Archive for the ‘NSA’ Category

Rightsizing US Surveillance Authority: Delivering on the USA Freedom Act Reforms – Disruptive Competition Project

Seven years have passed since former NSA contractor Edward Snowden captured international attention by releasing confidential files detailing how the USA PATRIOT Act had been interpreted to justify the operation of sweeping and unanticipated surveillance programs by the U.S. intelligence community.

The shockwaves triggered by the Snowden revelations have been far-reaching, ushering in reforms that are still clearly visible and relevant today. For example, since the disclosures, the U.S. technology sector has increasingly adopted public transparency reporting on government requests for user information. Furthermore, the vast majority of websites are now protecting users browsing activity by default through the use of encrypted HTTPS connections. The European Union and United States also renegotiated a key treaty establishing privacy rules for companies transferring personal data to the U.S. Perhaps most significantly, Congress conducted extensive debate over surveillance policy, culminating in the passage of the USA Freedom Act to prevent surveillance abuses and strengthen consumer trust in the Internet.

The USA Freedom Act was a landmark piece of legislation that earned bipartisan support and received endorsements from both civil liberties groups and the technology industry. The Act reined in surveillance authorities for the first time in a generation by adopting three broad categories of reforms to ensure that surveillance tools are balanced, targeted, and subject to appropriate transparency and oversight:

Critically, the USA Freedom Act also retained sunset dates for the expiration of certain surveillance authorities, based on the idea that Congress should periodically review surveillance programs on the bases of their cost, intelligence value, and impact on civil liberties.

On March 15, due in part to disruption of the legislative schedule caused by the ongoing COVID-19 pandemic, the surveillance powers authorized by the USA Freedom Act expired. This has created a powerful impetus for Congress to fulfill its oversight function by assessing the reforms advanced by the USA Freedom Act and making any necessary revisions to protect Americans civil liberties if these authorities are to be renewed. While the USA Freedom Act advanced important principles, recent developments have highlighted the need for additional reforms to secure the intentions of the Act.

In recent months, revelations of deficiencies in the application process for FISA surveillance orders have prompted new calls for surveillance reform. For example, a December 2019 Inspector General (IG) report discovered significant errors and omissions in the FBIs applications for FISA warrants to surveil an advisor to President Trumps 2016 campaign. A subsequent IG audit of 29 FISA applications found missing documentation in four cases and identified apparent errors or inadequately supported facts in all of the remaining files. The discovery of these recurring errors have driven calls for a greater role for the FISA Courts independent amici curiae to support a fair and adversarial process in surveillance order proceedings.

Another focal point of the ongoing debate over U.S. surveillance authority involves the Call Detail Records (CDR) program the successor to the NSAs bulk collection of telephony metadata exposed by Snowden and invalidated by the Second Circuit in ACLU vs. Clapper. A recent report by the Privacy and Civil Liberties Oversight Board (PCLOB) on the governments use of the CDR program revealed that it has cost over $100 million to operate and that despite over-collecting millions of Americans phone records, it has generated unique intelligence information on only two occasions. Given these performance issues, the CDR program was voluntarily suspended by the NSA in 2019 after balancing intelligence value, associated costs, and compliance and data-integrity concerns.

The USA Freedom Act was made possible by a broad coalition of multi-stakeholder support representing diverse points across the political spectrum, and it appears that this coalition is once again emerging. On March 11, the House of Representatives passed H.R. 6172 the USA Freedom Reauthorization Act of 2020 by a vote of 278-136. Negotiated with Congressional leaders of both parties and Attorney General Barr, this compromise legislation would reauthorize expired surveillance authorities while further bolstering transparency and oversight mechanisms to protect civil liberties. Specifically, the bill would enact the following reforms to promote the narrowly tailored and accountable exercise of the governments surveillance tools:

1. Revoke Authority for the Call Detail Records Program.

As described in the February PCLOB report, the now-suspended Call Detail Records program has been a costly endeavor, rife with technical errors resulting in the overcollection of Americans private records while providing negligible, if any, intelligence value. H.R. 6172 takes a common sense first step to surveillance reform by eliminating statutory authority for this unnecessary and invasive program.

