Reported NSA backdoors might open up networks to more threats

Posted on by

Allegations that the NSA installed surveillance tools in U.S.-made network equipment, if true, could mean enterprises have more to worry about than just government spying.

While the U.S. government warned router buyers that the Chinese government might spy on them through networking gear made in China, the U.S. National Security Agency was doing that very thing, according to a report in the Guardian newspaper Monday.

The NSA physically intercepted routers, servers and other network equipment and installed surveillance tools before slapping on a factory seal and sending the products on to their destinations, according to the report, which is extracted from an upcoming book by Glenn Greenwald, a journalist who last year helped expose sensitive documents uncovered by former NSA contractor Edward Snowden.

With the tools it installs, the NSA can gain access to entire internal networks, the story said. For example, in a report on its use of the technology, the NSA said an embedded beacon was able to call back to the agency and provided us access to further exploit the device and survey the network, Greenwald wrote.

The new charge vastly expands the scope of alleged NSA spying beyond the interception of traffic across the Internet, said Ranga Krishnan, a technology fellow at the Electronic Frontier Foundation. As an example, he pointed to reports from the Snowden documents that the NSA had tapped into Googles own fiber network among its data centers, where the company hadnt encrypted the traffic at all.

Thats how most organizations function, Krishnan said. So once youre within the companys router, you have access to all that data thats unencrypted.

In addition, any security hole that a government installs could open up the network to attacks by others, he added.

If you have made something vulnerable ... somebody else could discover that and very well use it, Krishnan said.

The House Intelligence Committee and other arms of the U.S. government have warned for years that networking equipment from vendors in China, namely Huawei Technologies and ZTE, poses a threat to U.S. service providers because of possible links between those companies and the Chinese government.

Specifically, critics have raised alarms that the government could install backdoor surveillance tools in the gear they sell, giving Chinese spies access to communications in the U.S. Those warnings reportedly have held back Huawei and ZTEs sales in the U.S. The companies have said their equipment is safe.

More here:

Reported NSA backdoors might open up networks to more threats

Posted in NSA

NSA reportedly installing spyware on US-made hardware

Posted on by

CBS

The National Security Agency has been allegedly accessing routers, servers, and other computer network devices to plant backdoors and other spyware before they're shipped overseas, according to the Guardian.

The news about the NSA's alleged interception of hardware comes via journalist Glenn Greenwald's new book about Edward Snowden's NSA leaks titled "No Place to Hide." Greenwald apparently obtained documents from Snowden that detailed the NSA receiving or intercepting various devices in the US before export.

Ironically, this type of activity is exactly what the US government accused Chinese telecom gear maker Huawei of doing in 2012 on behalf of the Chinese government.

In a letter sent to Huawei in June 2012, the US House Intelligence Committee said that the committee was "concerned" the Chinese authorities could be hacking in or attempting to breach US networks using the company's telecom equipment. With the accusations, Huawei adamantly maintained that it was not involved in any sort of cyberspying. Additionally, the US White House reportedly carried out a review of security risks posed by Huawei and was said to have found no evidence that the company spied on the US.

However, the accusations strained Huawei's relations with the US, and eventually the company pulled out of the US market. Last December, the company's CEO Ren Zhengfei said, "If Huawei gets in the middle of US-China relations," and causes problems, "it's not worth it."

What the NSA is allegedly doing is outlined in a leaked report that Greenwald refers to in his new book -- it's dated June 2010 and from the head of the NSA's Access and Target Development department, according to the Guardian. This report details the NSA allegedly intercepting US-made hardware, embedding backdoor surveillance tools, then repackaging the equipment and sending it onto international customers.

With backdoor surveillance systems, the NSA could feasibly gain access to vast networks and users.

"In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure," the NSA report says, according to the Guardian. "This call back provided us access to further exploit the device and survey the network."

This isn't the first time the NSA has been accused of this type of activity. A report from German newspaper Der Spiegel alleged that the US agency intercepts deliveries of electronic equipment to plant spyware to gain remote access to systems once they are delivered and installed. According to the report, the NSA has planted backdoors to access computers, hard drives, routers, and other devices from companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, Samsung, and Huawei.

