Monthly Archives: April 2017

The latest leak by the Shadow Brokers hackers exposed classified information that could only have come from within the NSA, setting the stage for a Cold War ritualthe mole hunt.

A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed a National Security Agency operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves the Shadow Brokers began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this montha move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last years election-related hacks, but security experts say the Shadow Brokers attacks fit the pattern established by Russias GRU during its election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named Guccifer 2.0.

I think theres something going on between the U.S. and Russia that were just seeing pieces of, said security technologist Bruce Schneier, chief technology officer at IBM Resilient. What happens when the deep states go to war with each other and dont tell the rest of us?

The Shadow Brokers made their debut in August, appearing out of nowhere to publish a set of secret hacking tools belonging to the Equation Groupthe security industrys name for the NSAs elite Tailored Access Operations program, which penetrates foreign computers to gather intelligence. At that time, the Shadow Brokers claimed to be mercenary hackers trying to sell the NSAs secrets to the highest bidder. But they went on to leak more files for free, seemingly timed with the public thrusts and parries between the Obama administration and the Russian government.

From the start, outside experts had little doubt that Russian intelligence was pulling the strings. Circumstantial evidence and conventional wisdom indicates Russian responsibility, exiled NSA whistleblower Edward Snowden tweeted last August. Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the [Democratic National Committee] hack.

The FBI started investigating, and in August agents arrested an NSA contractor named Hal Martin after discovering that Martin had been stockpiling agency secrets in his house for two decades. But even as Martin cooled his heels in federal custody, the Shadow Brokers continued to post messages and files.

Snowden and other experts speculated that the Russians obtained the code without the help of an insider. As a matter of tradecraft, intelligence agencies, including the NSA, secretly own, lease, or hack so-called staging servers on the public internet to launch attacks anonymously. By necessity, those machines are loaded up with at least some of the agencys tools. Snowden theorized that the Russians penetrated one of those servers and collected an NSA jackpot. NSA malware staging servers getting hacked by a rival is not new, he wrote.

Whatever their origin, the leaks dried up on Jan. 12, when the Shadow Brokers announced their retirement 10 days before Donald Trumps swearing-in. The group didnt reemerge until this month, after the Syrian militarys deadly chemical-weapons attack in Ghouta. Reportedly moved by images of the Syrian children injured or killed in the attack, Trump responded by ordering the launch of 59 Tomahawk missiles at a Syrian government air basedeparting drastically from the will of Putin, who considers Syrian President Bashar al-Assad a strategic ally.

The Russian government immediately condemned the U.S. response. Two days later, so did the Shadow Brokers. The group broke its months-long silence and released another tranche of NSA secrets along with a lengthy open letter to Trump protesting the Syrian missile strike. Abandoning any pretense of a profit motive, the Shadow Brokers claimed now to be disillusioned U.S. votersthe peoples who getting you elected, as they put in, using phrasing that holds dual meaning coming from a suspected Kremlin operation.

The Shadow Brokers have been playing hardball ever since. Their most recent release, on Friday, exposed the code for a sophisticated NSA toolkit targeting Windows machines, putting some of the agencys capabilities, circa 2013, in the hands of every newbie hacker able to use a keyboard.

This time, the Shadow Brokers didnt stop with code. For the first time in their short history, they also released internal NSA spreadsheets, documents, and slide decks, some bedecked with the insignia and Top Secret markings familiar to anyone whos browsed the Snowden leaks.

Thank You!

You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

The leak exposes in detail a 2013 NSA hacking operation called Jeep Flea Market that gained deep access to Dubai-based EastNets, a company that handles wire transfers for a number of Middle East banks, something of obvious interest to U.S. intelligence. (EastNets denies the breach.) But the Shadow Brokers exposed more than just an NSA operation. Metadata left in the files identified the full name of a 35-year-old NSA worker in San Antonio who was apparently involved in the hack. (The Daily Beast was unable to reach him for comment.)

