Category Archives: NSA

By Arindrajit Basu

On July 16, the Court of Justice of the European Union (CJEU) invalidated the US-EU Privacy Shield that facilitated cross-border data transfers between the two jurisdictions. The decision, colloquially called Schrems II, was based partly on the absence of a clear legal framework in the USA which adequately protects the personal data of non-US citizens from surveillance by US intelligence agencies. In December 2019, I had written a paper for the NUJS Law Review titled Extra-Territorial Surveillance and the incapacitation of human rights law, part of which unpacked the law and practice on surveillance adopted by American intelligence agencies. In this post, I summarise parts of my paper which looked at the programs and legal enablers exploited by the NSA to spy on foreigners. As I discuss in the NUJS Law Review paper, the legal protections provided in the United Kingdom are similarly weak. It remains to be seen how this impacts UK-EU data flows post Brexit.

The Schrems II decision also threatens standard contractual clauses, that is, standardised sets of contractual terms which both the sender and receiver of personal data sign up to, and therefore serve as firm based workarounds to any restrictions on data transfers. I will not discuss SCCs in this piece and limit it to the law and policy on extra-territorial surveillance in the UK.

Algorithmic surveillance exploited by American intelligence agencies can broadly be divided into two phases:

In this stage, vast amounts of data are captured through the bulk collection of data generated online by individuals a phenomenon that Roger Clarke termed dataveillance in 1998, referring to the systematic monitoring and surveillance of an individuals action and behaviour through the use of information technology.

Dataveillance may be conducted on two kinds of datasets metadata and content. Metadata only provides information on the time and length of the communication between individuals but does not reveal the language (content) of these communications. While the NSA itself is a public authority, it has set up multiple partnerships with private sector corporations including Microsoft, Verizon, Intel, Quest and AT&T. The NSA intercepts data from these platforms and redirects these to their data repositories. An example of such a repository is the one in Bluffdale, Utah, codenamed Mainway that is capable of recording 20 billion record events daily. Mainway was first revealed by USA Today in 2006 and it is unclear since when it has been in operation. A slide leaked by the New York Times as part of the Snowden revelations indicates that it has been recording over 20 billion events daily and making them available to the NSA.There is no evidence suggesting that this program has been discontinued or amended since the Snowden revelations.

Through its private partners, the NSA is able to get access to data generated in multiple territories through various programs. BLARNEY , in operation at least since 2006,is one such program which uses NSAs relationship with AT&T to access high capacity international fibre optic cables, switches and/or routers throughout the world. Countries targeted using this program include Brazil, France, Germany, Greece, Italy, Japan, Mexico, South Korea and Venezuela. FAIRVIEW, another NSA program, engaged in something similar with the aid of an unknown corporate partner. The existence of the program only became known due to a leaked slide. STORMBREW is yet another program conducted closely with the US Federal Bureau of Investigation that provides the NSA access to data which is travelling through various choke points on US, territory. A significant proportion of the worlds internet traffic passes through these choke points given the talismanic role the US had in setting up the worlds internet architecture. Choke points are any network node that internet traffic passes through when it enters or exits a countrys internal networks.

The NSAs most infamous program PRISM targets data containing the content of communications from the nine biggest internet companies. Unlike the programs mentioned before which utilise upstream collection using fibre optic cables, PRISM enables the NSA to directly obtain content from the servers of private internet providers in the US.

At this stage of algorithmic surveillance, collected data is processed using data mining techniques to identify potential suspects, whose profiles are subsequently examined in detail. This is known as data-chaining which connects recorded events into a topographic mapping of patterns that selects suspicious patterns. XKeyscore and TreasureMap are analytical programs developed by the NSA for this purpose. XKeyscore allows for aggregated processing of information based on suspicious patterns derived from nationality, location or online behaviour. For example, one declassified NSA slide shows a query titled germansinpakstin which would enable an NSA analyst to examine residents in Pakistan that may be use German language messaging systems. Treasure Map constructs the risk analysis done by programs like Xkeyscore to construct recognisable patterns. Through this process, suspect profiles are developed, which enable the NSA to make predictions about their future behaviour.

The legal authority for the NSAs surveillance programmes stems from Section 702 of the Foreign Intelligence Surveillance Amendment Acts 2008 (FISAA). The FISAA adopts different standards of protection for American citizens, including American citizens overseas, and non-citizens, including those on US soil. Non-citizens may be surveilled under a lower reasonable belief standard without a warrant from the Foreign Intelligence Surveillance Court (FISC) though the FISC must annually sign off on the high level plan of action with a broad strategy for surveillance, rather than approving surveillance measures on a case to case basis. Although the relevant provision was set to expire in January 2018, Congress voted to re-authorise it for another six years, thus providing tacit approval to surveillance programmes as they stand now.

Executive Order 12333, which was promulgated by President Reagan, has empowered the President to order surveillance activities at his discretion. E.O.12333 has been shrouded in opacity. The aftermath of the Snowden revelations prompted President Barack Obama to issue the Presidential policy Directive (PPD-28) in 2014 which is legally not binding. This Directive states that

Our signals intelligence activities must take into account that all individuals must be treated with dignity, regardless of their nationality or wherever they reside and that all persons have legitimate privacy interests in the handling of their personal information.

