1. NSA

Category Archives: NSA

‘Complete rape’ of government by industry Kirk Wiebe on private contractors in intelligence – Video

Posted on by


#39;Complete rape #39; of government by industry Kirk Wiebe on private contractors in intelligence
Watch the full episode here: http://bit.ly/17SYHes Kirk Wiebe, an NSA veteran and whistleblower, talks to Going Underground host Afshin Rattansi about mass surveillance. He says that the developme...

By: goingundergroundRT

The rest is here:

'Complete rape' of government by industry Kirk Wiebe on private contractors in intelligence - Video

Posted in NSA

Edward Snowden; Edward Snowden what to do with remaining NSA secrets – Video

Posted on by


Edward Snowden; Edward Snowden what to do with remaining NSA secrets
Edward Snowden Whistle blower or Patriot : What to do with the remaining NSA secrets. As Edward Snowden ponders on how to unload the remaining Government secrets he has. The value maybe ...

By: BSTV - News Brief

Excerpt from:

Edward Snowden; Edward Snowden what to do with remaining NSA secrets - Video

Posted in NSA

Wikileaks 2012, NSA 2013, NTIA Mishaps & Global Cyber Crime 2014: U.S. Exceptionalism over IG 2015?

Posted on by

The internet has become almost part of our daily involvement and reality is that it affects every facet of our modern lives. We are increasingly becoming dependent on the Internet, for which reason its availability, functionality, safety, stability and security are now of great and continuing concern to all of us and most importantly to US Congress, who so far has maintained stewardship over these key functions.

As the internet gets new updates, services apps and new technologies, so is the increased threats to the very resource we would like to use and trust. Several issues have become evident and have hit the headlines and drawn us to concerns we must boldly address. In my previous article, "From Wikileaks of 2012 to Snowden's NSA Leaks of 2013: Implications for Global Internet Governance, I covered the trending issue that came to the fore, that whilst Wiki leaks was about US diplomatic cables, the Edward Snowden disclosure of classified NSA information to private media organizations such as the UK Guardian newspaper has had graver implications for global Internet privacy. The NSA leak presented the United States of America as a country that practically spies on everybody in a most indiscriminate manner, including its own allies.

In an interview with CIO East Africa, I gave the African continent's perspective as to why the "The AUCC debate on Cyber Security needs to involve all stakeholders" concerning the NSA issue and that "African governments are still a long way in accepting such technologies as open data African governments can prepare proper legislations and strategize on how to handle private data in a manner that is not intrusive to rights of its citizens. The backlash of the NSA revelations wouldn't be a good experience for any government". Therefore "this emphasizes that internet governance should be a matter that is handled by many stakeholders to avoid giving the governments a monopoly of leadership in policy development"

From a private sector perspective , I wrote a piece on the reality of Emerging Cyber-Security Threats and Implications for the Private Sector, including a case for New gTLDs & Security where I highlighted that "cyber-warfare will be conducted against computers and network resources owned and operated by the private sector who own the utilities, financial corporations, and a lot of intellectual property." As such "The cost of Internet Security protection is bound to sky-rocket in the coming years." As "Private sector organizations that have their information resources compromised as a result of cyber-security attacks will not only suffer huge financial losses, and loss of business good-will, but their stock value could be affected and plummet and suffer degradation of overall market value. Investors stand the risk of losing their money invested in such companies." A case and point that soon exasperated was when Target, a US National Retailer was attacked by hackers who gained access to as many as 40 million credit and debit cards used by customers of Target during the height of the holiday shopping season.

Only at the end of 2014, did we come across deafening noise on the famous Sony Pictures Entertainment cyber hack, as it also took interest of the US political scene. Here there was a release of confidential data belonging to Sony Pictures Entertainment, the hackers who also called themselves the "Guardians of Peace" or "GOP" demanded the cancellation of the planned release of the film "The Interview", a comedy about a plot to assassinate North Korean leader Kim Jong-un. The US leadership saw it as un-American to recoil to such threat and also an attack on free speech.

As a result of such global cyber crime matters, President Obama Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them and also plans to announce legislation that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyberattacks.

