Mediaboss Marketing

A bombshell report claims that the NSA, under then President Obama, conducted years of illegal searches of American's private data. The report appears in the online publication Circa and details how once-classified documents show how the spy agency failed to disclose the abuses.

According to a previously classified report reviewed by Circa, one in 20 electronic communications by Americans were scooped up and kept by the NSA. The NSA admitted that the actions of the so-called 702 database potentially violated the fourth amendment protections of millions of Americans. This even after the spy agency's own supervisors agreed in 2011 to follow certain safeguards. The publication goes on to say the Obama administration self-disclosed the violations late last year just before President Donald Trump was elected. The admittance of wrongdoing was made before the Foreign Intelligence Surveillance Court. The agency received a strong rebuke from the court according to Circa.

In early January, shortly before President Trump's inauguration, Obama administration officials changed the rules regarding the handling of sensitive information of Americans scooped up in NSA data collection. The rule change did away with the previous safeguards and allowed wide dispersion of information on individuals to be spread across several agencies.

The American Civil Liberties Union expressed shock to Circa that the abuses were admitted by government officials. Over the last several months, various operatives with the government have tried to tamp down claims of intentional wiretapping by the former administration.

You can read the full report from Circa as well as the FISA court report in the link to the side of this story.

Link:
Report: Obama era NSA admits to years of illegal searches on Americans - Valley News Live

This story first appeared on CyberScoop.

Storm clouds are rising over the U.S. governments policy on software flawdisclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process.

Under the VEP, U.S. officials weigh the benefits of disclosing a newly discoveredflaw to the manufacturer which can issue a patch to protect customers or having the government retain itfor spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said.

We disclose something like 90 percent of the vulnerabilities we find, said Richard Ledgett, who retired April 28 as the NSAs deputy director. Theres a narrative out there that were sitting on hundreds of zero days and thats just not the case, he told Georgetown University Law Centers annualcybersecurity law institute.

On the contrary, he said, the process, led by the [White House National Security Council], is very bureaucratic and slow and doesnt have the throughput that it needs. He said itwas an issue NSA leaders had raised with both the previous administration and the Trump White House and that currenthomeland security adviser Thomas Bossert had promised to fix.

A zero day vulnerability is a newly discovered software flaw one the manufacturer has zero days to patch before it can be exploited. An exploit is a piece of code that uses a vulnerability to work mischief on a computer, for instance allowing a remote hacker to download softwareand seize control. Not all zero days are created equal, one of the architects of the VEP, former White House Cybersecurity Coordinator J. Michael Daniel, told CyberScoop recently.

Some exploits might require physical access, or need other exploits to be pre-positioned. Some might even rely on known but widely unpatched vulnerabilities, he said. One of the reasons WannaCry spread so fast despite being relatively unsophisticated in design is that it utilizes a very powerful NSA exploit called EternalBlue.

EternalBlue was one of a large cache of NSA hacking tools dumped on the web last month by an anonymous group calling itself the Shadow Brokers an event that led to calls for the government to give up stockpiling vulnerabilities altogether.

That would be a mistake, Ledgett said, in part because even disclosed vulnerabilities can be exploited. Hackers can take apart the patch and reverse-engineer the vulnerability it is fixing, and then weaponize it with an exploit. Even when theres a patch available, Ledgett noted Many people dont patch, for all sorts of reasons. Large companies, for example, often have custom software that can breakwhen an operating system is updated.

The idea that ifyou disclose every vulnerability, everything would be hunky dory is just not true, he said.

Besides, the NSAs use of its cyber-exploit arsenal wasvery tailored, very specific, very measured, addedLedgett, agreeing that the VEP policy was in about the right place.

Indeed, he said, there was an argument to be made that Microsoft, which last weekend rushed out an unprecedented patch for discontinued but still widely used software like Windows XP, should bear some of the blame for not patching the discontinued products in March, when it patched its current products apparently in response to an advance warning from the NSA.

Daniel revealed theVEP in 2014, in response to suspicions that the NSA had known about the huge Heartbleed vulnerability in a very widely used piece of open-source software it hadnt, hesaid. But the policy has been in place since 2010, according to documents declassified in response to a Freedom of Information Act request from the Electronic Frontier Foundation an internet freedom advocacy group.