2. Clarify Warrant Requirements.

Section 215 of the USA PATRIOT Act authorizes requests for the production of third-party business records relevant to an investigation, such as books, documents, and other tangible things. H.R. 6172 would restrict the use of this authority to require the production of cell-site location data, GPS information, or other personal information that would require a warrant if sought in the criminal context. This is an important clarification because in the modern digital economy, certain business records can reveal intimate details of a persons life and should be regarded as highly sensitive. This principle was recognized in the Supreme Courts 2018 Carpenter decision, finding that a warrant was required for obtaining the cell-site location information related to an individuals movements over a seven-day period.

3. Expeditious Disclosure of Significant FISA Court Surveillance Opinions.

The USA Freedom Act requires the disclosure of novel and significant FISA Court opinions so that lawmakers and the public can be informed about how the FISA Court is interpreting and applying its surveillance authority. However, the Act omitted any statutory timeframe for doing so, creating possible incentives to delay publication of certain decisions for many months. H.R. 6172 would create a 180-day declassification review deadline for the public release of important FISA cases, meeting the transparency promise of the USA Freedom Act.

4. Expanded Role of FISA Court Amici Curiae.

Finally, the USA Freedom Act required the FISA Court to appoint amicus curiae advocates with expertise in privacy, civil liberties, and technology to provide an independent perspective and, where appropriate, contest arguments made by the government. H.R. 6172 would strengthen the role of the amici curiae by (1) expanding the types of FISA cases the amici curiae would participate in, such as those involving First Amendment-protected activities; (2) authorizing the amici curiae to petition for review of FISA Court decisions; and (3) clarifying and expanding the ability of the amici curiae to access and review relevant FISA Court documents.

Senate Majority Leader McConnell has announced that this week the Senate will take up the Houses FISA reauthorization and reform bill. Additionally, negotiations led by Senators Lee (R-UT) and Paul (R-KY) have ensured that the Senate will debate and vote on additional surveillance reforms. It is anticipated that the following bipartisan amendments will be considered:

Given the importance of the civil liberties at stake and evidence of ongoing deficiencies in the FISA process, the Senate should carefully deliberate on these amendments and consider any other issues where surveillance reform may be necessary.

As the technical capabilities to collect and analyze personal data grow more advanced, it will be tempting for governments to conduct invasive surveillance over their citizens. Countries that value democratic principles must ensure that intelligence tools are carefully scoped to respect personal freedom and protect civil liberties. While the USA Freedom Act took a critical step forward in restoring public transparency and accountability over U.S. surveillance activities, Congress must remain vigilant in its oversight function to ensure that the intelligence community has the tools to protect U.S. citizens without violating personal liberties. Given what is now known about the operation of USA Freedom Act reforms, lawmakers should take additional steps to ensure that domestic intelligence gathering capacities are balanced, accountable, and transparent.

View post:
Rightsizing US Surveillance Authority: Delivering on the USA Freedom Act Reforms - Disruptive Competition Project

United Airlines park aircraft at Smith Reynolds Airport due to the downturn in passenger flights – WXII12 Winston-Salem

United Airlines is parking some of its aircraft at Smith Reynolds Airport in Winston-Salem due to a downturn in passenger flights during the COVID-19 pandemic.Smith Reynolds Airport has been hit hard by the pandemic, Forsyth County officials said. Some of Winston-Salem airport's tenants were forced to furlough employees, while others scaled back hours to retain their workforce. The airports largest tenant, North State Aviation, temporarily furloughed its employees on April 8, but was able to bring them back on April 27, by negotiating a plan with the airlines.Due to the dramatic loss in passengers, airlines, including United Airlines, needed to take aircraft out of service and park them at airports across the United States. The Transportation Security Administration reported a 96% drop in screened passengers during the month of April when compared to the same time last year. Realizing the urgency of the situation, NSA with support from Forsyth County Government and AVCON, supplied the airlines with various parking plans to ensure the airlines that Smith Reynolds Airport had the capacity to accommodate over 40 B737s and B757s.When United Airlines committed to Smith Reynolds Airport, the parking plan was approved by the FAA. In addition, the Forsyth County Sheriff's Office is providing increased security. It has been a team approach at Smith Reynolds Airport in regards to navigating the COVID-19 crisis, Airport Director Mark Davidson said. We are happy United Airlines recognized the airport as a resource and we hope they will continue to come to the airport for all their maintenance needs after the crisis ends.

United Airlines is parking some of its aircraft at Smith Reynolds Airport in Winston-Salem due to a downturn in passenger flights during the COVID-19 pandemic.

Smith Reynolds Airport has been hit hard by the pandemic, Forsyth County officials said.