Most recently ICANN the internet gatekeeper announced that it was "investigating a recent intrusion into our systems. We believe a "spear phishing" attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members". Whilst, this goes to show that no one is safe from these targeted attacks. ICANN's mission is tied to being the gatekeeper over the availability, functionality, safety, stability and security of the global internet, which directly impact Cyber Security. ICANN itself is embroiled in a bid to sever its ties with the US government; therefore, aside from the mainstream accountability concerns, governance of the cyber security has and will form a major part of discussions on designing a new model to oversight ICANN. From the statements and activities, the US congress is not keen to let this separation happen soon, with the budgetary interventions, the IANA transition may just be but a dream.

From an individual perspective, a recent case was reported by Addis Fortune Newspaper where "The Court passed a guilty verdict against Yonas, a member of the Ethiopian diaspora from Germany, and sentenced him to two years in prison (although reversal was made afterwards by a higher court to a 6 months only imprisonment by suspension, based on lack of reasonable prove on aggravating circumstances to delete data from the computer of the victim) and a 5,000-Br fine for the cyber crime he was said to have committed against his business partner lady Akiko Seyoum". This is among the rare cases of prosecution for cyber crime, and a signal that Africa is becoming aware of the need to mitigate the increase of cyber crime and money laundering schemes.

In conclusion, the need to protect the global internet from such implications above as to its availability, functionality, safety, stability and security and using it also as a diplomacy tool to ensure the same, would definitely give a justification by a wide margin to the US status quo over the internet. Whilst, the US would not allow itself to be liable as exemplified during the global financial crisis of 2009 and the 1930, for blowing out its house of cards over its American Exceptionalism, a concept that has its roots from the principle of a country organized around an ideology that includes a set of dogmas about the nature of a good society, especially the one that tied it to a future mission of bringing liberty and democracy to the world.

Therefore, expect nothing less but 2015 to be a year of American Excepionalism over Internet Governance!

See the original post:

Wikileaks 2012, NSA 2013, NTIA Mishaps & Global Cyber Crime 2014: U.S. Exceptionalism over IG 2015?

Posted in NSA

Science panel: No alternative to NSA bulk data collection

Posted on by

Originally published January 15, 2015 at 9:40 AM | Page modified January 15, 2015 at 12:26 PM

A committee of scientific experts has concluded that there is no viable technological alternative to bulk collection of data by the National Security Agency that allows analysts access to communications whose significance only becomes clear years later.

An 85-page report by the National Research Council, commissioned last year in the wake of surveillance revelations by former NSA contractor Edward Snowden, did not take a position on the merits of bulk collection of telephone or other records. But asked to look for effective software alternatives to bulk collection, it concluded there weren't any, in cases when, for example, the NSA wants to examine the past communications of new terror suspects.

"Restricting bulk collection will make intelligence less effective, and technology cannot do anything about this," the report says. 'Whether the gain in privacy is worth the loss is a policy question that the committee does not address."

If a particular set of communications becomes significant, the report says, "because of new circumstances such as identifying a new target, a non-nuclear nation that is now pursuing the development of nuclear weapons, an individual that is found to be a terrorist, or new intelligence-gathering priorities_historical events and the data they provide will be available for analysis only if they were previously collected."

The report does suggest ways to mitigate the privacy impact of bulk collection by restricting use of the data, something NSA says it does.

"Although no software can fully replace bulk with targeted information collection, software can be developed to more effectively target collection and to control the usage of collected data," the report says.

It recommends the use of automatic controls on bulk data, with audits that can be publicly shared.

The study was conducted by a committee of the National Academies, which advises the government on scientific matters. The committee was chaired by Robert Sproull, a former Oracle executive and computer scientist now at the University of Massachussetts.

The committee included a variety of experts, including Michael Leiter, former director of the National Counter Terrorism Center.

Read more here:

Science panel: No alternative to NSA bulk data collection

Posted in NSA

NSA official: Support of backdoored Dual_EC_DRBG was regrettable

Posted on by

It was a mistake for the National Security Agency to support a critical cryptographic function after researchers presented evidence that it contained a fatal flaw that could be exploited by US intelligence agents, the agency's research director said.

The comments by NSA Director of Research Michael Wertheimer were included in an article headlined The Mathematics Community and the NSA published this week in a publication called Notices. The article responds to blistering criticism from some mathematicians, civil liberties advocates, and security professionals following documents provided by former NSA subcontractor Edward Snowden showing that the agency deliberately tried to subvert widely used crypto standards. One of those standards, according to The New York Times, was a random number generator known as Dual EC_DRBG, which was later revealed to be the default method for generating crucial random numbers in the BSAFE crypto toolkit developed by EMC-owned security firm RSA.

