Category Archives: NSA

Sen. Tom Cotton, R-Ark., speaking during a Senate Intelligence Committee hearing last month about the Foreign Intelligence Surveillance Act. (Alex Brandon / AP Photo)

A controversial surveillance measure set to expire at the end of 2017 could be made permanent through a new piece of GOP legislation. Arkansas Sen. Tom Cotton proposed Senate Bill 1297 last month, which addresses a critical component of the National Security Agencys warrantless surveillance program.

At stake is Section 702 of the Foreign Surveillance Intelligence Act (amended in 2008), which allows U.S. surveillance of foreign communications. The Electronic Frontier Foundation explained:

Section 702 surveillance violates the privacy rights of millions of people. This warrantless spying should not be allowed to continue, let alone be made permanent as is.

As originally enacted, Section 702 expires every few years, giving lawmakers the chance to reexamine the broad spying powers that impact their constituents. This is especially crucial as technology evolves and as more information about how the surveillance authority is actually used comes to light, whether through government publication or in the press.

If Congress were to approve Cottons bill, lawmakers would not only be ignoring their constituents privacy concerns, but they would also be ceding their obligation to regularly review, debate, and update the law.

Cottons bill is receiving support from fellow Republican senators, although criticism of the bill does not fall neatly along partisan lines. On June 7, lawmakers discussed the legislation during a hearing in Washington. The New York Times reported:

This is a tool that is essential to the safety of this country, the F.B.I. director, James B. Comey, told Congress at a hearing on Wednesday. I did not say the same thing about the collection of telephone dialing information by the N.S.A. I think thats a useful tool; 702 is an essential tool, and if it goes away, well be less safe as a country. And I mean that.

Mr. Comey also warned that one of the proposed changes a new requirement that a warrant be obtained to search for Americans information in the surveillance repository risked a failure to connect dots about potential threats.

But Representative Ted Poe, Republican of Texas, sought to warn other lawmakers that Congress needed to impose a warrant requirement.

Privacy is being betrayed in the name of national security, Mr. Poe told congressional aides at an event to discuss Fourth Amendment issues and legislation late last month.

Cotton argued during the hearing that to allow this program to expire on December 31 would hurt both our national security and our privacy rights. He also used the London terror attack of early June as evidence for the need for increased surveillance. Cotton said:

The attacks in London last weekend exposed in a matter of minutes just how vulnerable our free societies truly are. All it takes is a van or a knife and an unsuspecting bystander to turn a fun night out on the town into a horrific nightmare. Course, we shouldnt need any reminders, but let me give one yet again: We are at war with Islamic extremists. We have been for years, and, Im sorry to say, theres no end in sight. Its easy to forget this as we go about our daily lives, but our enemies have not-and they will not. Theyve never taken their eyes off the ultimate target either: the United States.

Yes, were at war with a vicious and unyielding foe. And just as our enemy can attack us with the simplest of everyday tools, the strongest shield we have in our defense is just as basic: It is the intelligence information of knowing who is talking to whom about what, where, when, and why. After the 9/11 attacks, our national-security agencies developed cutting-edge programs that allowed us to figure out what the bad guys were up to and stop them before they could perpetrate such heinous attacks. Very often the intelligence theyve collected has made the difference between life and death for American citizens.

He concluded by noting the bill has the support of every Republican senator on the Intelligence Committee. Other members of the intelligence community have expressed support for the legislation as well. Tech Crunch provided further analysis of the June 7 hearing:

NSA Director Michael Rogers broke down two scenarios in which the core controversy, namely the incidental violation of the right to privacy for U.S. citizens, comes up. He claimed that in 90 percent of cases, that form of collection is a result of two foreign targets who talk about a third person who is in the U.S. As Rogers tells it, 10 percent of the time a foreign target ends up talking to an American citizen. Because American citizens have Fourth Amendment rights, running into Americans in the course of foreign surveillance creates the sticky situation known as incidental collection, a major focus for privacy advocates seeking reform.