Some of Winston-Salem airport's tenants were forced to furlough employees, while others scaled back hours to retain their workforce.

The airports largest tenant, North State Aviation, temporarily furloughed its employees on April 8, but was able to bring them back on April 27, by negotiating a plan with the airlines.

Due to the dramatic loss in passengers, airlines, including United Airlines, needed to take aircraft out of service and park them at airports across the United States.

The Transportation Security Administration reported a 96% drop in screened passengers during the month of April when compared to the same time last year.

Realizing the urgency of the situation, NSA with support from Forsyth County Government and AVCON, supplied the airlines with various parking plans to ensure the airlines that Smith Reynolds Airport had the capacity to accommodate over 40 B737s and B757s.

When United Airlines committed to Smith Reynolds Airport, the parking plan was approved by the FAA. In addition, the Forsyth County Sheriff's Office is providing increased security.

It has been a team approach at Smith Reynolds Airport in regards to navigating the COVID-19 crisis, Airport Director Mark Davidson said. We are happy United Airlines recognized the airport as a resource and we hope they will continue to come to the airport for all their maintenance needs after the crisis ends.

Read the original here:
United Airlines park aircraft at Smith Reynolds Airport due to the downturn in passenger flights - WXII12 Winston-Salem

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open …

The National Security Agency develops advanced hacking tools in-house for both offense and defensewhich you could probably guess even if some notable examples hadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a "contribution to the nations cybersecurity community" in announcing it at RSA, it will no doubt be used far beyond the United States.

You can't use Ghidra to hack devices; it's instead a reverse-engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wildlike malware being used to carry out attacksto understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended.

"If youve done software reverse engineering, what youve found out is its both art and science; theres not a hard path from the beginning to the end," Joyce said. "Ghidra is a software reverse-engineering tool built for our internal use at NSA. We're not claiming that this is the one thats going to be replacing everything out thereit's not. But it helped us address some things in our workflow."

"Theres really no downside."

Former NSA Hacker Dave Aitel

Similar reverse-engineering products exist on the market, including a popular disassembler and debugger called IDA. But Joyce emphasized that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind, which makes it a powerful and particularly usable tool. Products like IDA also cost money, whereas making Ghidra open source marks the first time that a tool of its caliber will be available for freea major contribution in training the next generation of cybersecurity defenders. (Like other open source code, though, expect it to have some bugs.) Joyce also noted that the NSA views the release of Ghidra as a sort of recruiting strategy, making it easier for new hires to enter the NSA at a higher level or for cleared contractors to lend their expertise without needing to first come up to speed on the tool.

The NSA announced Joyces RSA talk, and Ghidras imminent release, in early January. But knowledge of the tool was already public thanks to WikiLeaks March 2017 Vault 7 disclosure, which discussed a number of hacking tools used by the CIA and repeatedly referenced Ghidra as a reverse-engineering tool created by the NSA. The actual code hadnt seen the light of day, though, until Tuesdayall 1.2 million lines of it. Ghidra runs on Windows, MacOS, and Linux and has all the components security researchers would expect. But Joyce emphasized the tool's customizability. It is also designed to facilitate collaborative work among multiple people on the same reversing projecta concept that isn't as much of a priority in other platforms.

Ghidra also has user-interface touches and features meant to make reversing as easy as possible, given how tedious and generally challenging it can be. Joyce's personal favorite? An undo/redo mechanism that allows users to try out theories about how the code they are analyzing may work, with an easy way to go back a few steps if the idea doesn't pan out.

The NSA has made other code open source over the years, like its Security-Enhanced Linux and Security-Enhanced Android initiatives. But Ghidra seems to speak more directly to the discourse and tension at the heart of cybersecurity right now. By being free and readily available, it will likely proliferate and could inform both defense and offense in unforeseen ways. If it seems like releasing the tool could give malicious hackers an advantage in figuring out how to evade the NSA, though Dave Aitel, a former NSA researcher who is now chief security technology officer at the secure infrastructure firm Cyxtera, said that that isn't a concern.

Malware authors already know how to make it annoying to reverse their code, Aitel said. Theres really no downside to releasing Ghidra.

No matter what comes next for the NSA's powerful reversing tool, Joyce emphasized on Tuesday that it is an earnest contribution to the community of cybersecurity defendersand that conspiracy theorists can rest easy. "Theres no backdoor in Ghidra," he said. "Come on, no backdoor. On the record. Scout's honor."