"With hindsight, NSA should have ceased supporting the dual _EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor," Wertheimer wrote. "In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable."

He went on to defend the NSA and deny accusations that it tried to subvert crypto standards. Dual EC_DRBG was one of four random number generators included in the larger standard known as SP 800-90A,he pointed out, and the NSA-generated points were necessary for accreditation and had to be implemented only for actual use in certain Defense Department applications.

Wertheimer wrote:

The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NISTs April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to "undermine Internet encryption." A fair reading of our track record speaks otherwise. Nevertheless, we understand that NSA must be much more transparent in its standards work and act according to that transparency. That effort can begin with the AMS [American Mathematical Society] now.

In the future, Wertheimer promised, NSA officials will be more transparent in the way they support fledgling technologies being considered as widely used standards. All NSA comments will be in writing and published for review. Additionally, the NSA will publish algorithms before they're considered so that the public has more time to scrutinize them.

"With these measures in place, even those not disposed to trust NSA's motives can determine for themselves the appropriateness of our submissions, and we will continue to advocate for better security in open-source software, such as Security Enhancements for Linux and Security Enhancements for Android (selinuxproject.org)," he wrote.

Update: Critics are already characterizing Wertheimer's letter as a non-apology apology that only deepens the divide. In the blog A Few Thoughts on Cryptographic Engineering, for instance Matt Green, a Johns Hopkins university professor specializing in cryptography, wrote:

The trouble is that on closer examination, the letter doesn't express regret for the inclusion of Dual EC DRBG in national standards. The transgression Dr. Wertheimer identifies is simply the fact that NSA continued to support the algorithm after major questions were raised. That's bizarre.

See the original post:

NSA official: Support of backdoored Dual_EC_DRBG was regrettable

Posted in NSA

No, the NSA Isnt Like the StasiAnd Comparing Them Is Treacherous

Posted on by

Jasper Rietman

Ever since Edward Snowden handed thousands of National Security Agency documents over to filmmaker Laura Poitras and writer Glenn Greenwald in a Hong Kong hotel room, the NSAs mass surveillance of domestic phone calls and Internet traffic has been widely compared to the abuses of East Germanys secret police, the Stasi.

The communist republic may have imploded in 1989, but it has nonetheless become synonymous with a smothering, all-knowing spy apparatus.

A year ago, President Obama himself cited East Germany as a cautionary tale of what could happen when vast, unchecked surveillance turned citizens into informers and persecuted people for what they said in the privacy of their own homes. He was responding to accusations that just such a vast, unchecked effort to collect data has metastasized on his watch.

It was no coincidence that Poitras chose Leipzig, a city in the heart of the former East Germany, for the recent German debut of her documentary Citizenfour, about Snowden and the NSA. If the government is doing that kind of surveillance, it has a corrosive effect on democracy and society, Poitras said after the premiere. People who lived through it can tell you what it was like.

Indeed. When it was revealed that the NSA had been listening to her cell phone calls, German chancellor Angela Merkelwho came of age in communist East Germany, under the Stasis watchful eyetold President Obama, This is just like the Stasi. In an interview last year, NSA whistle-blower and Poitras source William Binney likened the agency to the Stasi on supersteroids.

Theyre wrong. In crucial ways, the two agencies are very different. In its effort to control East Germany, the Stasi made its presence felt in every sphere of life. Its power rested not only in the information its surveillance yielded but in the fear and distrust that collection instilled. The NSA, on the other hand, operates best in the dark, its targets unaware of its existence, let alone its dragnet data-gathering. Even Poitras, when asked, acknowledged a line between the two. The NSAs broad, mass collection is fundamentally different than what the Stasi did, she said in Leipzig.

Calling the Stasi secret police is misleading. The name is an abbreviation of STAatsSIcherheit, or State Security. Founded in 1950 as the East German Communist Partys sword and shield, it never hid the fact that it was spying. By the late 1980s, more than 260,000 East Germans1.6 percent of all adults in the countryworked for the organization, either as agents or as informants. (If the NSA employed as many analysts to spy on 320 million Americans, it would have 5 million people on the payroll.) It wanted you to constantly wonder which of your friends was an informant and, ideally, tempt or pressure you into the role of snitch too.

