Tag: NSA

NSA contractor nicked data over 20 years

spyAn NSA contractor nicked huge amounts of data from government computers over two decades, a court is expected to hear.

Harold Martin is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency.

It’s not known exactly what Martin allegedly stole, it appears that the recently-leaked hacking tools used by the agency to conduct surveillance were among stuff he pinched. .

Prosecutors will on Friday charge Martin with violating the Espionage Act. If convicted, he could face ten years in prison on each count which probably means he will never see daylight again.

Originally it was thought that the case was just a felony theft and a lesser misdemeanor charge of removal and retention of classified information but it looks like there was something a little more serious going on.

According to a memo penned by US Attorney Rod Rosenstein, the contractor presents a “high risk of flight, a risk to the nation, and to the physical safety of others.”

The memo says that if he is released from custody, he “may have access to… a substantial amount of highly classified information, which he has flagrantly mishandled and could easily disseminate to others.”

 

Feds catch another NSA leaker

spyAnother National Security Agency contractor who stole and possibly leaked highly classified computer codes has been arrested by the FBI.

Harold Thomas Martin, 52, was taken into custody by the FBI and charged with theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor, authorities said.

The untouchables executed search warrants at Martin’s home in Maryland, as well as his vehicle and two storage sheds on the property. They found documents and digital information stored on various devices, many of which were marked “top secret” or otherwise highly classified.

The contractor allegedly took highly classified “source code” developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea.

Martin had top secret security clearance and worked for the same contractor as NSA leaker Edward Snowden – Booz Allen Hamilton

“Among the classified documents found in the search were six classified documents obtained from sensitive intelligence and produced by a government agency in 2014. Those documents were produced through sensitive government sources, methods and capabilities, which are critical to a wide variety of national security issues.The disclosure of the documents would reveal those sensitive sources, methods and capabilities,” the DoJ said.

This is second time in three years someone with access to secret data was able to nick damaging secret information from the NSA, if only there were a security agency which had over reaching powers to stop this sort of thing.

Investigators are also trying to determine Martin’s motive and whether he is linked to a group of hackers known as the Shadow Brokers, which is suspected in a series of leaks of NSA intercepts related to Japan, Germany and other countries that WikiLeaks has published.

 

Big Tech reacts in horror to Yahoo’s spying story

A shocked Baby (2)_fullAfter the news got out that Yahoo has been scanning its mail systems for the US spooks, the bigger US ISPs have reacted in horror and said they would never dream of such a thing.

Apple, Facebook, Google, Microsoft, and Twitter have all said they would never do such a thing.

According to Reuters, Yahoo built in 2015, at the US  government’s request, software that scans literally all emails for certain information provided by either the National Security Agency or the FBI. The software was never mentioned in Yahoo’s biannual transparency report. In the latter half of 2015, the company received 4,460 total government data requests, for 9,373 accounts, that it would classify as “Government Data Requests,” a category that includes National Security Letters from the FBI and Foreign Intelligence Surveillance Act requests.

According to the Reuters report, the Yahoo programme was known to only a handful of employees.

A Facebook representative said “Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it.”

Google said the same: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.’”

A Microsoft spokesperson added: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

A representative for Twitter replied that: “We’ve never received a request like this, and were we to receive it we’d challenge it in a court. Separately, while federal law prohibits companies from being able to share information about certain types of national security related requests, we are currently suing the Justice Department for the ability to disclose more information about government requests.”

While Apple declined to give a statement on the record it has previously said it would never do anything like that.

Yahoo is coming out looking like the bad guy. It is in talks to be acquired by Verizon, but also facing another scandal for suffering the largest known user data leak in history, with 500 million users’ information exposed. However it failed to mention it to its users.

New Snowden leak shows British and US cooperation

snooperNew leaks from whistle-blower Edward Snowden have lifted the lid on the UK’s use of US intelligence spy techniques.

According to the Intercept the UK’s Menwith Hill base is being used by the US NSA to aid “a significant number of capture-kill operations” across the Middle East and North Africa.