See the original post:

NSA reportedly installing spyware on US-made hardware

Posted in NSA

NSA gave Canada at least $300,000 to develop spy program

Posted on by

Pakistan, Jordan, Ethiopia and, surprisingly, Canada these are the top four beneficiaries of a U.S. National Security Agency research-funding program that helps other countries develop their electronic eavesdropping capabilities.

The nature of the research is not clear, but at least $300,000 was sent to Canada under the auspices of the program in 2012, according to an NSA chart reproduced in the new book No Place to Hide by Glenn Greenwald.

The NSA courts close relations with allies by paying its partner to develop certain technologies and engage in surveillance, and can thus direct how the spying is carried out, writes Mr. Greenwald, the Brazil-based U.S. journalist who has written extensively about surveillance issues. His new book, released Tuesday, highlights the litany of leaks he has published about the NSA since meeting former NSA contractor Edward Snowden in a Hong Kong hotel room one year ago.

The new book revisits the Snowden leak about Canadas Olympia program an operation that analyzed phone and Internet traffic associated with Brazils energy sector in apparent hopes of zeroing in on specific devices that could be attacked.

Mr. Greenwald contends that the U.S. and allied countries have leveraged counterterrorism rhetoric to develop vast foreign intelligence programs that have less to do with national security than in creating the foundations for sweeping surveillance states. Already, his new book is refocusing attention on NSA espionage programs that run out of American embassies and within the United Nations.

In Ottawa, federal officials do not generally acknowledge receiving NSA funding though the research money in question has been highlighted as funds from foreign partners security in budgetary documents.

A spokeswoman for Communications Security Establishment Canada previously told The Globe such funding was part of an allotment received from the Five Eyes collective of closely allied spying countries (the U.S., Canada, the U.K., Australia and New Zealand.)

The research allotment is small by comparison with the overall operations of the CSEC, a rapidly growing signals intelligence agency in Ottawa with a budget that has reached $500-million a year. CSEC employees will move into a new $1-billion headquarters this summer.

No Place to Hide also publishes a previously leaked U.S. government memo about the relationship between CSEC and the NSA.

NSA and CSEC cooperate in targeting approximately 20 high-priority countries, the document says. It adds: NSA shares technological development, cryptologic capabilities, software and resources for state of the art collection processing, and analytic efforts. NSA at times pays R&D and technology costs on shared projects with CSEC.

Read more:

NSA gave Canada at least $300,000 to develop spy program

Posted in NSA

Frontline documentary gets with NSA's spy 'Program'

Posted on by

It may have come to your attention, sometime in the last several years, that the government of the United States makes an expensive habit of spying on its citizens in ways that have often been illegal, quasi-legal or formerly illegal until the law was changed to make them legal.

Even before Edward Snowden made himself a wanted man and the enormity of the whole business became known, it was reported on at least in part; but it is the kind of news that like global warming can feel too huge to grasp, especially when Johnny is down with the flu and Sally has soccer practice and your editor would like to know when he'll get that review you promised him.

And so it is good to have "United States of Secrets," a new two-part Frontline documentary about "the Program," the National Security Administration's post-9/11 engine of wide-net intelligence gathering in which, as far as I understand it, every phone call or e-mail or texting that passes through an American pipeline is sifted for whatever it is the government thinks it needs to know.

The first part airing Tuesday covers the covert growth of the NSA forbidden from warrantless domestic spying after its abuse by the Nixon administration in the aftermath of the Twin Towers and over the course of two presidencies. Part two, which airs next week and is as-yet-unavailable for review, concerns the perhaps too-cozy relationship between the government and Silicon Valley.

Snowden first appears anonymously, sending an email to a Guardian columnist: "I've got some stuff you may be interested in." Later, after some two hours of context supplied by a phalanx of reporters and former NSA, Department of Justice and Bush administration officials, it is possible to picture his act as something more than one of egoism and his paranoia as not without justification.

