1. NSA

Category Archives: NSA

Former NSA Chief Defends Stockpiling Software Flaws for Spying

Posted on by

Former National Security Agency chief Gen. Keith Alexander. Photo: Evan Vucci/AP

The NSA has never said much about the open secret that it collects and sometimes even pays for information about hackable flaws in commonly used software. But in a rare statement following his retirement last month, former NSA chief Keith Alexander acknowledged and defended that practice. In doing so, he admitted the deeply contradictory responsibilities of an agency tasked with defending Americans security and simultaneously hoarding bugs in software they use every day.

I would love to have all the terrorists just use that one little sandbox over there so that we could focus on them. But they dont.

When the government asks NSA to collect intelligence on terrorist X, and he uses publicly available tools to encode his messages, it is not acceptable for a foreign intelligence agency like NSA to respond, Sorry we cannot understand what he is saying, Alexander told the Australian Financial Review, which he inexplicably granted a 16,000-word interview. To ask NSA not to look for weaknesses in the technology that we use, and to not seek to break the codes our adversaries employ to encrypt their messages is, I think, misguided. I would love to have all the terrorists just use that one little sandbox over there so that we could focus on them. But they dont.

The NSA has been widely criticized for using its knowledge of security flaws for spying, rather than working to patch those flaws and make internet users more secure.Alexanders defense of the practice boils down to the notion that separating friend and foe when seeking to break codes has become a nearly impossible task.

The interesting change has been the diffusion of encryption technologies into everyday life, he told AFR. It used to be that only, say, German forces used a crypto-device like Enigma to encipher their messages. But in todays environment encryption technology is embedded into all our communications.

At other points in his statement, Alexander argued that the NSA does disclose some of the vulnerabilities it finds in software to those who can patch the flaws, insisting that it focuses its bug-hunting primarily on defense, rather than using vulnerabilities for offensive purposes. He also went further, stating that the NSA categorically [does] not erode the defenses of U.S. communications, or water down security guidance in order to sustain access for foreign intelligence.

The latter claim contradicts numerous reports that the NSA is seeking to weaken encryption to give itself a backdoor into encrypted communications.

Last December, a group of advisers to the White House issued a report to President Obamacalling on him to rein-in the intelligence communitys use of so-called zero-day vulnerabilitiesnewly discovered hackable software bugs for which there exist no patch. The group went on to propose that zero-days only be used sparingly for high priority intelligence collection, and that those uses must be approved by a senior-level, interagency approval process.

In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection, the report reads. Eliminating the vulnerabilitiespatching themstrengthens the security of U.S. Government, critical infrastructure, andother computer systems.

Continued here:

Former NSA Chief Defends Stockpiling Software Flaws for Spying

Posted in NSA

The NSA's mysterious coded tweet

Posted on by

By Brandon Griggs, CNN

No, the NSA was not drunk when they sent this garbled tweet earlier this week.

STORY HIGHLIGHTS

(CNN) -- When the National Security Agency sent a tweet Monday filled with garbled nonwords like "tpfccdlfdtte," the Internet was confused, and intrigued.

Was the NSA drunk? Had a cat skittered across someone's keyboard?

Or maybe the spy agency, under fire for eavesdropping on Americans, had accidentally blurted a secret of its own -- a coded, classified message not meant for public eyes.

The truth proved to be less scandalous. Internet sleuths, armed with cryptogram-solving Web tools, solved the mystery in minutes. Turns out the nonsensical tweet was a coded recruiting pitch by the NSA, which is seeking code breakers to help decipher encrypted messages from potential terrorists.

The tweet was a basic "substitution cipher," a code in which each letter of the alphabet is replaced by another.

Translated, it read (SPOILER ALERT for all you wannabe codebreakers): "Want to know what it takes to work at NSA? Check back each Monday in May as we explore careers essential to protecting our nation."

When contacted by CNN, NSA spokeswoman Marci Green Miller said the Twitter account is run by the NSA recruitment office, which will post coded tweets each Monday for the rest of the month.

See the article here:

The NSA's mysterious coded tweet

Posted in NSA

NSA data collection overhaul advances

Posted on by

Getty Images

Construction trailers sit in front of the new National Security Agency (NSA) data center June 10, 2013 in Bluffdale, Utah.

