Archive for the ‘NSA’ Category

Leaked NSA hacking exploit used in WannaCry ransomware is now powering Trojan malware – ZDNet

Cybercriminals have taken the EternalBlue exploits and used them to build more effective Trojans.

A leaked NSA exploit which helped the WannaCry ransomware outbreak become so prolific is now being used to distribute Trojan malware.

A Windows security flaw known as EternalBlue was one of many allegedly known to US intelligence services and used to carry out surveillance before being leaked by the Shadow Brokers hacking group.

The exploit leverages a version of Windows' Server Message Block (SMB) networking protocol to spread itself across an infected network using wormlike capabilities.

But while, for the most part, the spread of WannaCry has been stopped, cybercriminals and hackers are still using the leaked EternalBlue exploit to carry out a much more discreet form of cyberattack, say researchers at FireEye.

This time, the SMB vulnerabilities are being used to distribute Backdoor.Nitol - a Trojan horse which opens a backdoor on the infected computer - and Gh0st RAT, a form of malware capable of taking full control of a machine in addition to conducting espionage and stealing data.

The latter is particularly dangerous and is repeatedly a thorn in the side of the aerospace and defence industries, as well as government agencies and even activists. Now those behind this new Gh0st RAT campaign are using EternalBlue exploits in an effort to compromise Singapore, while Nitol is attacking the wider South Asia region.

Researchers note that machines vulnerable to the SMB exploit are attacked by hackers using the EternalBlue exploit to gain shell access to the machine.

The initial exploit used at the SMB level is similar to what's been seen in WannaCry attacks, but this time, instead of being used to deploy ransomware, the attack opens a shell to write instructions into a VBScript file which is when executed to retrieve the payload from another server in order to create the required backdoor into the machine using Nitol or Gh0st RAT.

While neither attack is new - both have plagued victims for years - the addition EternalBlue adds additional potency to attacks, although nothing so far has suggested that it could spread so widely as quickly as WannaCry did.

And with the EternalBlue exploits now out in the open for any malicious actor to use, it's likely that we'll see it used again and again in new types of attacks.

"The addition of the EternalBlue exploit has made it easy for threat actors to exploit these vulnerabilities. In the coming weeks and months, we expect to see more attackers leveraging these vulnerabilities and to spread such infections with different payloads," said researchers at FireEye Dynamic Threat Intelligence.

"It is critical that Microsoft Windows users patch their machines and update to the latest software versions as soon as possible," they add.

While WannaCry exploited the vulnerability to infect networks across the globe, poor-coding behind the ransomware played a part in it not being as damaging as it could've been, resulting in those behind it not making much money, considering the scale of the campaign.

However, if something like Nitol or Gh0st RAT could simultaneously infected hundreds of thousands across the globe - and the nature of the Trojan attacks means they wouldn't be obvious about it - then future attacks could have much worse consequences.

Read the rest here:
Leaked NSA hacking exploit used in WannaCry ransomware is now powering Trojan malware - ZDNet

Woman Charged With Leaking Top-Secret NSA Report on Russian Hacking to Media – NBC Bay Area

WATCH LIVE

A woman was arrested for leaking a top-secret National Security Agency document that reveals details about Russian hacking's influence on the U.S. presidential election, asenior federal official told NBC News.

Reality Leigh Winner, 25, was arrested Saturday and charged with "gathering, transmitting, or losing defense information" to The Intercept. The Department of Justice said in a statement that she did this around May 9, and mailed the information shortly after.

The story published Monday features a secret NSA document that notes efforts by the Russian government to hack into a voting software company approximately a week before the election. It details tactics allegedly used by Russian intelligence to dupe U.S. government employees and officials with spear-phishing emails and Microsoft documents.

The document was classified at some of the highest levels.

The FBI said when they approached Winner she admitted to printing out the document, removing it from her place of work and mailing it to The Intercept. Winner told authorities she did this knowing the information was highly confidential.

The report is published just a days after NBC's Megyn Kelly sat down with Russian President Vladimir Putin to discuss the hacking accusations, which Putin vehemently denies. Putin said that "it wouldn't make sense" for Russia to interfere with the election.

"Releasing classified material without authorization threatens our nations security and undermines public faith in government," said Deputy Attorney General Rod J. Rosenstein in a statement. "People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation."

Authorities were alerted to the leak on June 1. Officials contacted the FBI after The Intercept called them regarding a story involving the document.

Winner is identified as being a contractor with Pluribus International Corporation since mid-February. The NSA has a facility in Georgia.