In the course of justifying Section 702 as an invaluable tool for counterterrorism and counterproliferation efforts, Director of National Intelligence Dan Coats claimed that agencies have made herculean efforts to get a count on how many Americans have been affected, but in spite of those efforts it remains impossible. He went on to undermine his argument by implying that it probably would be possible, but that he chooses not to allocate resources to the task when the intelligence community could be focusing on imminent concerns in countries like Iran and North Korea. I cant justify such a diversion of critical resources, Coats said.

He went on to note that without Section 702, intelligence agencies would have to obtain a court order issued due to probable cause ostensibly the bar that needs to be cleared in order to surveil U.S. citizens. Thats a relatively higher threshold than we require to foreign intelligence information, Coats said, noting that hed prefer not to need to clear the Fourth Amendment bar when investigating foreign targets.

In a broad appeal on 702s utility, Rogers went so far as to claim that 702 [created] insights on the Russian involvement in 2016 election, providing intelligence that would otherwise not have been possible.

There is, however, growing opposition to the bill. The American Civil Liberties Union has argued against it, as has California Democrat Dianne Feinstein.

Sen. Dianne Feinsteinwho has historically been sympathetic to the intelligence communitysaid she could not support a bill that makes Section 702 permanent, according to the Electronic Frontier Foundation. We cannot accept lawmakers ignoring our privacy concerns and their responsibility to review surveillance law, and our lawmakers need to hear that.

Posted by Emma Niles.

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

Read more here:
GOP Lawmakers Aim to Continue NSA Foreign Surveillance Through New Bill - Truthdig

MSNBC host Rachel Maddow gave a heads up to other news organizations on Thursday after she was sent what she believes are faked National Security Agency documents alleging collusion between a member of the Trump campaign and Russian government.

Somebody, for some reason, appears to be shopping a fairly convincing fake NSA document that purports to directly implicate somebody from the Trump campaign in working with the Russians in their attack in the election, Maddow said in a lengthy segment on her show.

She suggested that the unidentified muckraker who sent her the fake documents hopes to undermine news organizations in general and deflate the Trump-Russia collusion investigation, which has been going on for nearly a year.

This is news, because: why is someone shopping a forged document of this kind to news organizations covering the Trump-Russia affair? Maddow asked.

On June 7, an unidentified person sent documents to an online tip line for Maddows show, she said.

That was two days after The Intercept published legitimate NSA documents that were stolen by Reality Winner, a contractor for the agency.

Maddow said that the documents sent to her show appeared to have used The Intercepts published documents as a template. Secret ID markings on The Intercept reports appeared on the documents passed to Maddow.

WATCH:

She said that metadata from the set of documents sent to her show preceded the publication of the documents published in The Intercept. Maddow suggested that it was possible that whoever sent her the forgeries had access to The Intercept documents. But she also theorized that whoever sent her the fake documents could have changed the metadata somehow.

The documents Maddow received appeared legitimate at first glance, she said, butseveral clues suggested that they were forgeries.

Typos and spacing issues raised eyebrows, but it was secret markings on the documents as well as their contents that convinced Maddow and her staff that the records were fakes.

But Maddow said that that the big red flag for her and her team was that the document she was given named an American citizen a specific person from the Trump campaign who allegedly cooperated with the Russians during the presidential campaign.

We believe that a U.S. citizens name would not appear in a document like this, asserted Maddow, who said that her team consulted national security experts on the matter.

And so, heads up everybody, Maddow warned.

The host pointed to two recent retractions one at CNN and the other at Vice News and suggested that they were the result of a similar scheme to undermine news outlets covering Trump.

In the case of CNN, three reporters were fired after the network retracted an article alleging that Trump transition team official Anthony Scaramucci was under investigation for ties to a Russian investment fund.

CNN said that the three reporters were fired because of shortcomings in their reporting process, but the network has been tight-lipped about what those shortcomings were.

Vice retracted two articles about a Trump robot display at Disney World.

One way to stab in the heart aggressive American reporting on [the subject of Trump-Russia collusion] is to lay traps for American journalists who are reporting on it, said Maddow.

And then after the fact blow that reporting up. You then hurt the credibility of that news organization. You also cast a shadow over any similar reporting in the futureeven if its true.

