1. NSA

Category Archives: NSA

NSA Reports Show Agency May Have Violated Laws For A Decade By Spying On Americans

Posted on by

The National Security Agency may have violated U.S. law for over a decade with the unauthorized surveillance of U.S. citizens'overseas communications, according to new reports on the agency's intelligence collection practices released by the NSA on Wednesday.

The U.S. spy agency released the highly confidential reports in response to a Freedom of Information Act lawsuit filed by the American Civil Liberties Union (ACLU).According to documents posted on the NSA website on Christmas Eve, the examples of violations include sending data on Americans to unauthorized recipients, storing such data on unprotected computers and retaining them after they were meant to be destroyed, according to Bloomberg.

In general, each NSA report contains similar categories of information, including an overview of recent oversight activities signals intelligence activities affecting certain protected categories; and descriptions of specific incidents which may have been unlawful or contrary to applicable policies, NSA said, on its website.

The reports include a series of quarterly and annual accounts that have been made available to the presidents Intelligence Oversight Board, Bloombergreported, adding that the reports cover the period between the fourth quarter of 2001 and the second quarter of 2013.

In one instance of an unauthorized surveillance practice, in 2012, an NSA analyst searched a U.S. organization in a raw traffic database without formal authorization because the analyst incorrectly believed that he was authorized to query due to a potential threat, according to the fourth-quarterreportfrom 2012. The surveillance found nothing suspicious.

Another report revealed an incident, also in 2012, when an analyst searched her spouses personal telephone directory without his knowledge to obtain names and telephone numbers for targeting. According to the report, the analyst was advised to cease her activities.

The ACLU, which filed the lawsuit to access the NSA reports, claimed that the intelligence information collected by the spy agency was sometimes misused.

The government conducts sweeping surveillance under this authority -- surveillance that increasingly puts Americans data in the hands of the NSA, Patrick C. Toomey, staff attorney with the ACLUs National Security Project, told Bloomberg in an e-mail. Despite that fact, this spying is conducted almost entirely in secret and without legislative or judicial oversight.

Meanwhile, the NSA said that it has multi-layered protections in place to ensure that no further errors occur in intelligence-gathering and retention.

The vast majority of compliance incidents involve unintentional technical or human error. In the very few cases that involve the intentional misuse of a signals intelligence system, a thorough investigation is completed, NSA said in an executive summary. NSA goes to great lengths to ensure compliance with the Constitution, laws and regulations.

Read more:

NSA Reports Show Agency May Have Violated Laws For A Decade By Spying On Americans

Posted in NSA

NSA waits until Christmas Eve to reveal a decade's worth of its mistakes

Posted on by

The National Security Administration campus in Fort Meade, Maryland.

Image: Patrick Semansky/Associated Press

By Jessica Plautz2014-12-25 22:24:44 UTC

The National Security Agency went all out on a Christmas gift this year: a decade's worth of declassified documents on the unauthorized surveillance of Americans.

Turns out it's the NSA that sees you when you're sleeping, and knows when you're awake.

The documents were released Wednesday afternoon, in response to an ACLU lawsuit under the Freedom of Information Act. They cover the agency's activities from mid-2001 through early 2013 and they are heavily redacted.

Even so, the reports detail numerous "errors" over the years as NSA analysts searched through its information databases and accessed the communications of Americans, which is prohibited.

The vast majority of compliance incidents involve unintentional technical or human error, the NSA said in the executive summary. "These materials show, over a sustained period of time, the depth and rigor of NSAs commitment to compliance."

"NSA goes to great lengths to ensure compliance with the Constitution, laws and regulations.

Indeed, much of the reports detail things like accidental queries on the wrong "targets," or overly broad searches that reveal a lack of proper training for analysts. However, some of the errors were intentional.

Continued here:

NSA waits until Christmas Eve to reveal a decade's worth of its mistakes

Posted in NSA

Reports Show Irregular Surveillance Of US Citizens

Posted on by

Provided by IBT US NSA_surveillance

The National Security Agency may have violated U.S. law for over a decade with the unauthorized surveillance of U.S. citizens'overseas communications, according to new reports on the agency's intelligence collection practices released by the NSA on Wednesday.

