Archive for the ‘NSA’ Category

National Security Agency | History, Role, & Surveillance …

National Security Agency (NSA), U.S. intelligence agency within the Department of Defense that is responsible for cryptographic and communications intelligence and security. Its headquarters are in Fort Meade, Maryland.

The NSA grew out of the communications intelligence activities of U.S. military units during World War II. It was established in 1952 by a presidential directive from Harry S. Truman in which he specified its mission as

to provide an effective, unified organization and control of the communications intelligence activities of the United States conducted against foreign governments, to provide for integrated operational policies and procedures pertaining thereto.

The NSA was created in part out of the belief that the importance and distinct character of communications intelligence warranted an organization distinct from both the armed forces and the other intelligence agencies. While it operates within the Department of Defense, the NSA also belongs to the Intelligence Community (a coalition of 17 intelligence agencies) and as such acts under the supervision of the director of national intelligence. The director of the NSA is a military officer of flag rank (i.e., a general or an admiral) with a minimum of three stars. Not being a creation of Congress, the NSA often acts outside of congressional review; it is the most secret of all U.S. intelligence agencies.

The agencys mission includes the protection and formulation of codes, ciphers, and other cryptology for the U.S. military and other government agencies as well as the interception, analysis, and solution of coded transmissions by electronic or other means. The agency conducts research into all forms of electronic transmissions. It also operates posts for the interception of signals around the world. In 1972 a joint organization, the Central Security Service (CSS), was created to coordinate the intelligence efforts of the NSA with the U.S. military. The director of the NSA also heads the CSS (under the title of Chief, CSS).

The 1978 Foreign Intelligence Surveillance Act (FISA) restricts the NSA mandate to the interception of foreign communications and forbids the agency from targeting a U.S. citizen unless the latter is considered an agent of a foreign power. In exceptional cases that are considered critical to national security, the agency can obtain a warrant to intercept domestic communications. In 2008, amendments to FISA relaxed those restrictions and allowed the agency to monitor domestic communications without a warrant as long as one party is reasonably believed to be outside the United States.

In 2013 NSA activities were put in the limelight after a former computer security contractor, Edward Snowden, leaked classified information about two surveillance programsone collecting information from U.S. Internet service providers (PRISM) and the second collecting so-called metadata on cellular phone calls (information including phone numbers and length of the calls but not their content). Those programs were designed to target non-Americans, but they also collected a massive amount of information from Americans with whom those individuals had communicated. Other NSA programs included the extensive, worldwide, and allegedly untargeted collection of text messages (Dishfire) and of the locations of cell phones.

While less known to the American public than the Central Intelligence Agency, the NSA is believed to be far larger in size in terms of workforce and budget. According to Michael Hayden, a former director (19992005) of the NSA, it is also the worlds largest collector of foreign signals intelligence.

Excerpt from:
National Security Agency | History, Role, & Surveillance ...

NSA Jobs, Employment | Indeed.com

Filter results by: Sortby: relevance - date

more

$47,016 - $74,759 a year

In support of this mission, Adjudicators are responsible for ensuring a trusted workforce by providing timely and efficient decisions to determine an individual

$47,016 - $74,759 a year

Providing program status reports and briefings to internal management, NSA senior leadership and government oversight officials in the DoD, ODNI, and Congress.

These internships are open to a wide variety of majors and give students the opportunity to work directly with mission-critical problems and experience the

$42,053 - $67,099 a year

In order to ensure that operations occur within the established laws, authorities, policies and directives, NSA has built a robust compliance office and program

$69,581 - $108,422 a year

Knowledge and experience applying Federal and DoD Acquisition concepts, regulations, and statutes (e.g., FAR, DFAR, MPOAS, NSA acquisition directives, policies,

$70,519 - $87,868 a year

The Enterprise Operations Research organization, provides short-term operations research support to organizations across the NSA extended enterprise, leveraging

$47,016 - $74,759 a year

In support of this mission, Adjudicators are responsible for ensuring a trusted workforce by providing timely and efficient decisions to determine an individual

$69,581 - $108,422 a year

Represent NSA in international meetings; Convey NSA and foreign partners' views, issues, and requirements to NSA management to resolve issues and ensure

The Intelligence Analysis Mission encourages both independent and collaborative partnering (both within NSA and with other analysts in the Intelligence

$47,493 - $87,270 a year

The Administrative Specialist will be responsible for a wide range of purchasing, administrative, logistical coordination and liaison activities for the office.