PPD-28 pays lip-service to the notion that signals intelligence will not be collected to suppress criticism or discriminate against persons. However, it suggests that bulk collection is necessary to decipher threats in todays complex age where communications are often weaponised by terrorist groups. The Directive goes on to state six cases where bulk targeting is permissible. These include:

This list of purposes is seemingly exhaustive though categories such as terrorist threats or cybersecurity are fairly broad and ambiguous. PPD-28 also includes safeguards that are drawn from the broad parameters of any standard data protection framework, including minimisation of data collection, limits on dissemination, use and retention, and proportionality and oversight. There was therefore an implicit recognition that signals intelligence should comply with International Human Rights Law, although its real-life implementation is far from clear.

The CJEUs argument on surveillance in Schrems II was that Section 702 FISAA and E.O. 12333 do not comply with the principle of proportionality, equivalent to the standard provided in Article 52 (1) of the European Charter of Human Rights (para 178-184). The court explained that while the annual certifications by the FISC check whether surveillance is undertaken with the objective of acquiring foreign intelligence information, it does not look into the question of whether individuals are properly targeted in order to acquire foreign intelligence information.

The CJEU in Schrems II picked up on this and stated that while PPD-28 is binding on the US intelligence authorities, it does not grant data subjects (that is, non-US citizens) actionable rights against these authorities in court. It went on to say,

PPD-28 allows for bulk collection of a relatively large volume of signals intelligence information or data under circumstances where the Intelligence Community cannot use an identifier associated with a specific target. This allows in the context of surveillance programmes based on E.O. 12333 access to data in transit to the US without that access being subject to any judicial review and thus does not delimit in a sufficiently clear and precise manner the scope of such bulk collection of personal data.

Schrems II opens an avenue for emerging economies like India to push back against their entrenched extra-territorial surveillance practices. Indias surveillance framework has been in dire need for a legal overhaul. For starters, it makes no distinction between citizens and non-citizens as the US does. Yet, the provisions governing surveillance in India (which applies equally for citizens and non citizens) would likely not satisfy thresholds for adequacy determination and even if it did, it would likely be struck down by a Schrems like challenge at the CJEU. While there is no evidence of Indian intelligence agencies running mass extra-territorial surveillance programs like the NSA does, the law and policy is certainly not in line with the thresholds articulated in Schrems.

The legal framework governing surveillance in India stems from four statutes the Telegraph Act (1885), Information Technology act, 2000, Code of Criminal Procedure (1973), and is enabled further by the Personal Data Protection Bill (tabled in 2019). The Telegraph Act enables targeted surveillance and covers the interception of post and telephone/telegraph. Section 5(2) has a two-tiered threshold for the Central Government to authorise the interception of messages. First, there should be a public emergency or the authorisation must be in the interest of public safety. Second, the official must be satisfied that the interception is necessary or expedient in the interests of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence. Rule 419A charts out the process that needs to be followed prior to, during and subsequent to the interception, including the relevant sanctioning authority, the review process, and duration.

In addition to calls and messages, the government can also intercept information contained in computer resources through Section 69 of the Information Technology Act. While it is modelled on the Telegraph Act, there are important distinctions. First, it allows the government to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource without the prerequisites of public emergency of public safety, which are there in the Telegraph Act. Further,the second tier test is widened by providing two additional and ambiguous grounds which are defence of India and investigation of any offence. Section 69(3) imposes an obligation on an intermediary to comply with the intercepting agency.

Section 69B allows the Central Government to undertake bulk surveillance by collecting and monitoring traffic data (defined in 69B4(ii) to include metadata) for enhancing cybersecurity and for identification,analysis, and prevention of any intrusion or spread of computer contamination in the country a threshold that is as low and as ambiguous as the parameters contained in the US PPD-28. It is worth noting here that the regime does not provide for any judicial oversight of this surveillance mechanism.

The Personal Data Protection Bill served as an opportunity to reform the surveillance regime in India. However, Section 35 of the Bill states that exemptions can be made to collection rules, reporting requirements, and other requirements whenever the government feels that it is necessary or expedient-a significant departure from the 2018 version which used the term necessary and proportionate a standard recognised in international human rights law, and the Schrems II decision. This Bill is still under consideration by the Joint Parliamentary Committee and India has an opportunity yet to enact meaningful reform that will comply with the EUs adequacy standards.

Schrems II comes as a victory for the critical mass of civil society organisations trying to restrict extraterritorial surveillance and bring it within the boundaries of International Human Rights Law. A German court recently rendered extra-territorial surveillance by German authorities unconstitutional. Schrems II has mounted a firm judicial challenge to the US on this front, and given the importance of cross-border data flows, it might prompt the US to reconsider its surveillance practices, though worryingly some experts have already recommended stubborn retaliation instead through trade retaliatory measures, among other forms of diplomatic pressure.

It remains to be seen whether the EU will use GDPR adequacy to challenge the practices of other countries. The UK, for example, still allows extra-territorial bulk surveillance through the Investigatory Powers Act 2016 (formerly Regulation of Investigatory Powers Act, 2000) Further, will other countries whose citizens are victims of US surveillance but do not have the EUs geopolitical clout be emboldened by this decision to take a judicial or policy stance against US surveillance? India initially cited foreign surveillance in the Srikrishna Committee Report (2018) as one of the reasons underpinning its localisation gambit but failed to ground this argument in the discourse on individual sovereignty. It still has an opportunity to change this by amending Section 35 of the Act and thereby furthering the pushback against unbridled extra-territorial surveillance. Similar pushback from middle powers will likely determine the future of extra-territorial surveillance although the Schrems II decision is a giant leap forward towards developing a norm ostracising it. It has been recognised for some time that US surveillance practices have been illegal as per the standards of international human rights law. The CJEUs decision highlighted that the US needs to abide by these rules in order to survive in todays era of inter-dependence and cannot create and implement rules unilaterally.

