1. NSA

Category Archives: NSA

Wikipedia Suing The NSA and The Large Hadron Collider Reborn – Downstream – Video

Posted on by


Wikipedia Suing The NSA and The Large Hadron Collider Reborn - Downstream
Downstream is Al Jazeera #39;s weekly look at the top stories from the world of science and tech with Tarek Bazley. Join in on the conversation on Twitter: #AJDownstream In this episode (March...

By: Al Jazeera English

Read the original:

Wikipedia Suing The NSA and The Large Hadron Collider Reborn - Downstream - Video

Posted in NSA

Hacking BIOS Chips Isnt Just the NSAs Domain Anymore

Posted on by

The ability to hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies. Millions of machines contain basic BIOS vulnerabilities that letanyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSAs efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computers operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specializedoperating systems like Tailsused by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking toolby Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which theyre calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventuallystopped counting the vulns it uncovered because there were too many.

Theres one type of vulnerability, which theres literally dozens of instances of it in every given BIOS, says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few peoplehave applied them.

Because people havent been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker, he notes. We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they dont hear a lot about it being attacked in the wild.

An attacker could compromise the BIOS in two waysthrough remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moments access to a system to compromise it.

Link:

Hacking BIOS Chips Isnt Just the NSAs Domain Anymore

Posted in NSA

To avoid NSA, Cisco gear gets delivered to strange addresses

Posted on by

One of the most successful U.S. National Security Agency spying programs involved intercepting IT equipment en route to customers and modifying it.

At secret workshops, backdoor surveillance tools were inserted into routers, servers and networking equipment before the equipment was repackaged and sent to customers outside the U.S.

The program, run by the NSAs Tailored Access Operations (TAO) group, was revealed by documents leaked by former NSA contractor Edward Snowden and reported by Der Spiegel and Glenn Greenwald.

It was one of many revelations about the NSA that caused widespread suspicion that U.S. technology products shouldnt be trusted, even if companies strenuously denied helping the agency.

And it appears some Cisco Systems customers have since taken steps to prevent NSA tampering.

The company has shipped equipment to addresses that are unrelated to a customer, said John Stewart, Ciscos chief security and trust officer, on Wednesday during a panel session at the Cisco Live conference in Melbourne.

In theory, that makes it harder for the NSA to target an individual company and scoop up their package. But supply chains are tough to secure, Stewart said, and once a piece of equipment is handed from Cisco to DHL or FedEx, its gone.

Still, the risk of such tampering is pretty low for most customers. Cisco has been working on better ways for customers to verify the integrity of the systems it ships, but there will always be certain amount of risk that cant be mitigated, Stewart said.

If a truly dedicated team is coming after you, and theyre coming after you for a very long period of time, then the probability of them succeeding at least once does go up, Stewart said. And its because theyve got patience, theyve got capacity and more often than not, theyve got capability.

One of the leaked Snowden documents, dated June 2010, has two photos of an NSA interdiction operation, with a box that said Cisco on the side.

Originally posted here:

To avoid NSA, Cisco gear gets delivered to strange addresses

Posted in NSA

NSAs General Counsel Joins Mayer Brown

Posted on by

The National Security Agencys top lawyer has left the government and returned to private practice as a partner at Mayer Brown LLP in Washington D.C., running the firms global privacy and security practice.

Since 2012, Rajesh De served as the NSAs chief legal officer and principal legal adviser to its current director, Michael Rogers, and Mr. Rogerss predecessor, Gen. Keith Alexander.

At the NSA, Mr. De stood at the nexus between national security policy and law as the agency was dealing with the fallout from former agency contractor Edward Snowdens exposure of the governments broad-scale surveillance programs.

In an interview this week with the Washington Post, Mr. De declined to talk about Mr. Snowden, who was granted asylum in Russia, but told the paper that he believes that no person, a king or an IT guy, should consider themselves above our democratic system.

Before joining the NSA, Mr. De worked at the White House as staff secretary and deputy assistant to the president. He also served in the Department of Justices Office of Legal Policy. Before that, the Harvard Law School graduate was a partner at Mayer Brown.

With the rapid evolution of the cybersecurity landscape, its an exciting time to return to private practice, he said in a statement released by his firm.

See original here:

NSAs General Counsel Joins Mayer Brown

Posted in NSA

Become an NSA Spook in This iPhone Puzzle Game

Posted on by

If youve ever wondered what its like on the other side of the surveillance stateto be the one doing the snooping, as opposed to being the one getting snooped onyou now have the chance, in a somewhat unlikely form: A Laser Chess-style puzzle game for your iPhone.

In TouchTone, you play an NSA analyst, alternatively solving simple geometric puzzles and scanning peoples emails for national security threats. The puzzles are fun, but its the stuff in between thats really interesting. The game presents a simple, stylized take on the job, to be sure, but it can be a powerful experience nonetheless. As youre trying to decide whether a particular message is pertinent to national security, you cant help but feel in a very visceral way the queasy ambiguity at the heart of state surveillance.

