Archive for the ‘NSA’ Category

Military cadets battle the NSA in mock cyberwar games – CNET

There were empty cans of Mountain Dew and Monster Energy everywhere.

Despite the pile of energy drinks, there was a surprising calm in the room as I stood by two dozen cadets at the US Military Academy at West Point. They were tasked with building a server and protecting it from breaches by the National Security Agency for a full week.

With a lifetime of research -- watching movies about cyberwarfare -- I figured I was all set for this assignment. But there was no dramatic music, no people running around and yelling about "cyber nukes" -- whatever those are. It looked like a normal office, like the one I'm sitting in as I write this. There wasn't even a sweeping camera shot of all the action.

Instead, four groups of cadets sat around rows of laptops at the ready. There was the Web Services team, to make sure their websites were up and running; the Web and Forums team, which moderates what goes on in their servers; the Network Monitoring team, which stands guard; and the Strike Team, which takes action to combat breaches.

The pace picked up a bit as the NSA sent over a task: creating a password restriction in the next two hours. But even then, there was no dramatic rush or screens filled with flowing rivers of green code.

The most noteworthy part of the attack? URLs like "pooploopery.com" and "canadabrokeit.com."

This is the second installment of a two-part series on cybersecurity and West Point.

Those names sound goofy, but the military is taking its cyberdefense capabilities seriously. This exercise, which is held annually at West Point, is part of an increased focus in military academies to train experts against attacks in the future.

After all, cyberwarfare is an increasing concern on and off the battlefield, and the US has already gotten a glimpse of what attacks could look like in the future. The 2016 presidential election was heavily influenced by Russian hackers, while Chinese hackers stole 22 million social security numbers from a federal database in 2015 and North Korean hackers were blamed for a massive breach at Sony the year before. With experts predicting threats like bombings caused by distributed denial-of-service (DDoS) attacks, it's become more important to train future officers to defend online.

"It's certainly a great emphasis. We see the rise of the cyber branch with the United States Army," Major Michael Petullo, an assistant professor at West Point's military academy said. "Individual privacy and freedom is all pending these days on cyber."

That mentality extends beyond the Army's own troops. Last month, the US Air Force issued its "Hack the Air Force" challenge to security specialists around the world, offering hefty rewards to anyone who can break into its public websites. It's a follow-up to challenges like "Hack the Army" and "Hack the Pentagon," in which bug bounty hunters cashed in on $75,000 by identifying the Pentagon's vulnerabilities. It only took five minutes for the first bounty to come during the Army challenge.

Since 2000, the NSA has been testing cadets at military schools by "hacking" servers in their classrooms for an entire week. In April, the Naval Academy, the Coast Guard Academy, the Marine Academy, the Military Academy and the Royal Military College of Canada joined in the Cyber Defense Exercise, looking to see who could best fend off the NSA's cyberattacks.

As part of the challenge, NSA hackers make up the "Red Cell" and teams from each academy make up "Blue Cells." The NSA is allowed to attack at all times, while the cyberdefense teams are restricted from doing anything between 10 p.m. and 9 a.m. To make things even harder, there's the Gray Cell, bots meant to emulate careless users who hackers typically target.

In one Gray Cell scenario, an important politician would come into an Army base with a laptop that potentially has a virus on it. The cadets have to clean off the device and remove any malware before the Gray Cell connects onto the servers.

Do you think that's far-fetched? Vice President Mike Pence and Clinton campaign manager John Podesta probably don't.

"The threat is real and gets more and more advanced every day. It evolves very rapidly," NSA Red Cell lead Curtis Williams said.

The cadets have to prevent the NSA from stealing password tokens, protect their servers from shutdown and block out intruders. The NSA's break-in is inevitable, so the competition becomes about who can defend their servers the longest.

"They end up getting in, but they get into everyone's," said Mitch DeRidder, captain of the Army's Blue Cell. "They're closing in as time goes on."

After DeRidder assigned the duties for the NSA's password challenge, the room fell quiet again. Attacks still flowed in from the NSA, but they were easy to spot because of their goofy names.

The cadets were supposed to monitor for these fake names and block them. Sometimes, it wasn't as obvious as a pooploopery. One ping had come in from lyft.cpm, a rip-off of the popular ride-sharing app.

"They're hoping that we make typos," said Conner Wissman, on the Army's Service team. "They're trying to throw us off because every second of blocking these count."

The team members' eyes glazed over while watching scores of URLs coming into the servers, a boring but necessary task.