$51,235 a year

All NSA employees are provided a comprehensive Federal employment benefit package that includes: Enforcement of laws and regulations relative to the protection

$43,256 - $68,781 a year

The mission requires a strong offense and a steadfast defense. The offense collects, processes and disseminates intelligence information derived from foreign

Daily work with the NSA SharePoint Collaboration Tracker or systems. Support to Sales Account Manager. Complete process alongside Sales Manager of Request of

$90,508 - $132,915 a year

This position is responsible for planning, developing, implementing, and evaluating quantitative and qualitative research design, statistical analysis

$42,053 - $67,099 a year

In order to ensure that operations occur within the established laws, authorities, policies and directives, NSA has built a robust compliance office and program

$24.70 - $26.34 an hour

The work of the candidate directly affects the quality of life of approximately 53 ships/subs and approximately 120,000 service members and their adult

$99,172 - $152,352 a year

NSA is in search of Computer Science professionals to solve complex problems, test innovative approaches and research new solutions to storing, manipulating,

The Intelligence Analysis Mission encourages both independent and collaborative partnering (both within NSA and with other analysts in the Intelligence

Be the first to see new NSA jobs

Go here to read the rest:
NSA Jobs, Employment | Indeed.com

Hotel Partying Preceded Deadly Shooting At NSA Gate, Sources Say – ABC News

One man is dead and another severely injured after gunfire erupted today at one of the main gates of the National Security Agency located at Fort Meade, Maryland.

The injured man was identified as Kevin Fleming, 20, of Baltimore, according to law enforcement sources. Fleming and another man were in a stolen Ford Escape SUV when they encountered NSA police at the entrance to the Ft. Meade complex, sources said.

Shortly before 9 a.m. ET, a vehicle with two people inside "attempted an unauthorized entry at a National Security Agency gate," according to a statement from the NSA.

"The driver failed to obey an NSA Police officer's routine instructions for safely exiting the secure campus," the statement continued. "The vehicle failed to stop and barriers were deployed."

Sources say the two inside were men dressed as women. Preliminary information indicated the two men were partying at an area hotel with a third individual when they took that individual's car without permission. However, it's still unclear how or why they ended up at the NSA gate.

The owner of the SUV picked up two men dressed as women in Baltimore late Sunday, sources confirmed. The three allegedly drove to a hotel in Howard County, Maryland, where they partied, sources said. Early this morning, the man woke up alone and the two men he allegedly had picked up were gone and so was his vehicle, sources said. The man reported his vehicle stolen to Howard County Police before the incident at the NSA, sources said.

A law enforcement source confirmed that the car that crashed at NSA was reported stolen in Howard County, Maryland.

When the vehicle "accelerated toward an NSA police car blocking the road" and "refused to stop," an NSA police officer opened fire, and one of the two men inside the "unauthorized vehicle" ended up dead, the NSA statement said. The other man in the vehicle was "severely injured and taken to a local hospital, according to sources.

An NSA Police officer injured in the incident was also taken to the hospital.

The incident has been contained and is under investigation, Colonel Brian Foley, Fort Meade garrison commander, said in a statement. The residents, service members and civilian employees on the installation are safe. We continue to remain vigilant at all of our access control points."

The FBI said they do not believe the incident is related to terrorism.

ABC News' Devin Dwyer and Jim Avila contributed to this report.

Get real-time updates as this story unfolds. To start, just "star" this story in ABC News' phone app. Download ABC News for iPhone here or ABC News for Android here.

See the article here:
Hotel Partying Preceded Deadly Shooting At NSA Gate, Sources Say - ABC News

Hackers linked to China repurposed NSA’s cyberweapons, report …

A hacker group linked to the Chinese government found and repurposed a set of the National Security Agency's (NSA) cyberweapons against targets in Europe and Asia beginning in 2016, according to cybersecurity firm Symantec.