The game was created by Michael Boxleiter and Greg Wohlwend, who work together under the name Mikengreg. Theyre responsible for the well-known games Solipskier and Gasketball. More recently, Wohlwend illustrated the cheerful visual design of the hit puzzle game Threes.

Boxleiter had worked out the basic puzzle elements of TouchTone for a game jam in 2012, but the two were struggling to figure out the extra something needed to make the game feel complete. The answer came suddenly with Edward Snowden and the PRISM revelations.

The concept fit well with the puzzle mechanics, which the developers felt had a bit of a hacker vibe all along. Still, it took a while to figure out the right tone for the controversial issue. At first we were going to go for a little satire, and throw in some jokes at the NSAs expense, Boxleiter says. I realized after a while that maybe we could say something a little more real and a little more important.

Boxleiter ended up writing an elaborate story centering around a American Muslim engineer, which unfolds in the form of emails intercepted over the course of the game. It took months of writing and rewriting. Not many people have made a game like this, so it feels like uncharted territory, Boxleiter says.

The game ends up balancing subtle satire with a vague, sinister vibe. At one point in the development process, after theyd shed the initial jokiness and embraced a straighter approach to the conceit, Boxleiter and Wohlwend took the game to a play-testing event in Chicago and claimed they were contracted by the NSA to make it. At least one beta tester believed them, a reaction Wohlwend and Boxleiter took as a job well done.

More:

Become an NSA Spook in This iPhone Puzzle Game

Posted in NSA

iPhone Encryption 'Petrified' NSA: Glenn Greenwald

Posted on by

Stronger encryption in Apple's iPhones and on websites like Facebook has "petrified" the U.S. government because it has made it harder to spy on communications, Glenn Greenwald, the journalist who first reported on Edward Snowden's stolen files, told CNBC.

Former National Security Agency (NSA) contractor Edward Snowden caused major shockwaves around the world in 2013 when he unveiled the surveillance body's wide ranging spying practices, which included regularly attempting to snoop on data held by major technology companies.

Greenwald, the man who helped Snowden publish the documents, said that Silicon Valley companies have bolstered the encryption on their products, thereby making it harder for governments to eavesdrop.

"They (Apple) are now starting to put serious encryption technologies in their new iPhones in their new releases and this has really petrified governments around the world," Greenwald told CNBC in an interview at tech fair CeBIT in Germany.

Read More from CNBC: Don't want NSA to spy on your email? 5 things you can do

Apple, Google, Facebook and Yahoo are some of the major companies that have been in the spotlight after Snowden's revelations. Information from Snowden documents released earlier this month detailed how the CIA had been trying for a decade to crack the security in Apple's products. And last year, Yahoo revealed that it was threatened with a $250,000-per-day fine if it didn't hand over data to the NSA.

The tech giants have been taking major steps to make sure their communications are safe from spying, a move Greenwald -- who won a Pulitzer prize for his reporting on the topic -- said was motivated by the fear of losing customers rather than care for data privacy.

"I don't(think) they suddenly care about privacy," Greenwald said.

"Ifyou're a Facebook executive or an Apple executive, you're extremely worried that the next generation of usersare going to be vulnerable to the pitch from Brazilian, and Korean and German social media companies where they advertise and say don't use Facebook and Google because they'll give your data to the NSA."

First published March 18 2015, 1:59 PM

Visit link:

iPhone Encryption 'Petrified' NSA: Glenn Greenwald

Posted in NSA

Pastor Mike Online 03-12-15, NSA Spy Apps, Hillary Has Horns, And Ferguson Update – Video

Posted on by


Pastor Mike Online 03-12-15, NSA Spy Apps, Hillary Has Horns, And Ferguson Update
Visit http://PastorMikeOnline.com - In today #39;s show, Pastor Mike Hoggard discusses topics that include: NSA using IOS and Android apps to spy on Americans, H...

By: MikeHoggardVideos

More:

Pastor Mike Online 03-12-15, NSA Spy Apps, Hillary Has Horns, And Ferguson Update - Video

Posted in NSA

Everyone’s a Target, NSA’s Mass Surveillance and Cyber Warfare in the Middle East – Video

Posted on by


Everyone #39;s a Target, NSA #39;s Mass Surveillance and Cyber Warfare in the Middle East
Since the revelations of Edward Snowden, there has been a great deal of discussion about NSA and domestic eavesdropping. But except for Germany, there has been very little examination of NSA #39;s...

By: American University of Beirut

Go here to see the original:

Everyone's a Target, NSA's Mass Surveillance and Cyber Warfare in the Middle East - Video

Posted in NSA

  1. NSA