Category Archives: NSA

President Donald Trump announced Friday he has directed U.S. Cyber Command to be elevated to a unified combatant command and is exploring separating it from the National Security Agency.

In a statement, Trump said the move will strengthen our cyberspace operations and create more opportunities to improve our Nations defense.

Headquartered at Fort George G. Meade, the move will make Cyber Command a more influential institution within the Department of Defense.

The decision could have significant economic ramifications for western Anne Arundel County, where Fort Meade is based.

Tim OFarrell, general manager for the Fort Meade Alliance, said the decision is huge for the state of Maryland. Its huge for this region.

He said, What this means is greater emphasis on cyber and economic development around the region as companies want to come to a place that is so close to the center of it all.

Claire Louder, the former CEO of the West County Chamber of Commerce, said last year that a change in how Cyber Command is positioned within the Department of Defense could lead to more opportunities for cyber companies looking to sign military contracts.

Currently, the agency is a sub-unified command underneath the U.S. Strategic Command, and Adm. Michael Rogers is the head of the NSA and Cyber Command.

Eric Geller, a cybersecurity reporter for Politico, wrote on Twitter the move elevates Cyber Command to the level of nine other unified combatant commands within the Department of Defense, such as U.S. Strategic Command and U.S. Pacific Command.

Louder said because resources are allocated differently to full combatant commands rather than sub-unified commands, the change could lead to another significant economic boom for the region.

That could also lead to better positioning for county officials to lobby for additional funding for infrastructure and school improvements as more people move to the area following job opportunities.

OFarrell said Friday that while the move was largely expected Congress had authorized the president to make this move through its fiscal year 2017 defense policy legislation its impact on the cybersecurity community should not be understated.

If you want to understand what is happening in that space, youre going to have to come through here, OFarrell said. I think youre going to see, from Annapolis to Columbia, continued new companies coming into the marketplace.

Rep. C.A. Dutch Ruppersberger, D-Baltimore County, whose 2nd District includes Fort Meade, lauded Trumps decision to elevate the agency in a statement.

Demand for cyber warfare capabilities is only going to increase and this decision will give the Command the power and resources it needs to better protect our country, he wrote.

Trump said in the statement the move will also help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of such operations.

The change follows years of intense debate as to how Cyber Command should be positioned within the Department of Defense.

Several high-ranking officials have proposed separating the agency entirely from the NSA.

Created in 2009 at NSA headquarters in Fort Meade, Cyber Command plays a more active and offensive role in military combat than the NSA, mostly over the internet rather than on the ground.

During President Barack Obamas administration, former Defense Secretary Ash Carter and former Director of National Intelligence James Clapper argued Cyber Command should be independent of the NSA.

However, Arizona Sen. John McCain has been adamant he would block any plans to end the dual-hat leadership that oversees the NSA and Cyber Command.

In a statement, McCain said he was pleased by Trumps decision, adding there is much more to be done to prepare our nation and our military to meet our cybersecurity challenges.

twitter.com/PhilDavis_CG

Continued here:
Trump elevates US Cyber Command, exploring split from NSA - CapitalGazette.com

The Trump administration this week elevated the US Cyber Command to a Unified Combatant Command, in a long-awaited move that underscores the growing importance of cyber warfare.

The decision, announced Friday, puts the Cyber Command on par with nine other combat commands, and may lead to its separation from the National Security Agency (NSA). In a statement, President Trump said that Secretary of Defense James Mattis will examine the possibility of separating the Cyber Command and the NSA, and that he will announce recommendations at a later date.

This new Unified Combatant Command will strengthen our cyberspace operations and create more opportunities to improve our Nations defense, Trump said in the statement. The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries.

Trump says the move will streamline command and control of time-sensitive cyberspace operations.

Trump also said that the move will streamline command and control of time-sensitive cyberspace operations, and that it will ensure that critical cyberspace operations are adequately funded.

Proposals for creating an independent Cyber Command were first made under the Obama administration, with supporters arguing that the units mandate was sometimes at odds with the NSAs intelligence gathering operations particularly with regard to the fight against ISIS.

Cyber Command was created as a sub-unit of the US Strategic Command, with a mandate to conduct cyber warfare and defend government networks. Navy Admiral Michael Rogers currently leads both Cyber Command and the NSA.

