Monthly Archives: June 2017

A federal contractor was arrested over the weekend and accused of leaking a classified report containing "Top Secret level" information on Russian hacking efforts during the 2016 presidential election.

Reality Leigh Winner, 25, appeared in U.S. District Court in Augusta, Ga., to face one charge of removing classified material from a government facility and mailing it to a news outlet, theJustice Department said Monday.

Winner's arrest was announced shortly after the Intercept website published a story detailing how Russian hackers attacked at least one U.S. voting software supplier and sent so-called "spear-phishing" emails to more than 100 local election officials at the end of October or beginning of November.

The Justice Department did not specify that Winner was being charged in connection with the Intercept's report. However, the site noted that the National Security Agency (NSA) report cited in its story was dated May 5 of this year. An affidavit supporting Winner's arrest also said that the report was dated "on or about" May 5.

The Intercept contacted the NSA and the national intelligence director's office about the document and both agencies asked that it not be published. U.S. intelligence officials then asked The Intercept to redact certain sections. The Intercept said some material was withheld at U.S. intelligence agencies' request because it wasn't "clearly in the public interest."

The report said Russian military intelligence "executed cyber espionage operations against a named U.S. company in August 2016 evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017."

The hackers are believed to have then used data from that operation to create a new email account to launch a spear-phishing campaign targeting U.S. local government organizations, the document said. "Lastly, the actors send test emails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services."

The document did not name any state.

The information in the leaked document seems to go further than the U.S. intelligence agencies' January assessment of the hacking that occurred.

The Washington Examiner reported that Winner worked forPluribus International Corporation and was assigned to a U.S. government facility in Georgia. She had held a top-secret classified security clearance since being hired this past February. The affidavit sworn by FBI agent Justin Garrick said that she had previously served in the Air Force and held a top-secret security clearance.

Late Monday, Wikileaks founder Julian Assange tweeted his support for Winner.

Winner's attorney, Titus Thomas Nichols, declined to confirm whether she is accused of leaking the NSA report received by The Intercept. He also declined to name the federal agency for which Winner worked.

"My client has no (criminal) history, so it's not as if she has a pattern of having done anything like this before," Nichols told the Associated Press in a phone interview Monday. "She is a very good person. All this craziness has happened all of a sudden."

Garrick said in his affidavit that the government was notified of the leaked report by the news outlet that received it. He said the agency that housed the report determined only six employees had made physical copies. Winner was one of them. Garrick said investigators found Winner had exchanged email with the news outlet using her work computer.

Garrick's affidavit said he interviewed Winner at her home Saturday and she "admitted intentionally identifying and printing the classified intelligence reporting at issue" and mailing it to the news outlet.

Asked if Winner had confessed, Nichols said, "If there is a confession, the government has not shown it to me."

House Oversight Committee Chairman Rep. Jason Chaffetz, R-Utah, praised the arrest in an appearance on Fox News' "The Story with Martha MacCallum."

"When you have classified information, you cannot put that out there just because you think it would be a good idea," Chaffetz said. "I want people in handcuffs and I want to see people behind bars."

Chaffetz also criticized federal agencies for failing to protect sensitive information after a series of high-profile leaks.

"They have hundreds of thousands of people that have security clearances," Chaffetz said. "There are supposed to be safeguards in there ...But how many times do we have to see this story happen? They obviously dont have the safeguards."

The Associated Press contributed to this report.

More:
NSA contractor accused of leaking top secret report on Russian hacking ...

The National Security Agency campus in Fort Meade, Md.(Photo: Patrick Semansky, AP)

A federal contractor was arrested in Georgia Monday in connection with a classified NSA report on Russian election interference published by the online publication The Intercept.

According to the top secret document, Russian military intelligence conducted a cyberattack on at least one supplier of voting software and sent phishing emails containing malicious software to more than 100 local election official days before the 2016 election, The Intercept reported.

After theIntercept story was published Monday, the Justice Department announced the arrest of a 25-year-old federal contractor from Georgia in connection with the disclosure.

Reality Leigh Winner, a contractor with Pluribus International Corp., who has held a top secret security clearance since at least February, made her first federal court appearance in Augusta, Ga., Monday afternoon.

Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency and unlawfully retained it, court documents stated, adding that material was taken May 9. Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.

Deputy Attorney General Rod Rosenstein credited federal law enforcement agents with acting quickly to identify and arrest the defendant.

Releasing classified material without authorization threatens our nations security and undermines public faith in government, Rosenstein said.

According to The Intercept, the classified May 5 intelligence report is the most detailed U.S. government account of Russian interference in the election that has yet come to light." The NSA report says it is based on information it obtained in April, but the document does not reveal the raw intelligence that led to the reports conclusions.

Related:

Warner: 'Unthinkable' if Trump pressured Comey to end FBI's investigation

Devin Nunes: No credible evidence of Russia-Trump collusion

Lindsey Graham: There's 'reason to believe' conversation was 'unmasked'

Accordingto the purported NSA document, Russian intelligence executed cyber espionage operation against a named U.S. Company in August 2016, evidently to obtain information on elections-related software and hardware solutions. The report's authors have no doubt the Russian General Staff Main Intelligence Directorate, or GRU, was behind the operation.

The Russian "spear-fishing" attack involved sending local government employees emails that appeared to be from e-voting vendors containing Microsoft Word documents loaded with malware. Once the recipient opened one of the documents, the hackers would gain control of the infected computer.

In order for the emails to seem legitimate, the Russians tried to hack an election software company's email system, The Intercept reported. At least one employee's account was likely hacked, according to the report.

"Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states," The Intercept reported.

In late October, the hackers began to send emails that appeared to be from a VR system employee, the document says. The emails were sent to 122 addresses tied to "local government organizations," the document says, adding that "officials involved in the management of voter registration systems" were the likely targets.The emails contained "trojanized" attachments that would allow the hackers to gain access to the infected computer.

"It is unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data could have been accessed by the cyber actor," the alleged NSA document says. "However, based upon subsequent targeting, it was likely that at least one account was compromised."

The Interceptis an online publication started in 2013 by journalists Glenn Greenwald, Laura Poitras and Jeremy Scahill in the wake of Edward Snowdens revelations about NSA surveillance.

Thereport published Monday is based on a top-secret National Security Agency document provided by an anonymous source. The report was independently authenticated, according to The Intercept.

An unnamed U.S. intelligence officer told The Interceptnot to read too much into the document because, a single analysis is not necessarily definitive.

Read or Share this story: https://usat.ly/2sxhjvM

Follow this link:
Federal contractor arrested after NSA document published on news site - USA TODAY

As they traveled across America last year, it seems Donald Trump's children saw not only potential voters, but also potential customers.

After years of spinning out hotels laden with gold leaf and marble, Trump Hotels is launching a hospitality brand positioned for a different kind of clientele. At Trump Tower tonight, Eric and Donald Trump Jr., along with Trump Hotels CEO Eric Danziger, announced the launch of a mid-market hotel chain called American Idea. The new franchisea big departure from the flagship, luxury Trump Hotels and the company's planned upmarket second brand, Scionwill launch with three locations in the Mississippi Delta area. The three-star rooms will range from $80 to $120 a night.

"I'm sure it's going to haunt me, but we kind of look at [the new brand] as flea market chic," said Danziger during the announcement event. "It means that in any given city, there's history," he said, explaining that the decor of each hotel will reflect the heritage and ephemera of its local community.

The younger Trumps said they got the idea to launch the new hotel brand as they traveled the country with their father during the campaign. "There's a market here that we've been missing our entire lives," said Donald Trump Jr. during the announcement event.

By creating a hotel brand for third- and even fourth-tier American cities, Trump Hotels appears to be attempting to avoid headwinds facing the company's other brands. For example, Trump Hotels' international expansion has been curtailed by conflict of interest concerns. "When the president became the president, we said we're not going to do anything internationally. So that kind of forced me into [saying] we're going to be a domestic brand," said Danziger in an interview with Fast Company.

President Trump and his family have been accused on various occasions of viewing their move into politics as a business and branding opportunity. Certainly the theme of the new franchise falls in line with the U.S.A.-first attitude of Trump's campaign, which championed the American yesteryear. During the election, Mississippi swung for Trump.