The complete paper is available here.

Arindrajit Basu is a Research Manager at the Centre for Internet and Society.

Edited by Aditi Agrawal

See original here:
Unpacking US law and practice on extraterritorial mass surveillance in light of Schrems II - MediaNama.com

Mutual aid organizing is experiencing something of a renaissance amid the coinciding crises of COVID-19 and overdoses. But the concept is not just used by communities setting up fridges stocked with free groceries or grassroots safer use supplies distribution.

The cops areand have beendeploying the framework first popularized by a Russian anarchist to facilitate their war on drug users and border communities. While community organizers tend to think about mutual aid as a means to survive and build power despite austerity, law enforcement has defined it as sharing intelligence, pooling militarized equipment, and bringing together officers to boost each departments respective capacity to criminalize Black, Indigenous, migrant, and poor communities.

As the movement to defund law enforcement grows and President Donald Trumps migrant concentration camps continue, law enforcement mutual aid arrangements are now being proposed by sheriffs as a mechanism for ramping up border policing and raising funds through asset forfeiture.

In a federally-funded August 18 report, the National Sheriffs Association (NSA) put forth a vision of border sheriffs mutually banding together to increase traffic stops, which often involve racist profiling and have resulted in the murder of Black motorists. Called criminal interdiction units (CIU), these multi-departmental collaborations share information and gather intelligence among sheriffs, which, historically speaking, are nothing new. Since at least the 1960s, some local jurisdictions in states like Wisconsin have had such mutual aid systems for traffic policing.

What seems to different is their function in this current moment. CIUs would address, the authors suggest, border sheriffs reported main priority of funding, while also supporting efforts to fill personnel voids, bolster northern border policing and crack down on the drug tradeissues and priorities identified in roundtable discussions funded by a Justice Department grant to the tune of more than $100,000. The grantor, the Office of Community Oriented Policing Services, did not respond toFilters request for comment about NSAs report.

The NSA authors, whose spokesperson also did not respond to comment, frame the scaling up of traffic stops as cash cows for law enforcement departments that are at the center of coinciding political battles over defunding the police and Trumps border regime.

The value of interdiction units is illustrated the authors wrote, by a mutual aid model in northern Texas, which collected more than $65 million in profits from seized illicit substances and weapons in a 30-month period between December 2017 and June 2020. Cannabis, a plant increasingly legalized despite continued federal criminalization, was the second most common drug seized (more than one-quarter) during arrests, just behind methamphetamine.

The law enforcement organizations know that a coordinated mutual aid effort is going to attract scrutiny from progressives and the media.

The collaboration, named the North Texas Criminal Interdiction Unit, anticipate[s] even better resultsmeaning more arrests, and more money taken out of the pockets of communitieswith this years integration of license plate reader technology in the eight participating counties.

The law enforcement organizations know that a coordinated mutual aid effort to ramp up traffic stops along the borders is going to attract scrutiny from progressives and the media, as Trump systematically violates migrants human rights and cops brutalize communities. In the words of the reports authors, CIU members will be in a high-profile position and will often be the targets of numerous complaints because of their high level of stops and interactions.

An historic proportionabout one-thirdof the public and high-profile cultural figures, like musicians John Legend and Lizzo and actors Jane Fonda and Natalie Portman, support defunding law enforcement. The movement sparked by the police murders of George Floyd, Breonna Taylor and Tony McDade has been estimated by The New York Times to be the the largest movement in the countrys history.

Bullet-proofing the program from anticipated popular criticism, for the authors, means weeding out the bad apples. If the wrong member is selected, the unit could fail. The members must be of high moral character, must be highly motivated, and must have demonstrated a high conviction rate. The personnel selected will have the ability to affect all criminal interdiction efforts across the nation through resulting case lawgood or bad.

In the United States, law enforcement mutual aid has been used to facilitate settler-colonialism, suppress Black resistance, and stop liberation movements.

It began at least as early as the 19th century. Before local police departments were formed, a 1973 NSA report on law enforcement mutual aid explained, local U.S. Army troops would assist sheriffs in enforcing United States colonial law during western expansiona euphemism for the genocide of Native Americans and theft of their lands.

A century later, law enforcement mutual aid was used to violently suppress Black-led uprisings in the 1960s, from the 1965 Watts Riot, a response to police terror, and the April 1968 actions in the wake of the assassination of Reverend Martin Luther King, Jr. After the Long Hot Summer of 1968, Congress passed the 1968 Omnibus Crime Control and Safe Streets Act, leading the Department of Justice to commission numerous studies on expanding the countrys riot control capacity.

One such report, published in June 1973, recognized law enforcement mutual aid as a major step for control[ling] public demonstrations, or what they dub collective violence, by political activists, students, urban minorities, especially urban blacks, and labor unions. Such systems should target, the 1973 document suggests, housing projects, college student unions and labor picketing, among others.

In the 21st century, law enforcement mutual aid systems have been repurposed for the priorities of the ever-militarizing police forces. Post-9/11, they were promoted by the International Association of Chiefs of Police as a model for the domestic War on Terror. Now, amid the 2020 uprisings against police terror, the systems have been activated by local authorities to protect residents and businesses in Sacramento, California, among others.

