Daily Archives: February 11, 2015

Anonymous # Operation NSA Campus Stop Spying ON US

By: Megan Rowe

Here is the original post:
Anonymous # Operation NSA Campus Stop Spying ON US - Video

After the Stuxnet digital weapon was discovered on machines in Iran in 2010, many security researchers warned that US adversaries would learn from this and other US attacks and develop similar techniques to target America and its allies.

A newly published document leaked by Edward Snowden indicates that the NSA feared the same thing and that Iran may already be doing exactly this. The NSA document from April 2013, published today by The Intercept, shows the US intelligence community is worried that Iran has learned from attacks like Stuxnet, Flame and Duquall of which were created by the same teamsin order to improve its own capabilities.

The document suggests that such attacks dont just invite counterattacks but also school adversaries on new techniques and tools to use in their counterattacks, allowing them to increase the sophistication of these assaults. Iran, the document states, has demonstrated a clear ability to learn from the capabilities and actions of others.

The document, which was prepared for a meeting between the NSA director and the British spy agency Government Communications Headquarters, doesnt mention the Stuxnet attack by name, but instead refers to Western attacks against Irans nuclear sector. Stuxnet targeted machines controlling centrifuges in Iran that were being used to enrich uranium for Irans program.

In addition to attacks against Irans nuclear sector, however, the document also states that Iran learned from a different attack that struck its oil industry. The report says Iran then replicated the techniques of that attack in a subsequent attack called Shamoon that targeted Saudi Arabias oil conglomerate, Saudi Aramco.

Irans destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary, the NSA document states. Iran, having been a victim of a similar cyber attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others.

The latter statement in the document is referring to the so-called Wiper attack, an aggressive and destructive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April 2012. Wiper didnt steal datainstead it destroyed it, first wiping content on the machines before systematically erasing system files, causing the systems to crash, and preventing them from rebooting. Wiper was designed to quickly destroy as many files as effectively as possible, which can include multiple gigabytes at a time, according to researchers at Kaspersky Lab who examined the mirror images of hard drives in Iran that were destroyed by Wiper.

Wiper was the first known data destruction attack of its kind. Although the NSA document doesnt credit the US and its allies for launching the attack, Kaspersky researchers found that it shared some circumstantial hallmarks of the Duqu and Stuxnet attacks, suggesting that Wiper might have been created and unleashed on Iran by the US or Israel.

Many believe it served as inspiration for Shamoon, a subsequent destructive attack that struck computers belonging to Saudi Aramco in August 2012. The document claims Iran was behind Shamoon. The Shamoon malware wiped data from about 30,000 machines before overwriting the Master Boot Record, preventing machines from rebooting. The attack was designed to replace erased data with an image of a burning US American flag, though the malware contained a bug that prevented the flag image from completely unfurling on machines. Instead, only a fragment of the flag appeared. Researchers said at the time that Shamoon was a copycat attack that mimicked Wiper.

Wiper is also believed to have inspired a destructive attack that struck computers belonging to banks and media companies in South Korea in March 2013. That attack wiped the hard drives and Master Boot Record of at least three banks and two media companies simultaneously and reportedly put some ATMs out of operation, preventing South Koreans from withdrawing cash from them. The report does not suggest that Iran was behind this attack.

View post:
NSA Acknowledges What We All Feared: Iran Learns From US Cyberattacks

After the Stuxnet digital weapon was discovered on machines in Iran in 2010, many security researchers warned that US adversaries would learn from this and other US attacks and develop similar techniques to target America and its allies.

A newly published document leaked by Edward Snowden indicates that the NSA feared the same thing and that Iran may already be doing exactly this. The NSA document from April 2013, published today by The Intercept, shows the US intelligence community is worried that Iran has learned from attacks like Stuxnet, Flame and Duquall of which were created by the same teamsin order to improve its own capabilities.

The document suggests that such attacks dont just invite counterattacks but also school adversaries on new techniques and tools to use in their counterattacks, allowing them to increase the sophistication of these assaults. Iran, the document states, has demonstrated a clear ability to learn from the capabilities and actions of others.

The document, which was prepared for a meeting between the NSA director and the British spy agency Government Communications Headquarters, doesnt mention the Stuxnet attack by name, but instead refers to Western attacks against Irans nuclear sector. Stuxnet targeted machines controlling centrifuges in Iran that were being used to enrich uranium for Irans program.

In addition to attacks against Irans nuclear sector, however, the document also states that Iran learned from a different attack that struck its oil industry. The report says Iran then replicated the techniques of that attack in a subsequent attack called Shamoon that targeted Saudi Arabias oil conglomerate, Saudi Aramco.