Maddow did not provide details about who sent her team the faked NSA documents.

But she concluded her segment saying, We dont know whos doing it, but were working on it.

Follow Chuck on Twitter

See original here:
Someone Sent Rachel Maddow Fake NSA Documents Alleging Trump-Russia Collusion - The Daily Caller

Drake continued, "The new mantra to intercepting intelligence was 'just get it' regardless of the law."

Shameful.

It is becoming clear that such a lack of candor from our government officials has become a feature of our post-9/11 surveillance state, and not a bug. Perhaps the infringements of our freedoms necessitate an end to the entire post-9/11 project. But with the billion dollar Utah Data Center sitting right-smack in Salt Lake County, it's doubtful we could successfully kill the beast that is the surveillance industry.

Perhaps we, too, like Jonathan Swift, need "A Modest Proposal." It would be a shame to let the texts, emails, phone records and Google searches of Utah's most popular citizens go to waste. We paid for these records, let's make them public.

Just think, no one would need private investigators to catch husbands texting old girlfriends. You could easily recover your mom's old meatloaf recipe she emailed years ago.

And all those public officials who, when under investigation, manage to lose thousands of emails, as one-time IRS official Lois Lerner did. And former Utah Attorney General John Swallow, who just happened to leave his tablets on airplanes. Call up the NSA. Problem solved!

Think of the money newspapers and community watchdogs would save in GRAMA / FOIA requests. And how would life be different if police, prosecutors, legislators and other government officials knew their communications would be discoverable?

Deception begets deception, poison begets poison. The Fourth Amendment means what it says, and the government should not have power to spy on Americans without a warrant. In this current case, U.S. Department of Justice officials have until March to disclose relevant documents. Let's hope they can do so honestly.

Read more:
Tribune Editorial: Lawsuit should get to the truth about NSA spying in Utah - Salt Lake Tribune

KINGSVILLE -

The mother of a Kingsville native accused of leaking government information continues to stand up for her daughter. 25 year old Reality Winner remains in jail as she awaits her trial in federal court. She's charged with giving out information important to national security.

Billie Winner-Davis, her mother, wants people to wait for an outcome in that trial before judging her daughter.

"People, you know, just want to lock her up, throw away the key, or even hang her not knowing whether or not she did this, not knowing if she's guilty. She hasn't had a trial yet," Winner-Davis says.

Reality Winner is accused of sending classified information about Russian election meddling to a news outlet while she worked as a National Security Agency contractor in Georgia. The FBI says Winner admitted to leaking the information and prosecutors allege she said, "Mom, those documents. I screwed up.", in a recorded jail phone call.

"I really don't recall her saying those words to me. She could have, you know, maybe I've forgotten, you know?" Winner-Davis says.

Winner-Davis says she doesn't know if her daughter did it, adding she wants to ask but hasn't been able to, since all conversations between them have been recorded.

"I don't know if she would risk her entire life, if she would risk her new job that she just got, her future, her entire life for something like this," Winner-Davis says.

Winner-Davis calls her daughter a patriot. She references her daughter's time in the Air Force and some shirts paid for by supporters. One of the shirts has hash tags on it that say #TRUEPATRIOT and #ISTANDWITHREALITY.

"I'm afraid that she won't get a fair trial in this. I'm afraid that they're going to try to make an example out of her and I want the American people to be watching," Winner-Davis says.

Winner-Davis says that mainly because of President Trump's vow to crack down on leakers.

Reality Winner's trial is set for late October in Georgia. Her mom returned from there a few weeks ago and plans on going back in August. Billie Winner-Davis says she plans on staying through the end of her daughter's trial.

Read the original:
Mother of accused NSA leaker defends daughter - KRISTV.com | Continuous News Coverage | Corpus Christi - KRIS Corpus Christi News

The phenomenon of a recent widespread cyberattack, using weapons developed by the U.S. National Security Agency to disrupt major computer operations all over the globe, is not surprising, but it does call for urgent action on the federal governments part.