And Ledgett said the NSA had previously had a similar policy in place for decades. At the heart of the process, he said, is a balancing of how valuable the vulnerability in question is for the NSAs foreign intelligence mission, versus how damaging it might be U.S. companies or Americans generally, if it were discovered by an adversaryor revealed before it could be patched.

Ledgett said the new process balanced more or less the same factorsin more or less the same way although there were additional players like the State and Commerce Departments at the table in the National Security Council-led VEP.

The thing thats new since since 2014 is the risk of disclosure of a vulnerability, he said.

But former NSA director and retired four-star Air Force Gen. Michael Haydenpoints out two other things that have also changed affecting where NSA places the fulcrum in its balancing of offensive and defensive equities.

Far more often now the vulnerability in question is residing on a device that is in general use (including by Constitutionally protected US persons) than on an isolated adversary network, he wrote in a blog post for the Chertoff Group, where he now works.

He said that a comfort zone the NSA had previously enjoyed had also narrowed considerably. The comfort zone was called NOBUS, short for nobody but us. In other words,This vulnerability is so hard to detect and so hard to exploit that nobody but us (a massive, technological powerful, resource rich, nation state security service) could take advantage of it.

That playing field is being leveled, not just by competing nation states but also by powerful private sector enterprises, he concluded, The NOBUS comfort zone is considerably smaller than it once was.

This week, bipartisan bills in both chambers sought to give the VEP a basis in law.Sens. Brian Schatz, D-Hawaii, Ron Johnson, R-Wis., and Cory Gardner, R-Colo., and Reps. Ted Lieu, D-Calif., and Blake Farenthold, R-Texas, put forwardtheProtecting Our Ability to Counter Hacking Act, or PATCH Act.

Excerpt from:
Government not 'sitting on hundreds of zero days,' former NSA official says - FedScoop

Cybersecurity researchers have discovered a new worm that uses seven of the NSA's leaked exploits.

If the NSA's leaked hacking tools had a Voltron, it would be EternalRocks.

On Sunday, researchers confirmed new malware, named EternalRocks, that uses seven exploits first discovered by the National Security Agency and leaked in April by the Shadow Brokers group. Experts described the malware as a "doomsday" worm that could strike suddenly.

Earlier this month, the WannaCry ransomware plagued hospitals, schools and offices around the world and spread to more than 300,000 computers. It uses two NSA exploits that were leaked by the Shadow Brokers, EternalBlue and DoublePulsar. A few days later, researchers found Adylkuzz, new malware that spread using those same exploits and created botnets to mine for cryptocurrency.

Now, there's EternalRocks. Miroslav Stampar, a cybersecurity expert for Croatia's CERT, first discovered the hodgepodge of hacks on Wednesday. The earliest findings of EternalRocks goes all the way back to May 3, he wrote in a description on GitHub.

EternalRocks uses EternalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch and SMBTouch -- all tools leaked by the Shadow Brokers. Stampar said he found the packed hack after it infected his honeypot, a trap set to monitor incoming malware.

The majority of the tools exploit vulnerabilities with standard file sharing technology used by PCs called Microsoft Windows Server Message Block, which is how WannaCry spread so quickly without being noticed. Microsoft patched these vulnerabilities in March, but many outdated computers remain at risk.

Unlike WannaCry, which alerts victims they've been infected through ransomware, EternalRocks remains hidden and quiet on computers. Once in a computer, it downloads Tor's private browser and sends a signal to the worm's hidden servers.

Then, it waits. For 24 hours, EternalRocks does nothing. But after a day, the server responds and starts downloading and self-replicating. That means security experts who want to get more information and study the malware will be delayed by a day.

"By delaying the communications the bad actors are attempting to be more stealthy," Michael Patterson, CEO of security firm Plixer, said in an emailed statement. "The race to detect and stop all malware was lost years ago."

It even names itself WannaCry in an attempt to hide from security researchers, Stampar said. Like variants of WannaCry, EternalRocks also doesn't have a kill-switch, so it can't be as easily blocked off.