Here is the original post:
Trump elevates Cyber Command, setting the stage for NSA separation - The Verge

A short drive south of Alice Springs, the second largest population center in Australias Northern Territory, there is a high-security compound, code-named RAINFALL. The remote base, in the heart of the countrys barren outback, is one of the most important covert surveillance sites in the eastern hemisphere.

Hundreds of Australian and American employees come and go every day from Joint Defence Facility Pine Gap, as the base is formally known. The official cover story, as outlined in a secret U.S. intelligence document, is to support the national security of both the U.S. and Australia. The [facility] contributes to verifying arms control and disarmament agreements and monitoring military developments. But, at best, that is an economical version of the truth. Pine Gap has a far broader mission and more powerful capabilities than the Australian or American governments have ever publicly acknowledged.

An investigation, published Saturday by the Australian Broadcasting Corporation in collaboration with The Intercept, punctures the wall of secrecy surrounding Pine Gap, revealing for the first time a wide range of details about its function. The base is an important ground station from which U.S. spy satellites are controlled and communications are monitored across several continents, according to classified documents obtained by The Intercept from the National Security Agency whistleblower Edward Snowden.

Together with the NSAs Menwith Hill base in England, Pine Gap has in recent years been used as a command post for two missions. The first, named M7600, involved at least two spy satellites and was said in a secret 2005 document to provide continuous coverage of the majority of the Eurasian landmass and Africa. This initiative was later upgraded as part of a second mission, named M8300, which involved a four satellite constellation and covered the former Soviet Union, China, South Asia, East Asia, the Middle East, Eastern Europe, and territories in the Atlantic Ocean.

The satellites are described as being geosynchronous, which means they are likely positioned high in orbit at more than 20,000 miles above the earths surface. They are equipped with powerful surveillance technology used to monitor wireless communications on the ground, such as those sent and received by cellphones, radios, and satellite uplinks. They gather strategic and tactical military, scientific, political, and economic communications signals, according to the documents, and also keep tabs on missile or weapons tests in targeted countries, sweep up intelligence from foreign military data systems, and provide surveillance support to U.S. forces.

An aerial image of the Pine Gap surveillance facility, located near Alice Springs in Australias Northern Territory.

Photo: BING

Outside Pine Gap, there are some 38 radar dishes pointing skyward, many of them concealed underneath golfball-like shells. The facility itself is isolated, located beyond a security checkpoint on a road marked with prohibited area signs, about a 10-minute drive from Alice Springs, which has a population of about25,000 people. There is a large cohort of U.S. spy agency personnel stationed at the site, including employees of the NSA, CIA, and National Reconnaissance Office, the agency that manages the spy satellites. Intelligence employees are joined by compatriots from the U.S. Army, Navy, and Air Force.

Pine Gap plays a significant role in supporting both intelligence activities and military operations, according to a top-secret NSA report dated from April 2013. One of its key functions is to gather geolocational intelligence, which can be used to help pinpoint airstrikes. The Australian base has a special section known as the geopit for this function; it is equipped with a number of tools available for performing geolocations, providing a broad range of geolocation capabilities in conjunction with other overhead, tactical, fixed site systems, notes an August 2012 NSA site profile of the facility.

Richard Tanter, a professor at the University of Melbourne, has studied Pine Gap for years. He has co-authored, with Bill Robinson and the late Desmond Ball, several detailed reports about the bases activities for California-based security think tankNautilus Institute. He reviewed the documents obtained by The Intercept and said that they showed there had been a huge transformation in Pine Gaps function in recent history.

The documents provide authoritative confirmation that Pine Gap is involved, for example, in the geolocation of cellphones used by people throughout the world, from the Pacific to the edge of Africa, Tanter said. It shows us that Pine Gap knows the geolocations it derives the phone numbers, it often derives the content of any communications, it provides the ability for the American military to identify and place in real-time the location of targets of interest.

The base, which was built in the late 1960s, was once focused only on monitoring missile tests and other military-related activities in countries such as Russia, China, Pakistan, Japan, Korea, and India. But it is now doing a great deal more, said Tanter. It has shifted from a national level of strategic intelligence, primarily to providing intelligence actionable, time-sensitive intelligence for American operations in [the] battlefield.