Photograph of sheriffs from the North Texas Criminal Interdiction Unit via Collin County Sheriffs Office/Public Domain

See the original post here:
The Frightening Future and Past of Cop Mutual Aid - Filter

Washington, Aug 26 (PTI) Iqbal Singh, a former Asian Championship bronze medalist for India, has been charged with murder in the US after he chillingly admitted to killing his wife and mother, according to media reports.

Singh, 62, from Delaware County in Pennsylvania called police on Sunday morning to admit his crime, The Philadelphia Inquirer quoted officials as saying.

When police arrived at Singhs home in Newtown Township, they found Singh covered in blood, suffering from self-inflicted stab wounds. Inside were the bodies of the two women, the report said.

Singh was charged on Monday with first- and third-degree murder, court records show, and remained in custody, denied bail given the nature of the charges. There was no indication that he had hired an attorney, it said.

The former shot-putter won a bronze medal at the 1983 Asian Athletics Championship, which was held in Kuwait. This remained the biggest achievement of his sporting career before he moved to the US.

He was working as a taxicab driver, US media reports said.

Singh was taken to an area hospital for the treatment of self-inflicted injuries, where he remains in police custody, NBC News reported.

At Singhs home on Rockwood Road, police found his mother, Nasib Kaur, lying unresponsive on the first floor with her throat slit. Singhs wife, Jaspal Kaur, was found upstairs, similarly wounded. Both women were pronounced dead at the scene, according to the affidavit of probable cause for his arrest.

The motive in the slayings was unclear.

At this point, theres been no previous criminal contact with this individual and so the mystery of why this happened is still a mystery, CBS Local quoted Delaware County District Attorney Jack Stollsteimer as saying.

A chilling phone call between Singh and his son brought the responding officers to his home.

I killed both of them. I killed your mother and grandmother. Call the police to come get me, he told his son over phone.

He then talked to his daughter, who was with her brother and told her the same story. Thats when law enforcement was contacted, they arrived and they found Mr Singh covered in blood, injured. But they also found the two deceased individuals in the home, Stollsteimer said.

Neighbours say the now-accused killer was well-known. He was often seen walking and meditating in the quiet Newtown Square neighbourhood.

But they say something seemed off a day before the killings.He didnt seem to be his usual self. When he was doing his prayers, I just kind of sensed that he was maybe a little bit off or agitated about something, neighbour Sue Davison said. PTI NSA AKJ NSA

Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: PTI

Read this article:
Former Indian shot put medalist arrested in US for killing wife and mother - Outlook India

National Safety Apparel in Cleveland recently has grown by acquiring two apparel companies: leather glove manufacturer Kunz Glove and military gear manufacturer Wild Things. Kunz was acquired in late July and Wild Things in late August, the company said in an email.

Terms of the acquisitions are not being disclosed.

"We're committed to providing workers in the field and military personnel in the battlefield with the gear they need, while growing our manufacturing footprint in the USA," National Safety Apparel president and CEO Chuck Grossman said in a news release. "Both Wild Things and Kunz Glove align with NSA's mission to provide high quality, innovative products, and expand our offering to our customers."

Chicago-based Kunz Glove serves the electrical utilities and other industrial markets. Virginia Beach-based Wild Things started as a maker of gear for mountaineers and now makes outerwear for the U.S. military.

National Safety Apparel serves industries ranging from electrical and gas utilities to steel mills to construction, as well as the military, with its industrial safety apparel. Revenue figures and employee numbers are not being shared for any of the companies.

See original here:
National Safety Apparel grows with two acquisitions - Crain's Cleveland Business

ISTANBUL & RICHARDSON, Texas--(BUSINESS WIRE)--Mavenir, the industry's leading end-to-end cloud-native network software provider for CSPs, and Turkcell, Turkeys leading digital operator today announce the worlds first OpenRAN vRAN call fully containerized with O-RAN Split 7.2 architecture, in Turkey.

Running on Turkcells Telco Cloud environment, Mavenirs OpenRAN vRAN is integrated with Turkcell Core, and is the first workload that will be going live on Turkcells Edge Cloud.

Mavenirs award winning OpenRAN vRAN solution centralizes baseband processing in cloud-native virtualized and containerized baseband units (vBBU) and exploits fronthaul over ethernet between vBBU and multiple remote radio units (RRU). The Mavenir vRAN architecture and platform supports 4G as well as both 5G NR NSA and SA. The vBBU is split into Central Unit (CU) and Distributed Unit (DU) and it features O-RAN standard interfaces.

The split between the DU and the RRU gives flexibility to the RAN system by enabling an efficient interface which can be run over Ethernet and allows concentration of the processing power either into data centers or onto edge platforms. Mavenirs OpenRAN vRAN allows a very secure and transparent interface which is based on a single architecture that can accommodate several deployment scenarios.

With these open interfaces, as well as virtualization and web scale containerization, the solution has the flexibility to support various deployment scenarios including Public Cloud, Private Cloud and at the RRU site. It can also support massive MIMO, mmWave, edge micro services and network slicing for 5G NR.

