Mediaboss Marketing

The Shadow Brokers are not going away. Earlier this month, the group of self-described hackers said it planned to launch a paid "subscription" service, where customers could apparently gain access to more exploits allegedly stolen from the NSA.

On Tuesday, the Shadow Brokers provided some more details of this service in an online post and said that June's cache of exploits would cost 100 Zcasha more privacy focused cryptocurrencyor around $23,000 at the time of writing. In response, a few information security researchers are trying to crowdfund enough funds to get in on the action. The point, according to the researchers, is to inform affected vendors and get any lingering security vulnerabilities fixed.

"What's better: the tool everyone, including the good guys and bad guys, know about, or the one which only your adversaries have?" Matthew Hickey, co-founder of UK cybersecurity company Hacker House, and who is one of the researchers trying to raise funds, told Motherboard in a Twitter direct message.

Along with the security researcher known as x0rz, Hickey has launched a Patreon campaign. At the moment, 11 people have pitched in, raising just over $1,200. If the campaign doesn't reach its goal, the researchers will donate the funds to an as of yet undecided human or digital rights charity.

"This patreon is a chance for those who may not have large budgets (SME, startups and individuals) in the ethical hacking and whitehat community to pool resources and buy a subscription for the new monthly released data," the Patreon reads.

Since last year, the Shadow Brokers have publicly released a variety of exploits for hardware firewalls, Unix, and Windows systems. In a previous post, the group claimed they have access to exploits for popular web browsers, Windows 10, and routers, although the group has not presented concrete evidence for these alleged tools yet.

Hackers have incorporated some of the released Windows exploits into new, powerful pieces of malware. WannaCry, a ransomware variant, infected networks in Spain, Russia, China, and elsewhere, and hit the UK's National Health Service (NHS) particularly hard.

Indeed, this what the researchers want to avoid by purchasing the alleged exploits.

"By paying the Shadow Brokers the cash they asked for we hope to pool resources and avert any future WannaCry type incidents," the Patreon page explains. (According to a report in The Washington Post, the NSA provided Microsoft with details of the Windows exploits, including those used in WannaCry. In turn, the company issued patches for an array of different operating systems).

"As a harm reduction exercise it is important that any compromised parties are notified, vulnerabilities in possession of criminals are patched and tools are assessed for capabilities. We will release any and all information obtained from this once we have assessed and notified vendors of any potential 0days," the Patreon adds.

Of course, this episode brings up all sorts of ethical questions: should researchers pay criminals for exploits at all? What if the intention is ultimately to patch systems?

However, those questions also rest on the premise that the subscription service is genuine. The Shadow Brokers have ostensibly tried to sell exploits before: first, in an auction, and then individually, with little to no success. But the group ended up dumping the hacking tools anyway, making it plainly obvious that this isn't about the money at all. Instead, this increasingly bizarre, public showmanship is about a feud between the Shadow Brokers, whoever they are, and Equation Group, a hacking unit allegedly part of the NSA.

"TheShadowBrokers is not being interested in stealing grandmother's retirement money. This is always being about theshadowbrokers vs theequationgroup," the group wrote in a recent post.

Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.

View post:
Hackers Are Crowdfunding Cryptocurrency to Buy Alleged NSA Exploits - Motherboard

Some questions, admiral.

The effects of this months global ransomware attackseem to be fading, fortunately.But a crucial question the incidentraisedis only getting more urgent. When it comes to online security, the U.S. governments priorities -- preventing terrorism and protecting cyberspace-- are in permanent tension.Is there a way to resolve it?

The National Security Agency routinely seeks out flaws in common software and builds tools, known as exploits, to take advantage of them. Doing so is an essential part of the agencys mission of spying on terrorists and foreign adversaries, yet it comes with grave risks.

The latest attack --still evolving-- is an example. Researchers say it takes advantage ofa stolen NSA tool to exploit a flaw in some versions of Windows. Microsoft Corp.hassuggestedthat the NSA knewof the flaw for some time, yet didnt disclose it until the theft.

That may sound unnerving. Windows is ubiquitous, and governments are generally expected to respect online security, not undermine it. Microsoft is understandably unhappy. Worse, the initial attack crippled everything from banks to hospitals. Its fair to say that lives were at risk.

So why keep such a harmful vulnerability secret? Simple:Exploiting it proved hugely effective in swooping up intelligence -- like fishing with dynamite, as one former NSA employeeput it.

Deciding whether such intelligenceis worth the risk isa fraught and secretive process. When a significant new flaw is found by a federal agency, its shared among experts from the intelligence, defense and cybersecurity bureaucracies (among others), who debate whether to disclose or exploit it, according tonine criteria. A review board then makes a final decision. In almost all cases involving a product made or used in the U.S. -- more than 90 percent, according to the NSA -- the flaws are disclosed.