In 2013, the Sydney Morning Herald reported that Pine Gap played a key role in controversial U.S. drone strikes. Over the past decade, drone attacks have killed a number of top Al Qaeda, Islamic State, and Taliban militants. But the strikes often taking place outside of declared war zones, in places such as Yemen, Somalia, and Pakistan have also resulted in the deaths of hundreds of civilians, and in some cases are considered by human rights advocates to constitute potential war crimes and violations of international law.

The U.S. and its allies regularly use surveillance of communications as a tactic to track down and identify suspected militants. The NSA often locates drone targets by analyzing the activity of a cellphones SIM card, rather than the content of the calls an imprecise method that can lead to the wrong people being killed, as The Intercept has previously revealed. Its really like were targeting a cellphone, a former drone operator told us in 2014. Were not going after people were going after their phones, in the hopes that the person on the other end of that missile is the bad guy.

Concerns about such tactics are amplified in the era of President Donald Trump. Since his inauguration earlier this year, Trump has dramatically increased drone strikes and special operations raids, while simultaneouslyloosening battlefield rules and seekingto scrap constraints intended to prevent civilian deaths in such attacks. According to analysis from the group Airwars, which monitors U.S. airstrikes, civilian casualties in the U.S.-led war against the Islamic State are on track to double under Trumps administration.

Afghan villagers gather near a house destroyed in an apparent NATO raid in Logar province, south of Kabul, Afghanistan, on June 6, 2012.

Photo: Ihsanullah Majroh/AP

David Rosenberg, a 23-year veteran of the NSA who worked inside Pine Gap as a team leader for more than a decade, acknowledged that the base was used to geolocate particular electronic transmissions. He told The Intercept and ABC that the base helps to provide limitation of civilian casualties by providing accurate intelligence, and insisted that the governments of Australia and the United States would of course want to minimize all civilian casualties.

But that reassurance is unlikely to satisfy critics.

Emily Howie, director of advocacy and research at Australias Human Rights Law Centre, said the Australian government needs to provide accountability and transparency on its role in U.S. drone operations. The legal problem thats created by drone strikes is that there may very well be violations of the laws of armed conflict and that Australia may be involved in those potential war crimes through the facility at Pine Gap, Howie said. The first thing that we need from the Australian government is for it to come clean about exactly what Australians are doing inside the Pine Gap facility in terms of coordinating with the United States on the targeting using drones.

For more than 100 years, Australia has been a close U.S. ally; the country has supported the American military in every major war since the early 1900s. This relationship was formalized in 1951, when Australia and the U.S. signed the ANZUS Treaty, a mutual defense agreement. Australia is also a member of the Five Eyes surveillance alliance, alongside the U.S., the United Kingdom, Canada, and New Zealand. The countrys electronic eavesdropping agency, the Australian Signals Directorate, maintains extremely close ties with its American counterparts at the NSA. The agencies have a mutually beneficial partnership, according to one top-secret NSA document. While the NSA shares its technology, cryptanalytic capabilities, and resources for state-of-the-art collection, processing and analytic efforts, the Australians provide access to Pine Gap; they also hand over terrorism-related communications collected inside Australia, plus intelligence on some neighboring countries in their region, such as Indonesia, Malaysia, and Singapore.

The relationships foundations are strong, but some cracks may be beginning to appear. This was highlighted in late January when, after just two weeks in the Oval Office, Trump had a contentious first conversation with Australias prime minister, Malcolm Turnbull. Trump berated his Australian counterpart over the terms of a refugee deal and abruptly ended the call, describing it as ridiculous and unpleasant.

Meanwhile, Trump has adopted a more confrontational tone with China Australias top trading partner and he has threatened North Korea with fire and fury over its repeated missile tests. The situation has created a degree of uncertainty for Australia, and some in the country are pondering whether it is time to re-evaluate its traditional alliances.

There are changing moods in the United States, said John McCarthy, one of Australias most distinguished and experienced diplomats, who formerly served as the countrys ambassador to the U.S. So, we then need to think, should we try and develop closer security relationships with other countries in Asia? Should we seek to improve our overall structural relationship with China?