Weapons proliferation grew much more lethal when the United States developed the atomic bomb, intended to end World War II more rapidly. The technology then got handed to the Soviet Union. Nuclear weapons eventually ended up in the hands of China, France, India, Israel, North Korea, Pakistan, Russia and the United Kingdom, as well as the United States.

More recently, Americas and others cyberweapons creatively have been used to mess up Irans nuclear enrichment program, using the computer worm known as Stuxnet. It also appears that U.S. cyberaction has been used to gum up North Koreas rocket launches.

The problem now is that some of the clever procedures that NSA developed have leaked out, or have been developed independently by people in basements and elsewhere in Kiev, Moscow and Pyongyang, and are being used as they were last week from Ukraine to sabotage important systems, as well as to try to shake down computer system users across the world.

The NSA witness contractor-defector Edward J. Snowden is showing itself to be leaky. Its having difficulty protecting what it knows and preventing unintended use of the skills it develops.

The NSA must button up its files and techniques much more tightly. And whatever cyberweapons we have, we must also stay ahead in that game in our capacity to protect our own cyber infrastructure.

The penalty for falling behind in that development is chaos and danger in our society and country, incredibly high stakes given our vulnerability.

Originally posted here:
Another View: NSA needs to secure its files and techniques more tightly - Press Herald

It's been six years since Senator Ron Wyden first asked the Director of National Intelligence how many Americans' communications are being swept up "incidentally" in the NSA's Section 702 surveillance net. Six years later, he still doesn't have an answer.

Section 702 is up for reauthorization at the end of the year and there's still no information coming from the ODNI [Office of the Director of National Intelligence]. A group of Congressional reps is hoping to pry this info loose before the reauth, but the DNI's been able to hold Wyden off for six years, so

A U.S. congressional committee on Friday asked the Trump administration to disclose an estimate of the number of Americans whose digital communications are incidentally collected under foreign surveillance programs, according to a letter seen by Reuters.

Such an estimate is "crucial as we contemplate reauthorization," of parts of the Foreign Intelligence Surveillance Act that are due to expire at the end of the year, House Judiciary Committee Chairman Bob Goodlatte, a Republican, and John Conyers, the panel's top Democrat, wrote in a letter addressed to Director of National Intelligence Dan Coats.

The new wrinkle here is going above the head of the DNI and straight to the President. Not that this is any more likely to force a number out of the NSA. The president is all for a clean reauthorization and troubling numbers about "incidental" domestic surveillance will only make that more difficult.

In fact, the DNI's top lawyer just finished telling a Senate committee it won't be turning in its long-overdue homework.

The intelligence community will not produce that number, acting General Counsel for the Director of National Intelligence Bradley Brooker told the Senate Judiciary Committee on Tuesday. Producing the number would take too much time and effort and potentially violate Americans privacy in the process, Brooker said, echoing comments DNI Dan Coats made earlier this month. The resulting number might also not be very accurate, he said.

So, that's where this stands now. The DNI promised to pull something together as the previous president headed out the door, but appears to have abandoned its minimal stab at minimal transparency now that the guy up top isn't nearly as interested in curbing the NSA's powers.

Speaking of which, the ODNI is asking to have the "about" collection put back into play, just weeks after the NSA "voluntarily" gave it up.

The panel of intelligence leaders also urged Judiciary Committee members not to restrict so-called about collection, in which intelligence agencies collect information from people who are not intelligence targets but mention those targets in emails and text messages.

This would appear to be aimed at Senator Dianne Feinstein's call to codify the end of the "about" collection, which would prevent the NSA from re-implementing it down the road. We haven't even gotten down the road and IC leaders are already trying to rollback the NSA's rollback.

We'll see if this latest move by Congress has any effect. Six years of Ron Wyden (and others) hammering this same question hasn't moved us much closer to seeing how much purely domestic surveillance the NSA engages in. In recent dodges by the new DNI, Dan Coats (in response to Wyden's questions) suggests the NSA is doing far more domestic dabbling than has been disclosed by everyone but the DNI (leaked documents, FOIA'ed court opinions, etc.) These are answers the public needs to have, but they're especially essential to those who will be handling the Section 702 reauthorization. Failure to produce these numbers or answer questions directly should weigh against the sort of reauth the DNI is seeking.