At times, the scrutiny reached absurd proportions. Every apartment building and workplace had a designated informer. Spies used specially built equipment to steam open mail; a Division of Garbage Analysis was on the lookout for suspect trash. Stasi agents let the air out of targets bicycle tires and rearranged the pictures in their apartments in an effort to drive class enemies crazy.

Cooperation was often a prerequisite for career advancement, academic success, even a new apartment. The Stasi had the power to take your children away or keep you from getting into a university. Its visibility and ubiquity forced East Germans to make moral choices every day: Collaborate with an unjust, undemocratic system or suffer the consequences.

Continue reading here:

No, the NSA Isnt Like the StasiAnd Comparing Them Is Treacherous

Posted in NSA

NSA: SO SORRY we backed that borked crypto even after you spotted the backdoor

Posted on by

The NSA's director of research Michael Wertheimer says it's "regrettable" that his agency continued to support Dual EC DRBG even after it was widely known to be hopelessly flawed.

Writing in Notices, a publication run by the American Mathematical Society, Wertheimer outlined the history of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), and said that an examination of the facts made it clear no malice was involved.

Dual EC DRBG is a random number generator championed by the NSA in the 2000s. Number generators are an essential component of encryption systems; a weak generator will leave encrypted data vulnerable to decoding by an attacker.

This random number generator was eventually approved as a trustworthy algo by the US National Institute of Standards and Technology (NIST), despite concerns that it could be faulty, and RSA made it the default encryption systems in its BSAFE toolkits. A subsequent report suggested the NSA paid RSA $10m to include the flawed algorithm a claim RSA denies.

In 2007 two Microsoft security researchers, Dan Shumow and Niels Ferguson, pointed out that there were serious flaws with Dual EC DRBG, and that using it with elliptic curve points generated by the NSA could create a "trap door" that would allow encryption to be easily broken.

"With hindsight, NSA should have ceased supporting the Dual EC DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable," Wertheimer wrote [PDF].

"The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST's April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the Dual EC DRBG casts suspicion on the broader body of work NSA has done to promote secure standards."

The case doesn't prove the NSA is actively trying to subvert crypto standards, Wertheimer argued, merely that a mistake had been made and then rectified. He pointed out that the NSA was keen to fund more mathematical research and post September 11 this work was vitally needed.

But Wertheimer's version of events isn't sitting well with some experts in the field. Assistant research professor Matthew Green of Johns Hopkins University Information Security Institute in Maryland has written a rebuttal to Wertheimer, pointing out several holes in his story.

For a start, Prof Green said problems with Dual EC DRBG systems that used the NSA's elliptic curve points were first noticed way back in 2004 by members of an ANSI standards committee, when NIST was still considering backing the algorithm. Someone on the panel even went as far as to file a patent on breaking encryption using the system.

Read the rest here:

NSA: SO SORRY we backed that borked crypto even after you spotted the backdoor

Posted in NSA

NSA director backs FBI claim that N. Korea is behind Sony cyber attack NSA – Video

Posted on by


NSA director backs FBI claim that N. Korea is behind Sony cyber attack NSA
The U.S. National Security Agency has echoed the FBIs conclusion that North Korea was behind the recent cyber attack on Sony Pictures. NSA Director Michael Rogers told The Daily Beast that...

By: ARIRANG NEWS

Read more:

NSA director backs FBI claim that N. Korea is behind Sony cyber attack NSA - Video

Posted in NSA

NSA Intercepts Reveal Paris Event Just the Start of Attacks In Europe – Video

Posted on by


NSA Intercepts Reveal Paris Event Just the Start of Attacks In Europe
http://www.undergroundworldnews.com Dahboo7 On Zeekly: http://zeeklytv.com/user/Dahboo77 The deadly events that unfolded in France over the last week may be the first in a wave of attacks...

By: DAHBOO77

Go here to read the rest:

NSA Intercepts Reveal Paris Event Just the Start of Attacks In Europe - Video

Posted in NSA

The Fallout From the NSA's Backdoors Mandate

Posted on by

The United States National Security Agency (NSA) is widely believed to have mandated high-tech vendors build backdoors into their hardware and software. Reactions from foreign governments to the news are harming American businesses and, some contend, may result in the breakup of the Internet.