He is not the first one to share inside information about the Program, or feel official wrath. Not surprisingly, there are no voices from within the current administration.

Dick Cheney, that old eminence grise, comes off again as a bully, the Scut Farkus of the picture, with aide David Addington his Grover Dill. But overall, "United States of Secrets" gives a nuanced report of the variety of voices that go into making any government.

There were conservative opponents to the Program, just as there were liberals, including the sitting president, who signed off on it. For that matter, it isn't really an attack on the Program so much as the story of the lies, the madness and the attacks that its creation occasioned.

With shots of government buildings and blurry figures and spy-flick computer images spelling the interviews either first-person memories or colorful re-tellings by informed reporters the documentary moves fast and stays compelling. (It is, in its way, action packed.) How long it will linger is up to your own busy consciousness to say. Anyway, here's that review I mentioned.

------------------

Read the rest here:

Frontline documentary gets with NSA's spy 'Program'

Posted in NSA

NSA routinely tapped in-flight Internet, intercepted exported routers

Posted on by

NSA leaks View all

In his new book No Place to Hide, Glenn Greenwald revealed a number of additional details onthe craft and tools used by the NSA and its British counterpart, the GCHQ. While many of the capabilities and activities Greenwald details in the book were previously published in reports drawing from Edward Snowdens vast haul of NSA documents, a number of new pieces of information have come to lightincluding the NSAs and GCHQs efforts to use airlines in-flight data service to track and surveil targeted passengers in real time.

The systemscodenamed Homing Pigeon by the NSA and Thieving Magpie by the GCHQallowed the agencies to track which aircraft individuals under surveillance boarded based on their phone data.

We can confirm that targets are on board specific flights in near real time, enabling surveillance or arrest teams to be put in place in advance, a GCHQ analyst wrote in a PowerPoint slide presentation on the program. If they use data, we can also recover email addresss [sic], Facebook IDs, Skype addresses, etc.

The technology allows the NSA and GCHQ to get a geographic fix on surveilled aircraft once every two minutes in transit.

Latest batch of documents leaked shows NSA's power to pwn.

Greenwald asserts in his book that at the same time the US intelligence community and legislators were warning that Chinese networking vendors Huawei and ZTE were untrustworthy because of connections to Chinas Peoples Liberation Army, the NSA was routinely intercept[ing] routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers.

Greenwald cited a June 2010 report from the head of the NSAs Access and Target Development department in which the official wrote, In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and the network.

Read more from the original source:

NSA routinely tapped in-flight Internet, intercepted exported routers

Posted in NSA

NSA backdoors my open networks to new threats, report says

Posted on by

IDG News Service - Allegations that the NSA installed surveillance tools in U.S.-made network equipment, if true, could mean enterprises have more to worry about than just government spying.

While the U.S. government warned router buyers that the Chinese government might spy on them through networking gear made in China, the U.S. National Security Agency was doing that very thing, according to a report in the Guardian newspaper Monday.

The NSA physically intercepted routers, servers and other network equipment and installed surveillance tools before slapping on a factory seal and sending the products on to their destinations, according to the report, which is extracted from an upcoming book by Glenn Greenwald, a journalist who last year helped expose sensitive documents uncovered by former NSA contractor Edward Snowden.

With the tools it installs, the NSA can gain access to entire internal networks, the story said. For example, in a report on its use of the technology, the NSA said an embedded beacon was able to call back to the agency and "provided us access to further exploit the device and survey the network," Greenwald wrote.

The new charge vastly expands the scope of alleged NSA spying beyond the interception of traffic across the Internet, said Ranga Krishnan, a technology fellow at the Electronic Frontier Foundation. As an example, he pointed to reports from the Snowden documents that the NSA had tapped into Google's own fiber network among its data centers, where the company hadn't encrypted the traffic at all.

"That's how most organizations function," Krishnan said. "So once you're within the company's router, you have access to all that data that's unencrypted."

In addition, any security hole that a government installs could open up the network to attacks by others, he added.