Privacy groups said they were delighted with the support for the bill. "This is a historic turn of events in our government's approach to counterterrorism policies," Laura Murphy, director of the American Civil Liberties Union's Washington Legislation Office, said in a statement.

The legislation still faces several hurdles before becoming law, including winning the approval of a majority in the full House, as well as backing in the U.S. Senate. It is similar to NSA reforms proposed by President Barack Obama.

The House Intelligence Committee will debate and vote on its somewhat less restrictive version of the package on Thursday, which could set up a standoff on the House floor.

Read MoreEdward Snowden speaks via Skype at SXSW

Democratic Sen. Patrick Leahy, the chairman of the Senate Judiciary Committee, applauded the House committee's action, although he said he wished it had gone further, such as including a strong special advocate in the secret court that oversees NSA surveillance programs.

Signaling that the fight over the surveillance programs is not over, Leahy said in a statement that he would push for those reforms when his committee considers the legislation, known as the USA Freedom Act, this summer.

View post:

NSA data collection overhaul advances

Posted in NSA

Exclusive Interview: NSA whistleblower on what he'd do differently now

Posted on by

WASHINGTON, May 7 (UPI) -- The high-profile cases of Edward Snowden and Chelsea Manning have turned a microscope onto the U.S. intelligence community, launching a serious discussion on the balance of civil liberties in a post-9/11 world.

Secondary to Snowden and Manning's revelations, but perhaps no less important, was the treatment of the whistleblowers themselves: Snowden lives exiled, and without a passport, in Russia, while Manning faces 35 years in federal prison. Both saw grievous abuses within the U.S. government that they felt must be revealed, and both paid for their consciences with their freedom.

Thomas Drake, a former NSA executive, was more fortunate. Drake witnessed what he said were privacy and Fourth Amendment violations, as well as a massive waste of funding on the Trailblazer project, which collected intelligence data off the Internet. He initially took his concerns to internal authorities, including the NSA Inspector General and the Defense Department Inspector General, then to the staff of the House Intelligence and Oversight Committees. He also passed his concerns on to a reporter at the Baltimore Sun, carefully avoiding divulging classified information.

In 2007, Drake's home was raided by the FBI, in 2010, he was indicted by a grand jury and charged with illegally holding sensitive information, obstruction of justice and making a false statement. All along, he refused to plead guilty or help the government prosecute fellow whistleblowers.

The 10 charges filed against him under the Espionage Act were ultimately dropped, in exchange for a guilty plea on a misdemeanor count of misusing the NSA's computer system.

Drake has since worked as a privacy activist, speaking out against the surveillance state. In an interview with UPI this week, he talked about what it takes to blow the whistle on the U.S. government and just how difficult it is to do.

(This interview has been edited and condensed for clarity.)

UPI: What would you have done differently?

Drake: I would not have spoken with the FBI at all. I was speaking to them to report high crimes and misdemeanors; I was expecting them to come to my house for quite some time. I would have hired an attorney sooner.

Even though I made a conscious choice [to go through the proper channels], I didn't have to. Under the NSA portion [of the Intelligence Community Whistleblower Protection Act], I could go directly to the Department of Defense or directly to Congress and not inform the NSA. That was the statute that you would exercise if you had a responsible belief as a whistleblower. Now there's huge cutout: Any national security position is not covered by that act.

Read more:

Exclusive Interview: NSA whistleblower on what he'd do differently now

Posted in NSA

NSA's coded tweet deciphered — read what it says

Posted on by

No, the National Security Agency's Twitter account was not drunk last night.

A Twitter account run by the NSA's recruitment office sent out a coded tweet on Monday with the hashtag #MissionMonday, sending the Internet abuzz with speculation over what the message meant.

The NSA account tweeted: "tpfccdlfdtte pcaccplircdt dklpcfrp?qeiq lhpqlipqeodf gpwafopwprti izxndkiqpkii krirrifcapnc dxkdciqcafmd vkfpcadf."

Twitter user @DanielShealey says he deciphered the message, which reads: "Want to know what it takes to work at NSA? Check back each month to explore careers essential to protect in your nation."

This isn't the first coded message tweeted out by the recruitment office. In February, a similar coded tweet was posted in honor of Presidents Day. According to the Washington Post, the tweet uses a substitution cipher that swaps letters of the alphabet with another.

