A pair of senior U.S. senators is pressing the Trump administration for information about how the Augusta woman at the center of the National Security Agency leak investigation was screened for her security clearance.

Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson, R-Wisconsin, and Ranking Member Clair McCaskill, a Missouri Democrat, sent seven questions about Reality Leigh Winner and the governments vetting process to the Office of Personnel Management this week.

Among other things, the senators want to know which federal agency initially screened Winner and when, when her clearance was last reinvestigated and whether those screenings were done by federal employees or contractors? They also want to know the size of the governments current backlog of security clearance reinvestigations.

Winner worked as a federal contractor at a U.S. government agency in Georgia between February and June and had a top-secret security clearance. A federal grand jury has indicted her on a single count of "willful retention and transmission of national defense information for allegedly leaking to the news media a classified NSA report on Russias meddling in the U.S. election system. Before she was indicted, Winner spent months unleashing a tirade of social media posts calling President Donald Trump, among other things, an "orange fascist."

Winner faces up to 10 years in prison and $250,000 in fines, plus up to three years of supervised release and a $100 special assessment. She has pleaded not guilty to the charge. Her next court hearing is set for June 27 in Augusta. TMZ recently publishedvideo of her exercising in an outdoor area of the Lincoln County Jail,wheresheisbeingdetained.

Ms. Winner allegedly chose to put Americans and our national security at risk when she leaked classified materials, Johnson said in a joint statement with McCaskill. It is my hope that OPM will do a thorough review of her security clearance, and determine if it was granted appropriately.

McCaskill said: The leaking of classified information jeopardizes our national security. We need to determine if Ms. Winners security clearance process was handled correctly or if we missed any red flags.

The Office of Personnel Management had no immediate comment Friday.

Gary Davis and Billie Winner-Davis, stepfather and mother of Reality Leigh Winner, spoke to The Atlanta Journal-Constitution about their daughter. Video by Hyosub Shin/AJC. Hyosub Shin/AJC

See the original post here:

Senators seek answers about accused NSA leaker's security clearance - Atlanta Journal Constitution

Do we have a voting system we can trust, that is accurate, secure and just? This question, raised by the 2016 multi-state recount effort, is roaring back at us louder than ever after the Intercepts publication last week of a leaked National Security Agency report documenting with unprecedented detail a hacking scheme targeting components of the U.S. voting system.

The NSA report shows how the hack first used a spear phishing attack in August on the employees of a company producing voter registration software. Information from that hack was then used in a second phishing email about a week before the election targeting over 100 government employees, presumably local election officials, as the Intercept put it, to trick [them] into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

Some cybersecurity experts presume the hack was exploratory rather than an actual attack, given the short time until the election. Still, this remains unproven, and the leaked NSA report raises disturbing questions. In particular, how far did this particular hack penetrate into the election system? Were there other successful hacks into the 2016 election? And can we trust our election results going forward?

Todays voting system is a sprawling network of hardware, software and local election officials that integrate voter registration, electronic voting, tabulating vote totals, and reporting these results to precinct, county, state and national centers that compile final vote results.

As voting-security expert Alex Halderman stated in the Intercept article, I would worry about whether an attacker who could compromise the poll book vendor might be able to use software updates ... to also infect the election management system that programs the voting machines themselves. Once you do that, you can cause the voting machine to create fraudulent counts.

The bottom line is this: The voting machines and software must be examined in order to conclude that the vote has not been hacked, and to protect our elections going forward. This was the demand made by the 2016 recount effort. The imperative to do so now is stronger than ever. In fact, the universe of investigation should be expanded, based on this report, to include hardware and software involved in vote tabulation and reporting, as well as voting machines themselves.

The integrity of our elections is paramount. The issue transcends partisan politics. We are all harmed by corruption of our elections and the cynicism it breeds, contributing to the loss of confidence in our political system expressed by 90 percent of Americans according to an AP/NORC poll last year. Hacking is just one part of the problem. Elections are likewise degraded by racially-biased voter suppression, the control of big money and big media over our elections, the suppression of independent and third party voices in debates and media and more. A vote we can believe in is the bedrock foundation of a functioning democracy, as Judge Mark Goldsmith noted in the initial ruling to proceed with the Michigan recount. That bedrock has gone missing.

The urgent need to respond to the NSA revelations of election hacking must not be lost beneath the outrage and political controversy over alleged Russian responsibility for the attack. Fortunately, we don't need to settle the debate over who hacked into our election system in order to proceed urgently to safeguard our elections. In fact, we must protect our elections from all potential interference, whether from foreign state actors, domestic political partisans, gangster networks, lone wolves or private corporations, including companies who control the voting software.

In any event, identifying and punishing the perpetrator/s will not make our future votes secure. Truly solving the problem of hacking may well require the resumption of a long-stalled effort to create an international treaty on cyberwarfare. Perhaps, as Microsoft President Brad Smith suggests, its time for a Geneva Convention on Cybersecurity.

In the meantime, future, and no doubt current, hacking into our election system can and must be stopped by adopting common sense safeguards long advocated by the election integrity movement and advanced by the recount effort. We must end the use of hack-friendly, error-prone electronic voting machines, and revert to hand-marked paper ballots, ideally counted by hand or by optical scanners carefully monitored by cross-checking against paper ballots (a process known as statistical audits). Hand recounts of the paper ballots should be readily available whenever elections are very close, or when legitimate concerns are raised about hacking, corruption or error at any level of the system. These safeguards must be in place in time to secure the 2018 elections.

A vote we can trust must not only be accurate and secure. It must also be just and true to the promise of democracy. That means we must guarantee the unimpeded right to vote and end racist voter suppression schemes that cost millions of Americans the right to vote, including voter ID laws, felon disenfranchisement, and Interstate Crosscheck. It means ending discrimination against alternative parties and independents in getting on the ballot, in the debates and in the media. It means getting big money out of our elections, and enacting improved voting systems like ranked choice voting and proportional representation that give voters the freedom to vote their values instead of their fears. Fixing our broken, unjust election system is no less urgent than fixing hackable electronic voting.

In this age of unprecedented converging crises of our economy, ecology, peace and democracy, we cannot wait to build the America we deserve. To do so, we need a voting system we can trust.

Dr. Stein was the 2016 Green Party Presidential candidate who initiated a multi-state recount effort backed by leading election integrity experts, largely due to concerns about the security of our voting system that are extremely topical in light of recent revelations.

View original post here:

OPINION: Leaked NSA report rings alarm sounded by 2016 election recount - The Hill (blog)

The Hill

Foreign investigators join NSA in blaming North Korea for Wannacry: report The Hill The BBC is reporting that British-lead international investigation into the origins of Wanna Cry has come to the same conclusions as the NSA and a number of private firms: North Korea was behind the attacks. The Wanna Cry ransomware held hundreds of ... NSA ties North Korea to WannaCry attacks: 5 things to knowBecker's Hospital Review NSA points to North Korea as culprit in WannaCry ransomware ...The Hankyoreh NHS cyber-attack was 'launched from North Korea'BBC News all 46 news articles »

See the original post here:

Foreign investigators join NSA in blaming North Korea for Wannacry: report - The Hill

The ODNI has released several documents in response to FOIA lawsuits (EFF, ACLU). The EFF scored 18 of these (handy zip link here) and the ACLU seven. The ACLU's batch has proven more interesting (at least initially). One document it obtained shows a tech company challenged a Section 702 surveillance order in 2014. The challenge was shut down by the FISA court, but with the exception of Yahoo's short-lived defiance, we haven't seen any other evidence of ISP resistance to internet dragnet orders.

Included in the ACLU's batch is a 2008 FISA Court transcript [PDF] that's particularly relevant to the NSA's voluntary shutdown of its "about" collection. In it, the NSA discusses its filtering and oversight procedures, which were already problematic nearly a decade ago.

There are some really interesting tidbits to be gleaned from the often heavily-redacted proceedings, including this statement, which makes it clear the NSA engaged in wholly-domestic surveillance prior to the FISA Amendments Act.

THE COURT: All right. Well, what about the non-U.S. person status, which of course is new under the FISA Amendments Act? Are you going to be changing anything in terms of focusing on that?

[REDACTED GOV'T RESPONDENT]: We already sort of do with respect to the U.S. person status is so intertwined with the location of the target [REDACTED] to the extent that in the past NSA.would actually affirmatively identify targeted U.S. persons to us on the sheets, because one of the additional fields that they put in the sheets is basically a blurb, an explanation and a description of the target.

Clearly, we're not allowed to target US persons anymore, so I don't anticipate seeing any such descriptions on the sheets. But again, since the status of the person, the determination of how that is made is so intertwined with the same information upon which NSA relies to make a foreignness determination, that it would be hard for us not to identify such information as we're conducting the reviews.

Which, of course, means the NSA was allowed to target US persons and their communications previously, contradicting statements made by US officials, including President George W. Bush and Vice President Dick Cheney.

It's stated earlier in the transcript that the NSA does a few things to help minimize examination of US persons' communications. But they're not great. The NSA runs spot checks on analysts' transactions, deploys filters, and relies on self-reporting to guard against Fourth Amendment violations. It sounds like quite a bit, but the details show it's not nearly enough. To start with, the filters meant to filter out US persons' communications don't work.

COURT: The NSA minimization procedures, you're stating, 'contain a provision for allowing retention of information because of limitations on NSA's ability to filter communications.' My question I had was is the filter discussed in targeting the same filtering. I just wanted to understand that, and apparently it is. [The rest of the court's question is redacted.]

GOV'T: I think the inclusion of that provision in the minimization procedures was intended to be prophylactic in the event that the filters don't necessarily work, and NSA has represented that it's been their experience with the filters and [redacted] this provision basically captures instances where the filters may not work in every instance.

And there's a good reason why they won't work "in every instance." Further unredacted discussion reveals the NSA partially relies on an IP address blacklist to filter out US persons' communications. This is better than nothing, but still a long way from being a strong positive indicator of a target's (or incidental target's) location.

The court then asks about the limitations of the filters and we get several fully-redacted pages as an answer.

The court also asks about the "about" collection -- where targets are discussed but the communications do not directly involve NSA targets.The judge wants to know how often this is being used rather than the more-targeted "to/from" collection and how often it results in incidental collection. Unsurprisingly, the government can't say how often this happens. This is because the NSA saw no reason to track these searches.

GOV'T: As far as the percentage number, we don't have a number for that, because as I mentioned earlier, when we [redacted] we find to's and froms and [redacted] so we don't categorize those separately to be able to count those communications as abouts.

The court then asks why it's not possible to limit the collection to to's and froms. The government's response is that collecting it all just works better for the NSA, even though it apparently possesses the technical ability to keep these collections separate.

It is technically feasible. The problem with doing so is if you end up discarding a number of communications that are truly to-froms that you should be able to collect but [redacted]...

So by trying to limit us to no abouts, then we end up cutting out those kind of communications as well, truly to-froms. So it would be -- we're not surgical enough to take that out of the equation without impacting our ability to do to-froms effectively.

And later in the discussion, there's a bit of a bombshell about the "about" collection. The NSA shut it down because it couldn't find a way to prevent incidental collection of US persons' communications. In this transcript, the government points out incidental collection is just as likely with to-from targeting.

COURT: Is it more or less likely to pick up U.S.-person information in an about than a to or from?

MR. OLSEN: I don't know the answer in practice. At least from my perspective in theory, I wouldn't see why it would be more likely than a targeted to or from collection where the target's outside the United States where there's a similar possibility that that target would be in communication with someone in the United States, with a U.S. person in the United States.

If this is true, the elimination of the "about" collection doesn't do much to curtail incidental collection. And almost a decade ago, the NSA was already making it "impossible" to comply with Congressional requests for incidental collection numbers by refusing to separate its collections, even with the FISA Court raising questions about its Fourth Amendment implications.