Irans destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary, the NSA document states. Iran, having been a victim of a similar cyber attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others.

The latter statement in the document is referring to the so-called Wiper attack, an aggressive and destructive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April 2012. Wiper didnt steal datainstead it destroyed it, first wiping content on the machines before systematically erasing system files, causing the systems to crash, and preventing them from rebooting. Wiper was designed to quickly destroy as many files as effectively as possible, which can include multiple gigabytes at a time, according to researchers at Kaspersky Lab who examined the mirror images of hard drives in Iran that were destroyed by Wiper.

Wiper was the first known data destruction attack of its kind. Although the NSA document doesnt credit the US and its allies for launching the attack, Kaspersky researchers found that it shared some circumstantial hallmarks of the Duqu and Stuxnet attacks, suggesting that Wiper might have been created and unleashed on Iran by the US or Israel.

Many believe it served as inspiration for Shamoon, a subsequent destructive attack that struck computers belonging to Saudi Aramco in August 2012. The document claims Iran was behind Shamoon. The Shamoon malware wiped data from about 30,000 machines before overwriting the Master Boot Record, preventing machines from rebooting. The attack was designed to replace erased data with an image of a burning US American flag, though the malware contained a bug that prevented the flag image from completely unfurling on machines. Instead, only a fragment of the flag appeared. Researchers said at the time that Shamoon was a copycat attack that mimicked Wiper.

Wiper is also believed to have inspired a destructive attack that struck computers belonging to banks and media companies in South Korea in March 2013. That attack wiped the hard drives and Master Boot Record of at least three banks and two media companies simultaneously and reportedly put some ATMs out of operation, preventing South Koreans from withdrawing cash from them. The report does not suggest that Iran was behind this attack.

See the rest here:
The NSA Acknowledges What We All Feared: Iran Learns From US Cyberattacks

An NSA document newly published today suggests two interesting facts that havent previously been reported.

The Intercept, which published the document, highlighted that in it the NSA expresses fear that it may be teaching Iran how to hack, but there are two other points in the document that merit attention.

One concerns the spy tool known as Flame; the other refers to concerns the NSA had about partnering with the British spy agency Government Communications Headquarters and Israeli intelligence in surveillance operations.

In the document, prepared in April 2013 for a meeting between the NSA director and GCHQ, the author cites the Flame attack against Iran as an example of a US/GCHQ partnership. Flame was a massive spy platform exposed by Kaspersky Lab and Symantec in 2012. Flame targeted more than 10,000 machines in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa and was active for at least six years before it was discovered. It used some of the same code that Stuxnet used, leading researchers to conclude that it had been created by the same US/Israel teams that had created Stuxnet. The Washington Post reported in 2012 that the US and Israel were both behind Flame, quoting anonymous US officials. But the new Snowden document hints that GCHQ might have been involved in Flame with the US.

Although the document doesnt say overtly that GCHQ partnered with the US in creating and unleashing Flame, it hints obliquely at cooperation. The document notes that the NSA has successfully worked multiple high-priority surges with GCHQ and cites Flame as an example. But, oddly, it doesnt say they worked together on creating Flame. Instead, it simply cites Irans discovery of Flame in a list of projects on which the GCHQ and the US collaborated.

These jointly worked events include the storming of the British Embassy in Tehran; Irans discovery of computer network exploitation tools on their networks in 2012 and 2013; and support to policymakers during the multiple rounds of P5 plus 1 negotiation on Irans nuclear program, the document reads. The reference to an embassy attack presumably refers to the 2011 attack on the British embassy by protestors in Iran. The reference to the P5 plus 1 relates to negotiations between Iran and Western powers over Irans nuclear program. The network attacks are identified by name as the Flame attacks in another part of the document.

Its unclear what else this might refer to if not the two countries partnering in the creation and unleashing of Flame. Other documents leaked by Edward Snowden have spelled out in more detail how the NSA and GCHQ have partnered over the years in other spy operations, ranging from sharing data siphoned from undersea cables to the hacking of telecom networks, like Belgiums Belgacom, to monitor mobile traffic. The new document suggests that the two countries might also have partnered on Flame in some way, though its unclear to what extent. If this is correct, and the previous Post is correct as well, it would mean the three nations teamed up to spy on Iran, presumably over its nuclear program.

Although there are numerous examples released in the Snowden documents of NSA-GCHQ cooperation as well as NSA-Israeli cooperation, the 2013 document published today expresses concern about a trilateral agreement between the three nations.

