that will present the audience with some of the means the Israeli security services use to tackle threats from individual hackers. This would be the first time such details will be openly presented to the public.

Today marks the second day of the conference, a unique event that address the challenges of security and privacy, for governments as well as private people, as the Internet becomes ever more present in global communication, finance, and entertainment.

The former chief of the USNational Security Agency (NSA) Keith Alexander also addressed the summit, telling the audience that he recently met with USPresident Donald Trump and that, despite what you hear in the press, the president understands fully existential cyber threats.

Speakers include Homeland Security and Counter Terrorism official Thomas Bossert, who serves as assistant to Trump. Current director of the Shin Bet (Israel Security Agency) Nadav Argaman, Check Point CEO Gil Shwed and former New York mayor Rudolph Giuliani are also in the lineup.

Other speakers include chief information security officer of the Indian Axis bank Ashutosh Jain and Austrian privacy activist Max Schrems. Events include an international war game simulation, a panel on the role of cyber in aviation, and even a cocktail party.

In recent years Israel became a celebrated global leader in the realm of cyber security, hi-tech, and technological innovation. Leading many to label Israel as a "Hi-Tech Nation".

This is the sixth year in which Cyber Week had taken place. This year's event will include round table discussions discussing Israeli - French, India-Israel, and UK - Israel innovation and regulation in regard to cyber security.

Those visiting the conference will be greeted by a huge six meters (19.5 feet) sculpture of a Trojan horse created from molten bits of smartphones, keyboards, and television screens that have been made useless due to a virus attack or remote hacking. The piece, which weighs two tons, was designed by Israeli advertising executive Gideon Amichay for the 2016 conference and became an iconic piece at campus.

Share on facebook

Read more from the original source:

Ex-Israeli NSA chief: Foundation of civilization is under attack - The Jerusalem Post

It is very likely, in fact, most probable that NSA does have those tapes, stated Binney.

Binney continued: I think you already have examples of it where you had conversations that President Trump had with the president of Mexico and also with Australia. All of those have been leaked. Also phone calls involving [former National Security Advisor Michael] Flynn and so on and the White House.

And the point is here, you see, I dont know of any time that the president makes a phone call that is not encrypted. So that means that the people who are intercepting the president have to be able to decrypt it. And the people who provide the encryption and the keys to the systems to be used are NSA, he added.

Binney was speaking Sunday night on this reporters talk radio program, Aaron Klein Investigative Radio, broadcast on New Yorks AM 970 The Answer and Philadelphias NewsTalk 990 AM.

Binney was an architect of the NSAs surveillance program. He became a famed whistleblower when he resigned on October 31, 2001 after spending more than 30 years with the agency. He has remained a sought-after expert on NSA surveillance.

Binney was responding to a series of tweets from the U.S. president last week in which Trump wrote that he did not make and does not have recordings of his conversations with Comey.

However, Trump allowed that with all of the recently reported electronic surveillance, intercepts, unmasking and illegal leaking of information, I have no idea whether there are tapes or recordings of my conversations with James Comey.

On May 12, after Comey had been fired and there was speculation he was behind leaks to the news media, Trump had ominously issued the following warning on Twitter:

In remarks to the Senate Intelligence Committee earlier this month, Comey described three in-person private conversations with Trump one in January at Trump Tower before the inauguration and two more in the White House after Trump became president and two phone calls between the two.

NSA Absolutely Tapping Trumps Calls

Asked pointedly whether he believes the NSA is bugging the Oval Office, Binney replied, Absolutely.

In February on this reporters radio program, Binney made national headlines when he alleged the NSA was tapping Trumps Oval Office phone calls.

Binney further contended at the time that the NSA may have been behind a data leak that revealed Michael Flynn allegedly misled Vice-President Mike Pence and other Trump administration officials about the contents of his phone calls with Russias ambassador to Washington.

During the interview on Sunday, Binney addressed alleged illicit NSA domestic surveillance that he says is documented in NSA whistleblower Edward Snowdens slides on the agencys Fairview program, which is supposed to focus on the collection of data from foreign countries citizens utilizing switching stations located inside the U.S.

Binney stated:

The slides showing the tap points across the United States where the targets really are the U.S. population and not the foreigners. If they wanted the foreigners all they would have to do is tap the surfacing points for the transoceanic cables. That would be along the coast. You wouldnt need to tap points distributed with the populations of the company. So that is the main program they are using to collect all this data on the fiber networks.