The U.S. spy agency released the highly confidential reports in response to a Freedom of Information Act lawsuit filed by the American Civil Liberties Union (ACLU).According to documents posted on the NSA website on Christmas Eve, the examples of violations include sending data on Americans to unauthorized recipients, storing such data on unprotected computers and retaining them after they were meant to be destroyed, according to Bloomberg.

In general, each NSA report contains similar categories of information, including an overview of recent oversight activities signals intelligence activities affecting certain protected categories; and descriptions of specific incidents which may have been unlawful or contrary to applicable policies, NSA said, on its website.

The reports include a series of quarterly and annual accounts that have been made available to the presidents Intelligence Oversight Board, Bloombergreported, adding that the reports cover the period between the fourth quarter of 2001 and the second quarter of 2013.

In one instance of an unauthorized surveillance practice, in 2012, an NSA analyst searched a U.S. organization in a raw traffic database without formal authorization because the analyst incorrectly believed that he was authorized to query due to a potential threat, according to the fourth-quarterreportfrom 2012. The surveillance found nothing suspicious.

Another report revealed an incident, also in 2012, when an analyst searched her spouses personal telephone directory without his knowledge to obtain names and telephone numbers for targeting. According to the report, the analyst was advised to cease her activities.

The ACLU, which filed the lawsuit to access the NSA reports, claimed that the intelligence information collected by the spy agency was sometimes misused.

The government conducts sweeping surveillance under this authority -- surveillance that increasingly puts Americans data in the hands of the NSA, Patrick C. Toomey, staff attorney with the ACLUs National Security Project, told Bloomberg in an e-mail. Despite that fact, this spying is conducted almost entirely in secret and without legislative or judicial oversight.

Meanwhile, the NSA said that it has multi-layered protections in place to ensure that no further errors occur in intelligence-gathering and retention.

View original post here:

Reports Show Irregular Surveillance Of US Citizens

Posted in NSA

Regin spying tool linked to NSA among first malware meant for espionage

Posted on by

JERUSALEM The malware known as Regin linked to the National Security Agency as a tool for tapping mobile phone networks and infiltrating foreign computer systems now appears to have been developed as early as 15 years ago, making it among the first major pieces of invasive computer software built to enable government espionage.

The program was revealed last month in reports from security companies Kaspersky Lab and Symantec Corp. Soon thereafter, The Intercept published new leaks from NSA whistleblower Edward Snowden thatshed light on how programs such as Regin(pronounced Re-gen)were used to collect sensitive, technical information on more than 70 percent of the worlds cellular networks.

Between the Snowden documents and the disclosures from computer security professionals about Regin, for the first time researchers think theyve linked NSA wiretapping operations to the particular tool the agency used to accomplish it, caught in the act invading a foreign cellular network.

This is the first time weve seen it for real with our own eyes. For us it was pretty surprising, says Costin Raiu, director of Kaspersky Labs Global Research and Analysis Team.

The NSAs vast surveillance practices stockpiling of phone records, recording text messages, listening in on conversations of foreign heads of state, tapping into global fiber optic communications -- began to be revealed a year and a half ago when the Snowden documents emerged.

Now, analysis of the Regin malware provides rare insight into how such extensive hacking and wiretapping was accomplished.

Regin is not just a worm or a virus, but a malwareplatform, which can host many different types of attacks. It was built for stealth and flexibility and has been found on computers around the world, serving many different purposes.

Both Kaspersky Lab and Symantec judged Regin to not only be the work of a nation-state, but also one of the most sophisticated, if not the most sophisticated, pieces of malware in existence. Both companies also specifically noted that Regin was used against telecommunications companies and infrastructure (in addition to a variety of other targets).

Get Monitor cybersecurity news and analysis delivered straight to your inbox.