It appears in a section discussing a collaboration between the NSA, GCHQ and ISNUa reference to the Israeli SIGINT National Unit, the Israeli counterpart to the NSA. Under the heading Potential Landmines, the document notes that GCHQ has long pushed to work with the NSA and ISNU in a trilateral arrangement to prosecute the Iranian target. And it notes that the NSA and GCHQ have agreed to share information gleaned from their separate partnerships with Israeli intelligence. But with regard to a trilateral partnership, the NSA had reservations. The document notes that the SID policy has been opposed to such a blanket arrangement.

SID refers to the Signals Intelligence Directorate. Under the SID Management Directive 422 (.pdf), the intelligence community is prohibited from delegating a mission to a non-USSS elementthat is, a non-US SIGINT Systemwithout first obtaining a memo of understanding between the NSA and the non-US entity. NSA activities are government by a number of directives, most important among them is USSID 18, which governs what the US can and cannot collect on US persons and how it must handle information collected incidentally on them. Including a foreign spy agency in data collection raises issues about oversight and legality if it involves data pertaining to U.S. persons. This may be in part why the NSA was concerned.

Continue reading here:
Did the NSA and the UKs Spy Agency Launch a Joint Cyberattack on Iran?

Published every weekday, the Switchboard is your morning helping of hand-picked stories from the Switch team.

Judge rules for NSA in warrantless search case. Privacy advocates suffered a major setback Tuesday when a Judge sided with the National Security Agency in the long-running Jewel v. NSA case. "U.S. District Judge Jeffrey White in Oakland, California wrote the plaintiffs failed to establish legal standing to pursue a claim that the government violated the Fourth Amendment," reported Dan Levine at Reuters.

Apple is building a massive solar farm in California. "Apple chief executive Tim Cook said Tuesday that the company is taking on an ambitious project: an enormous solar farm that will provide enough power for all of the company's corporate offices, California stores, its forthcoming campus and more," reports the Switch's Hayley Tsukayama.

Uh-oh: Jeb Bushs transparency effort also exposed Florida residents personal data. Florida man Jeb Bush's bid for transparency went awry when he released more than 4 gigabytes of constituent email from his time as governor -- without redacting personal information, the Switch's Brian Fung noted.

NSA claims Iran learned from Western cyberattacks.Over at the Intercept, Glenn Greenwald reports on a newly revealed Snowden document showing that the National Security Agency claimed that cyberattacks against Iran were actually helping Tehran prepare its own offensive capabilities.

Forbes Web site was compromised by Chinese cyberespionage group, researchers say. For three days last year, the "Thought of the Day" feature on Forbeswasn't just annoying, it was dangerous -- a Chinese cyberespionage group compromised it, using it as part of a watering hole attack that targeted those in the financial and defense industry, researchers told the Switch.

Want more? Follow@TheSwitchand our reporters --@kansasalps,@b_fungand@htsuka-- for the latest tech news throughout the day.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.

Here is the original post:
The Switchboard: Judge sides with NSA in warrantless search case

The EFF's "Team Jewel."

The case, known as Jewel v. NSA, was originally brought by the EFF on behalf of Carolyn Jewel, a romance novelist who lives in Petaluma, California, north of San Francisco. For years, the case stalled in the court system, but it gained new life after the Edward Snowden disclosures in 2013.

Despite the NSA's victory in its partial summary judgment, there are a number of issues left to be adjudicated in Jewel.

The judge's ruling only concerned Upstream Internet surveillance, not the telephone records collection nor other mass surveillance that are also at issue in Jewel, Kurt Opsahl, an EFF attorney, told Ars, referring to the governments program to capture data directly off of fiber optic cables.

We will continue to fight to end NSA mass surveillance, he added.

US District Judge Jeffrey White, in his 10-page order, found that the lead plaintiff lacked standinge.g., she was unable to show that she specifically was surveilled. Beyond the question of standing, the court found it was not able to evaluate her claims without violating national security.

As Judge White wrote:

Based on the public record, the Court finds that the Plaintiffs have failed to establish a sufficient factual basis to find they have standing to sue under the Fourth Amendment regarding the possible interception of their Internet communications. Further, having reviewed the Government Defendants classified submissions, the Court finds that the Claim must be dismissed because even if Plaintiffs could establish standing, a potential Fourth Amendment Claim would have to be dismissed on the basis that any possible defenses would require impermissible disclosure of state secret information.

The standing issue here is similar to a 2013 Supreme Court decision known as Clapper v. Amnesty International. That case found that the plaintiffs (such as Guantanamo Bay lawyers) who had strong evidence to believe that they were being spied upon but could not demonstrate it to the Supreme Courts standard, could not bring their case.

During a December 2014 hearing in federal court in Oakland, California, Judge White heard arguments from both sides in his attempt to wrestle with the plaintiffs July 2014 motion for partial summary judgment.

View original post here:
NSA wins key ruling in years-old phone and Internet spying lawsuit