NSA hackers dont face the same danger as CIA officers working undercover in a foreign country, but the likelihood that Russia has begun exposing them by name, while linking them to specific operations, raises the stakes for the intelligence community. If nothing else, the San Antonio NSA worker could plausibly face criminal and civil charges in the United Arab Emirates, just as hackers working for Russian and Chinese intelligence have been indicted in the U.S.

Its conceivable that the Shadow Brokers included the name by mistake. Groups like WikiLeaks and the journalists with the Snowden cache are accustomed to scrubbing identifying metadata from documents. But a less-experienced hand might overlook it. Schneier is doubtful. If were assuming an intelligent and strategic actor, which I think we are, then you have to assume that they did that on purpose, he said.

Nothing is certain; the Shadow Brokers are a puzzle with missing pieces. But Fridays Shadow Brokers release obliterated one theory on the spot. The NSA would never have put classified spreadsheets and PowerPoint slides on a staging server. They could only have come from inside the NSA.

Which sets the stage for a revival of a storied Cold War intelligence ritual, with the declining agency morale that comes with it: the Russian mole hunt. I think were most likely looking at someone who went rogue from within, or a contractor who had access to this information, said Eric ONeill, national-security strategist for Carbon Black. Either way, we have someone in the intelligence community thats a pretty high-placed spy.

A former FBI surveillance specialist, in 2001 ONeill helped bring down Robert Hannsen, a double agent in the bureau whod been secretly spying for Russia. The FBI must be scrambling right now, he said. Theres so many leaks going on: this leak, the CIA Vault7 leaks, and at the same time theres the investigation into any administration ties to Russia, and the DNC intrusion, and all these leaks coming out of the White House. Theres only so much that the FBIs national security agents can do.

If Russia did have a mole inside the NSA in 2013, the most recent date of the documents, Schneier thinks it unlikely that it does now, or else the Shadow Brokers wouldnt exist. You only publish when its more useful as an embarrassment than as intelligence, he said. So if you have a human asset inside the NSA, you wouldnt publish. That asset is too important.

Its also possible, though unprecedented in the public record, that Russia found a way into the NSAs classified network. A competing theory focuses on the FBIs early suspect, Hal Martin. Hes not the Shadow Brokers, but he reportedly worked in the NSAs Tailored Access Operations program and had 50,000 gigabytes of classified material in his home. Might he himself have been hacked? Martin is charged in Maryland with 20 counts of willful retention of national defense information, but prosecutors have not made any accusation that his trove slipped into enemy hands.

As Snowden demonstrated when he walked out of the NSA with a thumb drive of secrets, its comparatively easy now to steal and smuggle classified information. But ONeill says the FBIs counterintelligence mission is easier too, because of the rampant audit trails and server logs in classified networks.

Its much easier getting the secrets out now, but on the flip side, its also easier for law enforcement and the FBI to track down who had access to the data, he says. I like to think this mole hunt is going to be a little easier than it was in the past.

Until then, expect the Shadow Brokers to stick around. In their Friday dump, they hinted at more revelations this week: Who knows what we having next time?

Read more here:
Is There a Russian Mole Inside the NSA? The CIA? Both? - Daily Beast

The top Democrat on the House Intelligence Committee is calling for the National Security Agency (NSA) to be split from U.S. Cyber Command.

Rep. Adam SchiffAdam SchiffTrump may miss deadline on Russia report Schiff: Dems failed to convey why Russian meddling matters Schiff advocates for NSA, Cyber Command split MORE (D-Calif.) on Wednesday said it would be wise to have separate leaders for the two organizations, pushing for a civilian head of the NSA during remarks at Columbia Law School in New York.

The Pentagon told The Hill earlier this year that it has startedassessingwhether it should split up the dual-hat leadership.

Those are two very big jobs housed under the same hat, Schiff said. I think we would be wise to split up those responsibilities.