Word of the arrest was tweeted out by the Justice Department barely an hour after The Intercept published the story.

Published 40 minutes ago | Updated 4 minutes ago

More:
Woman Charged With Leaking Top-Secret NSA Report on Russian Hacking to Media - NBC Bay Area

Former NSA executive: Agency used blanket surveillance …

Former National Security Agency senior executive and whistleblower Thomas Drake revealed himself this week as the source for a lawsuit alleging the NSA conducted blanket, indiscriminate surveillance of Salt Lake City during the 2002 Winter Olympics.

In a declaration filed in discovery in the case in U.S. district court in Utah, Drake asserted the NSA, in coordination with the FBI, scooped up and stored the content of emails and text messages sent and received by anyone in the city and Olympic venues including American citizens.

The mantra was just take it all, said Drake, 60, in a Thursday evening phone interview. Drakes assertions contradict declarations filed in the case in March by former NSA director Michael Hayden and current NSA operations manager Wayne Murphy.

The NSA has never ... at any time conducted mass or blanket surveillance, interception, or analysis ... of e-mail, text message, telephone, or other telecommunications in Salt Lake City or the vicinity of the 2002 Winter Olympic venues, whether during the 2002 Winter Olympic Games or otherwise, Murphy stated.

Drake accused Murphy and Hayden of making statements that are if not literally false, substantially misleading. His declaration was first reported Friday by the Salt Lake Tribune.

[Read Thomas Drakes full declaration here]

The NSA and the Department of Justice declined to comment Friday on the case, which was filed in 2015 by former Salt Lake City Mayor Rocky Anderson on behalf of six American citizens who alleged their private communications were monitored and likely stored by the NSA during the Winter Games, held in Salt Lake City in February 2002.

Its incredibly important that the public be aware of what our governments doing, and all of us standing up against it, Anderson said in a telephone interview Thursday evening. We need to let our elected officials know that we will resist in any way possible this rather sudden transformation of our country, not only to a surveillance state, but to a nation where the rule of law seems to mean very little.

Drake is a former Air Force and Navy veteran who worked at the NSA from 1989 until 2008, when his career ended amid a leak investigation. Drake had grown uncomfortable with the expansion of the NSAs surveillance operations, authorized by President George W. Bush after the Sept. 11, 2001, terrorist attacks, and leaked unclassified information to a reporter about waste and fraud in the agency.

In 2007, Drakes home was raided by the FBI, and, in 2010, federal prosecutors charged him with 10 felonies under the Espionage Act. The case against him ultimately collapsed Drake pleaded guilty to a misdemeanor in 2011 and his ordeal is seen by civil liberty advocates as emblematic of overaggressive targeting of whistleblowers by the federal government.

In early 2002, according to Drake, he started hearing rumors from alarmed colleagues at the NSA about the Salt Lake Olympics Field Op. Then he started seeing manifest documents, showing shipments of surveillance equipment headed to Utah.

The Winter Games that year were held on American soil just five months after the Sept. 11 attacks, and according to Drakes declaration, the NSA saw the event which would bring thousands of people, including foreign leaders and international media, to a relatively confined geographic area as a golden opportunity to fine-tune a new scale of mass surveillance.

The mass surveillance program during the 2002 Olympics was first reported in a 2013 Wall Street Journal article that alleged, based on anonymous officials, that the FBI and the NSA made an arrangement with Qwest Communications International Inc. to monitor the content of all email and text communications in the Salt Lake City region during the Winter Games.

Qwest, a Denver-based telecommunications company, was acquired in 2011 by CenturyLink. Former Qwest chief executive Joseph Nacchio has said he knew nothing about his company cooperating with the NSA during the 2002 Olympics, but that federal authorities could have worked with other executives without his knowledge.

In 2013, one of the secret documents former NSA contractor Edward Snowden leaked to journalists describes NSA discussions about an operation during the Olympics, but not to the extent of what Drake has alleged.

In early 2002, NSA personnel met with senior vice president of government systems and other employees from Company E, the document stated. Under authority of the Presidents Surveillance Program (PSP), NSA asked Company E to provide call records in support of security for the Olympics in Salt Lake City ... On 19 February 2002, Company E submitted a written proposal that discussed methods it could use to regularly replicate call record information stored in a Company E facility and potentially forward the same information to NSA.

The Snowden document makes no mention of capturing content, though, but rather seems to align with previous revelations of NSA operations capturing metadata: information about a phone call or text message, such as the phone numbers, geographical locations of the devices used, and the duration of a call or size of a message.