Mavenir is extremely proud to have supported Turkcell, which is a very innovative and advanced operator, in achieving this first call in a truly OpenRAN containerized implementation, said Mikael Rylander, Mavenirs SVP/GM Radio Access Products. The standard O-RAN 7.2 interface will enable and boost the OpenRAN ecosystem significantly by allowing many RRU vendors to be deployed and to have very effective solutions in all possible frequency bands with great deployment flexibility and with automation and remote operations.

We strongly believe in Turkcell that innovation is the engine that allows us to be very close to our customers and meet their demands, Gediz Sezgin, Turkcell CTO stated. Now with OpenRAN, we are entering a new era that offers us new ways of deploying Radio Networks and create a real distributed 5G network to fulfill the expectations that the industry has. We are pleased to pioneer this technology with Mavenir by realizing worlds first containerized implementation with a truly open architecture using a mix and match of Open FH supported RRU and CU/DU which reflects the true sense of Open RAN.

Turkcell is also transforming its LTE and 5G voice network into 100% virtual infrastructures. Mavenir was selected by Turkcell to deploy its cloud-native, NFV-based IMS solution, in Turkcells home country Turkey and other subsidiaries.

Mavenirs Virtualized IMS (vIMS) solution is designed to fully support LTE use cases and evolve into a fully web-scale platform that can meet the requirements enabling Turkcell to continue to lead the evolution to its 5G networks.

About Turkcell:

Turkcell is a digital operator headquartered in Turkey, serving its customers with its unique portfolio of digital services along with voice, messaging, data and IPTV services on its mobile and fixed networks. Turkcell Group companies operate in 5 countries Turkey, Ukraine, Belarus, Northern Cyprus, Germany. Turkcell launched LTE services in its home country on April 1st, 2016, employing LTE-Advanced and 3 carrier aggregation technologies in 81 cities. Turkcell offers up to 10 Gbps fiber internet speed with its FTTH services. Turkcell Group reported TRY6.9 billion revenue in Q220 with total assets of TRY47.0 billion as of June 30, 2020. It has been listed on the NYSE and the BIST since July 2000, and is the only NYSE-listed company in Turkey. Read more at http://www.turkcell.com.tr

About Mavenir:

Mavenir is the industry's only end-to-end, cloud-native Network Software and Solutions/Systems Integration Provider for 4G and 5G, focused on accelerating software network transformation for Communications Service Providers (CSPs). Mavenir offers a comprehensive end-to-end product portfolio across every layer of the network infrastructure stack. From 5G application/service layers to packet core and RAN, Mavenir leads the way in evolved, cloud-native networking solutions enabling innovative and secure experiences for end users. Leveraging innovations in IMS (VoLTE, VoWiFi, Advanced Messaging (RCS)), Private Networks as well as vEPC, 5G Core and OpenRAN vRAN, Mavenir accelerates network transformation for more than 250+ CSP customers in over 140 countries, which serve over 50% of the worlds subscribers.

Mavenir embraces disruptive, innovative technology architectures and business models that drive service agility, flexibility, and velocity. With solutions that propel NFV evolution to achieve web-scale economics, Mavenir offers solutions to help CSPs with cost reduction, revenue generation, and revenue protection.

http://www.mavenir.com

Read the original:
Mavenir and Turkcell Enable World's First OpenRAN vRAN Call with Fully Containerized CU/DU and Open Front Haul - Business Wire

On August 15th the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware.

The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations.

The name Drovorub comes from a variety of artifacts discovered in Drovorub files, Drovo translates to firewood or wood, while Rub translates to to fell, or to chop. Together, they translate to woodcutter or to split wood.

Drovorub is like a Swiss-army knife for hacking Linux. The Linux malware toolset consists of an implant coupled with a kernel module root kit, a file transfer and port forwarding tool, and logic for connecting back to a Command and Control (C2) server. The below figure shows the Drovorub components and their functions.

Drovorub malware is made up of four executable components: Drovorub-client, Drovorub-agent, Drovorub-kernel module and Drovorub-server. The components communicate via JSON over WebSockets. Below is a brief overview of each component.

Installed on actor-controlled infrastructure, enables C2 for the Drovorub-client and Drovorub-agent. mySQL is used by the Drovorub-server to manage the connecting Drovorub-client(s) and Drovorub-agent(s). The database stores data that is used by the Drovorub-agent and client for registration, authentication and tasking.

The Drovorub-client is installed on target endpoints by the actor. The client receives commands from the remote Drovorub-server and offers file transfer to/from the victim, port forwarding, and a remote shell capability. The Drovorub-client is packaged within (Read more...)

See the original post:
Drovorub Taking systems to the wood chipper What you need to know - Security Boulevard

National Security Agency (NSA), U.S. intelligence agency within the Department of Defense that is responsible for cryptographic and communications intelligence and security. Its headquarters are in Fort Meade, Maryland.

Britannica Quiz

World Organizations: Fact or Fiction?

France is a member of the Group of Eight.

The NSA grew out of the communications intelligence activities of U.S. military units during World War II. It was established in 1952 by a presidential directive from Harry S. Truman in which he specified its mission as

to provide an effective, unified organization and control of the communications intelligence activities of the United States conducted against foreign governments, to provide for integrated operational policies and procedures pertaining thereto.

The NSA was created in part out of the belief that the importance and distinct character of communications intelligence warranted an organization distinct from both the armed forces and the other intelligence agencies. While it operates within the Department of Defense, the NSA also belongs to the Intelligence Community (a coalition of 17 intelligence agencies) and as such acts under the supervision of the director of national intelligence. The director of the NSA is a military officer of flag rank (i.e., a general or an admiral) with a minimum of three stars. Not being a creation of Congress, the NSA often acts outside of congressional review; it is the most secret of all U.S. intelligence agencies.