Symantec's findings, released Monday, said the cyberweapons were used at least a year before a massive leak by a group calling itself the Shadow Brokers made public some of the NSA's most powerful cyber tools suggesting the China-linked hackers gained access to them earlier and in a different way. The tools do not appear to have been used on targets within the U.S., Symantec said.

"It's the first time we've ever seen this happen," said Eric Chien, a security director at Symantec, in a phone interview with CBS News. "First, it's definitely surprising they were able to recover these [tools]. It's also surprising that they've been using them since 2016 for two years without anyone noticing."

Symantec did not name any countries in its report and does not do so as a practice. It and other cybersecurity companies refer to the NSA as "Equation Group" and the group linked to China's intelligence apparatus as "Buckeye Group," which is also known as "APT3," "Boyusec," and "Gothic Panda."

The U.S. Department of Justice charged three alleged members of Buckeye with hacking, IP theft, conspiracy and identity theft in 2017.

Symantec said it identified one "zero day" vulnerability a piece of code that allows a hacker access to a machine without anyone on the other end clicking a link, opening an attachment, or using a website in a piece of Microsoft software in 2018. When it looked back through its own archives at where else the code had been used, it found a variation of it employed by Buckeye in 2016 well before the Shadow Brokers dumped this tool, alongside a trove of other NSA cyber weapons, in 2017. (The Microsoft vulnerability Symantec identified was patched in March 2019.)

While it was not entirely clear how Buckeye Group acquired the NSA's tools, technical evidence gathered by Symantec indicated the group may have observed the NSA use them elsewhere before repurposing them for intrusions into systems in Hong Kong, the Philippines, Vietnam, Belgium and Luxembourg.

In a less likely but still possible scenario, according to Symantec, the tools may have been stolen by or leaked to Buckeye by an NSA insider.

The NSA did not immediately respond to a request for comment.

Chien said the incident, overall, "demonstrates the sophistication of the Buckeye Group," which he said was known to be "prolific," conducting attacks on a number of targets worldwide. In this case, he said, the tools were used on very few organizations.

"So it seems like they understood they had something extremely valuable and used them only on super-important targets," Chien said.

Symantec's report raises new questions about how well-guarded the United States' cyber arsenal is and whether there are overlooked, latent risks to the U.S. conducting cyberattacks of its own.

"It definitely requires anyone conducting cyber offensive operations to add this to their calculus," Chien said.

He also said the company would be looking for other, similar incidents.

"First is rarely the only," he said.

Visit link:
Hackers linked to China repurposed NSA's cyberweapons, report ...

How Leaked NSA Spy Tool ‘EternalBlue’ Became a Hacker …

An elite Russian hacking team, a historic ransomware attack, an espionage group in the Middle East, and countless small time cryptojackers all have one thing in common. Though their methods and objectives vary, they all lean on leaked NSA hacking tool EternalBlue to infiltrate target computers and spread malware across networks.

Leaked to the public not quite a year ago, EternalBlue has joined a long line of reliable hacker favorites. The Conficker Windows worm infected millions of computers in 2008, and the Welchia remote code execution worm wreaked havoc 2003. EternalBlue is certainly continuing that traditionand by all indications it's not going anywhere. If anything, security analysts only see use of the exploit diversifying as attackers develop new, clever applications, or simply discover how easy it is to deploy.

"When you take something thats weaponized and a fully developed concept and make it publicly available youre going to have that level of uptake," says Adam Meyers, vice president of intelligence at the security firm CrowdStrike. "A year later there are still organizations that are getting hit by EternalBluestill organizations that havent patched it."

EternalBlue is the name of both a software vulnerability in Microsoft's Windows operating system and an exploit the National Security Agency developed to weaponize the bug. In April 2017, the exploit leaked to the public, part of the fifth release of alleged NSA tools by the still mysterious group known as the Shadow Brokers. Unsurprisingly, the agency has never confirmed that it created EternalBlue, or anything else in the Shadow Brokers releases, but numerous reports corroborate its originand even Microsoft has publicly attributed its existence to the NSA.

The tool exploits a vulnerability in the Windows Server Message Block, a transport protocol that allows Windows machines to communicate with each other and other devices for things like remote services and file and printer sharing. Attackers manipulate flaws in how SMB handles certain packets to remotely execute any code they want. Once they have that foothold into that initial target device, they can then fan out across a network.