More Great WIRED Stories

Read the original post:
The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open ...

A discovered malware sample uses code from the NSA and a Chinese hacking group – CyberScoop

Written by Shannon Vavra May 7, 2020 | CYBERSCOOP

Good hackers steal, great hackers borrow.

According to new research from ESET, a code obfuscation tool thats been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency.

ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as theShadow Brokers.

Its unclear if the sample was used in a malicious campaign or if its the product of a security researcher experimenting with different tools,according to Marc-tienne Lveill, a malware researcher at ESET. It was uploaded to malware-sharing repository VirusTotal in 2017, according to Lveill.

The Winnti-linked packer was used in a series of intrusions at gaming organizations in 2018, which ESET has previously documented.

ESET published its findings in the hopes that some other researchers may have more visibility into the samples origins, Lvill told CyberScoop.

Its not clear who is behind the sample its possible Equation Group used the Winnti-linked portion to run its own intelligence collection, but it is also possible Winnti, which is suspected to have links with the Chinese government, used the leaked NSA implant for its operations.

Lveill said he views the latter as the likely explanation.

It is likely that the Winnti Group used tools from the Shadow Brokers leak as a first stage to compromise their victims in 2017. Another, less likely, scenario is that the Equation Group has seen and reused the Winnti Group packer in their operations, Lveill told CyberScoop. Yet another, even less-likely scenario is that a thirdparty who had access to this Winnti Group [tool], used it with PeddleCheap from the Shadow Brokers leak.

The malware combination shows the far-reaching ramifications of the Shadow Brokers leak: attributing attacks via tools that were used in the massive dump is much moredifficult, as any number of actors can use them to muddle up security researchers findings.

These samples are an example of how attribution is difficult, if not impossible, by looking only at malware samples without additional context. It is relatively easy to repurpose malware [artifacts] once they are discovered and documented, Lveill told CyberScoop. In addition to that, it is possible intelligence agencies discover these components before they are public knowledge, misleading attribution made by analysts later on.

While the actors behind the Winnti-PeddleCheaptool may be unknown, Chinese hackers had access to some other tools that appeared in the Shadow Brokers leak months before the Shadow Brokers revealedthem to the public.

It remains unclear if that group, known as Buckeye orAPT3, stole the tools by breaching NSA systems or if they caught them in the wild. It is also possible the Chinese hackers independently observed the same vulnerabilities and created similar tools to exploit them.

Link:
A discovered malware sample uses code from the NSA and a Chinese hacking group - CyberScoop

NSA welcomes start of trade talks with the US – Darlington and Stockton Times

A SHEEP farming group has welcomed the news that trade discussions with the US are due to start following disruptions caused by Covid-19.

Phil Stocker, chief executive of The National Sheep Association (NSA), has said they are pleased to hear these negotiations are now beginning after the delays caused by the pandemic.

He said: "We believe there are valuable opportunities for both our industry and the US sheep industry, in Britain, getting access for lamb and mutton into the US.

"The US sheep meat market is highly underdeveloped with very low lamb consumption across the country, and I am convinced that our genetics and British lamb and mutton, very different products to those produced by most US sheep farmers, could help stimulate real interest among American consumers and in turn help US sheep farmers see some growth.

For us, access into the US could create demand for those high-value cuts, particularly sheep meat with provenance and a story simply because of the close connections between our countries and the huge interest in our culture and heritage an aspect which sheep farming is steeped in.

He said the NSA is clear that market access to the EU is a priority but is enthusiastic to expand and build stronger connections further afield.

We dont see this as an alternative to the EU market," said Mr Stocker. "But it would be a positive trade that would complement both our exports and our domestic market. This is particularly prudent at current as the ongoing Covid-19 pandemic has shown how reliant our industry is on the catering and hospitality market and I could see future US demand for British lamb and mutton coming in alongside our own catering markets, all of which help to balance carcase demand and optimise value across the entire sheepmeat product range.

The NSA has previously expressed concerns about the quality of standards UK producers expect importers to meet.

Mr Stocker said: We welcome statements from Ministers and Government officials that in terms of reciprocal trade our standards will be protected and, while as a general statement, the Government is enthusiastic about free and open trade it does recognise that agriculture and food, like the NHS, is an industry that requires a level of protection and I do expect the commitments not to undermine our unique approach to farming, food, and the environment to be upheld.

Continue reading here:
NSA welcomes start of trade talks with the US - Darlington and Stockton Times