Read more from the original source:

2008 FISA Transcript Shows NSA Already Knew It Might Have An Incidental Collection Problem - Techdirt

Ongoing news reports in the international media have revealed operational details about the United States National Security Agency (NSA) and its international partners' global surveillance[1] of foreign nationals and U.S. citizens. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States.[2] In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British and Canadian intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention.[3] The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times (United States), the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad (the Netherlands), Dagbladet (Norway), El Pas (Spain), and Sveriges Television (Sweden).[4]

These media reports have shed light on the implications of several secret treaties signed by members of the UKUSA community in their efforts to implement global surveillance. For example, Der Spiegel revealed how the German Bundesnachrichtendienst (BND) transfers "massive amounts of intercepted data to the NSA",[5] while Swedish Television revealed the National Defence Radio Establishment (FRA) provided the NSA with data from its cable collection, under a secret treaty signed in 1954 for bilateral cooperation on surveillance.[6] Other security and intelligence agencies involved in the practice of global surveillance include those in Australia (ASD), Britain (GCHQ), Canada (CSEC), Denmark (PET), France (DGSE), Germany (BND), Italy (AISE), the Netherlands (AIVD), Norway (NIS), Spain (CNI), Switzerland (NDB), Singapore (SID) as well as Israel (ISNU), which receives raw, unfiltered data of U.S. citizens that is shared by the NSA.[7][8][9][10][11][12][13][14]

On June 14, 2013, United States prosecutors charged Edward Snowden with espionage and theft of government property.[15] In late July 2013, he was granted a one-year temporary asylum by the Russian government,[16] contributing to a deterioration of RussiaUnited States relations.[17][18] On August 6, 2013, U.S. President Barack Obama made a public appearance on national television where he told Americans that "We don't have a domestic spying program" and that "There is no spying on Americans".[19] Towards the end of October 2013, the British Prime Minister David Cameron warned The Guardian not to publish any more leaks, or it will receive a DA-Notice.[20] In November 2013, a criminal investigation of the disclosure was being undertaken by Britain's Metropolitan Police Service.[21] In December 2013, The Guardian editor Alan Rusbridger said: "We have published I think 26 documents so far out of the 58,000 we've seen."[22]

The extent to which the media reports have responsibly informed the public is disputed. In January 2014, Obama said that "the sensational way in which these disclosures have come out has often shed more heat than light"[23] and critics such as Sean Wilentz have noted that many of the Snowden documents released do not concern domestic surveillance.[24] In its first assessment of these disclosures, the Pentagon concluded that Snowden committed the biggest "theft" of U.S. secrets in the history of the United States.[25] Sir David Omand, a former director of GCHQ, described Snowden's disclosure as the "most catastrophic loss to British intelligence ever".[26]

Barton Gellman, a Pulitzer Prizewinning journalist who led The Washington Post's coverage of Snowden's disclosures, summarized the leaks as follows:

"Taken together, the revelations have brought to light a global surveillance system that cast off many of its historical restraints after the attacks of Sept. 11, 2001. Secret legal authorities empowered the NSA to sweep in the telephone, Internet and location records of whole populations."

The disclosure revealed specific details of the NSA's close cooperation with U.S. federal agencies such as the Federal Bureau of Investigation (FBI)[28][29] and the Central Intelligence Agency (CIA)[30][31] in addition to the agency's previously undisclosed financial payments to numerous commercial partners and telecommunications companies,[32][33][34] as well as its previously undisclosed relationships with international partners such as Britain,[35][36] France[12][37] Germany,[5][38] and its secret treaties with foreign governments that were recently established for sharing intercepted data of each other's citizens.[7][39][40][41] The disclosures were made public over the course of several months since June 2013, by the press in several nations from the trove leaked by the former NSA contractor Edward J. Snowden,[42] who obtained the trove while working for Booz Allen Hamilton.[2]

George Brandis, the current Attorney-General of Australia, asserted that Snowden's disclosure is the "most serious setback for Western intelligence since the Second World War."[43]

As of December 2013[update], global surveillance programs include:

The NSA was also getting data directly from telecommunications companies codenamed Artifice, Lithium, Serenade, SteelKnight, and X. The real identities of the companies behind these codenames were not included in the Snowden document dump because they were protected as Exceptionally Controlled Information which prevents wide circulation even to those (like Snowden) who otherwise have the necessary security clearance.[65][66]

Although the exact size of Snowden's disclosure remains unknown, the following estimates have been put up by various government officials:

As a contractor of the NSA, Snowden was granted access to U.S. government documents along with top secret documents of several allied governments, via the exclusive Five Eyes network.[69] Snowden claims that he is currently not in physical possession of any of these documents, after having surrendered all copies to the journalists he met in Hong Kong.[70]

According to his lawyer, Snowden has pledged not to release any documents while in Russia, leaving the responsibility for further disclosures solely to journalists.[71] As of 2014, the following news outlets have accessed some of the documents provided by Snowden: Australian Broadcasting Corporation, Canadian Broadcasting Corporation, Channel 4, Der Spiegel, El Pais, El Mundo, L'espresso, Le Monde, NBC, NRC Handelsblad, Dagbladet, O Globo, South China Morning Post, Sddeutsche Zeitung, Sveriges Television, The Guardian, The New York Times, and The Washington Post.

In the 1970s, NSA analyst Perry Fellwock (under the pseudonym "Winslow Peck") revealed the existence of the UKUSA Agreement, which forms the basis of the ECHELON network, whose existence was revealed in 1988 by Lockheed employee Margaret Newsham.[72][73] Months before the September 11 attacks and during its aftermath, further details of the global surveillance apparatus were provided by various individuals such as the former MI5 official David Shayler and the journalist James Bamford,[74][75] who were followed by:

In the aftermath of Snowden's revelations, The Pentagon concluded that Snowden committed the biggest theft of U.S. secrets in the history of the United States.[25] In Australia, the coalition government described the leaks as the most damaging blow dealt to Australian intelligence in history.[43] Sir David Omand, a former director of GCHQ, described Snowden's disclosure as the "most catastrophic loss to British intelligence ever".[26]

In April 2012, NSA contractor Edward Snowden began downloading documents.[87] That year, Snowden had made his first contact with journalist Glenn Greenwald of The Guardian and he contacted documentary filmmaker Laura Poitras in January 2013.[88][89]

In May 2013, Snowden went on temporary leave from his position at the NSA, citing the pretext of receiving treatment for his epilepsy. Towards the end of May, he traveled to Hong Kong.[90][91] Greenwald, Poitras and the Guardian's defence and intelligence correspondent Ewen MacAskill flew to Hong Kong to meet Snowden.

After the U.S.-based editor of The Guardian, Janine Gibson, held several meetings in New York City, it was decided that Greenwald, Poitras and the Guardian's defence and intelligence correspondent Ewen MacAskill would fly to Hong Kong to meet Snowden. On June 5, in the first media report based on the leaked material,[92]The Guardian exposed a top secret court order showing that the NSA had collected phone records from over 120 million Verizon subscribers.[93] Under the order, the numbers of both parties on a call, as well as the location data, unique identifiers, time of call, and duration of call were handed over to the FBI, which turned over the records to the NSA.[93] According to The Wall Street Journal, the Verizon order is part of a controversial data program, which seeks to stockpile records on all calls made in the U.S., but does not collect information directly from T-Mobile US and Verizon Wireless, in part because of their foreign ownership ties.[94]

On June 6, 2013, the second media disclosure, the revelation of the PRISM surveillance program (which collects the e-mail, voice, text and video chats of foreigners and an unknown number of Americans from Microsoft, Google, Facebook, Yahoo, Apple and other tech giants),[95][96][97][98] was published simultaneously by The Guardian and The Washington Post.[86][99]

Der Spiegel revealed NSA spying on multiple diplomatic missions of the European Union (EU) and the United Nations Headquarters in New York.[100][101] During specific episodes within a four-year period, the NSA hacked several Chinese mobile-phone companies,[102] the Chinese University of Hong Kong and Tsinghua University in Beijing,[103] and the Asian fiber-optic network operator Pacnet.[104] Only Australia, Canada, New Zealand and the UK are explicitly exempted from NSA attacks, whose main target in the EU is Germany.[105] A method of bugging encrypted fax machines used at an EU embassy is codenamed Dropmire.[106]

During the 2009 G-20 London summit, the British intelligence agency Government Communications Headquarters (GCHQ) intercepted the communications of foreign diplomats.[107] In addition, GCHQ has been intercepting and storing mass quantities of fiber-optic traffic via Tempora.[108] Two principal components of Tempora are called "Mastering the Internet" (MTI) and "Global Telecoms Exploitation".[109] The data is preserved for three days while metadata is kept for thirty days.[110] Data collected by GCHQ under Tempora is shared with the National Security Agency (NSA) of the United States.[109]

From 2001 to 2011, the NSA collected vast amounts of metadata records detailing the email and internet usage of Americans via Stellar Wind,[111] which was later terminated due to operational and resource constraints. It was subsequently replaced by newer surveillance programs such as ShellTrumpet, which "processed its one trillionth metadata record" by the end of December 2012.[112]

The NSA follows specific procedures to target non-U.S. persons[113] and to minimize data collection from U.S. persons.[114] These court-approved policies allow the NSA to:[115][116]

According to Boundless Informant, over 97 billion pieces of intelligence were collected over a 30-day period ending in March 2013. Out of all 97 billion sets of information, about 3 billion data sets originated from U.S. computer networks[117] and around 500 million metadata records were collected from German networks.[118]

In August 2013, it was revealed that the Bundesnachrichtendienst (BND) of Germany transfers massive amounts of metadata records to the NSA.[119]

Der Spiegel disclosed that Germany is the most targeted country of the 27 members of the European Union due to the NSA systematic monitoring and storage of Germany's telephone and Internet connection data. According to the magazine the NSA stores data from around half a billion communications connections in Germany each month. This data includes telephone calls, emails, mobile-phone text messages and chat transcripts.[120]

The NSA gained massive amounts of information captured from the monitored data traffic in Europe. For example, in December 2013, the NSA gathered on an average day metadata from some 15 million telephone connections and 10 million Internet datasets. The NSA also monitored the European Commission in Brussels and monitored EU diplomatic Facilities in Washington and at the United Nations by placing bugs in offices as well as infiltrating computer networks.[121]

The U.S. government made as part of its UPSTREAM data collection program deals with companies to ensure that it had access to and hence the capability to surveil undersea fiber-optic cables which deliver e-mails, Web pages, other electronic communications and phone calls from one continent to another at the speed of light.[122][123]

According to the Brazilian newspaper O Globo, the NSA spied on millions of emails and calls of Brazilian citizens,[124][125] while Australia and New Zealand have been involved in the joint operation of the NSA's global analytical system XKeyscore.[126][127] Among the numerous allied facilities contributing to XKeyscore are four installations in Australia and one in New Zealand:

O Globo released an NSA document titled "Primary FORNSAT Collection Operations", which revealed the specific locations and codenames of the FORNSAT intercept stations in 2002.[128]

According to Edward Snowden, the NSA has established secret intelligence partnerships with many Western governments.[127] The Foreign Affairs Directorate (FAD) of the NSA is responsible for these partnerships, which, according to Snowden, are organized such that foreign governments can "insulate their political leaders" from public outrage in the event that these global surveillance partnerships are leaked.[129]

In an interview published by Der Spiegel, Snowden accused the NSA of being "in bed together with the Germans".[130] The NSA granted the German intelligence agencies BND (foreign intelligence) and BfV (domestic intelligence) access to its controversial XKeyscore system.[131] In return, the BND turned over copies of two systems named Mira4 and Veras, reported to exceed the NSA's SIGINT capabilities in certain areas.[5] Every day, massive amounts of metadata records are collected by the BND and transferred to the NSA via the Bad Aibling Station near Munich, Germany.[5] In December 2012 alone, the BND handed over 500 million metadata records to the NSA.[132][133]