For now, EternalRocks remains dormant as it continues to spread and infect more computers. Stampar warns the worm can be weaponized at any time, the same way that WannaCry's ransomware struck all at once after it had already infected thousands of computers.

Because of its stealthy nature, it's unclear how many computers EternalRocks has infected. It's also unclear what EternalRocks will be weaponized into. Plixer said the worm could be immediately turned into more ransomware or trojan attacks for banking.

The NSA has been widely criticized for holding onto these exploits without warning the companies involved. On Wednesday, Congress introduced a bill that would force the government to hand over its cyber arsenal to independent review boards.

The NSA didn't immediately respond to a request for comment.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.

Continue reading here:
'Doomsday' worm uses seven NSA exploits (WannaCry used two) - CNET

Everyone is talking about WannaCry(pt), the latest ransomware worm that attacked over 150 countries across the globe. It hit hospitals, universities, businesses, a telco, train stations and more. Microsoft responded by releasing emergency security patches for Windows versions as far back as XP. To Microsoft's credit they had released a patch for the issue in February, well before this exploit hit, so those that did not update were the ones hit. The lesson here is to install your security patches when they are available.

The exploit was via a vulnerability in the SMB file share system. The bug was found after the NSA's EternalBlue tool was stolen, yes, the NSA was using the exploit. Initially the tool was used to hack into devices but this latest version was added to ransomware. The unlock cost is between US$300 (10,400 baht) to $600 regardless of the target. It also adds Doublepulsar, a backdoor that allows the machine to be remotely controlled, also stolen from the NSA. BitDefender sent an email saying I was already protected but many were not. The attack was stopped when a clever person in the UK found the kill switch. There are rumours that North Korea was behind this attack like they were with the big Sony hack a while back. Others are suggesting it was a much smaller group.

The potential next version of Android, or its replacement, called Fuchsia has been tested in an early development build. The need for such a product was triggered by Oracle's litigation against Google to get Android royalties. It is open source and you can find it on Github. Hotfix's Kyle Bradshaw compiled the most recent version and you can see what it looks like by searching for "Fuchsia OS Armadillo preview" on YouTube.

With the world moving away from the PC and towards the notebook many are looking for a solution for multi-monitor support. Modern notebooks are so thin they no longer have monitor ports but don't despair, there are many solutions to try. Thunderbolt ports support video, audio, standard data transmission and power. You will of course need a Thunderbolt compatible monitor. Another solution, for those with only one Thunderbolt or USB-C port, is to get a docking station. For older users, the options include a splitter cable, a splitter box and perhaps some USB-to-HDMI adaptors. If you have the right kind of notebook, e.g. a Razor, then you may even be able to use a proper graphics card inside an external box. Those that have tried or used multiple monitors rarely want to go back to one.

The MP3 or MPEG Audio Layer III format has been officially killed off by the Fraunhofer Institute, which did not renew the IP rights and ceased their licensing programme. No, MP3 is not gone, it has essentially become free. MP3 is still a popular format even though others like AAC variants and MPEG-H have more features, better audio quality and use less bandwidth. With the growth of memory on devices many also now use FLAC, a lossless format rather than MP3 which reduces information but "tricks" the ears into hearing all the sound. The most recent example is MQA that may be the basis for the next great streaming technology.

Since I didn't get the LG V20 phone I'm now looking at the Huawei P10 Plus. This is a 5.5-inch QHD+ phone with 6GB of memory and 128GB of storage for a fraction of the price of the Samsung S8. The Leica dual camera is very good and it comes with the latest Kirin 960 processor. It supports a microSD but you would have to be doing a lot of 4K recording to even need such an expansion of up to an additional 256GB. A 3,750mAh non-removable battery adds some extra life and it is Android 7. Unlocked versions are already available for as low as US$630 (21,750 baht) in some places.

I was at a presentation demonstrating the SQLServer on Linux recently and besides the fact that it installs quickly, the advantage of this is that you can set up a virtual machine on a Windows 7 PC and run the latest versions like 2016 or the newest 2017. For Red Hat, Ubuntu and SUSE the product is fully integrated and an update is a simple command line. In the demo using Oracle's free VM, an Ubuntu core virtual machine was created and then SQLServer installed, which was then accessible from the Windows SQL Server Management Studio. Apart from one step involving partitioning, it was all seamless and fast. There are plenty of tutorials on the internet to walk you through this.