Were entering into a very, very fluid situation in Asia, McCarthy added. I dont know what the outcomes are going to be. But we have to be very, very nimble in terms of trying to create new structures, create new relationships, to be able to look at new circumstances from a very independent security perspective, if we are to do the right thing by the Australian people over the next generation or so.

Because of Australias proximity to the Korean peninsula, the North Korea issue is a particularly sensitive one. The city of Darwin in the Northern Territory is about 3,600 miles from Pyongyang, within range of an intercontinental ballistic missile strike. As such, the implications are severe for Australia: It could be dragged into a devastating conflict if the U.S. were to become embroiled in war with Kim Jong-uns rogue state. And despite its isolated position in the outback, Pine Gap would likely be at the forefront of the action.

Pine Gap literally hardwires us into the activities of the American military and in some cases, that means we will cop the consequences, like it or not, said Tanter, the University of Melbourne professor. Pine Gap will be contributing hugely in real-time to those operations, as well as in preparation for them. So whether or not the Australian government thinks that an attack on North Korea is either justified, or a wise and sensible move, we will be part of that, Tanter added. Well be culpable in the terms of the consequences.

The NSA and the Australian governments Department of Defence declined to comment.

This story was prepared in collaboration with the Australian Broadcasting Corporations investigative radio program Background Briefing and ABC News. Peter Cronau contributed reporting.

Documents published with this article:

Top photo: Australian Defence Facilities Pine Gap on Feb. 19, 2016.

Continue reading here:
The US Spy Hub in the Heart of Australia - The Intercept

The Augusta National Security Agency leak suspect will get to review classified information federal prosecutors might use against her during her upcoming espionage trial.

In an supplemental protective order signed by U.S. District Court Magistrate Judge Brian K. Epps on Wednesday, both sides have agreed to the procedure which will allow Reality Leigh Winner to access evidence the prosecutors may use to prove she committed the crime of willful retention and transmission of national defense information.

Winner, 25, has pleaded not guilty. She has been held without bond since her June 3 arrest in which federal agents armed with a search warrant raided her Battle Row rental home. The search was brought on by a federal investigation launched after a National Security Agency official was approached by a reporter seeking to authenticate a national security document.

The prosecutors contend Winner accessed and copied a classified document through her job with the National Security Agency contractor Pluribus International Corp., at Fort Gordon. Winner, who served in the Air Force for six years as a linguist specializing in Middle Eastern languages, had a top security clearance.

In the order Epps signed this week, Winner will be held to the obligations of her security clearance. She can face further prosecution if she releases any classified information she may learn through the discovery materials in her case. She may see any document that is deemed unclassified or is specifically marked by federal prosecutors as authorized for disclosure to Reality Leigh Winner. That material is expected to include intelligence reporting, network audit logs of U.S. government agency, FBI interview reports including Winners own interview, and correspondence of contractors from May 24 to June 1.

Although federal prosecutors insist the document Winner allegedly leaked is classified, The Intercept online news media produced an in-depth report on a classified document it received this summer that is an analysis of the extent of Russias tampering efforts during the latest presidential election.

Winners trial is tentatively set to begin the week of Oct. 23.

Reach Sandy Hodson at sandy.hodson@augustachronicle.com or (706) 823-3226

Continue reading here:
Accused NSA leaker will get to see classified evidence in her espionage prosecution - The Augusta Chronicle

President Donald Trump is close to making a decision to elevate the status of the Pentagon's Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders and tackle adversaries, current and former officials told Reuters on Thursday.

A current U.S. official, who was speaking on condition of anonymity, said Trump could make a decision as early as Friday. The official added that the timeline could be pushed back if the White House was dealing with more pressing issues.

The Pentagon and White House declined to comment.

Two former senior U.S. officials with knowledge of the plan said that the proposal awaiting Trump's approval would elevate Cyber Command and lead to a 60-day study to determine whether Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping.

That would lead to Cyber Command becoming what the military called a "unified command," equal to combat branches of the military such as the Central and Pacific Commands.

It would give Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts.

Currently, the NSA and Cyber Command organizations are based at Fort Meade, Md., about 30 miles north of Washington, and led by the same officer, Navy Admiral Michael Rogers.