In a document dated January 2013, the NSA acknowledged the efforts of the BND to undermine privacy laws:

"The BND has been working to influence the German government to relax interpretation of the privacy laws to provide greater opportunities of intelligence sharing".[133]

According to an NSA document dated April 2013, Germany has now become the NSA's "most prolific partner".[133] Under a section of a separate document leaked by Snowden titled "Success Stories", the NSA acknowledged the efforts of the German government to expand the BND's international data sharing with partners:

"The German government modifies its interpretation of the G-10 privacy law to afford the BND more flexibility in sharing protected information with foreign partners."[50]

In addition, the German government was well aware of the PRISM surveillance program long before Edward Snowden made details public. According to Angela Merkel's spokesman Steffen Seibert, there are two separate PRISM programs one is used by the NSA and the other is used by NATO forces in Afghanistan.[134] The two programs are "not identical".[134]

The Guardian revealed further details of the NSA's XKeyscore tool, which allows government analysts to search through vast databases containing emails, online chats and the browsing histories of millions of individuals without prior authorization.[135][136][137] Microsoft "developed a surveillance capability to deal" with the interception of encrypted chats on Outlook.com, within five months after the service went into testing. NSA had access to Outlook.com emails because "Prism collects this data prior to encryption."[47]

In addition, Microsoft worked with the FBI to enable the NSA to gain access to its cloud storage service SkyDrive. An internal NSA document dating from August 3, 2012 described the PRISM surveillance program as a "team sport".[47]

Even if there is no reason to suspect U.S. citizens of wrongdoing, the CIA's National Counterterrorism Center is allowed to examine federal government files for possible criminal behavior. Previously the NTC was barred to do so, unless a person was a terror suspect or related to an investigation.[138]

Snowden also confirmed that Stuxnet was cooperatively developed by the United States and Israel.[139] In a report unrelated to Edward Snowden, the French newspaper Le Monde revealed that France's DGSE was also undertaking mass surveillance, which it described as "illegal and outside any serious control".[140][141]

Documents leaked by Edward Snowden that were seen by Sddeutsche Zeitung (SZ) and Norddeutscher Rundfunk revealed that several telecom operators have played a key role in helping the British intelligence agency Government Communications Headquarters (GCHQ) tap into worldwide fiber-optic communications. The telecom operators are:

Each of them were assigned a particular area of the international fiber-optic network for which they were individually responsible. The following networks have been infiltrated by GCHQ: TAT-14 (Europe-USA), Atlantic Crossing 1 (Europe-USA), Circe South (France-UK), Circe North (The Netherlands-UK), Flag Atlantic-1, Flag Europa-Asia, SEA-ME-WE 3 (Southeast Asia-Middle East-Western Europe), SEA-ME-WE 4 (Southeast Asia-Middle East-Western Europe), Solas (Ireland-UK), UK-France 3, UK-Netherlands 14, ULYSSES (Europe-UK), Yellow (UK-USA) and Pan European Crossing.[143]

Telecommunication companies who participated were "forced" to do so and had "no choice in the matter".[143] Some of the companies were subsequently paid by GCHQ for their participation in the infiltration of the cables.[143] According to the SZ, GCHQ has access to the majority of internet and telephone communications flowing throughout Europe, can listen to phone calls, read emails and text messages, see which websites internet users from all around the world are visiting. It can also retain and analyse nearly the entire European internet traffic.[143]

GCHQ is collecting all data transmitted to and from the United Kingdom and Northern Europe via the undersea fibre optic telecommunications cable SEA-ME-WE 3. The Security and Intelligence Division (SID) of Singapore co-operates with Australia in accessing and sharing communications carried by the SEA-ME-WE-3 cable. The Australian Signals Directorate (ASD) is also in a partnership with British, American and Singaporean intelligence agencies to tap undersea fibre optic telecommunications cables that link Asia, the Middle East and Europe and carry much of Australia's international phone and internet traffic.[144]

The U.S. runs a top-secret surveillance program known as the Special Collection Service (SCS), which is based in over 80 U.S. consulates and embassies worldwide.[146] The NSA hacked the United Nations' video conferencing system in Summer 2012 in violation of a UN agreement.[146]

The NSA is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, but also searching the contents of vast amounts of e-mail and text communications into and out of the country by Americans who mention information about foreigners under surveillance.[147] It also spied on the Al Jazeera and gained access to its internal communications systems.[148]

The NSA has built a surveillance network that has the capacity to reach roughly 75% of all U.S. Internet traffic.[149][150][151] U.S. Law-enforcement agencies use tools used by computer hackers to gather information on suspects.[152][153] An internal NSA audit from May 2012 identified 2776 incidents i.e. violations of the rules or court orders for surveillance of Americans and foreign targets in the U.S. in the period from April 2011 through March 2012, while U.S. officials stressed that any mistakes are not intentional.[154][155][156][157][158][159][160]

The FISA Court that is supposed to provide critical oversight of the U.S. government's vast spying programs has limited ability to do so and it must trust the government to report when it improperly spies on Americans.[161] A legal opinion declassified on August 21, 2013, revealed that the NSA intercepted for three years as many as 56,000 electronic communications a year of Americans not suspected of having links to terrorism, before FISA court that oversees surveillance found the operation unconstitutional in 2011.[162][163][164][165][166] Under the Corporate Partner Access project, major U.S. telecommunications providers receive hundreds of millions of dollars each year from the NSA.[167] Voluntary cooperation between the NSA and the providers of global communications took off during the 1970s under the cover name BLARNEY.[167]

A letter drafted by the Obama administration specifically to inform Congress of the government's mass collection of Americans' telephone communications data was withheld from lawmakers by leaders of the House Intelligence Committee in the months before a key vote affecting the future of the program.[168][169]

The NSA paid GCHQ over 100 Million between 2009 and 2012, in exchange for these funds GCHQ "must pull its weight and be seen to pull its weight." Documents referenced in the article explain that the weaker British laws regarding spying are "a selling point" for the NSA. GCHQ is also developing the technology to "exploit any mobile phone at any time."[170] The NSA has under a legal authority a secret backdoor into its databases gathered from large Internet companies enabling it to search for U.S. citizens' email and phone calls without a warrant.[171][172]

The Privacy and Civil Liberties Oversight Board urged the U.S. intelligence chiefs to draft stronger US surveillance guidelines on domestic spying after finding that several of those guidelines have not been updated up to 30 years.[173][174] U.S. intelligence analysts have deliberately broken rules designed to prevent them from spying on Americans by choosing to ignore so-called "minimisation procedures" aimed at protecting privacy[175][176] and used the NSA's agency's enormous eavesdropping power to spy on love interests.[177]

After the U.S. Foreign Secret Intelligence Court ruled in October 2011 that some of the NSA's activities were unconstitutional, the agency paid millions of dollars to major internet companies to cover extra costs incurred in their involvement with the PRISM surveillance program.[178]

"Mastering the Internet" (MTI) is part of the Interception Modernisation Programme (IMP) of the British government that involves the insertion of thousands of DPI (deep packet inspection) "black boxes" at various internet service providers, as revealed by the British media in 2009.[179]

In 2013, it was further revealed that the NSA had made a 17.2 million financial contribution to the project, which is capable of vacuuming signals from up to 200 fibre-optic cables at all physical points of entry into Great Britain.[180]

The Guardian and The New York Times reported on secret documents leaked by Snowden showing that the NSA has been in "collaboration with technology companies" as part of "an aggressive, multipronged effort" to weaken the encryption used in commercial software, and GCHQ has a team dedicated to cracking "Hotmail, Google, Yahoo and Facebook" traffic.[181][182][183][184][185][186]

Germany's domestic security agency Bundesverfassungsschutz (BfV) systematically transfers the personal data of German residents to the NSA, CIA and seven other members of the United States Intelligence Community, in exchange for information and espionage software.[187][188][189] Israel, Sweden and Italy are also cooperating with American and British intelligence agencies. Under a secret treaty codenamed "Lustre", French intelligence agencies transferred millions of metadata records to the NSA.[63][64][190][191]

The Obama Administration secretly won permission from the Foreign Intelligence Surveillance Court in 2011 to reverse restrictions on the National Security Agency's use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans' communications in its massive databases. The searches take place under a surveillance program Congress authorized in 2008 under Section 702 of the Foreign Intelligence Surveillance Act. Under that law, the target must be a foreigner "reasonably believed" to be outside the United States, and the court must approve the targeting procedures in an order good for one year. But a warrant for each target would thus no longer be required. That means that communications with Americans could be picked up without a court first determining that there is probable cause that the people they were talking to were terrorists, spies or "foreign powers." The FISC extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years with an extension possible for foreign intelligence or counterintelligence purposes. Both measures were done without public debate or any specific authority from Congress.[192]

A special branch of the NSA called "Follow the Money" (FTM) monitors international payments, banking and credit card transactions and later stores the collected data in the NSA's own financial databank "Tracfin".[193] The NSA monitored the communications of Brazil's president Dilma Rousseff and her top aides.[194] The agency also spied on Brazil's oil firm Petrobras as well as French diplomats, and gained access to the private network of the Ministry of Foreign Affairs of France and the SWIFT network.[195]

In the United States, the NSA uses the analysis of phone call and e-mail logs of American citizens to create sophisticated graphs of their social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information.[196] The NSA routinely shares raw intelligence data with Israel without first sifting it to remove information about U.S. citizens.[7][197]

In an effort codenamed GENIE, computer specialists can control foreign computer networks using "covert implants," a form of remotely transmitted malware on tens of thousands of devices annually.[198][199][200][201] As worldwide sales of smartphones began exceeding those of feature phones, the NSA decided to take advantage of the smartphone boom. This is particularly advantageous because the smartphone combines a myriad of data that would interest an intelligence agency, such as social contacts, user behavior, interests, location, photos and credit card numbers and passwords.[202]

An internal NSA report from 2010 stated that the spread of the smartphone has been occurring "extremely rapidly"developments that "certainly complicate traditional target analysis."[202] According to the document, the NSA has set up task forces assigned to several smartphone manufacturers and operating systems, including Apple Inc.'s iPhone and iOS operating system, as well as Google's Android mobile operating system.[202] Similarly, Britain's GCHQ assigned a team to study and crack the BlackBerry.[202]

Under the heading "iPhone capability", the document notes that there are smaller NSA programs, known as "scripts", that can perform surveillance on 38 different features of the iOS 3 and iOS 4 operating systems. These include the mapping feature, voicemail and photos, as well as Google Earth, Facebook and Yahoo! Messenger.[202]

On September 9, 2013, an internal NSA presentation on iPhone Location Services was published by Der Spiegel. One slide shows scenes from Apple's 1984-themed television commercial alongside the words "Who knew in 1984..."; another shows Steve Jobs holding an iPhone, with the text "...that this would be big brother..."; and a third shows happy consumers with their iPhones, completing the question with "...and the zombies would be paying customers?"[203]

On October 4, 2013, The Washington Post and The Guardian jointly reported that the NSA and GCHQ had made repeated attempts to spy on anonymous Internet users who have been communicating in secret via the anonymity network Tor. Several of these surveillance operations involved the implantation of malicious code into the computers of Tor users who visit particular websites. The NSA and GCHQ had partly succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. The government agencies were also able to uncover the identity of some anonymous Internet users.[204][205][206][207][208][209][210][211][212]

The Communications Security Establishment Canada (CSEC) has been using a program called Olympia to map the communications of Brazil's Mines and Energy Ministry by targeting the metadata of phone calls and emails to and from the ministry.[213][214]

The Australian Federal Government knew about the PRISM surveillance program months before Edward Snowden made details public.[215][216]

The NSA gathered hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world. The agency did not target individuals. Instead it collected contact lists in large numbers that amount to a sizable fraction of the worlds e-mail and instant messaging accounts. Analysis of that data enables the agency to search for hidden connections and to map relationships within a much smaller universe of foreign intelligence targets.[217][218][219][220]