The precise way that Regin enters a computer system is still unknown, but it may involve visiting spoofed versions of well-known websites or a backdoor through an application. According to Symantec, in one case log files showed that Regin got in through an unknown exploit in Yahoo! Instant Messenger.

Read the original post:

Regin spying tool linked to NSA among first malware meant for espionage

Posted in NSA

NSA rules leave privacy vulnerable: experts

Posted on by

Eyes open: Sarah Harbi protests against the NSA outside the Department of Justice in Washington, DC. Photo: Reuters

Cyber security experts are questioning whether US President Barack Obama can make good on his assurance that intelligence agencies aren't spying on "ordinary folks."

That promise is especially dubious, experts say, in instances where Americans are communicating with US citizens living abroad and other people overseas.

"It's very clear there are enormous loopholes," said Jonathan Mayer, a cyber security fellow at Stanford University's Centre for International Security and Co-operation, who is reverse engineering the NSA surveillance program to learn how much collection if taken to extremes is legally possible. "Their rules, combined with their capabilities, cut against the classical protections built into our legal system."

Advertisement

The US National Security Agency (NSA) and the CIA are tasked with gathering foreign not domestic intelligence. Agency rules say they must have a "reasonable, articulated suspicion" about the people they target, and are required to sift through all the data they collect and eliminate any that might have been intercepted from an innocent American, on US soil or abroad.

This week the Obama Administration proposed that Congress overhaul the electronic surveillance program by having phone companies hold onto the call records as they do now.

But there remain a number of significant ambiguities that allow Americans' data to be swept up, saved and analysed, according to a series of disclosures from former intelligence contractor Edward Snowden, WikiLeaks source Private Chelsea (previously known as Bradley) Manning and the US government itself:

- Analysts need to be just "51 per cent confident" that someone is not in the US, based on phone numbers, Internet Protocol addresses and email addresses, before they can target the person.

-The NSA is allowed to store encrypted communications, domestic or foreign, at least until analysts can decrypt it to find out whether it contains information relating to national security. With widely used services like Gmail and Facebook adding encryption, this could encompass a vast amount of domestic communications.

Go here to read the rest:

NSA rules leave privacy vulnerable: experts

Posted in NSA

NSA records all calls in targeted foreign nation :report

Posted on by

Washington: The US National Security Agency has created a surveillance system that is recording all the phone calls in an undisclosed foreign country, allowing it to play back any conversation up to 30 days later, the Washington Post reported on Tuesday.

The newspaper cited unnamed sources with direct knowledge of the system as well as documents supplied by former NSA contractor Edward Snowden, who since last year has leaked extensive data revealing sweeping US spying activities.

The newspaper said that at the request of US officials, it was withholding details that could be used to identify the nation where the system is being used or others where it might be used in the future. The Post cited documents that envisioned similar US spying operations in other nations.

Mr Snowden again spoke from his Russian exile on Tuesday, addressing a conference audience in Vancouver through a screen and a remote-controlled robot.

Advertisement

"There are absolutely more revelations to come," he said. "Some of the most important reporting to be done is yet to come."

The voice interception program is known as MYSTIC and started in 2009, with its "retrospective retrieval" capability, called RETRO, reaching full strength in 2011 against the first target nation.

A classified summary of the system said the collection effort was recording "every single" conversation nationwide in the first target country, storing billions of conversations in a 30-day rolling buffer that clears out the oldest calls as new ones are made.

A senior manager for the program likened it to a time machine that can replay voices from any phone call without the need to identify a person for spying in advance.

Current and former US officials quoted anonymously said large numbers of conversations involving Americans would be gathered using the system.

See more here:

NSA records all calls in targeted foreign nation :report

Posted in NSA

NSA breached Chinese telco Huawei seen as spy peril

Posted on by

Digital cold war: Documents show the National Security Agency has been monitoring information about the workings of Huawei. Photo: Bloomberg

Washington: United States officials have long considered Huawei, the Chinese telecommunications giant, a security threat, blocking it from business deals in the US for fear that the company would create "back doors" in its equipment that could allow the Chinese military or Beijing-backed hackers to steal corporate and government secrets.