See more here:
NSA Continues To Dodge 'Incidental Collection' Question, Wants Its 'About' Surveillance Program Back - Techdirt

Droplex Platform Financial instruments are digitize as apermissioned blockchain,here is a possibility to rapidly createtrading venues with astablevalue. And after that reduce operational overhead.Digital solutionsFull system run as a digital exchange, with fully-hosted optionsavailable. Custom deployments may be launched in less than a fewweeks.ExchangeAutomated market-making tool has got more than just one-party liquidity pool. We are honored that we can give you briliantthird-party liquidity sources. Supports multiple source exchanges and smart routing, with automated account management.Quantum defenderFeel safety with a quantum defender ! Weve already set up ameeting with D-wave company. Why ? Because Were going to beoneof the first platforms which soon tests the security systemagainstthe quantum pc. The quantum defender, is not just focused on theidea of being a wall against quantum computing attacks, but it isinpreparation to become a network of options for safe and trustedplace. We believe that blockchain needs to be involved in long-termassets and transactions, it has to think long-term. Long-term includes thinking about quantum computing and dealing with thattricks and threats.

See the original post here:
DROPLEX [DROP] secure NSA bulletproof blockchain ICO - newsBTC

NSA Property Holdings LLC, an affiliate of real estate investment trust National Storage Affiliates Trust (NSAT), has acquired a three-property Tri-State Self Storage portfolio in Castle County, Del., from Tri-State Realty Associates L.P. The facilities sit on approximately 28.3 acres of land, according to a press release from SkyView Advisors, the investment-sales and advisory firm that brokered the deal.

Overall, the properties comprise 264,237 rentable square feet of storage space in 2,428 units, 568 of are climate-controlled. They also contain 109 parking spaces and miscellaneous units, the release stated.

Its not often that a portfolio of this size becomes available in this region of the country, and it garnered multiple bids from national self-storage buyers, said Ryan Clark, director of investment sales for SkyView Advisors and a broker in the transaction.

Last month, NSA Property Holdingsacquired Stor-N-More Self Storage in Tampa, Fla., for $19 million. The property comprises 117,655 net rentable square feet in 1,105 units.

SkyView is a boutique firm specializing in self-storage acquisition, development, facility expansion and renovation, refinancing, and sales. Based in Tampa, the firm also has offices in Cleveland and Milwaukee.

Headquartered in Greenwood, Colo., NSAT is a self-administered and -managed REIT focused on the acquisition, operation and ownership of self-storage properties within the top 100 U.S. Metropolitan Statistical Areas throughout the United States. The company has ownership interest in 456 storage facilities in 23 states. Its portfolio comprises approximately 28 million net rentable square feet. It's owned by its affiliate operators, who are contributing their interests in their self-storage assets over the next few years as their current mortgage debt matures.

More here:
NSA Property Holdings Acquires Tri-State Self Storage in Castle County, DE - Inside Self-Storage

Hot Hardware

Snowden Leak Reveals NSA Traffic Shaping Tech That Diverts US Internet Routing For Spying Hot Hardware A NSA document from 2007 leaked by Edward Snowden, used Yemen as an example for traffic shaping. Yemen is often regarded as a gathering place for extremist activity. There are few ways for the NSA to inconspicuously monitor the Internet traffic ...

Read more:
Snowden Leak Reveals NSA Traffic Shaping Tech That Diverts US Internet Routing For Spying - Hot Hardware

Enlarge / A computer screen displaying Eternalromance, one of the NSA exploits used in Tuesday's NotPetya outbreak.

Update:This post was revised throughout to reflect changes F-Secure made to Thursday's blog post. The company now says that the NotPetya component was probably completed in February, and assuming that timeline is correct, it didn't have any definitive bearing on when the NSA exploits were obtained. F-Secure Security Advisor Sean Sullivan tells Ars that the component weaves in the NSA exploits so well that it's likely the developers had access to the NSA code. "It strongly hints at this possibility," he said. "We feel strongly that this is the best theory to debunk." This post has been revised to make clear that the early access is currently an unproven theory.