NSA's focus is gathering intelligence, officials said, often favoring the monitoring of an enemy's cyber activities. Cyber Command's mission is geared more to shutting down cyber attacks and, if ordered, counter attacking.

The NSA director has been a senior military officer since the agency's founding in 1952. Under the plan, future directors would be civilians, an arrangement meant to underscore that NSA is not subordinate to Cyber Command.

Established in 2010, Cyber Command is now subordinate to the U.S. Strategic Command, which oversees military space operations, nuclear weapons and missile defense.

See the original post:
Trump Considering a Big Change for US Cyber Command - Fortune

Written by Manish Sahu | Lucknow | Updated: August 17, 2017 2:22 am Among the three accused, Bhura alias Israil and Khalil alias Leelu have been in prison since June 26, while Inaam was sent to jail on July 23. Police are yet to file a chargesheet in the case. (File/Representational)

THE MUZAFFARNAGAR district administration has invoked the National Security Act (NSA) against three people arrested in June-July under the UP Cow Slaughter Act and various other charges. The accused are lodged in the district jail.

Station House Officer (SHO) of Janshath police station, Kamal Singh Chauhan, said: A recommendation was made to District Magistrate (Muzaffarnagar) G S Priyadarshi, requesting to invoke the NSA on the three accused along with a report containing details of the case. The request was accepted and I served the order invoking the NSA against the accused in Muzaffarnagar district jail on August 14.

Priyadarshi confirmed that the NSA had been invoked against the accused on the police recommendation.

Among the three accused, Bhura alias Israil and Khalil alias Leelu have been in prison since June 26, while Inaam was sent to jail on July 23. Police are yet to file a chargesheet in the case.

According to Chauhan, on the morning of June 24, police received information about the slaughter of a cow at Katka village. A team rushed to the spot, where the accused allegedly fired at them, injuring a constable. The police team, however, managed to nab Bhura and Khalil, residents of the neighbouring Khedi Firozabad village, added Chauhan.

The SHO further said that the team recovered flesh, skin and body parts of a bullock, knives used for slaughtering the animal and a country-made pistol from the spot. A bullock was also found tied with a rope near the spot, he added.

A case was lodged against Bhura, Khalil and others under the UP Cow Slaughter Act, the Prevention of Cruelty to Animals Act, the Arms Act and sections 148 (rioting, armed with deadly weapon) and 149 (common object) of the IPC.

The flesh seized from the place was not sent for lab tests as the district veterinary officer had visited the spot immediately after the raid. He had confirmed the meat as that of a bullock. Parts of the animals body as tail, skins and horns too had confirmed it was a bullock, said Chauhan.

On July 22, another accused, Inaam, was arrested from his house in the Kakroli area in Muzaffarnagar, the SHO added.

The superintendent of Muzaffarnagar district jail Arun Saxena said the NSA report has been received by the prison.

In June, DGP Sulkhan Singh had issued directions to take strict action against those involved in cow slaughter, smuggling of cows and their progeny by invoking the NSA and the Gangsters Act against them. The DGP had clarified that the district magistrate and police chief can decide what action needs to be taken after taking into consideration the gravity of the situation.

For all the latest India News, download Indian Express App

Visit link:
Muzaffarnagar: NSA against three held under cow slaughter Act - The Indian Express

'He Sat On This': Judge Nap Reacts to Reports Obama Knew Russian Meddled in 2014

Antifa Protester: Trump's Denouncement of White Supremacists 'Too Little Too Late'

Former National Security Administration Technical Director Bill Binney told Tucker Carlson he has data showing that the Democrats' narrative regarding Russia hacking the DNC and 2016 election are untrue.

Binney, a member of Veteran Intelligence Professionals for Sanity (VIPS), said the story spread around the mainstream media that Russia is at fault can't necessarily be proven.

He said that during a prior Chinese hack of government systems, NSA agents were able to use "trace route programs" to track the "packets" of information back to a specific building in Shanghai.

Binney said that could be the reason Democrats did not want the FBI to look at their systems- ostensibly because they may not trace back to Russia.

He said a major file that was allegedly hacked from the DNC server was 1,976 megabytes in size and was transmitted in only 87 seconds.