But even as the US made a public case about the dangers of buying from Huawei, classified documents show the National Security Agency was creating its own back doors - directly into Huawei's networks.

The agency pried its way into the servers in Huawei's sealed headquarters in Shenzen, China's industrial heart, according to NSA documents provided by former contractor Edward Snowden.

Huawei: The NSA created back doors into the Chinese company's networks, leaked documents show. Photo: Bloomberg

It obtained information about the workings of the giant routers and complex digital switches that Huawei boasts connect one-third of the world's population, and monitored communications of the company's top executives.

Advertisement

One of the goals of the operation, code-named "Shotgiant", was to find any links between Huawei and the People's Liberation Army, one 2010 document made clear.

But the plans went further: to exploit Huawei's technology so that when the company sells equipment to other countries - including US allies and nations that avoid buying US products - the NSA can roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.

"Many of our targets communicate over Huawei-produced products,'' the NSA document said. "We want to make sure that we know how to exploit these products," it added, to "gain access to networks of interest" around the world.

View original post here:

NSA breached Chinese telco Huawei seen as spy peril

Posted in NSA

Obama to call for end to NSA's bulk data collection

Posted on by

Legislative overhaul: Under the Obama administration's proposal, the National Security Agency could obtain specific records only with permission from a judge, using a new kind of court order. Photo: AFP

Washington: The Obama administration is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agencys once-secret bulk phone records program in a way that if approved by Congress would end the aspect that has most alarmed privacy advocates since its existence was leaked last year, according to senior administration officials.

Under the proposal, they said, the NSA would end its systematic collection of data about Americans calling habits. The records would stay in the hands of phone companies, which would not be required to retain the data for any longer than normal. And the NSA could obtain specific records only with permission from a judge, using a new kind of court order.

In a speech in January, US President Barack Obama said he wanted to get the NSA out of the business of collecting call records in bulk while preserving the programs capabilities. He acknowledged, however, that there was no easy way to do so and had instructed Justice Department and intelligence officials to come up with a plan by March 28, this Friday, when the current court order authorising the program expires.

Advertisement

As part of the proposal, the administration has decided to ask the Foreign Intelligence Surveillance Court to renew the program as it currently exists for at least one more 90-day cycle, senior administration officials said. But under the plan the administration has developed and now advocates, the officials said, it would late undergo major changes.

The new surveillance court orders envisioned by the administration would require phone companies to swiftly provide records in a technologically compatible data format, including making available, on a continuing basis, data about any new calls placed or received after the order is received, the officials said.

They would also allow the government to seek related records for callers up to two calls, or "hops", removed from the number that has come under suspicion, even if those callers are customers of other companies.

The NSA now retains the phone data for five years. But the administration considered and rejected imposing a mandate on phone companies that they hold onto their customers calling records for longer than the 18 months that federal regulations already generally require a burden that the companies had resisted and that was seen as a major obstacle to keeping the data in their hands. A senior administration official said that intelligence agencies had concluded that the impact of that change would be small because older data is less important.

The NSA uses the once-secret call records program sometimes known as the 215 program, after Section 215 of the Patriot Act to analyse links between callers in an effort to identify hidden terrorist associates, if they exist. It was part of the secret surveillance program that then president George W. Bush unilaterally put in place after the terrorist attacks of September 11, 2001, outside of any legal framework or court oversight.

Excerpt from:

Obama to call for end to NSA's bulk data collection

Posted in NSA

As chances of NSA reform fade, opinions remain strong

Posted on by

A total of 19 months after NSA contractor Edward Snowden disclosed details of the National Security Agencys massive surveillance program, the debate has simmered down and a legislative fix looks unlikely.

At the heart of Snowdens disclosures was that the NSA has access to meta-data of millions of phone calls and is also able to access emails, transcripts from online chats and troves of other data directly from internet companies.

While several bills have been introduced and even voted on in Congress, a legislative fix looks unlikely.