"There's nothing I can do, I kind of just sit here and watch," Wissman said. On the Web and Forums team, one cadet folded paper into a small boat. Another cadet, manning the servers, took the boat apart and made a paper hat.

US Army cadets hard at work during the Cyber Defense Exercise. If you look really closely, you can see the paper boat.

By the end of the week, the Navy had won the exercise, but the cadets at West Point weren't defeated. In their loss, they'll be able to learn what went wrong and how to improve for when the nation's cybersecurity is at stake.

For future exercises, the NSA wants the academies to be able to collaborate. It also expects to add additional challenges like protecting other connected devices -- think smart appliances and light bulbs. The cadets already see the value in these challenges.

"Cyber is one of the biggest national security threats," DeRidder said. "Having trained NSA personnel attacking us, that definitely helped prepare us for the future."

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

View post:
Military cadets battle the NSA in mock cyberwar games - CNET

Former NSA director says this White House can’t handle the truth – PRI

On Monday, it was revealed that former President Barack Obama warned then-President-elect Donald Trump not to hire Gen. Michael Flynn. That was two days after the November presidential election. Despite the warning, President Trump selected Flynn as national security adviser. Flynn was later fired for lying to Vice President Mike Pence about his discussions with the Russian ambassador to the United States.

During a hearing on Capitol Hill on Monday, former acting Attorney General Sally Yates also revealed that Flynn was vulnerable to foreign blackmail and that she issued a separate warning about him to the Trump administration. Yates testified alongside James Clapper, the former director of national intelligence.

Retired four-star Gen. Michael Hayden served Presidents Bill Clinton, George W. Bushand Barack Obama in top intelligence posts, including as the director of the National Security Agency, the director of the CIA, and the deputy director of national intelligence. Though Hayden believes Flynn is tactically brilliant and praises his distinguished career within the Pentagon, he argues that he was not the right person to serve as Trumps national security adviser.

I think Mike coming into the national scene was very unfamiliar turf for him, and I dont think he was a very good fit for the job that the president selected him for, Hayden says.

This was a perfect storm, he later adds. Gen. Flynn coming out of government a bit angry, feeling a bit disrespected, passionate about some things, and working for a president who had those same attitudes they kind of fed off of one another. Hence, my reasoning, back before all this, I thought Mike was an ill fit for the job. What President Trump needs is someone to calm him down, not someone to accelerate him. I fear as if weve got this convergence, and it just headed to a very dark place.

According to Hayden, during an early Trump transition meeting on national security, Flynn was specifically told to be careful when it came to discussions with the Russians.

There were already these kinds of signs, I think, that folks more familiar with how this stuff works were a bit ill at ease with what they saw happening, Hayden says.

Overall, Hayden believes that the testimony given by Clapper and Yates was solid.

You saw two career government professionals testifying yesterday, says Hayden. Ive got to tell you, the only safe haven for a government professional in issues like this is the truth. And I knew, when I saw the lineup for this hearing, one, this was not going to be a happy day for the White House, who have tried to spin all of this in every possible direction. And number two, this wasnt going to settle things down this was going to excite this issue.

After the Trump administration was warned about Flynn, there should have been a tectonic shift inside the West Wing of the White House, Hayden says.

[Monday], we learned [the warnings] happened not once but twice in personal meetings, and [there was] an additional phone call, says Hayden. The tone of the conversation was intensely serious, and that this is a big deal.

After Yates warned the Trump administration, it took officials 18 days to fire Flynn, something Hayden attributes to chaos and incompetence within the White House. On Monday, officials within the administration backtracked, saying that former President Obama did warn President Trump, but that Trump thought his predecessor was joking.

This White House has a strained relationship with the truth, and they find themselves unable just simply to admit facts that seem obvious to the rest of us, says Hayden. Ten days ago, you had the president of the United States still questioning whether or not the Russians were the ones who actually did all this stuff.

This story originally aired on The Takeaway.

Read the original:
Former NSA director says this White House can't handle the truth - PRI

NSA Received Around 2,000 Requests to Unmask Americans … – CNSNews.com

NSA Received Around 2,000 Requests to Unmask Americans ...
CNSNews.com
Do you know if Susan Rice ever asked for an American citizen to be unmasked? Sen. Lindsey Graham (R-S.C.) asked the head of the National Security Agency ...

and more »

Continue reading here:
NSA Received Around 2,000 Requests to Unmask Americans ... - CNSNews.com

Editorial: NSA’s decision to cut data collection just a first step – The Mercury News

The National Security Agency has decided to halt onecontroversial surveillance programthat wasthe tip of an iceberg of government abuses of privacy and due process.This is a good start toward restoring balance inAmericans right to privacy.