[Photo: Ruth Reader 2017] AM

Read more from the original source:
Reality Winner: Here's what we know so far about the accused NSA leaker - Fast Company

by LINDSAY WHITEHURST, Associated Press

NSA officials deny mass surveillance during Utah Olympics (Photo: MGN)

SALT LAKE CITY (AP) A former top spy agency official who was the target of a government leak investigation says the National Security Agency conducted blanket surveillance in Salt Lake City during the 2002 Winter Olympics in Utah, according to court documents.

Ex-NSA official Thomas Drake wrote in a declaration released Friday that the NSA collected and stored virtually all electronic communications going into or out of the Salt Lake City area, including the contents of emails and text messages.

"Officials in the NSA and FBI viewed the Salt Lake Olympics Field Op as a golden opportunity to bring together resources from both agencies to experiment with and fine tune a new scale of mass surveillance," Drake wrote.

It comes as part of a lawsuit filed by attorney Rocky Anderson, who was the mayor of Salt Lake City during the games held a few months after the Sept. 11, 2001, attacks. Anderson said the document was disclosed to the U.S. Department of Justice on Wednesday.

Former CIA and National Security Agency director Michael Hayden has denied in court documents that such a program existed. Hayden was NSA director from 1999 to 2005.

Current NSA operations director Wayne Murphy said in court documents that NSA surveillance in Salt Lake City was limited to international communications in which at least one participant was reasonably believed to be associated with foreign terrorist groups.

Drake disputed that statement, writing that he spoke with colleagues who worked on the operation and were concerned about its legality. He said he also saw documents showing surveillance equipment being directed to the Utah program.

His declaration was written in support of the former mayor's lawsuit. Anderson said the lawsuit is designed to get more information about what he calls covert, illegal operations.

The NSA has argued the lawsuit's claims are far-fetched speculation about a program that may never have existed. A judge, though, refused a Justice Department push to dismiss the lawsuit in January.

Drake started working for the NSA in 2001 and blew the whistle on what he saw as a wasteful and invasive program. He was later prosecuted for keeping classified information. Most of the charges were dropped before trial in 2011, and he was sentenced to one year of probation.

Read more:
Ex-spy says NSA did mass surveillance during Utah Olympics - KUTV 2News

Wall Street Journal (subscription)

US Charges Contractor With Leaking NSA ... Wall Street Journal (subscription) A 25-year-old government contractor was arrested over the weekend and charged with leaking a secret report to a news organization that described some of Russia's election-related hacking activities, according to court papers and U.S. officials briefed ...

See the rest here:
US Charges Contractor With Leaking NSA ... - Wall Street Journal (subscription)

'Intercept' Article Reveals NSA Report On Russian Cyberattack NPR Email. June 6, 20175:00 AM ET. Heard on Morning Edition. The Intercept reveals an NSA report that Russian military intelligence hacked into one voting software supplier, and sent phishing emails to local election officials days before the November ...

See the original post:
'Intercept' Article Reveals NSA Report On Russian Cyberattack - NPR

AlterNet

NSA Director Mike Rogers Poised to 'Drop a Bomb' on Trump Admin During Wednesday Testimony: MSNBC AlterNet Atlantic magazine writer Steve Clemons said during a Saturday panel on MSNBC's The Point with Ari Melber that National Security Administration (NSA) Director Michael Rogers may have a bomb to drop on the Trump administration. Rogers will testify ...

Read the original here:
NSA Director Mike Rogers Poised to 'Drop a Bomb' on Trump Admin During Wednesday Testimony: MSNBC - AlterNet

Former National Security Agency senior executive and whistleblower Thomas Drake revealed himself this week as the source for a lawsuit alleging the NSA conducted blanket, indiscriminate surveillance of Salt Lake City during the 2002 Winter Olympics.

In a declaration filed in discovery in the case in U.S. district court in Utah, Drake asserted the NSA, in coordination with the FBI, scooped up and stored the content of emails and text messages sent and received by anyone in the city and Olympic venues including American citizens.