The NSA monitored the public email account of former Mexican president Felipe Caldern (thus gaining access to the communications of high-ranking cabinet members), the emails of several high-ranking members of Mexico's security forces and text and the mobile phone communication of current Mexican president Enrique Pea Nieto.[221][222] The NSA tries to gather cellular and landline phone numbersoften obtained from American diplomatsfor as many foreign officials as possible. The contents of the phone calls are stored in computer databases that can regularly be searched using keywords.[223][224]

The NSA has been monitoring telephone conversations of 35 world leaders.[225] The U.S. government's first public acknowledgment that it tapped the phones of world leaders was reported on October 28, 2013, by the Wall Street Journal after an internal U.S. government review turned up NSA monitoring of some 35 world leaders.[226]GCHQ has tried to keep its mass surveillance program a secret because it feared a "damaging public debate" on the scale of its activities which could lead to legal challenges against them.[227]

The Guardian revealed that the NSA had been monitoring telephone conversations of 35 world leaders after being given the numbers by an official in another U.S. government department. A confidential memo revealed that the NSA encouraged senior officials in such Departments as the White House, State and The Pentagon, to share their "Rolodexes" so the agency could add the telephone numbers of leading foreign politicians to their surveillance systems. Reacting to the news, German leader Angela Merkel, arriving in Brussels for an EU summit, accused the U.S. of a breach of trust, saying: "We need to have trust in our allies and partners, and this must now be established once again. I repeat that spying among friends is not at all acceptable against anyone, and that goes for every citizen in Germany."[225] The NSA collected in 2010 data on ordinary Americans' cellphone locations, but later discontinued it because it had no "operational value."[228]

Under Britain's MUSCULAR programme, the NSA and GCHQ have secretly broken into the main communications links that connect Yahoo and Google data centers around the world and thereby gained the ability to collect metadata and content at will from hundreds of millions of user accounts.[229][230][231][232][233]

The mobile phone of German Chancellor Angela Merkel might have been tapped by U.S. intelligence.[234][235][236][237][238][239][240] According to the Spiegel this monitoring goes back to 2002[241][242][243] and ended in the summer of 2013,[226] while The New York Times reported that Germany has evidence that the NSA's surveillance of Merkel began during George W. Bush's tenure.[244] After learning from Der Spiegel magazine that the NSA has been listening in to her personal mobile phone, Merkel compared the snooping practices of the NSA with those of the Stasi.[245] It was reported in March 2014, by Der Spiegel that Merkel had also been placed on an NSA surveillance list alongside 122 other world leaders.[246]

On October 31, 2013, Hans-Christian Strbele, a member of the German Bundestag, met Snowden in Moscow and revealed the former intelligence contractor's readiness to brief the German government on NSA spying.[247]

A highly sensitive signals intelligence collection program known as Stateroom involves the interception of radio, telecommunications and internet traffic. It is operated out of the diplomatic missions of the Five Eyes (Australia, Britain, Canada, New Zealand, United States) in numerous locations around the world. The program conducted at U.S. diplomatic missions is run in concert by the U.S. intelligence agencies NSA and CIA in a joint venture group called "Special Collection Service" (SCS), whose members work undercover in shielded areas of the American Embassies and Consulates, where they are officially accredited as diplomats and as such enjoy special privileges. Under diplomatic protection, they are able to look and listen unhindered. The SCS for example used the American Embassy near the Brandenburg Gate in Berlin to monitor communications in Germany's government district with its parliament and the seat of the government.[240][248][249][250]

Under the Stateroom surveillance programme, Australia operates clandestine surveillance facilities to intercept phone calls and data across much of Asia.[249][251]

In France, the NSA targeted people belonging to the worlds of business, politics or French state administration. The NSA monitored and recorded the content of telephone communications and the history of the connections of each target i.e. the metadata.[252][253] The actual surveillance operation was performed by French intelligence agencies on behalf of the NSA.[63][254] The cooperation between France and the NSA was confirmed by the Director of the NSA, Keith B. Alexander, who asserted that foreign intelligence services collected phone records in "war zones" and "other areas outside their borders" and provided them to the NSA.[255]

The French newspaper Le Monde also disclosed new PRISM and Upstream slides (See Page 4, 7 and 8) coming from the "PRISM/US-984XN Overview" presentation.[256]

In Spain, the NSA intercepted the telephone conversations, text messages and emails of millions of Spaniards, and spied on members of the Spanish government.[257] Between December 10, 2012 and January 8, 2013, the NSA collected metadata on 60 million telephone calls in Spain.[258]

According to documents leaked by Snowden, the surveillance of Spanish citizens was jointly conducted by the NSA and the intelligence agencies of Spain.[259][260]

The New York Times reported that the NSA carries out an eavesdropping effort, dubbed Operation Dreadnought, against the Iranian leader Ayatollah Ali Khamenei. During his 2009 visit to Iranian Kurdistan, the agency collaborated with GCHQ and the U.S.'s National Geospatial-Intelligence Agency, collecting radio transmissions between aircraft and airports, examining Khamenei's convoy with satellite imagery, and enumerating military radar stations. According to the story, an objective of the operation is "communications fingerprinting": the ability to distinguish Khamenei's communications from those of other people in Iran.[261]

The same story revealed an operation code-named Ironavenger, in which the NSA intercepted e-mails sent between a country allied with the United States and the government of "an adversary". The ally was conducting a spear-phishing attack: its e-mails contained malware. The NSA gathered documents and login credentials belonging to the enemy country, along with knowledge of the ally's capabilities for attacking computers.[261]

According to the British newspaper The Independent, the British intelligence agency GCHQ maintains a listening post on the roof of the British Embassy in Berlin that is capable of intercepting mobile phone calls, wi-fi data and long-distance communications all over the German capital, including adjacent government buildings such as the Reichstag (seat of the German parliament) and the Chancellery (seat of Germany's head of government) clustered around the Brandenburg Gate.[262]

Operating under the code-name "Quantum Insert", GCHQ set up a fake website masquerading as LinkedIn, a social website used for professional networking, as part of its efforts to install surveillance software on the computers of the telecommunications operator Belgacom.[263][264][265] In addition, the headquarters of the oil cartel OPEC were infiltrated by GCHQ as well as the NSA, which bugged the computers of nine OPEC employees and monitored the General Secretary of OPEC.[263]

For more than three years GCHQ has been using an automated monitoring system code-named "Royal Concierge" to infiltrate the reservation systems of at least 350 upscale hotels in many different parts of the world in order to target, search and analyze reservations to detect diplomats and government officials.[266] First tested in 2010, the aim of the "Royal Concierge" is to track down the travel plans of diplomats, and it is often supplemented with surveillance methods related to human intelligence (HUMINT). Other covert operations include the wiretapping of room telephones and fax machines used in targeted hotels as well as the monitoring of computers hooked up to the hotel network.[266]

In November 2013, the Australian Broadcasting Corporation and The Guardian revealed that the Australian Signals Directorate (DSD) had attempted to listen to the private phone calls of the president of Indonesia and his wife. The Indonesian foreign minister, Marty Natalegawa, confirmed that he and the president had contacted the ambassador in Canberra. Natalegawa said any tapping of Indonesian politicians' personal phones "violates every single decent and legal instrument I can think ofnational in Indonesia, national in Australia, international as well".[267]

Other high-ranking Indonesian politicians targeted by the DSD include:

Carrying the title "3G impact and update", a classified presentation leaked by Snowden revealed the attempts of the ASD/DSD to keep up to pace with the rollout of 3G technology in Indonesia and across Southeast Asia. The ASD/DSD motto placed at the bottom of each page reads: "Reveal their secretsprotect our own."[268]

Under a secret deal approved by British intelligence officials, the NSA has been storing and analyzing the internet and email records of UK citizens since 2007. The NSA also proposed in 2005 a procedure for spying on the citizens of the UK and other Five-Eyes nations alliance, even where the partner government has explicitly denied the U.S. permission to do so. Under the proposal, partner countries must neither be informed about this particular type of surveillance, nor the procedure of doing so.[39]

Towards the end of November, The New York Times released an internal NSA report outlining the agency's efforts to expand its surveillance abilities.[269] The five-page document asserts that the law of the United States has not kept up with the needs of the NSA to conduct mass surveillance in the "golden age" of signals intelligence, but there are grounds for optimism because, in the NSA's own words:

"The culture of compliance, which has allowed the American people to entrust NSA with extraordinary authorities, will not be compromised in the face of so many demands, even as we aggressively pursue legal authorities..."[270]

The report, titled "SIGINT Strategy 20122016", also said that the U.S. will try to influence the "global commercial encryption market" through "commercial relationships", and emphasized the need to "revolutionize" the analysis of its vast data collection to "radically increase operational impact".[269]

On November 23, 2013, the Dutch newspaper NRC Handelsblad reported that the Netherlands was targeted by U.S. intelligence agencies in the immediate aftermath of World War II. This period of surveillance lasted from 1946 to 1968, and also included the interception of the communications of other European countries including Belgium, France, West Germany and Norway.[271] The Dutch Newspaper also reported that NSA infected more than 50,000 computer networks worldwide, often covertly, with malicious spy software, sometimes in cooperation with local authorities, designed to steal sensitive information.[42][272]

LARGE CABLE20 major points of accesses, many of them located within the United States

According to the classified documents leaked by Snowden, the Australian Signals Directorate (ASD), formerly known as the Defence Signals Directorate, had offered to share intelligence information it had collected with the other intelligence agencies of the UKUSA Agreement. Data shared with foreign countries include "bulk, unselected, unminimised metadata" it had collected. The ASD provided such information on the condition that no Australian citizens were targeted. At the time the ASD assessed that "unintentional collection [of metadata of Australian nationals] is not viewed as a significant issue". If a target was later identified as being an Australian national, the ASD was required to be contacted to ensure that a warrant could be sought. Consideration was given as to whether "medical, legal or religious information" would be automatically treated differently to other types of data, however a decision was made that each agency would make such determinations on a case-by-case basis.[273] Leaked material does not specify where the ASD had collected the intelligence information from, however Section 7(a) of the Intelligence Services Act 2001 (Commonwealth) states that the ASD's role is "...to obtain intelligence about the capabilities, intentions or activities of people or organisations outside Australia...".[274] As such, it is possible ASD's metadata intelligence holdings was focused on foreign intelligence collection and was within the bounds of Australian law.

The Washington Post revealed that the NSA has been tracking the locations of mobile phones from all over the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. In the process of doing so, the NSA collects more than five billion records of phone locations on a daily basis. This enables NSA analysts to map cellphone owners' relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths.[275][276][277][278][279][280][281][282]

The Washington Post also reported that both GCHQ and the NSA make use of location data and advertising tracking files generated through normal internet browsing (with cookies operated by Google, known as "Pref") to pinpoint targets for government hacking and to bolster surveillance.[283][284][285]

The Norwegian Intelligence Service (NIS), which cooperates with the NSA, has gained access to Russian targets in the Kola Peninsula and other civilian targets. In general, the NIS provides information to the NSA about "Politicians", "Energy" and "Armament".[286] A top secret memo of the NSA lists the following years as milestones of the NorwayUnited States of America SIGINT agreement, or NORUS Agreement:

The NSA considers the NIS to be one of its most reliable partners. Both agencies also cooperate to crack the encryption systems of mutual targets. According to the NSA, Norway has made no objections to its requests from the NIS.[287]

On December 5, Sveriges Television reported the National Defence Radio Establishment (FRA) has been conducting a clandestine surveillance operation in Sweden, targeting the internal politics of Russia. The operation was conducted on behalf of the NSA, receiving data handed over to it by the FRA.[288][289] The Swedish-American surveillance operation also targeted Russian energy interests as well as the Baltic states.[290] As part of the UKUSA Agreement, a secret treaty was signed in 1954 by Sweden with the United States, the United Kingdom, Canada, Australia and New Zealand, regarding collaboration and intelligence sharing.[291]

See the original post:

Global surveillance disclosures (2013present) - Wikipedia

Theres a free method of searching the Internet thats so anonymous and secure the National Security Agency wants to destroy it. Its called TOR or the Onion Router, and documents obtained by The Guardian indicate that both the NSA and its British partner GCHQ have been unable to crack TOR.