Experts have noted that the split is likely to happen eventually, but have warned of the risks of separating them too quickly. Cyber Command was established at NSA headquarters in 2009 and has been largely dependent on the agency.

Schiff made the comments in response to a question of whether or not the federal government has the appropriate organization structure to be effective on cyber.

More generally, he said that the government is slow to keep pace with technology and indicated that there are organizational improvements to be made.

Were probably not structured how we should be, Schiff said, adding later, were always going to be chasing this.

Read the original here:
Schiff advocates for NSA, Cyber Command split - The Hill

A group of hackers released on Friday what appears to be the most extensive data dump yet from the National Security Agency.

The hack could have consequences for the relationship between big software companies and the U.S. government and could make it harder for Europe to trust the U.S. to respect privacy agreements.

Experts believe the hacker group behind the leak, Shadow Brokers, is connected with the Russian government. The group has released stolen information from the NSA before.

If documents released by the hack are authentic, it would show that the NSA has compromised a Dubai-based firm that routes bank transfers between countries. The hack also revealed how to break into Microsoft software. Heres a more detailed explainer from George Washington University professor Henry Farrell.

Here are some things found in the dump.

Why it matters: The U.S. government is technically allowed to access data from Swift only through a formal safeguarded process, but information revealed in the hack indicates the NSA is secretly accessing information outside this agreement. This is bound to upset European regulators.

Why it matters: If the NSA didnt let Microsoft know about the zero-day vulnerabilities, that could further undermine tech companies already eroded trust of the government.

See the original post here:
What you need to know about that latest NSA data dump - Recode

NIGERIAN TRIBUNE (press release) (blog)

Osinbajo meets with NSA, IG, DSS, EFCC bosses, others NIGERIAN TRIBUNE (press release) (blog) Those who were at the Presidential Villa, Abuja for the meeting at the Vice President's office were the National Security Adviser (NSA), Babagana Monguno, Director General of the Department of State Services (DSS), Lawal Daura and the Chairman of the ... Osinbajo, NSA, AGF grill Magu, Daura, IG of PoliceDaily Post Nigeria Osinbajo meets with Magu, DG DSS, NSA, othersThe Eagle Online all 23 news articles »

Read more from the original source:
Osinbajo meets with NSA, IG, DSS, EFCC bosses, others - NIGERIAN TRIBUNE (press release) (blog)

TSA or NSA? The Chicago Maroon Recently, after the Transportation Security Agency (TSA) pressured a NASA scientist to turn over his cell phone at a Houston airport, a floodgate burst in the media. Stories of others who had been coerced into handing over their phones and passcodes at ...

Visit link:
TSA or NSA? - The Chicago Maroon

A new factsheet by the NSA and FBI has laid bare ludicrous contradictions in how US intelligence agencies choose to interpret a law designed to prevent spying on American citizens, but which they use to achieve exactly that end.

The document even claims that it is surveilling US citizens for their own protection while at the same time claiming that it is not doing so.

The obvious and painful contradictions within the 10-page document [PDF] are testament to the very reason why the factsheet had to be prepared in the first place: Congress is threatening not to renew the legislation due to the intelligence agencies' willful misrepresentation of the law to perform the very activities it was designed to prevent.

FISA the Foreign Intelligence Surveillance Act was enacted in 1978 and authorizes US intelligence agencies to carry out electronic surveillance of foreign persons outside the US. It specifically prohibited surveillance of US citizens and foreign persons within US borders.

But in 2008, the FISA Amendments Act (FAA) was passed to recognize the modern realities of internet communications: that foreign intelligence targets were using networks based in the United States to communicate. The law gave the intelligence agencies the right to demand that US companies hand over their communications in the search for foreign intelligence.

In an effort to ensure that those searches were restricted to non-US citizens however, the FAA which was re-authorized in 2012 and now needs to be re-authorized again before the end of 2017 included various procedures, and checks and balances.