The mantra was just take it all, said Drake, 60, in a Thursday evening phone interview. Drakes assertions contradict declarations filed in the case in March by former NSA director Michael Hayden and current NSA operations manager Wayne Murphy.

The NSA has never ... at any time conducted mass or blanket surveillance, interception, or analysis ... of e-mail, text message, telephone, or other telecommunications in Salt Lake City or the vicinity of the 2002 Winter Olympic venues, whether during the 2002 Winter Olympic Games or otherwise, Murphy stated.

Drake accused Murphy and Hayden of making statements that are if not literally false, substantially misleading. His declaration was first reported Friday by the Salt Lake Tribune.

[Read Thomas Drakes full declaration here]

The NSA and the Department of Justice declined to comment Friday on the case, which was filed in 2015 by former Salt Lake City Mayor Rocky Anderson on behalf of six American citizens who alleged their private communications were monitored and likely stored by the NSA during the Winter Games, held in Salt Lake City in February 2002.

Its incredibly important that the public be aware of what our governments doing, and all of us standing up against it, Anderson said in a telephone interview Thursday evening. We need to let our elected officials know that we will resist in any way possible this rather sudden transformation of our country, not only to a surveillance state, but to a nation where the rule of law seems to mean very little.

Drake is a former Air Force and Navy veteran who worked at the NSA from 1989 until 2008, when his career ended amid a leak investigation. Drake had grown uncomfortable with the expansion of the NSAs surveillance operations, authorized by President George W. Bush after the Sept. 11, 2001, terrorist attacks, and leaked unclassified information to a reporter about waste and fraud in the agency.

In 2007, Drakes home was raided by the FBI, and, in 2010, federal prosecutors charged him with 10 felonies under the Espionage Act. The case against him ultimately collapsed Drake pleaded guilty to a misdemeanor in 2011 and his ordeal is seen by civil liberty advocates as emblematic of overaggressive targeting of whistleblowers by the federal government.

In early 2002, according to Drake, he started hearing rumors from alarmed colleagues at the NSA about the Salt Lake Olympics Field Op. Then he started seeing manifest documents, showing shipments of surveillance equipment headed to Utah.

The Winter Games that year were held on American soil just five months after the Sept. 11 attacks, and according to Drakes declaration, the NSA saw the event which would bring thousands of people, including foreign leaders and international media, to a relatively confined geographic area as a golden opportunity to fine-tune a new scale of mass surveillance.

The mass surveillance program during the 2002 Olympics was first reported in a 2013 Wall Street Journal article that alleged, based on anonymous officials, that the FBI and the NSA made an arrangement with Qwest Communications International Inc. to monitor the content of all email and text communications in the Salt Lake City region during the Winter Games.

Qwest, a Denver-based telecommunications company, was acquired in 2011 by CenturyLink. Former Qwest chief executive Joseph Nacchio has said he knew nothing about his company cooperating with the NSA during the 2002 Olympics, but that federal authorities could have worked with other executives without his knowledge.

In 2013, one of the secret documents former NSA contractor Edward Snowden leaked to journalists describes NSA discussions about an operation during the Olympics, but not to the extent of what Drake has alleged.

In early 2002, NSA personnel met with senior vice president of government systems and other employees from Company E, the document stated. Under authority of the Presidents Surveillance Program (PSP), NSA asked Company E to provide call records in support of security for the Olympics in Salt Lake City ... On 19 February 2002, Company E submitted a written proposal that discussed methods it could use to regularly replicate call record information stored in a Company E facility and potentially forward the same information to NSA.

The Snowden document makes no mention of capturing content, though, but rather seems to align with previous revelations of NSA operations capturing metadata: information about a phone call or text message, such as the phone numbers, geographical locations of the devices used, and the duration of a call or size of a message.

But Drake said the Salt Lake City operation captured far more than just metadata. Before the Olympics, he said, the NSA set up geofencing virtual geographic boundaries around Salt Lake City and nearby Olympic venues.

Virtually all electronic communication signals that went into or out of one of those designated areas were captured and stored by the NSA, including the contents of emails and text messages, according to Drakes declaration. The NSA stored the metadata, as well as text in emails and text messages. Only large attached images or video files to texts and emails would have been spared, Drake said, because of their size.