An NSA analyst described TOR as the king of high-secure, low latency internet anonymity.

So what is TOR and how can you use it? Basically, TOR is a network that bounces your searches and communications all over the Internet via several different computers making them hard to track. You access TOR using a special browser or an app.

The NSA has had such a hard time trying to crack TOR that it actually created a top secret presentation called TOR Stinks. TOR Stinks was among the documents leaked by Edward Snowden to the Guardian. Its author wrote: We will never be able to de-anonymyze all TOR users all the time. That means the NSA will never be able to identify all TOR users.

How TOR works

The most interesting thing about TOR is that it was developed by the US government, specifically the State Department and the Defense Department. The idea was to create a secret and secure means of communication for spies and dissidents.

John Eidsmoe rights the faulty historical record and brings us back to the roots that made America great . . .

TOR works by creating an encrypted packet of Internet traffic that is bounced through a number of nodes or servers. TOR users use a special Firefox web browser that sends all of the traffic through the TOR network. This is hard to track because it isnt moving through normal channels.

A TOR user in Nebraska might have her Internet traffic routed through a node in Manitoba and another Node in Great Britain which would confuse a person trying to locate her. It isnt perfect but its a pretty good way of covering your tracks online.

A good way to think of TOR is as another secret Internet inside the Internet. Its currently used by spies, dissidents, journalists and special operations soldiers such as those in Delta Force. These are called Darknets and theyre often used by criminals as well as the government.

The NSA has made a number of efforts to crack TOR. Its tried to insert malicious code into TORs browser bundle. The NSA had been using a hole in Firefox to infiltrate TOR but thats recently been plugged.

How to use TOR

Using TOR is easy; just visit the TOR website. The site has several downloadable tools that can help protect your anonymity online. These include:

The TOR website is a great resource that provides connections to a wide variety of excellent tools for thwarting surveillance efforts. If youre serious about anonymity online, it is the place to begin.

It appears there is an effective and low-cost method that enables the average person to avoid most surveillance. That method was created with our tax dollars, and another government agency is using our tax dollars in an attempt to destroy it. It is possible for average people to frustrate the NSA with TOR.

Here is the original post:

The Internet Browser NSA Doesnt Want You To Use | Off The ...

A recent National Security Agency memo documents a phone call in whichU.S. President Donald Trump pressures agency chief Admiral Mike Rogers to state publicly that there is no evidence of collusion between his campaign and Russia, say reports.

The memo was written by Rick Ledgett, the former deputy director of the NSA, sources familiar with the memo told The Wall Street Journal. Ledgett stepped down from his job this spring.

The memo said Trump questioned the American intelligence community findings that Russia interfered in the 2016 election. American intelligence agencies issued a report early this year that found Russian intelligence agencies hacked the countrys political parties and worked to sway the election to Trump.

Daily Emails and Alerts- Get the best of Newsweek delivered to your inbox

The Russia investigations special counsel Robert Mueller plans to interview Ledgett as part of his investigation into Russias efforts to manipulate the 2016 vote, a source toldWSJ. Mueller is also probing whether Trump himself obstructed justice when he fired former FBI Director James Comey on May 9, according to TheWashington Post.

A memo drawn up by a National Security Agency deputy reportedly records Trump pressuring NSA Director Mike Rogers to influence Russia investigation. Joshua Roberts/Reuters

They made up a phony collusion with the Russians story, found zero proof, so now they go for obstruction of justice on the phony story. Nice, Trump tweeted Thursday. You are witnessing the single greatest WITCH HUNT in American political historyled by some very bad and conflicted people! he wrote.

Read more: Trump asked intelligence chiefs to intervene in Comeys Russia investigation: report

Comey testified a week ago that Trump had pressured him to let go an investigation into fired National Security Adviser Michael Flynn after Flynn misled Vice President Mike Pence about contacthe had had with Russian officials.

Comey also testified that Trump asked him to deny publicly that the president was being investigated by the FBI. Comey said that at the time Trump was not being investigated, but he demurred from Trumps request because he would have to correct his statement publiclyif the facts changed.

On March 20, Comey testified that his investigation into Russian interference was looking at whether Trumps campaign colluded with the foreign power. British intelligence agencies first picked up contactbetween Trumps campaign members and associates in 2015.

Two current and two former officials told The Washington Post that in March Trump asked Rogers and Director of National Intelligence Daniel Coats to publicly deny the existence of any evidence of collusion between his campaign and Russia during the 2016 election.

During testimony to the Senate intelligence committee on June 7, neither Coats nor Rogers would answer many specific questions, but both said they did not feel pressure. Coats testified that he never felt pressure to intervene in the Russia investigation.

In the three-plus years that I have been the director of the National Security Agency, to the best of my recollection, I have never been directed to do anything I believed to be illegal, immoral, unethical or inappropriate, Rogers said. And to the best of my recollection...I do not recall ever feeling pressured to do so.

More here:

Trump Tried to Convince NSA Chief to Absolve Him of Any Russian Collusion: Report - Newsweek

BBC News

NSA links Wannacry worm to North Korea BBC News The Wannacry worm that infected organisations in 150 countries in May has been blamed on North Korea by the US's National Security Agency (NSA). The Washington Post said there was "moderate confidence" in the report's findings, while the spy agency ... NSA Reportedly Confident North Korea Was Behind WannaCryDark Reading The NSA reportedly believes North Korea was responsible for WannaCry ransomware attacksThe Verge NSA links 'WannaCry' cyberattack to North KoreaNew Haven Register Healthcare IT News -Mic -Tom's Hardware -Washington Post all 26 news articles »

Original post:

NSA links Wannacry worm to North Korea - BBC News

An unknown U.S. technology company secretly refused to comply with the National Security Agencys most cherished surveillance authority, a newly declassified document shows.

Instead, the companynot identified in a highly unusual order from the secret Foreign Intelligence Surveillance Courttold the NSA, in effect: get a warrant or get lost.

Its the first known time that a company did not comply with the NSAs exercise of its powers under a highly controversial legal authority known as Section 702. Section 702, which is the subject of a white-knuckle fight in Congress over its reauthorization before expiration in December, is the legal underpinning of the NSAs infamous PRISM program, which takes vast quantities of user communications from participating companies.

According to the heavily redacted court ruling, the unnamed company appears to have resisted PRISM, on the grounds that cooperation would implicate its own First and Fourth Amendment rights. It told the worlds most powerful surveillance agency to come back with a warrant.

A warrant is necessary, the company contended, for all surveillance conducted on the servers of a U.S.-based provider, regardless of whether the target of surveillance is a U.S. person or a non-U.S. person, and regardless of where that person is located when they use the service, because the communications of U.S. persons will be collected as part of such surveillance.

In other words, the company argued, the NSAs Section 702 powers inevitably violate the Fourth Amendment, since industrial-strength surveillance ostensibly focused on foreigners will inevitably collect communications from Americans. The companys solution: a warrant, please.

The contention so alarmed Barack Obama administrations that it asked the Court to order the companys compliance the first time, surveillance experts said, the government is known to have clashed with a service provider over an assertion of its Section 702 powers.

Noncompliance with secret, warrantless government surveillance has a real price. The only other confirmed time in which a provider has resisted the NSA came in 2007, when Yahoo rebuffed the governments demand for customer data under the precursor to Section 702, known as the Protect America Act. Documents declassified in 2014 showed that the government threatened Yahoo with a $250,000 for every day of noncompliance. Yahoo ultimately began cooperation with PRISM in March 2008 after losing secret-court appeals.

The FISA Court did not view the 2014 case any more favorably.

Judge Rosemary Collyer sided with the NSA on every particular. Collyer found that the NSAs internal procedures about focusing its 702 collection targets on non-Americans reasonably believed to be overseas despite the fact that Americans communications data is nevertheless incidentally collected in the process obviated the companys resistance.

Collyer called the tech firms fears of unreasonable surveillance arguendo, writing, the mere fact that there is some potential for error is not a sufficient reason to invalidate the surveillance. Without a showing of misconduct by the government, she found, a presumption of regularity applies. That would be a hard burden for a tech firm to meet, considering the issue was secret surveillance.

However, her FISA Court colleague John Bates had already found in 2011 that the NSA had surpassed the limits of its mass data collection as it had described the procedures to the court. And in 2016, two years after the now-revealed surveillance fight, the NSA revealed to the court that it had violated the revamped post-2011 rules it agreed to with the court. The judge who signed off on modified rules for 702 collection was, ironically, Collyer, in a ruling savaged by independent journalist Marcy Wheeler.

Get The Beast In Your Inbox!

Start and finish your day with the top stories from The Daily Beast.

A speedy, smart summary of all the news you need to know (and nothing you don't).

Subscribe

Thank You!

You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

Ashley Gorski, an attorney with the ACLU which acquired the document in a freedom-of-information lawsuit took issue with Collyers fateful 2014 finding that the NSA was owed the benefit of the doubt.

Given the litany of NSA compliance violations known to the [FISA Court] even back in 2014, the courts insistence that a presumption of regularity should apply to the NSAs spying is deeply problematic, Gorski said.

This challenge to the governments warrantless spying under Section 702 underscores just how controversial this mass surveillance program really is, and why it must be significantly reformed. The anonymous tech company that brought this challenge should be commended for defending its users privacy, and other companies must do the same by fighting for critical reforms in the courts and in Congress.

Link:

Mystery Company Told NSA Spies: Get a Warrant or Get Lost - Daily Beast

The leaders of a key Senate panel are pressing the federal government for information about the security clearance of a government contractor recently accused of passing classified material to a news outlet.

Reality Leigh Winner was arrested by the FBI in early June and charged in federal court with violating a section of the Espionage Act. Her arrest has been linked to The Intercepts publication of a purported classified National Security Agency document detailing Russian hacking efforts aimed at U.S. election and voting infrastructure.

Winner, an Air Force veteran, had worked as a contractor at Pluribus International Corporation, was assigned to a government facility in Georgia and held a top-secret clearance, according to the criminal complaint.

The leaking of classified information jeopardizes our national security, McCaskill said in a statement. We need to determine if Ms. Winners security clearance process was handled correctly or if we missed any red flags.

Together, Johnson and McCaskill lead theSenate Homeland Security and Governmental Affairs Committee.

The letter was sent to Kathleen McGettigan, acting director of OPM. The lawmakers also asked the agency to explain the process by which a member of the military has a security clearance reactivated or transferred in order to be employed by the intelligence community, given Winners previous service in the Air Force.

Additionally, the senators asked what OPM is doing to comply with with a provision included in an appropriations measure passed last year that mandated a review of the federal governments enhanced security clearance program.

Winner was arrested at her home in Georgia on June 3 and the Department of Justice announced the charges days later. Winner allegedly printed and improperly removed classified intelligence in early May and later sent it by mail to an online news outlet.

Winners arrest was the latest in a string of leak incidents, an issue that has attracted attention since ex-NSA contractor Edward Snowdens disclosures to news publications in 2013.

In February, former NSA contractor Harold Martin was indicted for stealing thousands of intelligence files, including classified documents from the NSA, CIA and U.S. Cyber Command.

Read the original:

Senators seek answers on alleged NSA leaker's security clearance ... - The Hill

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORY:

--THE NSA BELIEVES WANNA CRY WAS NORTH KOREAN:

The National Security Agency (NSA) linked ransomware that negatively impacted more than 300,000 people in 150 countries to North Korea, according to The Washington Post. The NSA's assessment, which is not available to the public, states that "cyber actors" thought to be sponsored by North Korea's spy agency, the Reconnaissance General Bureau, were behind the WannaCry computer worm.