Binney further stated the NSA could remotely turn on cell phone mics to record offline conversations.

Aaron Klein is Breitbarts Jerusalem bureau chief and senior investigative reporter. He is a New York Times bestselling author and hosts the popular weekend talk radio program, Aaron Klein Investigative Radio. Follow him onTwitter @AaronKleinShow.Follow him onFacebook.

P.S. DO YOU WANT MORE ARTICLES LIKE THIS ONE DELIVERED RIGHT TO YOUR INBOX?SIGN UP FOR THE DAILY BREITBART NEWSLETTER.

See original here:

EXCLUSIVE Whistleblower: 'Most Probable' That NSA Has Recordings of Trump Phone Calls with James Comey - Breitbart News

Edward Snowden / Getty Images

BY: Natalie Johnson June 24, 2017 5:00 am

The National Security Agency did not know how manyofficials were authorized to download and transfer top secret data from its servers prior tothe high-profile leaks by former contractor Edward Snowden, according to a recently declassified government report.

The NSA was also unsuccessful in attempts to meaningfully cut the number of officials with "privileged" access to its most sensitive databases, the Department of Defense's inspector general determined in the 2016 investigation. The heavily redacted report was obtained by the New York Times through a Freedom of Information Act lawsuit.

The agency struggled to achieve the mandated reductions because it had no idea how many employees or contractors were designated data transfer agents or privileged access users prior to the leaks.

NSA officials told the inspector general they lost a "manually kept spreadsheet" that tracked the number of privileged users after receiving multiple requests from the inspector general to provide documents identifying the initial number. The lapse made it impossible for the agency to determine its baseline of privileged users from which reductions would be made.

The report said the NSA then "arbitrarily removed" privileged access from users, who were told to reapply for the authorization. While this enabled the agency to determine how many personnel were granted special access, the NSA still had no way of measuring how many privileged users had lost the clearance.

The inspector general said the NSA should have used this new baseline as a "starting point" to reduce privileged users instead of using the number to declare a reduction in those personnel.

In the case of data transfer agents, the NSA's "manually kept list" tracking the number of officials authorized to use removable devices, such as thumb drives, to transfer data to and from the agency's servers was "corrupted" in the months leading up to the Snowden leaks, the report said.

Without a baseline to measure potential reductions, the NSA then mandated data transfer agents to reapply for the authorization. Again, though this allowed the agency to determine how many personnel were given the authority, the NSA still had no way of gauging how many reductions were made, if any.

The threat proved ongoing earlier this month when former contractor Reality Winner was charged with removing classified information from NSA facilities regarding the Russian election hacks and leaking it to the press.

The initiatives to cut the number of people with access to classified data were part of a broader post-Snowden measure, called "Secure the Net," to strengthen protections of its sensitive surveillance and hacking methods.

The report determined that while the NSA made some progress in achieving reform, the agency "did not fully meet the intent of decreasing the risk of insider threats to its operations and the ability of insiders to exfiltrate data."

NSA spokeswoman Vanee Vines acknowledged the report's conclusions in a statement issued to the New York Times last week.

"We welcome the observations and opportunities for improvement offered by the U.S. Defense Department's Inspector General," she said. "NSA has never stopped seeking and implementing ways to strengthen both security policies and internal controls."

It is unclear what steps the NSA has taken since the report was finalized in August 2016 to reduce the number of employees and contractors with access to its top-secret databases.

Follow this link:

Prior to Snowden, NSA Had No Clue How Many Were Approved to ... - Washington Free Beacon

After the WannaCry cyberattack hit computer systems worldwide, Microsoft says governments should report software vulnerabilities instead of collecting them. Here, a ransom window announces the encryption of data on a transit display in eastern Germany on Friday. AFP/AFP/Getty Images hide caption

After the WannaCry cyberattack hit computer systems worldwide, Microsoft says governments should report software vulnerabilities instead of collecting them. Here, a ransom window announces the encryption of data on a transit display in eastern Germany on Friday.

When the National Security Agency lost control of the software behind the WannaCry cyberattack, it was like "the U.S. military having some of its Tomahawk missiles stolen," Microsoft President Brad Smith says, in a message about the malicious software that has created havoc on computer networks in more than 150 countries since Friday.

"This is an emerging pattern in 2017," Smith, who is also chief legal officer, says in a Microsoft company blog post. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

On affected computers, the WannaCry software encrypts files and displays a ransom message demanding $300 in bitcoin. It has attacked hundreds of thousands of computers, security experts say, from hospital systems in the U.K. and a telecom company in Spain to universities and large companies in Asia. And the software is already inspiring imitators, as the Bleeping Computer site reports.