Anderson, the former Salt Lake City mayor, was in private practice as an attorney when he read the 2013 Wall Street Journal article. He connected with Drake through a mutual friend, and when Drake described the scope of the operation he believed had been conducted, Anderson decided to pursue litigation.

Andersons case was filed in 2015 on behalf of six people who lived or worked near Olympic venues in Salt Lake City in 2002, including a lawyer, an author and a college professor. Their lawsuit seeks damages, an order to compel the NSA to disclose what communications from the plaintiffs it still has in storage and then the deletion of that information.

Anderson has asked the American Civil Liberties Union and several other electronic freedom and individual rights organizations to take up the case, but all have declined. The Department of Justice has tried to get the case dismissed, but U.S. District Judge Robert Shelby allowed it to proceed with a ruling in January.

Drake expressed dismay Thursday evening that the case has been greatly overshadowed this year by the news, and tweets, coming from the White House.

If there was anything exceptional about America, it was our Constitution ... and yet, here I was, seeing it unravel, in secret, from within the government, Drake said. To me, this still really matters.

Michael E. Miller contributed to this report.

See original here:
Former NSA executive: Agency used 'blanket' surveillance during 2002 Olympics - Washington Post

Cybercriminals have taken the EternalBlue exploits and used them to build more effective Trojans.

A leaked NSA exploit which helped the WannaCry ransomware outbreak become so prolific is now being used to distribute Trojan malware.

A Windows security flaw known as EternalBlue was one of many allegedly known to US intelligence services and used to carry out surveillance before being leaked by the Shadow Brokers hacking group.

The exploit leverages a version of Windows' Server Message Block (SMB) networking protocol to spread itself across an infected network using wormlike capabilities.

But while, for the most part, the spread of WannaCry has been stopped, cybercriminals and hackers are still using the leaked EternalBlue exploit to carry out a much more discreet form of cyberattack, say researchers at FireEye.

This time, the SMB vulnerabilities are being used to distribute Backdoor.Nitol - a Trojan horse which opens a backdoor on the infected computer - and Gh0st RAT, a form of malware capable of taking full control of a machine in addition to conducting espionage and stealing data.

The latter is particularly dangerous and is repeatedly a thorn in the side of the aerospace and defence industries, as well as government agencies and even activists. Now those behind this new Gh0st RAT campaign are using EternalBlue exploits in an effort to compromise Singapore, while Nitol is attacking the wider South Asia region.

Researchers note that machines vulnerable to the SMB exploit are attacked by hackers using the EternalBlue exploit to gain shell access to the machine.

The initial exploit used at the SMB level is similar to what's been seen in WannaCry attacks, but this time, instead of being used to deploy ransomware, the attack opens a shell to write instructions into a VBScript file which is when executed to retrieve the payload from another server in order to create the required backdoor into the machine using Nitol or Gh0st RAT.

While neither attack is new - both have plagued victims for years - the addition EternalBlue adds additional potency to attacks, although nothing so far has suggested that it could spread so widely as quickly as WannaCry did.

And with the EternalBlue exploits now out in the open for any malicious actor to use, it's likely that we'll see it used again and again in new types of attacks.

"The addition of the EternalBlue exploit has made it easy for threat actors to exploit these vulnerabilities. In the coming weeks and months, we expect to see more attackers leveraging these vulnerabilities and to spread such infections with different payloads," said researchers at FireEye Dynamic Threat Intelligence.

"It is critical that Microsoft Windows users patch their machines and update to the latest software versions as soon as possible," they add.

While WannaCry exploited the vulnerability to infect networks across the globe, poor-coding behind the ransomware played a part in it not being as damaging as it could've been, resulting in those behind it not making much money, considering the scale of the campaign.

However, if something like Nitol or Gh0st RAT could simultaneously infected hundreds of thousands across the globe - and the nature of the Trojan attacks means they wouldn't be obvious about it - then future attacks could have much worse consequences.

Here is the original post:
Leaked NSA hacking exploit used in WannaCry ransomware is now powering Trojan malware - ZDNet