These ops are arranged thanks to powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

NSA has pioneered new spying programmes at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. GHOSTHUNTER and GHOSTWOLF programmes have supported conventional British and American military operations in Iraq and Afghanistan.

However, they also were used for covert missions in countries where the US has not declared war. NSA employees at Menwith Hill collaborated on a project to help “eliminate” terrorism targets in Yemen.

The documents raise the question about British complicity in US drone strikes and other targeted killing missions. There are some suggestions that some of these attacks violated international laws or constituted war crimes.

 

NSA hacking tools are pants claims researcher

spyWhile the headlines inspire fear that the NSA’s hacker tools are on sale on the dark web, a security expert who has had a look under the bonnet  thinks they are pretty rubbish.

Stephen Checkoway [no really.ed] , an Assistant Professor at the Department of Computer Science at the University of Illinois at Chicago, has analyzed some of the exploit code included in the recent Equation Group leak and is completely underwhelmed.

Checkoway looked at the source code of the BANANAGLEE exploit, which targets Juniper firewalls which he knows a bit about.

The security boffin looked at the key generation system and the process of redirecting IP packets and thought the whole thing was “ridiculous.”

“There’s no reason to read 32 bytes from /dev/urandom. There’s no benefit to calling rand(3) so many times. It’s a little ridiculous to be seeding with srandom(3) and calling rand(3), but in this particular implementation, rand(3) does nothing but call random(3).”

That is all you need to know apparently. But the NSA’s finest made matters worse.  Rather than having 2128 possible 128-bit keys, this procedure can only produce 264 distinct keys.  Chekoway thought this stuff up was worthy of an exclamation mark.

This means the key generation system was yielding a much smaller number of options to choose a random key, and all of it was the result of bad coding.

“It’s a 1/18446744073709551616 fraction of the total 340282366920938463463374607431768211456 possible 128-bit keys,” he added via email. So while there might be some good parts to the code, the cryptography is pants.

The professor adds the code has some “boring memory leaks,” but the part that really ticked him off resided in the mechanism that encrypts IP packets sent via this redirection process.

Checkoway found that 128-bit keys are actually generated with 64 bits of entropy instead of the intended 128, the “supposed” NSA coders repeated cipher IVs for the encryption, there was no authentication of the encrypted communications channel, and there was “sloppy and buggy code.”

 

Cisco patches against “NSA” bacon

cameron_pigGateCisco has patched its software against hacking tools called extra bacon which are believed to have been nicked from the NSA.

Two of the cyberweapons were trained on Cisco flaws which would allow the spooks to take over crucial security software used to protect corporate and government networks.

In a statement, Cisco said that it had immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention.

“On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible.”

An unknown group of hackers dubbed the Shadow Brokers posted cyberweapons stolen from the so-called Equation Group, the National Security Agency-linked outfit known as “the most advanced” group of cyberwarriors in the internet’s history.

One of the cyberweapons posted was an exploit called ExtraBacon that can be used to attack Cisco Adaptive Security Appliance (ASA) software designed to protect corporate networks and data centres.

Cisco researchers explained in a security advisory that the vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

ExtraBacon was a zero-day exploit, Cisco confirmed. That means it was unknown to Cisco or its customers, leaving them open to attack by anyone who possessed the right tools.

 

Hackers offer to sell NSA virus tools

spyA hacking group called the Shadow Brokers have claimed to have hacked the National Security Agency’s Equation Group and are  auctioning off what they claim to be a small but dangerious set of Equation Group’s cyberweapons to the highest bidder.

The bidding for the potential cyberweapons has officially begun considerably lower than the asking price. The Shadow Broker’s Bitcoin address shows a kick-off bid of 0.0355 BTC, equivalent to less than $20.

The Shadow Broker website claims. “We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

It looked a bit silly, but cybersecurity experts think it could be the real and that the  auctioned data might be stolen straight from the NSA.

Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies said that while he had not tested the exploits they appear real.