But Drake said the Salt Lake City operation captured far more than just metadata. Before the Olympics, he said, the NSA set up geofencing virtual geographic boundaries around Salt Lake City and nearby Olympic venues.

Virtually all electronic communication signals that went into or out of one of those designated areas were captured and stored by the NSA, including the contents of emails and text messages, according to Drakes declaration. The NSA stored the metadata, as well as text in emails and text messages. Only large attached images or video files to texts and emails would have been spared, Drake said, because of their size.

Anderson, the former Salt Lake City mayor, was in private practice as an attorney when he read the 2013 Wall Street Journal article. He connected with Drake through a mutual friend, and when Drake described the scope of the operation he believed had been conducted, Anderson decided to pursue litigation.

Andersons case was filed in 2015 on behalf of six people who lived or worked near Olympic venues in Salt Lake City in 2002, including a lawyer, an author and a college professor. Their lawsuit seeks damages, an order to compel the NSA to disclose what communications from the plaintiffs it still has in storage and then the deletion of that information.

Anderson has asked the American Civil Liberties Union and several other electronic freedom and individual rights organizations to take up the case, but all have declined. The Department of Justice has tried to get the case dismissed, but U.S. District Judge Robert Shelby allowed it to proceed with a ruling in January.

Drake expressed dismay Thursday evening that the case has been greatly overshadowed this year by the news, and tweets, coming from the White House.

If there was anything exceptional about America, it was our Constitution ... and yet, here I was, seeing it unravel, in secret, from within the government, Drake said. To me, this still really matters.

Michael E. Miller contributed to this report.

Here is the original post:
Former NSA executive: Agency used blanket surveillance ...

Report: NSA used ‘blanket’ surveillance at 2002 Olympics – News … – The News Herald

Its incredibly important that the public be aware of what our governments doing, and all of us standing up against it, former Salt Lake City Mayor Rocky Anderson said in a telephone interview Thursday evening.

Former National Security Agency (NSA) senior executive and whistleblower Thomas Drake revealed himself this past week as the source for a lawsuit alleging the NSA conducted blanket, indiscriminate surveillance of Salt Lake City during the 2002 Winter Olympics.

In a declaration filed in discovery in the case in U.S. district court in Utah, Drake asserted the NSA, in coordination with the FBI, scooped up and stored the content of emails and text messages sent and received by anyone in the city and Olympic venues including American citizens.

The mantra was just take it all, Drake, 60, said in a Thursday evening phone interview.

Drakes assertions contradict declarations filed in the case in March by former NSA director Michael Hayden and current NSA operations manager Wayne Murphy.

The NSA has never ... at any time conducted mass or blanket surveillance, interception, or analysis ... of e-mail, text message, telephone, or other telecommunications in Salt Lake City or the vicinity of the 2002 Winter Olympic venues, whether during the 2002 Winter Olympic Games or otherwise, Murphy stated.

Drake accused Murphy and Hayden of making statements that are if not literally false, substantially misleading. His declaration was first reported Friday by the Salt Lake Tribune.

The NSA and the Department of Justice declined to comment Friday on the case, which was filed in 2015 by former Salt Lake City Mayor Rocky Anderson on behalf of six American citizens who alleged their private communications were monitored and likely stored by the NSA during the Winter Games, held in Salt Lake City in February 2002.

Its incredibly important that the public be aware of what our governments doing, and all of us standing up against it, Anderson said in a telephone interview Thursday evening. We need to let our elected officials know that we will resist in any way possible this rather sudden transformation of our country, not only to a surveillance state, but to a nation where the rule of law seems to mean very little.

Drake is a former Air Force and Navy veteran who worked at the NSA from 1989 until 2008, when his career ended amid a leak investigation. Drake had grown uncomfortable with the expansion of the NSAs surveillance operations, authorized by President George W. Bush after the Sept. 11, 2001, terrorist attacks, and leaked unclassified information to a reporter about waste and fraud in the agency.

In 2007, Drakes home was raided by the FBI, and, in 2010, federal prosecutors charged him with 10 felonies under the Espionage Act. The case against him ultimately collapsed Drake pleaded guilty to a misdemeanor in 2011 and his ordeal is seen by civil liberty advocates as emblematic of over-aggressive targeting of whistleblowers by the federal government.

Golden opportunity

In early 2002, according to Drake, he started hearing rumors from alarmed colleagues at the NSA about the Salt Lake Olympics Field Op. Then he started seeing manifest documents, showing shipments of surveillance equipment headed to Utah.