In July of 2013, the Amash-Conyers Amendment, sponsored by Rep. Justin Amash, R-Michigan, and Rep. John Conyers, D-Michigan, would have effectively ended NSA collection of data, but narrowly failed the House of Representatives by a vote of 217-205. 211 votes were needed for the bill to pass that day.

More recently, the USA Freedom Act, which would have made some reforms passed the House by a vote of 303-121 in May. Amash sponsored the original bill, but voted against it because it was watered down after changes were made and in his opinion, did not go far enough in reforms. While it passed the House, it failed in the Senate in November, when it could not receive 60 votes to move forward.

One of the bills sponsor, Sen. Patrick Leahy, D-Vermont, blamed the failure on other Senators who were fear mongering, thus stalling debate on the bill.

The program has seen some challenges in court. Several district courts have heard the case against the program, one judge in the D.C. district court called the program likely unconstitutional and almost Orwellian, but other courts have issued opinions in favor of the program.

Dirk Deam, senior lecturer in political science at Iowa State, said the court challenges will likely not spur any changes, rather it is up to Congress.

Itll be up to Congress. At the root of this is application of the Foreign Intelligence Surveillance Act, which is an act of Congress, Deam said. Almost all the issues surrounding things that have been leaked are connected to FISA, so to the extent that people are going to react to that, theyre going to have to [make changes] through legislation.

Several students at Iowa State said they do not approve of the program.

Read the original post:

As chances of NSA reform fade, opinions remain strong

Posted in NSA

Judge questions evidence on whether NSA spying is too broad

Posted on by

A federal judge on Friday questioned the strength of a key lawsuit challenging the constitutionality of the governments Internet surveillance program known as upstream data collection.

Judge Jeffrey White heard oral arguments by attorneys from the Electronic Frontier Foundation, which filed the suit, and the government, during a hearing in a federal district court in Oakland, California. The EFF says its suit is the first challenge in public court to the governments upstream data program, which copies online data from the main cables connecting Internet networks around the world.

The EFF first filed its suit in 2008 after an AT&T technician provided evidence that the company routed copies of its Internet traffic records to the NSA.

The National Security Agency program is unconstitutional because it collects communications, including content such as email, of people without ties to issues of national security, EFF attorney Richard Wiebe told the judge. Thats an overly broad dragnet that violates the Constitutions Fourth Amendment protections against unreasonable search and seizure, he said.

U.S. Justice Department attorney James Gilligan did not deny the government taps the Internets backbone to gather data. But the government uses filtering mechanisms to automatically destroy certain communications records within milliseconds, he said.

Judge White could declare the upstream collection program unconstitutional, a ruling the government would probably appeal. But on Friday, he questioned whether there was enough evidence on either side to say whether the program is constitutional.

The judges ruling might take months, judging from the number and complexity of questions he asked Friday.

What evidence is there that its all international communications [gathered], not just communications with suspected terrorists or hot spots? he asked EFF attorney Wiebe.

Wiebe cited a top-secret 2009 report by the NSA inspector general detailing the governments email and Internet data collection, published by The Guardian. Other documents, including AT&Ts first surveillance transparency report, published earlier this year, provide evidence of the programs reach, he said.

But the government has never confirmed nor denied the 2009 secret report, Gilligan said, and AT&Ts report only pertains to legal court orders received under the Foreign Intelligence Surveillance Act.

Link:

Judge questions evidence on whether NSA spying is too broad

Posted in NSA

Senators question need to rein in NSA surveillance

Posted on by

Senators question need to rein in NSA surveillance Share This The U.S. Congress would endanger the nation's security by passing even watered-down legislation to limit the National Security Agency's bulk collection of domestic phone records, several U.S. senators said Thursday.

The U.S. Congress would endanger the nation's security by passing even watered-down legislation to limit the National Security Agency's bulk collection of domestic phone records, several U.S. senators said Thursday.

Several members of the Senate Intelligence Committee voiced opposition to the USA Freedom Act, a bill aimed at reining in NSA bulk collection of telephone and other records, even though many civil liberties groups and technology companies have questioned whether the bill would work as its sponsors originally envisioned.