Somewhat inevitably however, those procedures which remain almost entirely secret and the check and balances which have been shown to be ineffective at best have been slowly undermined by the intelligence agencies to the extent that the FBI now routinely uses personally identifiable information of US citizens, such as an email or phone number, to search a huge database of gathered information if it suspects them of a crime carried out in the US.

That reality is the diametric opposite of what the law was intended to do hence the ludicrous contradictions between what the intelligence agencies say the law authorizes and the everyday realities that they argue must be retained.

The first eight pages of the 10-page document are largely accurate, giving a rundown of the law, its history and intentions, and the procedures and checks introduced. In fact, it is a useful and largely objective rundown of the issue.

On page four, the document gives some examples of where use of Section 702 have proven effective: gathering insights into the minds of high-level Middle Eastern government ministers; checking up on sanctions; identifying both terrorists and terrorist sympathizers and alerting other governments to them.

Of the five examples given (of course it's impossible to know how many real-world examples there are), only one covers an arrest on US soil: the case of Najibullah Zazi who was tracked after he sent an email to an al-Qaeda operative in Pakistan asking for help in making bombs. Zazi planned to bomb the subway in New York City but was arrested in 2009 before he had the opportunity to do so. He pled guilty in 2010 and was sentenced to life in prison in 2012. (It is worth noting, however, that Zazi was already under surveillance from US intelligence agencies thanks to his visits to Pakistan, so it's unclear what role the Section 702 data really played.)

The document carefully words some sections covering concern over how the law was being interpreted. As a result of Edward Snowden's revelations, lawmakers and civil society groups started asking precise questions and that resulted in the intelligence agencies releasing limited information about the process it goes through to obtain the rights to spy on people. The document paints the provision of that information as the intelligence agencies' "commitment to furthering the principles of transparency," when nothing could be further from the truth.

It also tries to paint a report by the Privacy and Civil Liberties Oversight Board (PCLOB) into US spying in positive terms. The independent board, the document claims, largely exonerated the intelligence agencies and "made a number of recommendations" that have "been implemented in full or in part by the government."

In reality, the board's report was a damning indictment of the agencies' effort to reinterpret the law to be able to spy on just about anyone. The recommendations that have been implemented "in part" cover the most important improvements, in particular the publication of the procedures that the agencies use in reaching determinations. These critical documents remain entirely secret.

The PCLOB also paid a high price for standing up to the NSA and FBI: they had their authority cut out from under them, the budget was slashed, and all but one of its five board members have either resigned or have not had their terms renewed. It is a shell of an organization that doesn't even answer its phone or emails.

It is on pages nine and 10 that the real issues appear however where it addresses "702 issues that are likely to arise in the re-authorization discussion."

These are:

Despite the law specifically noting that US citizens and people within US borders cannot be spied on through Section 702, in reality the intelligence agencies do exactly that.

The explanation is that this information is "incidental" and is hoovered up as the NSA and others are gathering intelligence on others. The intelligence agencies claim that it affects very few US citizens and so Congress has persistently asked what that number is: how many US citizens are included in the 702 database?

The US House Judiciary Committee first asked that question a year ago April 2016. There is still no answer.

This latest document notes: "The IC (intelligence community) and DoJ (Department of Justice) have met with staff members of both the House and Senate Intelligence and Judiciary Committees, the PCLOB, and advocacy groups to explain the obstacles that hinder the government's ability to count with any accuracy or to even provide a reliable estimate of the number of incidental US person communications collected through Section 702."

It says that the agencies are "working to produce a relevant metric" to inform discussions.

This is a transparent attempt to prevent a figure on the number of US citizens in the database from being revealed, because it would almost certainly undermine the core contention of the intelligence agencies: that their procedures prevent the unnecessary gathering of information on US citizens.

See the rest here:
We're spying on you for your own protection, says NSA, FBI - The Register