'It's incredible that a tool which was used by intelligence services is now publicly available and so widely used amongst malicious actors.'

Vikram Thakur, Symantec

Microsoft released its EternalBlue patches on March 14 of last year. But security update adoption is spotty, especially on corporate and institutional networks. Within two months, EternalBlue was the centerpiece of the worldwide WannaCry ransomware attacks that were ultimately traced to North Korean government hackers. As WannaCry hit, Microsoft even took the "highly unusual step" of issuing patches for the still popular, but long-unsupported Windows XP and Windows Server 2003 operating systems.

In the aftermath of WannaCry, Microsoft and others criticized the NSA for keeping the EternalBlue vulnerability a secret for years instead of proactively disclosing it for patching. Some reports estimate that the NSA used and continued to refine the EternalBlue exploit for at least five years, and only warned Microsoft when the agency discovered that the exploit had been stolen. EternalBlue can also be used in concert with other NSA exploits released by the Shadow Brokers, like the kernel backdoor known as DarkPulsar, which burrows deep into the trusted core of a computer where it can often lurk undetected.

The versatility of the tool has made it an appealing workhorse for hackers. And though WannaCry raised EternalBlue's profile, many attackers had already realized the exploit's potential by then.

Within days of the Shadow Brokers release, security analysts say that they began to see bad actors using EternalBlue to extract passwords from browsers, and to install malicious cryptocurrency miners on target devices. "WannaCry was a big splash and made all the news because it was ransomware, but before that attackers had actually used the same EternalBlue exploit to infect machines and run miners on them," says Jrme Segura, lead malware intelligence analyst at the security firm Malwarebytes. "There are definitely a lot of machines that are exposed in some capacity."

Even a year after Microsoft issued a patch, attackers can still rely on the EternalBlue exploit to target victims, because so many machines remain defenseless to this day. "EternalBlue will be a go-to tool for attackers for years to come," says Jake Williams, founder of the security firm Rendition Infosec, who formerly worked at the NSA. "Particularly in air-gapped and industrial networks, patching takes a lot of time and machines get missed. There are many XP and Server 2003 machines that were taken off of patching programs before the patch for EternalBlue was backported to these now-unsupported platforms."

At this point, EternalBlue has fully transitioned into one of the ubiquitous, name-brand instruments in every hacker's toolboxmuch like the password extraction tool Mimikatz. But EternalBlue's widespread use is tinged with the added irony that a sophisticated, top-secret US cyber espionage tool is now the people's crowbar. It is also frequently used by an array of nation state hackers, including those in Russia's Fancy Bear group, who started deploying EternalBlue last year as part of targeted attacks to gather passwords and other sensitive data on hotel Wi-Fi networks.

'EternalBlue will be a go-to tool for attackers for years to come.'

Jake Williams, Rendition Infosec

New examples of EternalBlue's use in the wild still crop up frequently. In February, more attackers leveraged EternalBlue to install cryptocurrency-mining software on victim computers and servers, refining the techniques to make the attacks more reliable and effective. "EternalBlue is ideal for many attackers because it leaves very few event logs," or digital traces, Rendition Infosec's Williams notes. "Third-party software is required to see the exploitation attempts."

And just last week, security researchers at Symantec published findings on the Iran-based hacking group Chafer, which has used EternalBlue as part of its expanded operations. In the past year, Chafer has attacked targets around the Middle East, focusing on transportation groups like airlines, aircraft services, industry technology firms, and telecoms.

"It's incredible that a tool which was used by intelligence services is now publicly available and so widely used amongst malicious actors," says Vikram Thakur, technical director of Symantec's security response. "To [a hacker] its just a tool to make their lives easier in spreading across a network. Plus they use these tools in trying to evade attribution. It makes it harder for us to determine whether the attacker was sitting in country one or two or three."

It will be years before enough computers are patched against EternalBlue that hackers retire it from their arsenals. At least by now security experts know to watch for itand to appreciate the clever innovations hackers come up with to use the exploit in more and more types of attacks.

Link:
How Leaked NSA Spy Tool 'EternalBlue' Became a Hacker ...