The Winter Games that year were held on American soil just five months after the Sept. 11 attacks, and according to Drakes declaration, the NSA saw the event which would bring thousands of people, including foreign leaders and international media, to a relatively confined geographic area as a golden opportunity to fine-tune a new scale of mass surveillance.

The allegation of a mass surveillance program during the 2002 Olympics was first raised in a 2013 Wall Street Journal article that alleged, based on anonymous officials, the FBI and NSA made an arrangement with Qwest Communications International Inc. to monitor the content of all email and text communications in the Salt Lake City region during the Winter Games.

Qwest, a Denver-based telecommunications company, was acquired in 2011 by CenturyLink. Former Qwest chief executive Joseph Nacchio has said he knew nothing about his company cooperating with the NSA during the 2002 Olympics, but that federal authorities could have worked with other executives without his knowledge.

In 2013, one of the secret documents former NSA contractor Edward Snowden leaked to journalists describes NSA discussions about an operation during the Olympics, but not to the extent of what Drake has alleged.

In early 2002, NSA personnel met with senior vice president of government systems and other employees from Company E, the document stated. Under authority of the Presidents Surveillance Program (PSP), NSA asked Company E to provide call records in support of security for the Olympics in Salt Lake City. ... On 19 February 2002, Company E submitted a written proposal that discussed methods it could use to regularly replicate call record information stored in a Company E facility and potentially forward the same information to NSA.

The Snowden document makes no mention of capturing content, though, but rather seems to align with previous revelations of NSA operations capturing metadata: information about a phone call or text message, such as the phone numbers, geographical locations of the devices used, and the duration of a call or size of a message.

But Drake said the Salt Lake City operation captured far more than just metadata. Before the Olympics, he said, the NSA set up geofencing virtual geographic boundaries around Salt Lake City and nearby Olympic venues.

Virtually all electronic communication signals that went into or out of one of those designated areas were captured and stored by the NSA, including the contents of emails and text messages, according to Drakes declaration.

The NSA stored the metadata, as well as text in emails and text messages. Only large, attached images or video files to texts and emails would have been spared, Drake said, because of their size.

Court case

Anderson, the former Salt Lake City mayor, was in private practice as an attorney when he read the 2013 Wall Street Journal article. He connected with Drake through a mutual friend, and when Drake described the scope of the operation he believed had been conducted, Anderson decided to pursue litigation.

Andersons case was filed in 2015 on behalf of six people who lived or worked near Olympic venues in Salt Lake City in 2002, including a lawyer, an author, and a college professor. Their lawsuit seeks damages, an order to compel the NSA to disclose what communications from the plaintiffs it still has in storage, and then the deletion of that information.

Anderson has asked the American Civil Liberties Union and several other electronic freedom and individual rights organizations to take up the case, but all have declined. The Department of Justice has tried to get the case dismissed, but a U.S. District Judge Robert Shelby allowed it to proceed with a ruling in January.

Drake expressed dismay Thursday evening that the case has been greatly overshadowed this year by the news, and tweets, coming from the White House.

If there was anything exceptional about America, it was our Constitution ... and yet, here I was, seeing it unravel, in secret, from within the government, Drake said. To me, this still really matters.

See original here:
Report: NSA used 'blanket' surveillance at 2002 Olympics - News ... - The News Herald

NSA Director Mike Rogers poised to ‘drop a bomb’ on Trump admin … – Raw Story

Atlantic magazine writer Steve Clemons said during a Saturday panel on MSNBCs The Point with Ari Melber that National Security Administration (NSA) Director Michael Rogers may have a bomb to drop on the Trump administration.

Rogers will testify Wednesday before the Senate Intelligence Committee, which is currently investigating whether President Donald Trumps campaign colluded with Russian officials to sway the results of the 2016 election.

We now know for certain that Vladimir Putin waged political warfare against Americas democracy with the election last year, said Mother Jones magazines David Corn. While thats going on, Donald Trump is saying, No, its not happening. Its like a guy in front of a bank robbery saying, Nothing is going on here. He was helping.

He made it easier for Putin to pull this off, Corn said. That in itself should be a big scandal.

While a lot of people have focused on James Comey and thats obviously a huge anchor in this, Clemons said at the end of the segment, watch the Senate Intelligence Committee hearings on Wednesday. National Security Agency Director Mike Rogers may have a bomb to drop in this, as well as Dan Coates. I have been tipped off that Mike Rogers has a story to tell as well that goes right along the lines that our friend David Corn has shared.

Watch the video, embedded below:

The rest is here:
NSA Director Mike Rogers poised to 'drop a bomb' on Trump admin ... - Raw Story