To read the rest of our piece,click here.

--...'MODERATE[LY]' CONFIDENT: According to theWashington Post report, the NSA reached that conclusion with "moderate" confidence.

--...SPEAKING OF KASPERSKY AND WANNA CRY: Rep. Clay Higgins (R-La.) told two House Science subcommittees they should take antivirus magnate Eugene Kaspersky up on his offer to testify before Congress during a joint hearing on Wanna Cry on Thursday. Kaspersky Lab continues to receive government contracts, despite lawmakers' suspicions that the Moscow-headquartered outfit may have ties to the Russian government. There is no public evidence linking the two, but the Department of Homeland Security has issued guidance to avoid the vendor. Kaspersky has also become a frequent topic of conversation at Senate Intelligence Committee meetings. Both Kaspersky and his company have pushed back against these claims. In May, Eugene Kaspersky said he would testify before Senate Intelligence. "The FBI, CIA and NSA advise this body that they do not trust Kaspersky," said Higgins, adding, "I strongly suggest we take him up on his offer." Eugene Kaspersky was educated at a KGB-sponsored university and served in Russian military intelligence. As is the case with American cybersecurity firms, many of the Russia-based employees come from the public sector.

--...A SIMILAR, MORE FRIENDLY OFFER FOR NORTH KOREAN PROGRAMMERS: Witnesses at the hearing noted that coding errors likely prevented millions of additional infections of the malware and that the prevailing theory was that North Korea had launched the attack. Higgins jokingly asked the panel what they thought might happen to the coders and issued an invitation to any programmers feeling heat from Pyongyang to come to America. "We'd love to have you before the Committee," he said. "We'll give you some real good food."

To read the rest of our piece,click here.

A RUSSIA INVESTIGATION UPDATE:

--PUTIN OFFERS COMEY POLITICAL ASYLUM:

Russian President Vladimir Putin on Thursday offered to give political asylum to former FBI Director James Comey, poking at tensions between Comey and President Trump. "If Comey will be under the threat of political persecution, we are ready to accept him here," Putin said at a press conference, according to Russian state media outlet TASS.

To read the rest of our piece,click here.

--WHO WILL INVESTIGATE OBSTRUCTION? With the announcement yesterday that the Senate Judiciary would investigate political pressures at the FBI, the Senate Intelligence Committeewill notbe focusing on the issue and will turn over evidence to the special prosecutor. Over in the House Intelligence committee, Ranking Member Adam SchiffAdam SchiffOvernight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian hacks | Senators raise questions about leaker's security clearance Top House Dem: Obstruction should be part of Trump-Russia probe The Hill's 12:30 Report MORE (D-Calif.) said he wanted to keepthat focus alive.

--DEM PROPOSES RUSSIAN HACKING DEFENSE CENTER: Rep. Joseph Kennedy (D-Mass.) introduced legislation on Thursday to create a response center to combat Russian cyber attacks amid ongoing probes into Moscow's interference in last year's election. Dubbed the National Russian Threat Response Center, the new initiative would be responsible for examining information relevant to Russia's online aggression and seek to close gaps in intelligence collected about the Kremlin. "Russia's attack on our election was not guided by party affiliation but instead by a deep desire to weaken trust in our institutions and shake the very foundation of our democracy," Kennedy said in a statement.

To read the rest of our piece,click here.

--MEANWHILE, PRESIDENT TRUMP DID SOME TWEETING. "They made up a phony collusion with the Russians story, found zero proof, so now they go for obstruction of justice on the phony story. Nice"(6:55 a.m.)... "You are witnessing the single greatest WITCH HUNT in American political history - led by some very bad and conflicted people! #MAGA"(7:57 a.m.)... "Why is that Hillary Clintons family and Dems dealings with Russia are not looked at, but my non-dealings are?"(3:43 p.m.)... "Crooked H destroyed phones w/ hammer, 'bleached' emails, & had husband meet w/AG days before she was cleared- & they talk about obstruction?"(3:56 p.m.).

--...TRUMP ALLY WOULD HAVE ADVISED AGAINST IT: Rep. Chris Collins (R-N.Y.), one of President Trump's most ardent allies on Capitol Hill, on Thursday criticized the timing of the president's latest tweets attacking the investigation into Russian election meddling. "I think timing could have been better on that, and I can't speak for the president, obviously he does what he does," Collins said on CNN. "Clearly, he's frustrated by the investigation, and the investigation is going to run its course, probably for many, many, many months." "I'm not counseling the president, but I would have certainly not advised that that tweet go out today, because we're still very much reacting to yesterday's shooting," he added.

--...POLL: MAJORITY ASSUME MEDDLING: A majority of American adults in a new poll thinks President Trump has tried to interfere in the investigation into Russian meddling in the U.S. presidential race. An Associated Press/NORC Center for Public Affairs Research poll found about 60 percent of Americans think Trump attempted to obstruct or impede the investigation. But opinions are largely split among partisan lines, with only about 25 percent of Republicans saying they think Trump tried to meddle in the probe. The poll also finds that 68 percent of Americans are at least moderately concerned Trump or his campaign associates had inappropriate links to Russia. Just about 30 percent of Americans said they were not concerned. Only 22 percent of Americans support Trump's decision to fire former FBI Director James Comey, compared with the more than half of Americans who disapprove of the president's decision.

To read the rest of our piece,click here.

A LIGHTER CLICK:

TODAY IN QUESTIONABLE CORRELATIONS: Programmers who use spaces to format computer code make more moneythan those who use tabs.

A REPORT IN FOCUS:

MORE FROM THE WANNA CRY FRONT: ElevenPaths, a cybersecurity division of Telefonica, found a few new odds and ends inspecting the metadata from the files in Wanna Cry.

Telefonica is intimately familiar with Wanna Cry; the Spanish telecom was one of its largest victims.

The coding of Wanna Cry has already been torn apart by researchers, who by and large believe it was filled with coding mistakes. Those include the "killswitch" that hamstrung the ransomware, poor coding practices making it easy to recover many of the encrypted files without paying, having no method to tell who paid the ransom and struggling to infect Windows XP servers.

The choice of file types used in the attack may also have been mistakes. By using document types that allowed colorful typography, the files in Wanna Cry reveal that the default keyboard setting on the computer that typed the ransom note was Korean and that it used the EMEA version of Microsoft Word.

A package of compressed files in the .zip format reveals that the attackers updated the software until 2:22 a.m. on May 12. But the attack was first seen before 2:22 a.m. in a number of time zones. Assuming the time codes were unaltered and accurate, the only time zones with a chronologically correct 2:22 a.m. are in West Africa, Western Europe, Russia, Asia and Australia.

Other notes: Metadata shows that some software was registered in the name Messi, which may be a reference to the soccer player Lionel Messi.

ElevenPaths cautions that metadata can be changed and otherwise fabricated by programmers, making it shaky evidence. The metadata may have been altered to change the keyboard settings or time codes. It's possible all of this is a red herring.

ElevenPaths notes that the programmermight not even be a fan of Lionel Messi.

WHAT'S IN THE SPOTLIGHT:

REALITY WINNER'S SECURITY CLEARANCE: The leaders of a key Senate panel are pressing the federal government for information about the security clearance of a government contractor recently accused of passing classified material to a news outlet.

Reality Leigh Winner was arrested by the FBI in early June and charged in federal court with violating a section of the Espionage Act. Her arrest has been linked to The Intercept's publication of a purported classified National Security Agency document detailing Russian hacking efforts aimed at U.S. election and voting infrastructure.

Winner, an Air Force veteran, had worked as a contractor at Pluribus International Corporation, was assigned to a government facility in Georgia and held a top-secret clearance, according to the criminal complaint.

On Thursday, Sens. Ron JohnsonRon JohnsonOvernight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian hacks | Senators raise questions about leaker's security clearance Senators seek answers on alleged NSA leakers security clearance Insurers confront big ObamaCare decision MORE (R-Wis.) and Claire McCaskillClaire McCaskillOvernight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian hacks | Senators raise questions about leaker's security clearance Court-martial possible in Marines nude photo sharing scandal Senators seek answers on alleged NSA leakers security clearance MORE (D-Mo.) wrote to the head of the Office of Personnel Management (OPM) seeking more information about which government agency conducted Winner's initial security clearance and when. They also asked the agency to disclose the last time Winner was reinvestigated as part of her active security clearance, in addition to other inquiries.

"The leaking of classified information jeopardizes our national security," McCaskill said in a statement. "We need to determine if Ms. Winner's security clearance process was handled correctly or if we missed any red flags."

To read the rest of our piece,click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A new Russian sanctions deal tied to Iranian sanctions cleared the Senate, butSen. Bernie Sanders (I-Vt.) objectsto the package. (The Hill)

Rep. Tom Suozzi (D-N.Y.):America must unite to fight Russian attacks on all western democracies. (The Hill)

Facebook has a new plan totarget terrorist content.(The Hill)

A British hackerpleaded guiltyto hacking the DOD. (The Hill)

The House looks to solve thecross border data warrantriddle. (The Hill)

Crash Overrideamplified electric grid hacking concerns. (The Hill)

Facebook AItaught itself to lie to get what it wants. (Quartz)

A new initiative looks to make publicCongressional browsing habits. (Sophos)

The Department of Energy is injecting$250 millioninto supercomputer R&D. (FCW)

If you'd like to receive our newsletter in your inbox,please sign up here.

Excerpt from:

Overnight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian ... - The Hill

While it is unknown if there are tapes, a new report of a memo from a former NSA official documents Trumps attempts to influence the NSA and interfere in the Russia investigation.

The Wall Street Journal (subscription required) reported, The special counsel also plans to interview Rick Ledgett, who recently retired as the deputy director of the NSA, the person added. While Mr. Ledgett was still in office, he wrote a memo documenting a phone call that Mr. Rogers had with Mr. Trump, according to people familiar with the matter. During the call, the president questioned the veracity of the intelligence communitys judgment that Russia had interfered with the election and tried to persuade Mr. Rogers to say there was no evidence of collusion between his campaign and Russian officials, they said.

There is a clear pattern emerging of Trump calling intelligence officials and interfering in the Russia investigation. If President Trump and his campaign did not collude with Russia, he and his administration should be welcoming the investigation to put any false accusations to rest. Trumps repeated attempts to undercut and discredit the investigation look like the acts of a man who has something to hide.

The case for obstruction of justice isnt Comey versus Trump. It is Trump versus Comeys testimony, Comey memos, intelligence community witnesses, and an NSA memo. That is just the information that is publicly known. It is likely that there is, even more, evidence that the public has yet to hear about. The special counsel has witness testimony and physical evidence to weigh when evaluating if Trump obstructed justice.

The President wants America to believe that the man who lied to them about everything from the crowd size at his inauguration to President Obama spying on him is to be believed over a mountain of evidence.

Trump didnt know it at the time, but his phone calls left a paper trail that could lead straight to obstruction of justice.

Trump interfered with investigation, Trump interfered with Russia investigation, Trump NSA memo, Trump obstruction of justice

Visit link:

The Paper Trail To Impeachment Grows As NSA Memo Shows Trump Investigation Interference - PoliticusUSA

In mid-April,an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the Shadow Brokers. Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

An infected NHS computer in Britain

Gillian Hann

The malware worm taking over the computers goes by the names WannaCry orWanna Decryptor. It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin. At this point, ones computer would be rendered useless for anything other than paying said ransom. The pricerises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) willmake the data permanently inaccessible (WannaCry victims will have a handy countdown clocktosee exactly how much time they have left).

Ransomware is not new; for victims, such an attack is normally a colossal headache. But todays vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly health care, communications infrastructure, logistics, and government entities.

Reuters saidthathospitals across England reported the cyberattack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies, and that the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

The worm has also reportedly reached universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. In total, researchers have detected WannaCry infections in over 57,000 computersacross over 70 countries(and counting these things move extremely quickly).