"If you have made something vulnerable ... somebody else could discover that and very well use it," Krishnan said.

The House Intelligence Committee and other arms of the U.S. government have warned for years that networking equipment from vendors in China, namely Huawei Technologies and ZTE, poses a threat to U.S. service providers because of possible links between those companies and the Chinese government.

Specifically, critics have raised alarms that the government could install backdoor surveillance tools in the gear they sell, giving Chinese spies access to communications in the U.S. Those warnings reportedly have held back Huawei and ZTE's sales in the U.S. The companies have said their equipment is safe.

Read the original here:

NSA backdoors my open networks to new threats, report says

Posted in NSA

Im not going to testify: Witness pleads Fifth Amendment during Bangor triple murder trial

Posted on by

BANGOR, Maine A prison inmate who described himself as a friend of one of the two men on trial for the murder of three people refused to testify Monday at the Penobscot Judicial Center. He said he was afraid of retribution if he told the court what he knew.

Nicholas Sexton, 33, of Warwick, Rhode Island, and Randall Ricky Daluz, 36, of Brockton, Massachusetts, are both charged with three counts of murder and one count of arson in the August 2012 crime. Both have pleaded not guilty.

Alfred Lanpher, 44, said Sexton was his friend and gave him a nod when he entered the courtroom. When Assistant Attorney General Lisa Marchese, who is prosecuting the case with Assistant Attorney General Deb Cashman, asked him questions about the murder case, Lanpher declined to answer.

I already advised this lawyer here that Im not going to testify, Lanpher said, indicating attorney William Bart, who was sitting beside him in the courtroom.

Bart did not address the court.

I dont want to testify here because I am going to spend the next three years in jail, Lanpher later said on the stand.

Lanpher of Mount Desert Island is serving a 4-year sentence at the Maine State Prison in Warren for assaulting a Southwest Harbor police officer in 2012.

Marchese asked if he was afraid of retribution for being a rat. Lanpher replied, yeah.

Lanpher did say on the stand that he was using illegal drugs around the time of the three murders and when he testified in front of the Penobscot County grand jury shortly afterward.

Marchese asked the judge to force Lanpher to testify or to allow the prosecution to use the testimony he gave the grand jury shortly after police found the bullet-riddled and charred bodies of Nicolle A. Lugdon, 24, of Eddington, Daniel T. Borders, 26, of Hermon and Lucas A. Tuscano, 28, of Bradford inside a rental car that was discovered on fire in the early morning hours of Aug. 13, 2012.

Read more from the original source:

Im not going to testify: Witness pleads Fifth Amendment during Bangor triple murder trial

No plans to arrest Lois Lerner, John Boehner says

Posted on by

Lois Lerner, former director of the Tax Exempt and Government Entities Division at the Internal Revenue Service, exercises her Fifth Amendment Right against self incrimination during a hearing of the House Oversight and Government Reform Committee on Capitol Hill on March 5. BRENDAN SMIALOWSKI/AFP/Getty Images

Embattled former IRS official Lois Lerner can breathe a small sigh of relief: as of now, the House has no plans to arrest her in an effort to compel her to testify about the agency's undue scrutiny of certain tax-exempt groups.

The House voted to hold Lerner in contempt of Congress last week for her repeated refusal to testify before the House Oversight and Government Reform Committee. The charge against her stems from an opening statement she made in a hearing last year declaring her innocence before invoking her Fifth Amendment right. Republicans say that by delivering her opening statement, she waived her rights against self-incrimination.

Despite the contempt charge, Speaker John Boehner, R-Ohio, says it's up to Attorney General Eric Holder - not the House - to take the next steps.

"The contempt charge has gone to the attorney general and its up to the attorney general, Eric Holder, to prosecute this and to assign someone to prosecute the case. Now will he do it? We don't know. But the ball is in his court," Boehner said over the weekend in an interview on Fox News' "Sunday Morning Futures."

Boehner said a provision allowing the House to make its own arrest has "never been used and I'm not sure it's an appropriate way to go about this. It's up to Eric holder to do his job."