"You made the point that it was moved too fast [that it] couldn't have gone out over the internet," Tucker Carlson surmised.

Binney said it likely was instead transmitted to a storage device.

"Many people are emotionally tied to this agenda, to tie the Russians to President Trump," Binney said.

He said that VIPS is nonpartisan and "tries to look at... the facts."

Watch more above.

Krauthammer: 'Shocking' Trump Didn't 'Reflexively' Call-Out Neo-Nazis on Saturday

Protesters Assemble in Front of Trump Tower Awaiting the President

View post:
Former NSA Official: Dems' Russia Hacking Story Likely Bogus | Fox ... - Fox News Insider

Aug 14, 2017-

In a decision that would shock country's swimming community, Nepal Swimming Association (NSA) has introduced a regulation barring swimmers from participating in more than four events, which according to NSA insiders serves a sole purpose to deny national teenage swimming sensation Gaurika Singh from participating in multiple events.

NSA intends to implement this new regulation in the upcoming National Swimming Championships scheduled to begin from August 17.

The National Swimming Competition organising committee under Vice Chairman Gita Rana, also a lawmaker, announced the competition dates and the regulation that would bar swimmers from participating in more than four events. The organising committee said such move was aimed at making the competition more inclusive.

Keeping in view the inclusiveness in the sport, we have introduced the regulation that no players will be allowed to participate in more than four events so that only one player will not win all the events, said NSA officials during a press meet on Sunday.

The final date for the submission of event participation form was August 26 and Singh had submitted application for entry form at the NSA, National Sports Council and Sports Ministry.

NSA, however, has also gone a step further and is mulling postponement of the national event in a bid to discourage the youngest Olympian in the history of the sport from participating in the competition. However, the association has not taken a final decision on the event postponement issue.

The associations one of a kind regulation is almost unheard in the swimming world.

Singh, 14, has 30 national records to her name and her competitors fear diving into the same pool with her as some of her timings fare much better even than her national male counterparts.

During the 12th South Asian Games, Singh won a record 4 medalsone silver and three bronze to better her own national recordat the age of 14.

Gaurika, who currently lives with her parents in London, England, arrived in Nepal on August 2 to take part in the national competition. Singh had reached the finals of English Age Group Championship and British Open Water Championship back in England but opted not to take part in it and instead fly to Nepal for the national competition.

Meanwhile, FINA (International Swimming Federation), the regulatory body for administering international competition in water sports, has no such regulation and allows athletes to participate in any events they wish to, even in the Olympics.

Katie Ledecky of the United States had won six medals at the World Swimming Championships that was held on July 30 in Hungary and legendary swimmer Michael Phelps also had won eight gold medals in the Beijing Olympics.

Likewise, in Nepal Karishma Karki had secured 12 gold medals in the 5th edition of national championships and and Shirish Gurung had claimed 14 gold medals in the 7th National Swimming Championships.

Similarly, Singh, during the 19th edition of the national swimming competition had won 8 gold and 1 silver medals along with national record in her belt at the age of 11 and on the 20th swimming championship she had won 6 gold medals.

Meanwhile, Paras Bahadur Singh, Gaurikas father, has said that they may be compelled to search for other options if NSA keeps on obstructing Gaurikas participation in national events.

Gaurika has achieved so much for the country in a small age, said Paras, For her (Gaurika) Nepal and swimming matters the most but if the association keeps on creating hurdles then we have to look for other options as well.

Published: 14-08-2017 13:34

Originally posted here:
NSA enforces regulation in bid to restrict Gaurka Singh's participation in multiple events - The Kathmandu Post

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Your message has been sent.

There was an error emailing this page.

A Russian government-sponsored cyber-espionage group has been accused of using a leaked NSA hacking tool in attacks against one Middle Eastern and at least seven European hotels in order to spy on guests.

Why reinvent the wheel, or a hacking tool, when the NSA created such an effective one? The NSAs EternalBlue was leaked online by the Shadow Brokers in April. Now the security firm FireEye says it has a moderate confidence that Fancy Bear, or APT28, the hacking group linked to the Russian government and accused of hacking the Democratic National Committee last year, added EternalBlue to its arsenal in order to spy on and to steal credentials from guests at European and Middle Eastern hotels.