The NSA said last week that it will no longer engage in warrantless spying on Americans digital communications that merely mention a foreign intelligence target, referred to in the intelligence community as about communications.

The NSAhad claimed thisauthority under Section 702 of the Foreign Intelligence Surveillance Act, which allows it to target non-U.S. citizens or residents believed to be outside the country, although Americans communications are often swept up as well.

NSA will no longer collect certain internet communications that merely mention a foreign intelligence target, an agency statement said. Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.

It is a significant departure from previous assurances that the program was vital to national security. Its effectiveness has always been difficult to gauge because the NSA has provided little information about it.

Its a welcome swing toward better privacy protection even if, as widely speculated, it is less an acknowledgement of Americans right to privacy than a result of communications byDonald Trumps people before the election being swept up in NSA data collectionn.

Our enthusiasm for the decision requires a reality check, however. The NSA has repeatedly lied about its spying activities and violations of Americans constitutional rights, so announcing a new policy doesnt necessarily mean it will be followed.

Rememberthe public testimony of then-National Intelligence Director James Clapper at a March 2013 Senate Intelligence Committee hearing.At one point, Sen. Ron Wyden, D-Ore., asked Clapper plainly, Does the NSA collect any type of data at all on millions, or hundreds of millions of Americans? Clapper then lied to his face, and the faces of all Americans, saying, No, sir, and then, Not wittingly.

Just months later, news stories based on information from the Edward Snowden leaks would reveal the NSAs bulk collection of Americans phone metadata and internet communications.

New technology makes our communications quicker, more convenient, more easily recorded and stored andmore easily accessed without our knowledge. But the Fourth Amendment is quite clear: Government searches require a warrant issued by a judge based on probable cause and describing the specific place to be searched, and the persons or things to be seized.

The law was written to deal with filing cabinets and safes rather than the cloud. But the fundamental principlestands and should always stand.

Read the original post:
Editorial: NSA's decision to cut data collection just a first step - The Mercury News

NSA stops one abuse, but many remain – OCRegister

The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.

The NSA said last week that it will no longer engage in warrantless spying on Americans digital communications that merely mention a foreign intelligence target, referred to in the intelligence community as about communications. The agency had claimed the authority to engage in such surveillance under Section 702 of the Foreign Intelligence Surveillance Act, which allows it to target non-U.S. citizens or residents believed to be outside the country, although Americans communications are oftentimes swept up as well.

NSA will no longer collect certain internet communications that merely mention a foreign intelligence target, the agency announced in a statement. Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.

Even though NSA does not have the ability at this time to stop collecting about information without losing some other important data, the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target, it continued.

It is a significant departure from previous assurances that the program was vital to national security, though many have forcefully disputed that claim. Its effectiveness has always been difficult to gauge, however, due to the lack of information the NSA has provided about it.

The agencys decision is certainly welcome, though we must make the perhaps generous assumption that it will do or not do, in this case what it says it will, and that it will not simply change its mind in the future. Our enthusiasm is also tempered by the realization that this is an agency, along with various other government intelligence agencies, that is built on deception and has repeatedly lied about its spying activities and violations of Americans constitutional rights.

We are reminded of the public testimony of then-National Intelligence Director James Clapper at a March 2013 Senate Intelligence Committee hearing. At one point, Sen. Ron Wyden, D-Ore., asked Clapper plainly, Does the NSA collect any type of data at all on millions, or hundreds of millions of Americans? Clapper then lied to his face, and the faces of all Americans, saying, No, sir, and then, Not wittingly.

Within a matter of months, news stories based on information from the Edward Snowden leaks would reveal the NSAs bulk collection of Americans phone metadata and internet communications.

Then there is the matter of the backdoor search loophole, by which the FBI or other agencies may search NSA databases for information about Americans collected under Section 702 without having to go through all that pesky business of obtaining a warrant. The loophole is sure to be a bone of contention during congressional debate over the reauthorization of Section 702, which is scheduled to expire at the end of the year.

Given the governments repeated abuses of Americans privacy through its snooping activities, those looking to reauthorize Section 702 have some serious questions to answer about how many Americans have been swept up in this supposed foreign surveillance, and how useful this intelligence actually is.

The Fourth Amendment is quite clear: Government searches require a warrant issued by a judge based on probable cause and describing the specific place to be searched, and the persons or things to be seized. New technology may make our communications quicker and more convenient as well as more easily recorded and stored but it does not alter that fundamental principle.

Original post:
NSA stops one abuse, but many remain - OCRegister