A spokesperson for the NSA told CBS News via email that the Twitter feed is focused on career opportunities at the agency, and released this statement:

NSA is known as the code makers and code breakers. As part of our recruitment efforts to attract the best and the brightest, we will post mission related coded tweets on Mondays in the month of May. Today's Tweet announces this effort - Every Monday in May, we'll explore careers essential to protecting our nation. #NSA #news #MissionMonday

Code-breaking mysteries aren't new to the Internet. One of the most bizarre unsolved mysteries on the Web, Cicada 3301, involves ciphers, cryptography and number theory.

2014 CBS Interactive Inc. All Rights Reserved.

See more here:

NSA's coded tweet deciphered -- read what it says

Posted in NSA

"If You Don’t Have Anything To Hide, You Shouldn’t Care About NSA Spying" DEBUNKED – Video

Posted on by


"If You Don #39;t Have Anything To Hide, You Shouldn #39;t Care About NSA Spying" DEBUNKED
"If You Don #39;t Have Anything To Hide, You Shouldn #39;t Care About NSA Spying" DEBUNKED *SUBSCRIBE* for more great videos! Mark Dice is a media analyst, political activist, and author who, in...

By: Mark Dice

Go here to read the rest:

"If You Don't Have Anything To Hide, You Shouldn't Care About NSA Spying" DEBUNKED - Video

Posted in NSA

NSA's coded tweet deciphered — read what is says

Posted on by

No, the National Security Agency's Twitter account was not drunk last night.

A Twitter account run by the NSA's recruitment office sent out a coded tweet on Monday with the hashtag #MissionMonday, sending the Internet abuzz with speculation over what the message meant.

The NSA account tweeted: "tpfccdlfdtte pcaccplircdt dklpcfrp?qeiq lhpqlipqeodf gpwafopwprti izxndkiqpkii krirrifcapnc dxkdciqcafmd vkfpcadf."

Twitter user @DanielShealey says he deciphered the message, which reads: "Want to know what it takes to work at NSA? Check back each month to explore careers essential to protect in your nation."

This isn't the first coded message tweeted out by the recruitment office. In February, a similar coded tweet was posted in honor of Presidents Day. According to the Washington Post, the tweet uses a substitution cipher that swaps letters of the alphabet with another.

A spokesperson for the NSA told CBS News via email that the Twitter feed is focused on career opportunities at the agency, and released this statement:

NSA is known as the code makers and code breakers. As part of our recruitment efforts to attract the best and the brightest, we will post mission related coded tweets on Mondays in the month of May. Today's Tweet announces this effort - Every Monday in May, we'll explore careers essential to protecting our nation. #NSA #news #MissionMonday

Code-breaking mysteries aren't new to the Internet. One of the most bizarre unsolved mysteries on the Web, Cicada 3301, involves ciphers, cryptography and number theory.

2014 CBS Interactive Inc. All Rights Reserved.

See the original post:

NSA's coded tweet deciphered -- read what is says

Posted in NSA

IBM: No, we did not help NSA spy on customers

Posted on by

IBM has denied any involvement with the US National Security Agency's surveillance programs, and the company claims it has never handed over any client data to governmental bodies.

In response to allegations concerning the NSA's PRISM surveillance program, Big Blue has posted a response in the form of a blog post written by Robert C. Weber, IBM's senior vice president of Legal and Regulatory Affairs. Weber writes that IBM has never handed over client data to any third party, and would send the US agency to the client rather than assist the governmental body:

IBM has not provided client data to the National Security Agency or any other government agency under the program known as PRISM."

PRISM, which stands for "Planning Tool for Resource Integration, Synchronization, and Management," is designed to collect and process "foreign intelligence" that passes through American servers. Due to documents leaked by ex-NSA contractor Edward Snowden, IBM is reportedly being probed by China over security issues, as so many of the country's systems are dominated by IBM, Oracle, and EMC. The document leak alleges that the NSA hacked into Chinese telecommunications companies in order to steal text messages and attack Chinese university servers for spying purposes.

IBM says that while it complies with local laws in the countries in which it operates, it has not provided client data to "the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata," and "has not provided client data stored outside the United States to the US government under a national security order, such as a FISA order or a National Security Letter."