The agencys mission includes the protection and formulation of codes, ciphers, and other cryptology for the U.S. military and other government agencies as well as the interception, analysis, and solution of coded transmissions by electronic or other means. The agency conducts research into all forms of electronic transmissions. It also operates posts for the interception of signals around the world. In 1972 a joint organization, the Central Security Service (CSS), was created to coordinate the intelligence efforts of the NSA with the U.S. military. The director of the NSA also heads the CSS (under the title of Chief, CSS).

The 1978 Foreign Intelligence Surveillance Act (FISA) restricts the NSA mandate to the interception of foreign communications and forbids the agency from targeting a U.S. citizen unless the latter is considered an agent of a foreign power. In exceptional cases that are considered critical to national security, the agency can obtain a warrant to intercept domestic communications. In 2008, amendments to FISA relaxed those restrictions and allowed the agency to monitor domestic communications without a warrant as long as one party is reasonably believed to be outside the United States.

In 2013 NSA activities were put in the limelight after a former computer security contractor, Edward Snowden, leaked classified information about two surveillance programsone collecting information from U.S. Internet service providers (PRISM) and the second collecting so-called metadata on cellular phone calls (information including phone numbers and length of the calls but not their content). Those programs were designed to target non-Americans, but they also collected a massive amount of information from Americans with whom those individuals had communicated. Other NSA programs included the extensive, worldwide, and allegedly untargeted collection of text messages (Dishfire) and of the locations of cell phones.

While less known to the American public than the Central Intelligence Agency, the NSA is believed to be far larger in size in terms of workforce and budget. According to Michael Hayden, a former director (19992005) of the NSA, it is also the worlds largest collector of foreign signals intelligence.

See original here:
National Security Agency | History, Role, & Surveillance ...

Microsoft released a patch for Windows 10 and Server 2016 today after the National Security Agency found and disclosed a serious vulnerability. It's a rare but not unprecedented tip-off, one that underscores the flaw's severityand maybe hints at new priorities for the NSA.

The bug is in Windows' mechanism for confirming the legitimacy of software or establishing secure web connections. If the verification check itself isn't trustworthy, attackers can exploit that fact to remotely distribute malware or intercept sensitive data.

"[We are] recommending that network owners expedite implementation of the patch immediately as we will also be doing," Anne Neuberger, head of the NSA's Cybersecurity Directorate, said on a call with reporters on Tuesday. "When we identified a broad cryptographic vulnerability like this we quickly turned to work with the company to ensure that they could mitigate it."

"It will be a long day for a lot of Windows administrators around the world."

Kenn White, Open Crypto Audit Project

The flaw is specifically in Microsoft's CryptoAPI service, which helps developers cryptographically "sign" software and data or generate digital certificates used in authenticationall to prove trustworthiness and validity when Windows checks for it on users' devices. An attacker could potentially exploit the bug to undermine crucial protections, and ultimately take control of victim devices.

"Think of signing malware as if it's trusted by Microsoft or intercepting encrypted web traffic," says David Kennedy, CEO of the corporate security evaluation firm TrustedSec, who formerly worked at the NSA. "That would completely evade so many protections."

As researchers and cyber criminals alike study the vulnerability and rush to develop a hacking tool that takes advantage of it, the scale of the risk to users will become more clear. But a flaw in a crucial cryptographic component of Windows is certainly problematic, especially given that Windows 10 is the most-used operating system in the world, installed on more than 900 million PCs.

"This is a core, low-level piece of the Windows operating system and one that establishes trust between administrators, regular users, and other computers on both the local network and the internet," says Kenn White, security principal at MongoDB and director of the Open Crypto Audit Project. "If the technology that ensures that trust is vulnerable, there could be catastrophic consequences. But precisely what scenarios and preconditions are requiredwe're still analyzing. It will be a long day for a lot of Windows administrators around the world."

The NSA's decision to share the vulnerability brings to mind the NSA hacking tool known as Eternal Blue, which exploited a Windows bug patched in early 2017. That flaw was present in all versions of Windows available at the time, and the NSA had known about the bugand exploited it for digital espionagefor more than five years. Eventually, the NSA lost control of Eternal Blue; a few weeks after Microsoft issued a fix, a mysterious hacking group known as the Shadow Brokers leaked the tool online. Criminals and nation state hackers alike had a field day with the tool, as Windows machines around the world slowly got around to patching.

The Windows 10 validation bug may be the NSA's attempt to avoid a similar debacle. And unlike Eternal Blue, Neuberger made a point to say that the agency had not used the exploit itself.

In fact, Neuberger said that disclosing the code verification bug to Microsoft and the public is part of a new NSA initiative in which the agency will share its vulnerability findings more quickly and more often. The effort will work alongside the existing Vulnerability Equities Process run by the National Security Council, which weighs the national security importance of keeping hacking tools secret versus disclosing vulnerabilities.

That's why the NSA didn't just disclose the vulnerability, but made its role public. "Its hard for entities to trust that we indeed take this seriously," she said, "and [that] ensuring that vulnerabilities can be mitigated is an absolute priority."

View post:
Windows 10 Has a Security Flaw So Severe the NSA Disclosed ...