Boehner spokesman Michael Steel clarified that the speaker was referring to the modern era, because the House did at one time enforce its own contempt findings.

The Supreme Court has twice upheld the House's authority to arrest and even imprison people through a process called "inherent contempt." A 2014 report by the Congressional Research Service (CRS) found several instances in which Congress would dispatch the Sergeant-at-Arms to arrest the person being held in contempt. They would stand trial before the House, be given counsel, found guilty, and then penalized with arrest or a fine.

"Inherent contempt has the distinction of not requiring the cooperation or assistance of either the executive or judicial branches. The House or Senate can, on its own, conduct summary proceedings and cite the offender for contempt," the report found.

But the practice hasn't been used since 1935, in part because imprisonment for refusing to comply with a subpoena cannot extend past the current session of Congress, and also because the process has been described as "unseemly," cumbersome, time-consuming and ineffective in the modern era.

Visit link:

No plans to arrest Lois Lerner, John Boehner says

Guns and Supreme Court: Is Second Amendment a Privilege, Not a Right?

Posted on by

The Supreme Court unwisely declined to review Drake v. Jerejian, last week, a case that challenged New Jerseys discretionary system of concealed-carry permitting.

By denying review, the Court failed to resolve a nationwide split about the meaning of the Second Amendment.

Eventually, the Court will have to face the issue and decide if it was serious when it held that the Second Amendment protects an individuals right to keep and bear arms.

Both Heller and McDonald made it clear that the government cannot ban or effectively ban guns, but lower courts are still struggling to define what restrictions are allowed under those rulings.

In 2008, in the landmark case of D.C. v. Heller, the Supreme Court held that the Second Amendment protects the individual right to keep and bear arms.

Eventually, the Court will have decide if it was serious when it held that the Second Amendment protects an individuals right to keep and bear arms.

Later, in 2010s McDonald v. Chicago, the Court held that the Second Amendment protects citizens from not just federal prohibitions, as Heller said, but also from state and municipal prohibitions.

Since that time, the Court has not heard another Second Amendment case. Both Hellerand McDonald made it clear that the government cannot ban or effectively ban guns, but lower courts are still struggling to define what restrictions are allowed under those rulings. The Supreme Court needs to clear up the uncertainty.

Gun controllers in cities and states across the country are taking advantage of that uncertainty to test the limits of gun control. After McDonald struck down Chicagos de factogun ban, the city created a restrictive permit system requiring one hour of range training. But the city also banned gun ranges. The Seventh Circuit struck down the ban on ranges.

More recently, a judge struck down Chicagos ban on virtually all sales and transfers within the city because the Second Amendment right must also include the right toacquirea firearm.

See the original post:

Guns and Supreme Court: Is Second Amendment a Privilege, Not a Right?

N.J. Gov. Chris Christie under the gun over ammo bill, as White House beckons

Posted on by

N.J. Gov. Chris Christie will face a difficult decision in the coming days over an ammunition restriction bill thats nearly found its way to his desk and the pressure from the Second Amendment activists and the gun-control crackdown crowd could very well hang the fate of his White House aspirations.

The legislation seeks to reduce the allowable capacity for ammunition magazines to 10 rounds, down from 15. Its passed through the Senate and heads to the lower house for a second vote, where support is strong. Mr. Christie could see it within days, NJ.com reported. And pressure is mounting for him to take a side.

SPECIAL COVERAGE: Second Amendment and Gun Control

Christie will either veto the magazine restriction bill, or kiss his presidential aspirations goodbye, a headline of the gun rights website Bearingarms.com read.

But from the other side is pressure from parents of Sandy Hook Elementary School victims. Twice, this groups taken their lobby mantra for more gun control and for passage of the ammo limits directly to the steps of the state Capitol.

Theyre likely to make a public appearance during the final Assembly vote, due within days, said Bryan Miller, the executive director of the group, Heeding Gods Call, in NJ.com.

So far, Mr. Christies office has refused to take a stand.