In a campaign aimed at the hospitality industry, attackers leveraged a malicious document in spear-phishing emails. The hostile hotel form, which Microsoft Threat Intelligence Center General Manager John Lambert tweetedabout in July, appeared to be a hotel reservation document. If macros were allowed to run on the computers used by the hotel employees who opened it, then Fancy Bears Gamefish malware would be installed.

Fancy Bear, according to a report by FireEye, used novel techniques involving the EternalBlue exploit and the open-source tool Responder to spread laterally through networks and likely target travelers. Once inside the network of a hospitality company, APT28 sought out machines that controlled both guest and internal Wi-Fi networks.

The Gamefish malware would download and run EternalBlue to spread to computers that were connected to corporate and guest Wi-Fi networks. After gaining access, Fancy Bear deployed Responder, which listens for broadcasts from victim computers attempting to connect to network resources. Responder, FireEye explained, masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine.

Its definitely a new technique for Fancy Bear, FireEyes cyber-espionage researcher Ben Read told Wired. Its a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.

While FireEye didnt observe business travelers credentials being stolen via hotel Wi-Fi networks in July, the security firm cited a similar hotel attack by Fancy Bear in 2016.

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

The latest hotel attacks, FireEye added, are "the first time we have seen APT28 incorporate this exploit [EternalBlue] into their intrusions. While the investigation is still going on, FireEye told Reuters it is moderately confident that Fancy Bear is behind the attacks. We just don't have the smoking gun yet.

The targeted hotels were not named, but they were described as the type where valuable guests would stay. FireEye told Wired, These were not super expensive places, but also not the Holiday Inn. Theyre the type of hotel a distinguished visitor would stay in when theyre on corporate travel or diplomatic business.

FireEye wants travelers, such as business and government personnel, to be aware of the threats like having their information and credentials passively collected when connecting to a hotels Wi-Fi. While traveling abroad, high-value targets should take extra precautions to secure their systems and data. Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.

Wired suggested the safest approach for travelers is to bring their own hotspot and altogether skip connecting to the hotels Wi-Fi.

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Sponsored Links

Read more:
Russian hackers used leaked NSA hacking tool to spy on hotel guests - CSO Online

Sugar Grove, West Virginia was, by the accounts of its residents, a fine place to live until the Pentagon shuttered the sprawling naval base that sustained the town for decades leaving it with a state secret as its sole remaining attraction. A new documentary film by director Elaine McMillion Sheldon, a longtime chronicler of West Virginian life, visitsSugar Grove after the base was decommissioned and being auctionedoff, and traces the abiding shadow of a nearby National Security Agency facility still looming over the town.

The film is embedded above.

Antennae at the NSA listening post, codenamed TIMBERLINE, were built to capture Soviet satellite messages as they bounced off the moon, imbuing a pristine stretch of Appalachia with a sort of cosmic gravity. Residents lived with the knowledge that something was hidden away on a hilltop above the town, even if it was something they could never know. TIMBERLINEs mission has, to say the least, changed in the intervening years, as submarine-laid internet cables have become a greater priority for American spies than foreign satellite communication.

TIMBERLINE remains operational, but the facility, known to locals as the off-limits Upper Base, was never what kept Sugar Grove alive. The towns heart was the sprawling Lower naval base that served as a robust employer and de facto community center until the Sept. 11 attacks, when residents say even the Navy gym and recreational areas theyd always enjoyed were sealed up, like forbidding TIMBERLINE. Sheldons film reveals a parcel of the country thats dealing not just with a faltering economy and collapsed job base hardly unique to Sugar Grove but also with a legacy thats literally unspeakable. One of the only moments the film captures of anyone talking about the NSAs presence in Sugar Grove comes from a General Services Administration auctioneer Kristine Carson in a vacant naval gymnasium. Asked about the Upper Base, Carson notes, with a small smile, Its underground, I understand. Of course I cant speak to that.

Top video: The film is directed and produced by Elaine McMillion Sheldon/Field of Vision.

See original here:
Film: The Tiny West Virginia Town Haunted by an NSA Secret - The Intercept