Ted McConnell is Senior Policy Advisor forCivXNow Coalition, and Elizabeth Rindskopf Parker, is former General Counsel at CIA and NSA and is a member of the executive board of the Center for Ethics and the Rule of Law. @CivXNow

OPINION These are confounding and painful times. In recent months, the COVID-19 pandemic has laid bare a tragic divide in health outcomes among communities based on race, ethnicity, and wealth. And now, this problem which exists in every aspect of society and its opportunitiesincluding in education, housing, and employmenthas been further exacerbated by yet another example of the cultural disconnect between local police and the minority residents they are sworn to protect. The resulting outrage at the latest gratuitous killing of a Black man was predictable.

Long simmering grievances within the Black community about the governments historic mistreatment that has been enabled by a dominant white societys lack of concern have been worsened by the frustrating inability to effectuate real change. It has been gratifying to see how largely peaceful protests have brought these inequities so clearly and responsibly to the fore. At the same time, it is also troubling that some parties appear to view this tragedy irresponsibly as a way to stoke even greater anger and dissension and increasing polarization. Unfortunately, as recent experience teaches, they will not be alone. We must expect that some, among them hostile foreign actors, will take full advantage of the current crisis to amplify anger as a way to deepen the nations ethnic, racial, and income divides. As always, their goal will be to erode confidence in our democratic system and foster a sense of hopelessness about the possibility of reform and accountability.

Such foreign threats, well documented inrecent reports, are the topic of a subsequent blog post. What will be clear is that these efforts are designed to weaken the United States from within, encouraging internal dissension and undermining support for government institutions and civil society, particularlyamong those long marginalized. Such efforts end-run the historic U.S. national security posture of projecting force away from the domestic arena to keep the homeland safe. By operatingwithinthe United States to amplify domestic grievances, such attacks undermine national cohesionwithout the need for an external challenge. As such, they are as much a national security threat as would be an externally launched attack by a hostile armed force. These threats find fertile ground in the current outrage over police misconduct and the disparate impact of COVID-19 on our disadvantaged minority citizens.

While profoundly disturbing, the widespread protests and the outrage they reflect should not surprise us. They result from inattention to legitimate grievances of those who have long suffered from inequitable treatment based on race, ethnicity, and income. This situation is reflected in the sharp decline in public confidence in government and civil society which has been apparent for some time. In 2019, this lack of trust in the government was well documented by the Pew Research Center. The centersJuly 2019 reportdetails the loss of trust of Americans in the government, the news media, and one another. Perhaps most disturbing was the finding that almost half of young adults between the ages of 18 and 29 fell into the low trust category, as compared to one-fifth of those over 65. Furthermore, [o]nly 17%of Americans today say they can trust the government in Washington to do what is right just about always (3%) or most of the time (14%). And last month,The New YorkTimesinterviewed a cross section of people and reached the same conclusion. In fact, thisreportingsuggested that the level of trust in the government to do the right thing may have actually declined below the troubling 17% reported by Pew.

The picture is bleak but not without hope. The Pew Research Center reported that more than 90% of those surveyed, regardless of political affiliation, believed it important to improve the level of confidence Americans have in government and each other. And an encouraging 80% believed such improvement was possible. Perhaps the deeply upsetting current crisis can nonetheless serve as a catalyst for change. If so, we dare not ignore this opportunity.

And so now, even in the midst of a singularly painful period of protests, a brief pause is in order. If we are to formulate an approach to addressing the current situation effectively, the first step must be to understand how we arrived at this point. Only then can we fashion a strategy to begin addressing what can be done in useful response to the outpouring of rage at the current state of affairs across a broad range of issuesissues that disproportionately impact the nations disadvantaged minority populations. Stated otherwise, the COVID-19 pandemic and protests about police misconduct have made clear the problems our democracy faces. The question that remains is how best to achieve lasting change. It is a question thateveryAmerican, white and non-white alike, must acknowledge and embrace. In the end, our democracy only works for any one of us if it works for all.

The answer begins with a truism. A democratic republic depends on a citizenry and an electorate that is informed about the issues and challenges of the day and is equipped to take advantage of the mechanisms of its government to achieve change. This is, of course, the fundamental premise on which our system of public education is based. Our schools are expected to teachallcitizens about their history and their government and, most importantly, to enable their effective participation. Indeed, one explanation for the outrage exhibited in recent demonstrations may be that those most directly impacted by unacceptable policies in policing, health care, education, and economic opportunity are frustrated by their inability to achieve lasting change. This may be because they have not received the civic education they need to empower them in managing the levers of public policy and government fundamental to achieving real change.

In fact, this analytical construct finds considerable support when todays state of civic education is considered. In subsequent blog posts, we will describe countless surveys that chart a decline in civic education and document the lack of understanding of all citizens about their government. The conclusion is unassailable: in recent decades there has been a precipitous decline in attention to civic literacy at all levels of the educational continuum, from secondary schools to college and graduate teacher education. Most recently, the Department of Education released the National Assessment of Educational Progress (NAEP) which documents the outcome of the 2018 Civics and U.S. History exams given to 8thgraders across the country. Considered the nations Report Card, theNAEP resultsshow that between 2014 and 2018, only 24% of respondents scored at or above the level of proficiencya dismal showing relatively unchanged for many years. Upon release of the results, Secretary of Education Betsy DeVos candidlynotedthat We cannot continue to excuse this problem away. Instead, we need to fundamentally rethink education in America. It is the only way our nations students will be in a position to lead our nation and the world.