Original Story:The people behind Tuesday's massive malware outbreak might have had access to two National Security Agency-developed exploits several weeks before they were published on the Internet, according to clues researchers from antivirus F-Secure found in some of its code.

On Thursday, F-Secure researchers said that unconfirmed timestamps left in some of the NotPetya malware code suggested that the developers may have had access to EternalBlue and EternalRomance as early as February, when they finished work on the malware component that interacted with the stolen NSA exploits. The potential timeline is all the more significant considering the quality of the component, which proved surprisingly adept in spreading the malware from computer to computer inside infected networks. The elegance lay in the way the component combined the NSA exploits with three off-the-shelf tools including Mimikatz, PSExec, and WMIC. The result: NotPetya could infect both patched and unpatched computers quickly. Code that complex and effective likely required weeks of development and testing prior to completion.

"February is many weeks before the exploits EternalBlue and EternalRomance (both of which this module utilizes) were released to the public (in April) by the Shadow Brokers," F-Secure researcher Andy Patel wrote in a blog post. "And those exploits fit this component like a glove."

Whereas the two other main components of NotPetyaan encryption component and a component for attacking a computer's master boot recordwere "pretty shoddy and seem kinda cobbled together," Patel said the spreading component seems "very sophisticated and well-tested." It remains possible that the February timestamps found in some of the code was falsified. Assuming the stampsare correct, they suggest that developers may have had access, or at least knowledge of, the NSA exploits by then. By contrast, Patel added:

WannaCry clearly picked [the NSA] exploits up after the Shadow Brokers dumped them into the public domain in April. Also WannaCry didn't do the best job at implementing these exploits correctly.

By comparison, this "Petya" looks well-implemented, and seems to have seen plenty of testing. It's fully-baked.

The weeks leading up to the possible February completion of the NotPetya spreader was a particularly critical time for computer security. A month earlier, the Shadow Brokers advertised an auction that revealed some of the names of the exploits they had, including EternalBlue. NSA officials responded by warning Microsoft of the theft so that the company could patch the underlying vulnerabilities. In February, Microsoft abruptly canceled that month's Patch Tuesday. The unprecedented move was all the more odd because exploit code for an unpatched Windows 10 flaw was already in the wild, and Microsoft gave no explanation for the cancellation.

"Meanwhile, 'friends of the Shadow Brokers' were busy finishing up development of a rather nifty network propagation component, utilizing these exploits," Patel wrote.

When Patch Tuesday resumed in March, Microsoft released a critical security update that fixed EternalBlue. As the WCry outbreak would later demonstrate, large numbers of computersmainly running Windows 7failed to install the updates, allowing the worm to spread widely.

If the timeline is correct, it might mean the NotPetya developers had some sort of tie to the Shadow Brokers, possibly as customers, colleagues, acquaintances, or friends. It might also make NotPetya the first piece of in-the-wild malware that had known early access to the NSA exploits. Patel didn't speculate how the NotPetya developers might have gotten hold of EternalBlue and EternalRomance prior to their public release in April.

Early speculation was that Shadow Brokers members acquired a small number of hacking tools that NSA personnel stored on one or more staging servers used to carry out operations. The volume and sensitivity of the exploits and documents released over the next several months slowly painted a much grimmer picture. It's now clear that the group has capitalized on what is likely the worst breach in NSA history. There's no indication that the agency has identified how it lost control of such a large collection of advanced tools or that it knows much at all about the Shadow Brokers' membership. The group, meanwhile, continues to publish blog posts written in deliberately broken English, with the most recent one appearing on Wednesday.

The F-Secure theory adds a new, unsettling entry tothe Shadow Brokers' resume. The world already knew the group presided over a breach of unprecedented scope and leaked exploits to the world. Now, we know it also provided crucial private assistance in developing one of the most virulent worms in recent memory.

See the article here:
NotPetya developers may have obtained NSA exploits weeks before their public leak [Updated] - Ars Technica