Although its an imperfect process, a better way isnt obvious. Simply disclosing all vulnerabilities, as some activistsdemand, would be nuts. Intelligence would dry up, investigations would be hobbled, and the Pentagon would lose crucial insight into foreign militaries, for starters. Other countries would continue exploiting such flaws to their advantage. To echo a Cold Warlocution, it would amount to unilateral disarmament.

Likewise, Microsoft hasproposeda digital Geneva Convention, or a global agreement to disclose flaws. But the worst actors online -- thieves, gangsters,North Korea-- would hardly feel constrained by such a protocol, while the restraints put in place could well eliminate crucial methods of tracking them.

Clear thinking from leading voices in business, economics, politics, foreign affairs, culture, and more.

Share the View

Abetter approachis to improve the current system. One problem is that the secrecy required makes it hard to know how well the stated criteria for retaining vulnerabilities are being followed. Reporting the total number found and disclosed each year might offer some reassurance to tech companies and the public, without divulging anything sensitive. Periodic audits of those that have been retained could help ensure that agencies arent hoarding dangerous stuff thats no longer useful. Most important, though, is to better secure these flaws -- and the tools meant to exploit them -- whilehaving a strategy tomitigate the risks if theyre once again leaked.

Failing that, the public may quickly lose confidence in this process. And that may be the biggest risk of all.

--Editors: Timothy Lavin, Michael Newman.

To contact the senior editor responsible for Bloomberg Views editorials: David Shipley at davidshipley@bloomberg.net.

Continued here:
Ransomware and the NSA - Bloomberg

Pittsburgh Post-Gazette

Secret court rebukes NSA for 5-year illegal surveillance of US citizens Pittsburgh Post-Gazette WASHINGTON U.S. intelligence agencies conducted illegal surveillance on American citizens over a five-year period, a practice that earned them a sharp ... Government Says Trust Us on Surveillance, But Here's Why We ...Townhall all 2 news articles »

Visit link:
Secret court rebukes NSA for 5-year illegal surveillance of US citizens - Pittsburgh Post-Gazette

Senator Mike Lee (R-Utah) reacted to comments from Rep. Devin Nunes that the cases of 'unmaskings' during the Obama administration included information about civilians.

Nunes said there was a "treasure trove" of information about people other than Gen. Michael Flynn and Russian envoys.

"This is what governments do when left unrestrained," Lee said.

George Takei: Trump Is Like 'An Alien Life Form' Who Is 'Ignorant of History'

Trump Makes Special Trip to Graves of Iraq, Afghanistan War Soldiers

Oliver North: North Korean Missile Could 'Shut Down Hawaii For Decades'

He said he was troubled by the fact the Obama administration had enough power to cull information about everyday Americans.

"The government can use overwhelming force and power to engage in political espionage," he said.

Lee said legislators must follow the lead of Founding Father James Otis of Massachusetts, who warned against such activity.

"Otis was a big believer in that government will intrude into a man's house unless restricted," Lee said, calling for better oversight of spying activity.

'You Aren't Representing Me': Trump Supporter Confronts Maxine Waters

Cavuto: Trump Told 'Grumbling European Phonies' to Stop Being 'Deadbeats'

Shoving Match, Threats Explode in Texas Capitol Over Illegal Immigration

The rest is here:
Mike Lee: NSA Spying Is 'What Gov't Does When Left Unrestrained' - Fox News Insider

The top Democrat on the House Oversight and Government Reform Committee wants the nation's top intelligence officials to turn over documents that describe their conversations with President Trump on Russia's meddling in the 2016 election.

Rep. Elijah Cummings, D-Md., the committee's ranking member, sent separate letters to Director of National Intelligence Dan Coats and National Security Agency Director Mike Rogers requesting documents, recordings, memos, notes and communications related to their conversations with the president or other White House staff about the investigations into Russia's role in the election.

The Maryland Democrat's requests follow a Washington Post report from earlier this month that said Trump asked Rogers and Coats to deny any existence of collusion between Trump's campaign associates and Russia.

The president asked the two top intelligence officials to help him push back against the FBI's investigation into Russia's role in the 2016 election, according to the Washington Post.

Both Coats and Rogers refused Trump's requests.

"The report ... stated that the president urged both of you 'to publicly deny the existence of any evidence of collusion durign the 2016 election,' but that you refused these requests, which you 'both deemed to be inappropriate,'" Cummings wrote.

Previous reports suggest Rogers and his staff may have memorialized his conversations with the president.

A senior official at the National Security Agency reportedly detailed Rogers' conversation with Trump about the Russia investigation in an internal memo.

Additionally, Coats said during congressional testimony earlier this month he would provide information about his conversation with Trump to a congressional "investigatory committee."

Here is the original post:
Elijah Cummings demands DNI, NSA leaders turn over documents ... - Washington Examiner