If and when a final version of legislation reaches his desk, it will be carefully reviewed in the 45-day period he has prior to taking any action, one spokesman for Mr. Christie said, in NJ.com.

But any dream he might have for the White House or any GOP-fueled hope that hes the partys 2016 candidate may hinge on which way he goes on the bill.

Any candidate that doesnt do well in these early primaries can kiss their presidential aspirations goodbye and one of the fastest ways to sink a Republican nomination in the current political environment is to be seen as a champion of gun control, said Bob Owens, the author of the Bearingarms.com piece.

Link:

N.J. Gov. Chris Christie under the gun over ammo bill, as White House beckons

Such hack, much sad: Doge Vault reportedly loses $56,000 in heist

Posted on by

On Tuesday, Doge Vault, one of the most popular online repositories for the cryptocurrency Dogecoin, formally acknowledged that it had been hacked two days earlier.

On the 11th of May, the Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet funds, the site wrote.As soon as the administrator of Doge Vault was alerted, the service was halted. The attackers had already accessed and destroyed all data on the hosted virtual machines.

While Doge Vault hasnt officially said how much was lost, a newly created Dogecoin wallet shows that 121,550,030 dogecoins have been transferred into it over the last 24 hours. At present exchange rates, thats worth about $56,000.

The company did not immediately respond to further questions, nor did it provide additional details about who the perpetrators might be.

Dogecoin first debuted in December 2013. Unlike Bitcoin and other altcoins, Dogecoin has no hard cap as to how many coins will be mined. It's just the latest cryptocurrency to suffer from attacks that pilfer wallets from exchanges and end users. Recently, such attacks have become extremely commonas a result of people failing to heed best practices that dictate only a small amount of currency should be stored in 'hot' wallets. In fact, the growth of cryptocurrency theft in recent years has even led to attacks becoming an automated feature of some botnets.

For a more detailed account of how such pilfering attacks operate, Ars covered a similar incident that happened to Bitcoinia in 2012.

See the original post here:

Such hack, much sad: Doge Vault reportedly loses $56,000 in heist

Major Dogecoin Wallet Hacked, Shut Down

Posted on by

Doge Vault, a popular online wallet for the virtual currency dogecoin, was taken offline on Sunday after being hit by hackers.

Dogecoin might be based on a silly meme, but recently the cryptocurrency had been gaining steam as an alternative to bitcoin, with users raising enough money to sponsor a NASCAR racecar.

The #98 Dogecoin / Reddit.com Ford, driven by Josh Wise, is seen in the garage during practice for the NASCAR Sprint Cup Series on May 2, 2014 in Talladega, Alabama.

On Sunday, a Doge Vault user reported to the Cryptocurrency Times that 950,000 dogecoins (around $437) had been transferred out of his or her account to another online wallet.

That wallet currently holds more than 121 million dogecoins, worth more than $55,000. Its not clear if everything in that wallet was stolen. What is clear is that Doge Vault had been hacked and is now offline.

On the 11th of May, the Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet funds, the service wrote on its website. We are currently in the process of identifying the extent of the attack and potential impact on user's funds.

NBC News reached out to Doge Vault for comment, but the company did not respond.

It has been a rough year for cryptocurrencies. Bitcoin became a media and Silicon Valley darling before hitting some serious speed bumps, including the collapse of the Mt. Gox exchange, multiple hacks, and a warning from the SEC. In December, Dogewallet was hacked, with $16,000 worth of dogecoins stolen.

Dogecoin was supposed to be the smart alternative to bitcoin. With a lovable Shiba Inu as a mascot, the cryptocurrency's users prided themselves on not being wealthy speculators (cough, Winklevoss twins, cough), instead rallying around charities.

But the anonymous nature of the currency users are identified only as dogechain addresses makes it difficult to refund stolen funds. Banks might collect personal information through credit cards, but they can also protect consumers against fraudulent charges. Bitcoin and dogecoin work like cash. Once they are stolen, they are essentially gone, and no adorable puppies can bring them back.

Continued here:

Major Dogecoin Wallet Hacked, Shut Down