Apparently Washington is all a buzz thinking that those responsible for the hack might be Tsar Putin’s hacker team who also took down the Democrat servers to help Donald Trump to win the election. We would have thought though that the NSA’s hacker tools would be more useful to the Russians if only it knew about them.

 

US government wants your Facebook account details

ellis islandThe US Customs and Border Protection agency has submitted a request to the Office of Management and Budget, asking for permission to collect travellers’ social notworking account names as they enter the country.

The CBP has asked that the request “Please enter information associated with your online presence — Provider/Platform — Social media identifier” be added to the Electronic System for Travel Authorization (ESTA) and to the CBP Form I-94W (Nonimmigrant Visa Waiver Arrival/Departure).

Apparently the detail request will be optional but if you fail to fill it in the customs people will look at you oddly and insist on a full body cavity search.

“Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyse and investigate the case.”

Of course it is utterly pointless. Border staff are hardly going to check that you have written down any reliable data, let alone volunteer your Facebook account to be rigorously probed by an official.

Are they going to be concerned if someone is running an account under a fake name? Will they send you home for calling yourself Mitzi Galore when your real name is Simon?  Will they test to see if the kitten crawling out of a bog roll is your own?

All this is remarkably like Donald Trump’s plan to ban Muslims from entering the country by asking them “are you a Muslim?”   Or the government’s previous goodie “have you ever been involved in the administration of a Nazi concentration camp?” What did Wernher Magnus Maximilian Freiherr von Braun used to write on the form when he went through?

 

NSA snooping scares Wikipedia readers

spyInternet traffic to Wikipedia pages summarising knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the US spooks.

A paper in the Berkeley Technology Law Journal analyses the fall in traffic saying  that it provides the most direct evidence to date of a so-called “chilling effect,” or negative impact on legal conduct, from the intelligence practices disclosed by fugitive former NSA contractor Edward Snowden.

Author Jonathon Penney, a fellow at the University of Toronto’s interdisciplinary Citizen Lab, looked at the monthly views of Wikipedia articles on 48 topics identified by the US Department of Homeland Security as subjects that they track on social media, including Al Qaeda, dirty bombs and jihad.

In the 16 months prior to the first major Snowden stories in June 2013, the articles drew a variable but an increasing audience, with a low point of about 2.2 million per month rising to 3.0 million just before disclosures of the NSA’s Internet spying programs.

Views of the sensitive pages rapidly fell back to 2.2 million a month in the next two months and later dipped under 2.0 million before stabilising below 2.5 million 14 months later, Penney found.

Penney’s results confirm other research which noted a five per cent drop in Google searches for sensitive terms immediately after June 2013. Other surveys have found sharply increased use of privacy-protecting Web browsers and communications tools.

 

Encryption going like the clappers, Clapper moans

UNITED STATES - APRIL 18: James Clapper, Director of National Intelligence, prepares to testify at a Senate Armed Services Committee hearing in Dirksen Building titled "Current and Future Worldwide Threats," featuring testimony by he and Army Lt. Gen. Michael Flynn, director of the Defense Intelligence Agency. (Photo By Tom Williams/CQ Roll Call)The US’s top spook James Clapper has moaned that Edward Snowden’s leaks have sped up the advance of user-friendly, widely available strong encryption.

Clapper said that onset of commercial encryption has accelerated by seven years.

Talking to a breakfast for journalists hosted by the Christian Science Monitor, this  shortened timeline has had “a profound effect on the NSA’s ability to collect, particularly against terrorists.

The number was based on the projected growth maturation and installation of commercially available encryption. What had been forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.

He did not think this was a good thing because it meant better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide.

Clapper acknowledged that there is no such thing as unbreakable encryption from his perspective. “In the history of mankind, since we’ve been doing signals intelligence, there’s really no such thing, given proper time, and proper application of technology.”

Unfortunately for him, Snowden’s revelations that the NSA was spying on everyone made ordinary people just as paranoid as terrorists.