The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April. And while Microsoft said it had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn't told the U.S. tech giant about the security risk until after it had been stolen.

With his new statement, Smith seems to be confirming that version of events.

Two months after Microsoft issued its security patch, thousands of computers remained vulnerable to the WannaCry attack. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without requiring an upgrade to the latest operating software.

Urging businesses and computer users to keep their systems current and updated, Smith says the WannaCry attack shows the importance of collective action to fight cybercrime.

But he aimed his sharpest criticisms at the U.S. and other nations.

The attack, Smith says, "represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today nation-state action and organized criminal action."

International standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says. He adds that governments should report vulnerabilities like the one at the center of the WannaCry attack.

Governments "need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," Smith says, urging agencies to "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

Smith's blog post did not address another factor in the ransomware's spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution.

Read the original here:

is calling out the NSA - npr.org

NEW YORKThe economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. Thats why Neal Ziring, technical director for the NSAs Capabilities Directorate, wants to flip the financial equation on bad guys.

We need to conduct defenses in a way that kills an adversarys ROI, Ziring said. I want to get it down to the point where a threat actor says, I better choose carefully where I throw this malware first, because Im not going to get a third or fourth try. Today they dont have that concern.

In order to decimate a cybercriminals ROI on developing tools and attack playbooks, Ziring is calling on public agencies, companies and the security community to radically change the way they respond to cyberattacks.

In a keynote address Thursday at the Borderless Cyber conference, he said the cybersecurity community needs to work cooperatively to collectively respond to attacks in the same spirit they share threat intelligence. He argues, doing so will deprive cyber threat actors of the ability to use tools and tradecraft multiple times and starve criminals financially.

The future of cyber defense is having a shared response or coordinated response, Ziring said. We need to break out of todays enterprise mentality of every person for themselves.

The type of framework Ziring describes doesnt exist today, but two standards come close. Those are STIX (Structured Threat Information Expression) and TAXII (Trusted Automated eXchange of Indicator Information) which both deal with sharing data ahead of an attack. Neither address a key component that Ziring is calling for which is a public-private framework that creates a type of autoimmune system. If one node on the network is attacked, all other connected nodes are warned within seconds to defend against a similar attack.

There is no technological reason why this couldnt work. There are only practical obstacles like the need for interoperable standards that will enable us to do this in todays heterogeneous environments. And thats the bit we are solving right now with STIX and OpenC2, he said.

Still early in development, OpenC2 is a language that would enable the coordination and execution of command and control of defense components between domains and within a domain.

Universal support for that type of framework will take a major shift in industry mindsets. As one conference attendee noted, today breach data is a carefully guarded secret for many companies. Ninety-five percent of the dozens of breaches the attendee said he helped mitigate over the past year were kept private for fear it might hurt share prices and the companies reputation.

Ziring said the industry does not need new regulations to mandate breach transparency. The upside to information sharing is the carrot that he hopes will lure companies, sectors and communities to be part of the sharing framework. He notes there are already several critical infrastructure sectors that are required to report breaches to the DHS.

It would be better if we didnt have to create more regulation. Well have to take a wait and see approach for now, he said.

Currently, the type of framework Ziring describes is extremely rare. Within the financial services sector breach data is shared between members of a FS-ISAC (Financial Services Information Sharing and Analysis Center). When one member is attacked all other members are alerted and can fend off similar attacks before they happen.

Meanwhile, attack surfaces are growing with the rapid expansion of cloud, IoT and third-party services. Ziring said current defenses are not as scaleable as they need to be and cant match the automated nature of cyberattacks.

Using FS-ISAC as a model, Ziring envisions a future where industry-focused communities share visibility into threats. When an attack occurred, top-level community members would analyze the threat and send out counter measures to community members inoculating them within seconds or minutes from similar attacks. Its unreasonable to ask small business to be ready fight off a nation state attack themselves, he said.

To many in attendance, that top-level community member is the government. To that end, Ziring told attendees that NSA and DHS are committed to be a trusted partner in the framework through the development of standards such as OpenC2.

The government has a unique authority in this area. We are doing a lot today within the DHS and FBI. I believe government has a responsibility to share. Culturally, its going to be tough. But we need to do it, he said.

Here is the original post:

NSA Advocates Data Sharing Framework - Threatpost