With the USA Freedom Act, Congress is "compromising to please a skeptical and frequently misinformed public" that's mistakenly worried about NSA surveillance, Senator Dan Coats, an Indiana Republican, said during a hearing on the House bill, taking place one year after the first leaks from former NSA contractor Edward Snowden were published.

The USA Freedom Act would ban what the NSA and the U.S. Department of Justice consider "bulk" collection of phone and business records, said James Cole, deputy attorney general at the DOJ. But Cole parsed the definition of "bulk" collection.

Quoting a House Intelligence Committee report on the USA Freedom Act, Cole said, "Bulk collection means indiscriminate acquisition. It does not mean the acquisition of a large number of communication records." Therefore, the House bill would allow the NSA collection of large numbers of records, if that collection were approved by the U.S. surveillance court.

An amended definition of what records the bill allows the NSA to collect gives the agency wide latitude, said Senator Mark Udall, a Colorado Democrat. The version of the USA Freedom Act that passed the House "is not the true reform I've demanded, and many other Americans have demanded, for years," he said.

The House bill is "vague enough to still allow the collection of mass information," Udall said. "The NSA has shown time and time again it will seize on any wiggle room in the law, and there's plenty of that in this bill."

The NSA phone records program helps protect national security, several senators argued, even though critics have found that many of the examples of investigations given to justify the program have only a limited connection to it.

Nevertheless, the Senate should "step back" and reconsider whether to pass the USA Freedom Act, said Senator Saxby Chambliss, a Georgia Republican.

Excerpt from:

Senators question need to rein in NSA surveillance

Posted in NSA

Former NSA Insider: More Cyberattacks To Come

Posted on by

Provided by IBT US Hackers infiltrate US companies from abroad

This is going to get worse before it gets better.

Thats largely the message from cybersecurity experts and former U.S. cyber officials who say that the alarming hack against Sony Pictures Entertainment underscores not only the lack of corporate Internet security, but also law enforcements struggle to prevent similar data breaches from occurring again.

A hacking group calling itself the Guardians of Peace first claimed responsibility for the attack on Sony on Nov. 24. The weeks since have seen the unauthorized disclosure of a trove of embarrassing emails sent between Sony executives, the leak of unreleased movies and, earlier this week, a reference to the September 11th terrorist attacks. Yet for all the hackers bluster, and Sonys apparent paralysis, theres so far been sparse talk of meaningful American retaliation.

Jim Penrose, a former directorate of Signals Intelligence and chief of Operational Discovery at the National Security Agency, said forensic investigators are still largely trying to determine the best method to prevent attacks. Recent attacks at Home Depot, Target, JP Morgan and others also prove that, when it comes to prosecuting international crime, police have no choice but to enter a web of geopolitics that rarely, if ever, results in the perpetrators apprehension.

After filling various posts within the NSA over a 17-year period, Penrose now serves as executive vice president of Cyber Intelligence at Darktrace, a United Kingdom-based cybersecurity firm that protects Virgin trains and Drax Power, which provides electricity for 14 percent of Western Europes population.

International Business Times caught up with Penrose this week to get his thoughts on the Sony situation and the state of cybersecurity in general.

IBTimes: Pretend youre one of the FBI investigators on the front lines of the Sony case. Whats going through your mind right now?

Jim Penrose: I think the main thing investigators would like to get to the bottom of is how this initially happened, what was the way in, was there an insider who helped or was it really just from the outside-in? That would be an interesting conclusion to find out. Youd also like to figure out by which way they spread the malware. Was that malware unique? Is that malware attributable to specific actors?

This is an area where law enforcement breaks down. Theres no ally to go to get a warrant served, or extradite someone and try to bring them to justice. The military has its own legal regime but this is different, cyberspace isnt as well governed as the ships in the sea or planes in the sky.

Read more here:

Former NSA Insider: More Cyberattacks To Come

Posted in NSA

  1. NSA