Finally for this week, Cray the supercomputer people are moving to supercomputing as a service model, which given how everything else is going should come as no surprise.

Read the original:
Thank the NSA for latest global ransomware - Bangkok Post

By Ms. Smith, Network World | May 21, 2017 8:58 AM PT

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Your message has been sent.

There was an error emailing this page.

While you wont be forgetting the WannaCry ransomware attack, it is likely you will be hearing a lot more about the alleged NSA-linked EternalBlue exploit and DoublePulsar backdoor, as it seems a wide range of bad guys have them in their toy boxes. At least one person is leveraging seven leaked NSA hacking tools for a new EternalRocks network worm.

Malwarebytes believes WannaCry did not spread by a malicious spam email campaign but by a scanning operation that searched for vulnerable public-facing SMB ports, then used EternalBlue to get on the network and used DoublePulsar to install the ransomware.

EternalBlue was part of the Shadow Brokers April 14 dump of NSA hacking tools. Almost immediately, sophisticated attackers started repackaging the EternalBlue exploit. Security firm Secdo reported that three weeks before the WannaCry attack, at least three different actors were leveraging the NSA EternalBlue exploit to infect, install backdoors and exfiltrate user credentials in networks around the world, including the U.S.

The attack leaves no trace. By spawning threads inside legitimate apps to impersonate those apps, the attack can evade advanced next-gen antivirus solutions. The attacks, according to Secdo, might pose a much bigger risk than WannaCry because many endpoints may still be compromised despite having installed the latest security patch.

The security firm suggested one threat actor was stealing credentials using a Russian-based IP, and another threat actor seemed to be using EternalBlue in opportunistic attacks to create a Chinese botnet.

Secdo added:

Even if companies were able to block WannaCry and patch the SMB Windows exploit, a backdoor may persist and compromised credentials may be used to regain access.

Security firm Proofpoint spotted an attack using EternalBlue and DoublePulsar to install a cryptocurrency mining botnet. This attack, which also began before WannaCry, may be larger in scale and may even have limited the spread of WannaCry because this attack shuts down SMB networking to prevent further infections with other malware via that same vulnerability. Every time Proofpoint exposed a lab box vulnerable to EternalBlue attacks, it was added to the cryptocurrency mining botnet within 20 minutes.

Perhaps the most worrying news about attacks came from researcher Miroslav Stampar. It is the most worrying because the EternalRocksnetwork worm doesnt just use EternalBlue and DoublePulsar like WannaCry did. Oh no, it uses seven different NSA hacking tools: EternalBlue, Eternalchampion, Eternalromance, Eternalsynergy, Doublepulsar, Architouch and SMBtouch.

Stampar learned of EternalRocks after it infected his SMB honeypot. Its original name was MicroBotMassiveNet, but EternalRocks is listed as a product name under Taskhost Properties. It disguises itself as WannaCry as if hoping to fool security researchers, yet it doesnt drop ransomware. Instead, it seems to be gaining a foothold to launch future attacks.

During the first stage, EternalRocks installs TOR as a C&C communications channel. The second stage doesnt begin immediately; instead, the C&C server waits 24 hours before responding with shadowbrokers.zip. Stampar said the delayed downloader for the zipped file, which contains NSA hacking tools leaked by the Shadow Brokers, seems to be a full-scale cyber weapon.

After that is unpacked, the EternalRocks worm begins scanning for open 445 ports on the internet and pushes the first stage of the malware through payloads.

There is no kill switch like there was in WannaCry. Stampar told Bleeping Computer, The worm is racing with administrators to infect machines before they patch. Once infected, he can weaponize any time he wants, no matter the late patch.

The second stage of the infection currently has a detection rate of 45/61 on VirusTotal, but Stampar warned that EternalRocks was going to be huge.

He later added:

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Sponsored Links

Read the original here:
EternalRocks network worm uses 7 NSA hacking tools - Network World