For example, Russia is moving to paper and typewriters in some cases to move certain types of information, Private.me COO Robert Neivert told the E-Commerce Times.

Governments are pushing to enact laws to force the localization of data -- generally meaning they won't allow data to be stored outside their borders to protect citizens against NSA-type surveillance -- a move that's of particular concern to American businesses, according to a Lawfare Research paper.

That's because they deem U.S. firms untrustworthy for having provided the NSA with access to the data of their users.

"There's an increased use of networks on behalf of Europe and other allies that do not pass through U.S. companies or U.S.-controlled networks," Neivert said. Some countries are even proposing to break up the Internet.

However, "people who say these things threaten the Internet itself are misunderstanding things," Jonathan Sander, strategy & research officer of Stealthbits Technologies, told the E-Commerce Times. "The Internet produces too much wealth for too many people and organizations for anyone, including the U.S., to threaten it."

The U.S. economy "is one of the best weapons we have in the technology war," Sander continued. The U.S. market "is too big for foreign governments to ignore," which is why foreign companies continue doing business with the U.S.

Concern has been expressed about invasions of privacy through surveillance, but this issue is "a matter of policy" and there are differences in how citizens of different countries approach it, Sander pointed out. "In the EU and, to a lesser extent [Australia and New Zealand], privacy is an issue at the ballot box so there are laws reflecting that."

In the U.S., however, privacy "has yet to seriously break through as an issue, so there has been less motion," Sander remarked.

In August of last year, the German government reportedly warned that Windows 8 could act as a Trojan when combined with version 2.0 of the Trusted Platform Module (TPM), a specification for a secure cryptoprocessor.

Go here to see the original:

The Fallout From the NSA's Backdoors Mandate

Posted in NSA

NSA Officials: Snowden Emailed With Question, Not Concern

Posted on by

The Obama administration on Thursday released an email sent by Edward Snowden to the NSA's general counsel last year - an important document in the debate over whether the leaker of classified government documents attempted to raise questions "through channels" about the agency's domestic surveillance programs.

The email is the lone document found so far, according to U.S. officials, that could be seen as offering support for Snowden's claim that he attempted to alert officials at the NSA to what he considered improper or illegal domestic surveillance by the agency before he began leaking the secret documents.

The document is a request for clarification about a legal point in training materials for a mandatory course regarding policies and procedures restricting domestic surveillance by the NSA. The lack of context surrounding the email leaves room for interpretation on Snowden's motives for making the inquiry.

In an exclusive interview with NBC Nightly News anchor Brian Williams last week in Moscow that was broadcast Wednesday night, Snowden said he had warned the NSA, while working as an contractor, that he felt the agency was overstepping its bounds.

"I actually did go through channels, and that is documented," he asserted. "The NSA has records, they have copies of emails right now to their Office of General Counsel, to their oversight and compliance folks, from me raising concerns about the NSA's interpretations of its legal authorities. The response more or less, in bureaucratic language, was, 'You should stop asking questions.'"

But Sen. Dianne Feinstein, D-Calif., and chair of the Senate Intelligence Committee, issued a statement on Thursday saying that the email does not support Snowden's account.

"The email, provided to the committee by the NSA on April 10, 2014, poses a question about the relative authority of laws and executive orders it does not register concerns about NSA's intelligence activities, as was suggested by Snowden in an NBC interview this week," she said.

The NSA released this Edward Snowden email to the Office of General Counsel asking for an explanation of some material that was in a training course he had just completed, Thursday May 29, 2014.

U.S. officials initially disputed Snowden's claim that he had raised such questions, telling the Washington Post six months ago that no evidence of Snowden's alleged objection existed. "After extensive investigation, including interviews with his former NSA supervisors and co-workers, we have not found any evidence to support Mr. Snowden's contention that he brought these matters to anyone's attention," said the agency in a statement

Snowden sent the email released Thursday to the NSA's lawyers on April 5, 2013, while he was on temporary assignment at NSA headquarters in Ft. Meade, Md.

Read the original:

NSA Officials: Snowden Emailed With Question, Not Concern

Posted in NSA

  1. NSA