Even more significantly, this failure of civic education resulting from declining time and attention over several generations has likely contributed to aloss of appreciation for democracyas a system of government based on the rule of law. It seems equally obvious that the fall-off in civic literacy is part of the explanation for the current political dysfunction and loss of faith in our politics and government institutions. It may also contribute to the intense frustration of those now protesting a wide range of societal inequities from police misconduct to health, education, and economic disparities laid bare by COVID-19.

Yet despite the grave state of civic education today, efforts at reform are underway and have begun to show promise. The CivXNow Coalition has created a national movement to improve and strengthen state and national policies and practices in delivering civic education. These efforts have produced recent successes in several states which, among other things, have developed and implemented new learning standards, measures of assessment and accountability, and course and time requirements for civic education. These measures are designed to engage and empower students rather than to rely upon rote learning.

In the end, however, an even broader commitment to civic education reform and understanding, both in formal education and throughout society, is needed. Once again, there is hopeful news. In March 2020, reports by two commissions formed to address completely different challenges facing the nation found that improving civic literacy was a fundamental starting point. After two and a half years of review, the final report, Inspired to Serve of the congressionally chartered National Commission on Military, National, and Public Service (NCMNPS), concluded that to increase participation in a wide range of service activities it would be essential to strengthen and expand civic educationthe necessary foundation for developing a culture of service. Similarly, The Cyberspace Solarium Commission found that enhancing civic education and media literacy would be critical to protecting the nation against democracy-undermining cyber threats.

These developments should inform any response to the current tragic circumstances that have so galvanized protesters in countless cities around the nation. The slide into civic illiteracy disproportionately impacts those communities most in need of advocating for themselves, once again highlighting the divide based on race, ethnicity, and income. The lack of civic education available in these communities translates into reduced levels of political engagement. While overall voting participation by youth is poor, not surprisingly black and Latinx youth vote at even lower rates than their white counterparts. This adds to the dysfunction in our political and governmental systems todaythe heart of protestors concerns. To protect our constitutional democracy from internal and external threats, improved civic understanding and engagement across all parts of our society, in our educational institutions and beyond, are more than critical needs. In todays threat environment, they have become a national security imperative.

We hope this introduction will encourage learning more about the relationship among civic education, domestic tranquility, and national security at what may arguably be an existential moment in the history of our democracy.

This piece was first published by our friends at the Center for Ethics and the Rule of Law at The University of Pennsylvania

Read more expert-driven national security insight, perspective and analysis in The Cipher Brief

View post:
A National Crisis: The Imperative for Improving Civic Education - The Cipher Brief

By Chris Kocher

July 20, 2020

Protecting the U.S. information infrastructure and the privacy of data have become top concerns, especially over the past decade and Binghamton University is now ready to take a greater role in combating these threats.

In June, the National Security Agency and the Department of Homeland Security named Binghamton a National Center of Academic Excellence in Cyber Research (CAE-R) through 2025.

The designation recognizes the work being done by the Center for Information Assurance and Cybersecurity (CIAC), a Binghamton University research center, as well as other research efforts around the campus. CIAC is a joint effort among faculty members from the Thomas J. Watson Watson School of Engineering and Applied Science, the Harpur College of Arts and Sciences, the School of Management, the College of Community and Public Affairs, and the Decker College of Nursing and Health Sciences.

Your ability to meet the increasing demands of the program criteria will serve the nation well in contributing to the protection of the national information infrastructure, Jillian Curcio, national CAE-R program manager for the NSA, said in a letter.

Associate Professor Ping Yang

Watson School Dean Krishnaswami Hari Srihari praised the efforts of Associate Professor Ping Yang, who is the director of CIAC, and other faculty members collaborating as part of the new CAE-R at Binghamton.

Our faculty continues to gain international recognition for their diligent research and academic excellence, Srihari said. We are very proud to be a Center of Academic Excellence in Cyber Research, and we know that Professor Yang and her colleagues are committed to keeping data secure.

To become a CAE-R, Binghamton University had to complete a rigorous 200-page application detailing published cybersecurity research, core faculty rsums, research grants, the advanced certificate in cybersecurity program and more. Multiple letters were also submitted, with help from Associate Vice President for Research Mary Beth Curtin, Research Development Assistant Michael Jacobson and Computer Science Department Chair Weiyi Meng.

This designation shows that Binghamton University has a strong academic program in cybersecurity research, Yang said. It also opens up cybersecurity grants and scholarship opportunities for our students and faculty. Were now eligible to apply for some large grants from the Department of Defense and the National Science Foundation. I also hope that this designation will attract more students to apply for our cybersecurity certificate program.

Yang arrived at Binghamton in 2006, after earning her PhD at SUNY Stony Brook. She developed the Department of Computer Sciences first graduate course on cybersecurity.

Since then, a lot more people are using computers and the internet, she said. Children also use the internet, especially during this COVID-19 pandemic. So it becomes more urgent to educate students and community members on possible cyber threats and how to address such threats.

The mandates from the NSA and DHS regarding the CAE-R program are clear, she added, and she looks forward to Binghamton University meeting or exceeding them.

The main goals, she said, are to reduce the vulnerability in the information infrastructure of the United States by promoting higher education and research in cyber-defense and producing professionals with cyber-defense expertise.

Follow this link:
Homeland Security, NSA name Binghamton a cyber research center - Binghamton University