According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs asMalwareTech told The Intercept, Ive never seen anything like this with ransomware, and the last worm of this degree I can remember is Conficker. Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9million computers in nearly 200 countries.

Most importantly, unlike previous massively replicating computer worms and ransomware infections, todays ongoing WannaCry attack appears to be based onan attack developed by the NSA, code-named ETERNALBLUE. The U.S. software weapon would have allowed the spy agencys hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain versions of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixedthe ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in government) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them but from the moment the agency lost control of its own exploit last summer, theres been no such assurance. Today shows exactly whats at stake when government hackers cant keep their virtual weapons locked up. As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, I am actually surprised that a weaponized malware of this nature didnt spread sooner.

Screenshot of an infected computer via Avast.

The infection will surely reignite arguments over whats known as the Vulnerabilities Equity Process, the decision-making procedure used to decide whether the NSA should use a security weakness it discovers (or creates) for itself and keep it secret, or share it with the affected companies so that they can protect their customers. Christopher Parsons, a researcher at the University of Torontos Citizen Lab, told The Intercept plainly: Todays ransomware attack is being made possible because of past work undertaken by the NSA, and that ideally it would lead to more disclosures that would improve the security of devices globally.

But even if the NSA were more willing to divulge its exploits rather than hoarding them, wed still be facing the problem that too many people really dont seem to care about updating their software. Malicious actors exploit years old vulnerabilities on a routine basis when undertaking their operations, Parsons pointed out. Theres no reason that more aggressive disclose of vulnerabilities through the VEP would change such activities.

A Microsoft spokesperson provided the following comment:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update: May 12, 2017, 3:45 p.m. This post was updated with a comment from Microsoft.

Update: May 12, 2017, 4:10 p.m. This post was updated with a more current count of the number ofaffected countries.

Continued here:

Leaked NSA Malware Is Helping Hijack Computers Around the World

The unusual decision Microsoft made to release patches on Tuesday for unsupported versions of Windows was prompted by three NSA exploits that remained unaddressed from Aprils ShadowBrokers leak.

The worst of the bunch, an attack called ExplodingCan (CVE-2017-7269), targets older versions of Microsofts Internet Information Services (IIS) webserver, version 6.0 in particular, and enables an attacker to gain remote code execution on a Windows 2003 server.

All three attacks allow an adversary to gain remote code execution; one is EsteemAudit, a vulnerability in the Windows Remote Desktop Protocol (RDP) (CVE-2017-0176), while the other is EnglishmanDentist (CVE-2017-8487), a bug in OLE (Object Linking and Embedding). Microsoft said the patches are available for manual download.

ExplodingCan merits a closer look because of the wide deployment of IIS 6.0.

Generally, when you put a Windows machine on the internet, its going to be a server and its going to run a webserver, so there are production machines on the internet running IIS 6.0 right now, said Sean Dillon, senior analyst at RiskSense and one of the first to analyze the NSAs EternalBlue exploit that spread WannaCry ransomware on May 12.

Its probably already been exploited for months now, Dillon said. At least now theres a fix thats publicly available.

Microsoft released a hefty load of patches for supported products and services on Tuesday as part of its normal Patch Tuesday update cycle. Normally, patches for unsupported versions of Windows are available only for Microsoft customers on an expensive extended support contract. The companys decision to make all of those fixes public on Tuesday, it said, was prompted by an elevated risk for destructive cyber attacks.

Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt, said Adrienne Hall, general manager of Microsofts Cyber Defense Operations Center.

In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations, Hall said. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available toallcustomers, including those using older versions of Windows.

The ShadowBrokers leak in April unleashed a number of powerful Windows attacks into the public, allegedly belonging to the Equation Group, which is widely believed to the U.S. National Security Agency. Criminals and other nation states have already been leveraging the attacks to spread not only WannaCry ransomware, but also crytpocurrency mining utilities and other types of malware.

Microsoft said customers should not expect this type of patch release for unsupported products to become the norm. Some experts have been critical of Microsot, which also made a similar update available for unsupported products hours after the WannaCry outbreak.

I wish MS would stop releasing patches for xp/2003 it really harms efforts to get rid of legacy in the corporates

Quentyn Taylor (@quentynblog) June 13, 2017

Oh no. Take Windows XP off life support. Though it cannot die with dignity, it must be allowed to die. It will be messy. But this is cruel. https://t.co/euZVdTLC0z

Katie Moussouris (@k8em0) June 13, 2017

It was the right move by Microsoft, Dillon said. We saw the damage it can cause with WannaCry. Some of the most-used infrastructure, like SCADA systems, still run on XP whether theyre getting patches or not. When you have critical things [running on XP], its a good thing they released, but it should only be looked at as a temporary solution and people should look to upgrade off of legacy versions.

Some third-party services such as 0patch have provided micro-patches for some of these vulnerabilities on legacy versions, even before the ShadowBrokers leak, Dillon said. Hopefully people who are running legacy systems have looked into other means of patching beside official fixes, he said. Although, this is great that theres an official fix.

The remaining two vulnerabilities are a lesser severity but should be patched nonetheless on legacy systems.

EsteemAudit affects RDP, but only on XP and did not require a patch for modern versions of Windows. According to Microsoft, the vulnerability exists if the RDP server has smart card authentication enabled.

EnglishmanDentist, meanwhile, is triggered because Windows OLE fails to properly validate user input, Microsoft said.

Theres a whole wide assortment of exploits that were leaked, and weve only seen a few of them actively used at a mass scale. This is just plugging a hole before it becomes a bigger problem, Dillon said.

See the article here:

Rare XP Patches Fix Three Remaining Leaked NSA Exploits - Threatpost

Americas top intelligence official is reneging on a promise made under the Obama administration to estimate how many Americans have been spied on using a warrant-less surveillance law intended to target foreigners. The decision to abandon that commitment isnt sitting well with civil liberties advocates who formed a coalition this week in protest.

Director of National Intelligence Dan Coats told a Senate panel last week that it was infeasible to generate an exact, accurate, meaningful, and responsive methodology to show how many Americans have been spied on under Section 702 of the Foreign Intelligence Surveillance Actthe law which enables intelligence agencies to spy on the communications of foreigners with the help of American companies such as AT&T.

Coats said the National Security Agency had already undergone a Herculean effort to determine the number, but somehow failed miserably.

Given that the NSA claims to be the largest employer of mathematicians in the country (the exact number is classified), Coatss explanation that counting is really hard seemed fairly absurd. One can only conclude that the number of Americans being spied on incidentally under 702 is so shockingly high that announcing it would endanger any chance of renewing 702's authority before it expires on January 1, 2018.

Either way, the official President Trump appointed to lead the Intelligence Community seems to have thrown his hands in the air with regard to this simple accountability request. Its astonishing, really, that the White House was able to find someone who is less inclined to be straightforward with the American public than James Clapper, the former director, whose New York Times obituary will undoubtedly contain an accusation of perjury.

Late Monday, the American Civil Liberties Unionalong with more than two dozen other digital and civil rights groupssigned a letter [PDF] criticizing Coats decision to leave the public in the dark, and with justifiable and significant concerns about the effect of Section 702 surveillance on Americans privacy and civil liberties. The letter was sent to Office of the Director of National Intelligence and then forwarded [PDF] to the chairman and ranking member of the House Judiciary CommitteeRepresentatives Bob Goodlatte and John Conyers, respectively.

Members of Congress should be outraged that the NSA has reneged on its commitment to provide an estimate of the number of Americans that the NSA spies on under Section 702, and should use every tool at their disposal to demand that this information be provided, Neema Singh Guliani, ACLU legislative counsel, said in a statement.

The executive branch has provided no credible explanation for their abrupt reversal in position, which comes after months of discussions with Congressional staff on methodologies to obtain the exact information that they now claim is impossible to determine, Guliani continued. This decision is not rooted in practicalities, but rather part of an overall effort to withhold key information about Section 702 while the program is being debated in Congress.

Aside from the ACLU, 32 other groups signed on to the letter, including the Brennan Center for Justice, the Electronic Frontier Foundation, Demand Progress, and the Sunlight Foundation. The groups charge Coats with backtracking specifically for political reasons (as opposed to practical ones). It is critical to allow the American people and their representatives to fully understand the impact Section 702 has on their privacy and civil liberties as Congress considers reauthorization of the law, they said.

Rep. Conyers did not immediately respond to a request for comment. An aide to Rep. Goodlatte referred questions to a Judiciary Committee spokesperson, who likewise did not return a request for comment.

Update, 1:56pm: A Republican House Judiciary Committee aide provided Gizmodo the following comment:

As the House Judiciary Committee seeks to reauthorize and reform FISA Section 702, it is imperative that Members of Congress understand the impact of this intelligence-gathering program on U.S. persons. While Director Coats has indicated that it is not feasible to provide this information, the Committee will continue to explore with the agencies various options for obtaining the desired information. Chairman Goodlatte looks forward to working with Director Coats and others on efforts to reauthorize this critical intelligence-gathering program and to ensure it protects Americans civil liberties.

The rest is here:

Intel Chief Says He Cannot Reveal How Many Americans the NSA ... - Gizmodo

Fridays, when driving home from the airport, I sometimes drive by the seven NSA concrete fortress abominations in Draper, Utah.

Are the employees inside utilizing supercomputers to vacuum up billions of e-mails, social media posts and phone calls from American heroes or deplorable violators of our rights? Without oaths and warrants based on probable cause that a crime has been committed to justify their vacuuming of our private information dont they continuously and daily violate the 4th Amendment prohibitions against such a vast collection of private data from Americans?

Are we all comfortable with their vast fishing expedition seeking information that could be used against any one of us by a federal government that has long ago escaped its Constitutional cage?

The collected data, stored in the 702 database (Section 702, 2008 Amendment Act of the 1978 Foreign Intelligence Surveillance Act) awaits the mining and use of bureaucrats who make up their own rules, doesnt it?

Your political observations, financial information, or complaints about politicians made in your e-mail, phone call, or on social media are there awaiting some future use you cant predict arent they?

Bliss W. Tew, Orem

Originally posted here:

Tew: NSA site troubling for personal freedom - Daily Herald

Her family calls Reality Leigh Winner a patriot who may have made some mistakes but acted with conviction for the good of her country. The federal government portrays her as something more sinister a threat to national security.

Those contrasting portraits, first unveiled last week in a bond hearing in an Augusta federal court, will likely emerge in the months ahead as the central themes in the first leak prosecution under the Trump administration.

Legal experts say prosecutors will want to make an example of someone who allegedly shared secrets in an era where rampant leaks have angered President Donald Trump and damaged his presidency. Winner, meanwhile, will be fighting for her freedom.

Winner, an intelligence contractor who worked at Fort Gordon near Augusta, pleaded not guilty to a single count of willful retention and transmission of national defense information. She is charged under the Espionage Act with leaking a top secret NSA document on Russian attempts to hack U.S. election systems to the news media.

Prosecutors won the first sortie on Thursday, convincing U.S. Magistrate Judge Brian Epps that Winner is too great a risk to be released on bond. Assistant U.S. Attorney Jennifer Solari said the government is concerned Winner might have compromised other secrets, and that she had a persistent desire to travel to Afghanistan and researched technology that could be used to cover her digital tracks.

Winner allegedly wrote that she wanted to burn the White House down and in notes appeared sympathetic to the Taliban.

Winners lawyer, Titus Nichols, said his client isnt a flight risk nor a threat.

Friends and her family have described her as an animal lover, a fitness buff and a decorated Air Force veteran. Her stepfather, Gary Davis, said her youth, her liberal views and her high security clearance make her a perfect patsy.

Thats what our biggest fear is political persecution to drive home a political point, Davis said. Thats the unwritten message. If you go against the government, then were going to shut you down. And were going to throw you into prison and throw away the key.