Furthermore, the tech giant says that you won't find any "backdoor" entry within its products, and nothing has been put in place to help government agencies spy on consumers -- and IBM also claims it does not provide source code or encryption keys to governments.

"In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client," the company added. "If the US government were to serve a national security order on IBM to obtain data from an enterprise client and impose a gag order that prohibits IBM from notifying that client, IBM will take appropriate steps to challenge the gag order through judicial action or other means."

The company took the opportunity to make recommendations to surveillance-happy governmental bodies, stating that such entities need to "act to restore trust," and should "not subvert commercial technologies, such as encryption, that are intended to protect business data."

This story originally appeared as "IBM denies assisting NSA in customer spying" on ZDNet.

Continue reading here:

IBM: No, we did not help NSA spy on customers

Posted in NSA

NSA 'hijacked' criminal botnets to install spyware

Posted on by

The NSA allegedly "co-opted" more than 140,000 computers since August 2007 for the purpose of injecting them with spyware. Photo: Reuters

While US law enforcement agencies have long tried to stamp out networks of compromised computers used by cybercriminals, the National Security Agency has been hijacking the so-called botnets as a resource for spying.

The NSA sought the means to automate the deployment of its tools for capturing email, browsing history and other information in order to reach as many as millions of machines.

The NSA has "co-opted" more than 140,000 computers since August 2007 for the purpose of injecting them with spying software, according to a slide leaked byformer NSA contractor Edward Snowdenand published byThe Intercepton Wednesday.

Botnets are typically used by criminals to steal financial information from infected machines, to relay spam messages, and to conduct "denial-of-service" attacks against websites by having all the computers try to connect simultaneously, thereby overwhelming them.

In November, FBI director James Comey told the US Senate that botnets had "emerged as a global cyber security threat" and that the agency had developed a "comprehensive public-private approach to eliminate the most significant botnet activity and increase the practical consequences for those who use botnets for intellectual property theft or other criminal activities."

According to the NSA slide, one technique the intelligence agency used was called QUANTUMBOT, which "finds computers belonging to botnets, and hijacks the command and control channel." The program was described as "highly successful".

It was reported in May that US agencies had tapped botnets to harvest data from the machines' owners or to maintain the ability to issue the infected computers new commands.

The slide leaked by Snowden is the first confirmation of the practice, and underscores the complications for the NSA of balancing its major mission of providing eavesdropping capability with the less well-funded missions of protecting critical national assets and assisting law enforcement.

The top secret slide was marked for distribution to the"Five Eyes" intelligence alliance, comprising Australia, New Zealand, Canada, the United States and Britain.

See more here:

NSA 'hijacked' criminal botnets to install spyware

Posted in NSA

NSA looks to appeal to young cryptographers through coded ads

Posted on by

THE UNITED STATES National Security Agency (NSA) has posted a Twitter message in which it apparently asked cryptographers if they want to apply to work there.

The NSA, which has been shaken by Edward Snowden's revelations, put up the coded message over the weekend.

It is pretty obviously a coded message, and we wonder what Snowden might make of it. Twitter users have been trying to crack it, and as you see below at least one Youtube walkthrough is already online.

Most of the NSA job adverts, which come from the @NSAcareers account, make sense to any Twitter user.

This one, though, from late yesterday was markedly different. "tpfccdlfdtte pcaccplircdt dklpcfrp?qeiq lhpqlipqeodf gpwafopwprti izxndkiqpkii krirrifcapnc dxkdciqcafmd vkfpcadf. #MissionMonday #NSA #news," it said, cryptically.

Compared to a normal solicitation for job applicants, it looks very strange indeed.

Szymon Machajewski, of Grand Valley State University's School of Computing and Information Systems said that is a "substitution cipher", and worked backwards from an assumption of what code letter best represents the letter "e".

Machajewski used common online tools, a Javascript method, to crack the code. It took less than eight minutes.

Perhaps disappointingly, the code is not actually a job advert, but a message to come back and check out the NSA job listings on a Monday.

"Want to know what it takes to work at the NSA?" it asked. "Check back each Monday in May as we explore careers essential to protecting our nation."

See the article here:

NSA looks to appeal to young cryptographers through coded ads

Posted in NSA

  1. NSA