President Barack Obama prosecuted more leakers than all other presidents before him combined, and though the Winner case is the first under Trump, the new president has demanded the Department of Justice find and prosecute more.

Under Trump, even the definition of leaker has expanded. On Friday, the president called James Comey, the FBI director he fired amid probes into Russia election meddling, a leaker, although the contents of the memo Comey told Congress he had distributed to the press do not appear to qualify as classified information.

Joshua Lowther, a criminal defense attorney in Atlanta, said Winner could make a sympathetic defendant. Shes a six-year veteran of the Air Force awarded a commendation for her intelligence work, which helped kill and capture hundreds of enemy combatants.

One of Winners potential defenses is to highlight that history of service to her country, including in the decision whether misguided or principled to leak material about Russian influence on the 2016 presidential election that she believed the public needed to know, Lowther said.

In court Thursday, prosecutors sought to shoot down that line of defense with explosive allegations she expressed sympathies to American enemies and wanted to burn the White House, Lowther said.

The government thinks this is someone who deserves to be prosecuted severely, Lowther said.

So far, though, the prosecutions picture of Winner as a danger to the nation doesnt fully square with the material she is alleged to have leaked, said Kenneth Geers, a senior fellow at international affairs think tank Atlantic Council.

Geers, a former NSA and Defense Department analyst, said what Winner allegedly leaked and where she sent the information to the whistleblower website, The Intercept makes it appear she acted out of conscience.

When I read the (original Intercept) article I thought this is a person who might be a Bernie supporter, said Geers, referring to Bernie Sanders, the U.S. senator from Vermont and former Democratic presidential candidate.

Unless prosecutors uncover that Winner compromised more sensitive information, something that would aide an adversary or wound U.S. interests abroad, the case doesnt seem to support the argument that shes a jihadist, Geers said.

I dont know her state of mind or logic, but it seems like if she were a jihadist, only releasing information about the election doesnt make a lot of sense, Geers said.

Prosecutors do not have to prove harm

Former CIA Director Gen. David Petraeus and Marine Gen. James Cartwright avoided lengthy prison sentences by pleading to lesser charges. Winner fits into the pattern of the Justice Department throwing the book at lower level employees, said Edward MacMahon, a veteran criminal defense lawyer versed in national security cases.

MacMahon was part of the defense team for Jeffrey Sterling, a former CIA operative who was convicted of espionage and sent to prison for leaking details of a secret U.S. operation to sabotage Irans nuclear program to a New York Times reporter.

Though the Winner case is slated to be tried in federal court in Augusta, it will be directed from Washington by the Counterintelligence and Export Control Section of the Justice Departments National Security Division.

The government will put enormous resources into trying this case, MacMahon said.

Prosecutors will attempt to prove that Winner had access to the classified material, gave it to persons without that access and that they can exclude other possible suspects.

The salacious allegations of sympathizing with enemies only ups the ante.

Prosecutors also have a significant advantage: they do not have to prove the leak caused harm to the nation.

They dont have to prove actual harm, they only have to prove the possibility of harm, he said. Its been challenged in court as vague but no court has ever overturned a conviction from it.

2017 The Atlanta Journal-Constitution (Atlanta, Ga.). Distributed by Tribune Content Agency, LLC.

WATCH NEXT:

Originally posted here:

Accused NSA Leaker May Be Treated Harshly As An Example, Experts Say - Task & Purpose

New York Times

Reality Winner, NSA Contractor Accused of Leak, Was Undone by Trail of Clues New York Times Then came a yearslong debate over warrantless wiretapping during the George W. Bush administration, the leak to the news media in 2013 of hundreds of thousands of documents by Edward J. Snowden, and last year, the theft of N.S.A. hacking tools that ... The latest NSA leak is a reminder that your bosses can see your every moveWashington Post How Did Accused NSA Leaker Reality Winner Get Security Clearance?NBCNews.com Federal contractor arrested after NSA document published on news siteUSA TODAY NPR -The Hill -The Intercept -Department of Justice all 1,400 news articles »

See the article here:

Reality Winner, NSA Contractor Accused of Leak, Was Undone by Trail of Clues - New York Times

Newser

FBI Used 'Microdots' to Nab Accused NSA Leaker Newser The yellow "microdots" formed a coded design on the paper the 25-year-old NSA contractor allegedly provided to the Intercept that purports to detail Russian interference in the November election. The pattern revealed the serial number of the printer ...

Continue reading here:

FBI Used 'Microdots' to Nab Accused NSA Leaker - Newser

Here are 5 questions that were raised by the leaked NSA hacking report and the ongoing threat that national security officials say Russia poses to the integrity of American elections. Patrick Semansky/AP hide caption

Here are 5 questions that were raised by the leaked NSA hacking report and the ongoing threat that national security officials say Russia poses to the integrity of American elections.

America's sprawling elections infrastructure has been called "a hairball" but as people in Silicon Valley might ask, is that a feature or a bug?

Then-FBI Director James Comey touted it as a good thing "the beauty of our system," he told Congress, is that the "hairball" is too vast, unconnected and woolly to be hacked from the outside.

That was before Monday's leak of a top secret National Security Agency report about a Russian election cyberattack. What that document confirms is that if the whole is safe, its many individual parts may not be.

The NSA report, posted by The Intercept, documents a scheme by Russia's military intelligence agency, the GRU, to compromise the systems of a Florida elections services company then use that access to explore local voting registration records.

"It is unknown whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor," as one NSA analyst wrote in the report.

Here are 5 other questions that remain unknown about this story and the ongoing threat that national security officials say Russia poses to the integrity of American elections.

1. How widespread are these attacks?

The Department of Homeland Security and U.S. intelligence leaders have said generally that voter registration rolls were a pet target of Russian cyberattackers, but that Russia didn't change any votes. The American leaders also have warned, however, that they expect the Russian mischief to continue in the 2018 and 2020 election cycles. If the GRU continues operations like this elsewhere, how much better of an understanding will it have of local elections officials and their vendors next year or beyond?

Elections systems analysts tell NPR that although electronic voting machines are not connected to the public Internet, the computers that update their firmware are, or the ones that program them at the factory. It isn't clear what's practically possible in this realm in terms of hacking or compromising those systems; Comey told members of Congress that Russia has attempted to tamper with votes "in other countries," but the details aren't clear.

Even with the redactions, The Intercept made at the request of the NSA to protect some of its key secrets, there are tantalizing details about the extent of the GRU mischief. One note makes clear that this so-called "spear-phishing" campaign was separate from another major program known within secret circles though the name of that is blacked out.

Another mention in the NSA report suggests that two-factor authentication the popular system in which Gmail, for example, sends users a text message with a code they must enter along with a password in order to log in is not a failsafe security feature. The GRU hackers were able to use fake websites that used real Google verification codes to gain access to victims' accounts.

2. Can the federal government do more?

Then-DHS Secretary Jeh Johnson said last year that the federal government was offering help across the board to local elections officials to be aware of the Russian cyber-mischief. And Comey told the Senate Intelligence Committee last month that the government continued to provide information about the ongoing threat.

"Two things we can do, and that we are doing, both in the United States and with our allies, is telling the people responsible for protecting the election infrastructure in the United States everything we know about how the Russians and others try to attack those systems," Comey said. "How they might come at it, what [Internet protocol] addresses they might use, what phishing techniques they might use."

That may have been one eventual goal for the NSA report posted on Monday it could have been the top secret original from which DHS or other agencies might have created unclassified advisories to send out to states.

But is it enough just to share information about such a sophisticated adversary? Local vendors and state officials don't have vast IT resources or sophisticated counterintelligence to help defend themselves against state-actor adversaries. And states "pushed back" against Johnson when he offered help last year, as former Director of National Intelligence James Clapper told Congress they rejected what he called "federal interference."

Clapper said he believed Congress should designate the national election apparatus "critical infrastructure," the way the U.S. has labeled 16 other "sectors," including the American chemical industry, dams, the power grid and others. That could get very complicated, however, and it would take time and cost money.

3. Why do these leaks keep happening?

The Justice Department has charged a U.S. intelligence community contractor, Reality Winner, with allegedly leaking the NSA report to The Intercept. According to court documents, when the news site's correspondents asked the NSA's public affairs office to verify the report, that enabled the FBI to narrow down who had access to it and pinpoint Winner.

From the perspective of NSA leaders, that's a partial success story: they plugged a leak quickly instead of having it turn into a gusher. But at the same time Winner's case is just the latest example of a contractor on the outer periphery of a spy agency hazarding closely held secrets.

Last month, tens of thousands of sensitive files connected to the National Geospatial-Intelligence Agency were left on a publicly accessible Amazon server by an engineer with contractor Booz Allen Hamilton. Last year, an NSA contractor also with Booz Allen was charged with hoarding a "breathtaking" amount of sensitive material. And before that, NSA contractor Edward Snowen took huge amounts of secret information about the U.S. intelligence community and the military.

Agency bosses, now led by Director of National Intelligence Dan Coats, say they've focused intensely on what they call the "insider threat" since the Snowden days, and the intelligence community now has a task force dedicated to helping snuff it out.

The question that Winner's case again raises is how secure Coats and agency leaders can make a constellation of 17 separate agencies that each has its own wider network of contractors who support it.

4. Why can't the U.S. stop these cyberattacks?

Then-CIA Director John Brennan called his counterpart in Russia last year to read him the riot act: "I said that all Americans, regardless of political affiliation or whom they might support in the election, cherish their ability to elect their own leaders without outside interference or disruption," Brennan told the Senate last month. "I said American voters would be outraged by any Russian attempt to interfere in the election."

But Alexander Bortnikov, the head of Russia's FSB intelligence agency the successor to the infamous KGB claimed he didn't know anything about any election meddling. In Brennan's telling, he promised he'd relay the details of the phone conversation to Russian President Vladimir Putin.

President Barack Obama also is believed to have warned Putin to knock off the interference with no result. The NSA report posted on Monday describes a cyberattack that lasted until just before Election Day in November, well after the U.S. announced publicly that Russia had been responsible for campaign mischief.

U.S. intelligence officials said at the time that they believed so-called "attribution" was a powerful weapon. The FBI later issued indictments for Russian intelligence officers and others involved with the meddling, making public how much information Americans have about what's taking place behind the scenes.

None of it, however, appears to have made a difference. Coats, Comey, Brennan and other leaders continue to warn that Russian cyber-mischief proceeds, that Moscow considers it successful and that it could ramp up again in the 2018 midterm and 2020 presidential elections. One political scientist told NPR the world of foreign meddling is "the new normal."

Is that so, or can the U.S. government do more launch cyberattacks of its own, impose further restrictions on Russia or take some other step to impose greater costs on the Russians?

5. Will this change Trump's tune?

"As far as hacking, I think it was Russia," then-President-elect Trump said at a news conference before Inauguration Day.

Since then, however, he's dismissed the election-meddling story as an excuse created by Democrats to cover up Hillary Clinton's loss, or opined that cyberspace is so complicated that no one could ever know for certain who might have been behind it. Russian President Vladimir Putin made the same point over the weekend to NBC News' Megyn Kelly.

The NSA report leaked on Monday, however, shows that, in fact, American intelligence officers have a highly detailed technical understanding about how much of Russia's hacking operation works. They attribute the scheme without hesitation to the GRU and talk in detail about the software and other tools used to try to compromise the victims' computers.

It was one thing for the intelligence community to conclude that Russia had interfered and not explain how it knew. Now there are more clues in the open about how it knows. And the report, completed in May, shows that its analysis continues about the ways Russia's intelligence agencies attacked the U.S during the 2016 cycle.

Trump rejects any notion that his campaign aides might have colluded with the Russian operatives who meddled in the election, but does the emergence of this NSA document make it tougher for him to continue to question whether it even happened?

Original post:

5 Unanswered Questions Raised By The Leaked NSA Hacking Report : NPR