Archive for the ‘NSA’ Category

Who is NSA Director Mike Rogers? – CNN

On one front, he was being considered as a candidate for the job of director of national intelligence under President-elect Donald Trump. On another front, there were questions about whether he would be fired as director of the National Security Agency by then-President Barack Obama.

Obama's defense and intelligence chiefs had recommended firing Rogers due to the belief that Rogers was not working fast enough on a critical reorganization to address the cyberthreat, but Rogers survived and remained in his role as the director of the NSA and head of US Cyber Command under Trump.

In fact, Rogers has spent more time testifying about that topic than just about any other US official and is facing more questions from lawmakers on Tuesday as the probe continues to look into possible collusion between Russian officials and associates of the Trump campaign.

The revelations, first reported by The Washington Post, deepen the intrigue over alleged links between Trump's campaign and Russia as they follow the President's firing of Comey and his subsequent statement he did so because of the Russia probe.

Both Coats and Rogers were uncomfortable with the nature of the President's request and refused to comply, sources with knowledge of the situation told CNN.

Rogers also played a key role in last month's House hearing with Comey when he joined the FBI director in refuting Trump's claim that Obama had had his phones tapped during the campaign. He specifically batted down the notion that the Obama administration requested that the British eavesdrop on Trump, an unfounded assertion made on Fox News and later cited by White House officials.

Despite ultimately winning the election, Macron had been the victim of a "massive and coordinated hacking operation," his campaign team said.

"We had talked to our French counterparts ... and we gave them a heads up: 'Look, we are watching the Russians. We are seeing them penetrate some of your infrastructure. Here's what we've seen ... what can we do to assist?'" Rogers told lawmakers on the Senate armed services committee earlier this month.

Prior to assuming his current role at the NSA in 2014, Rogers served as the director for Intelligence for both the Joint Chiefs of Staff and US Pacific Command, and most recently as commander, US Fleet Cyber Command.

A native of Chicago, Rogers attended Auburn University. He graduated in 1981 and received his commission through the Naval Reserve Officers Training Corps. He was selected for re-designation to information warfare in 1986 after initially serving as a surface warfare officer.

Read more here:
Who is NSA Director Mike Rogers? - CNN

Federal Court Revives Wikimedia’s Challenge to NSA Surveillance – New York Times


New York Times
Federal Court Revives Wikimedia's Challenge to NSA Surveillance
New York Times
The ruling, by the Court of Appeals for the Fourth Circuit, is significant because it increases the chances that the Supreme Court may someday scrutinize whether the N.S.A.'s so-called upstream system for internet surveillance complies with Fourth ...
Newly revived Wikipedia suit could reveal secrets of NSA surveillance programVICE News
Court revives Wikimedia lawsuit against NSAWashington Post
Wikimedia's lawsuit against the NSA is backThe Verge
EFF -WND.com -U.S. News & World Report -DocumentCloud
all 33 news articles »

The rest is here:
Federal Court Revives Wikimedia's Challenge to NSA Surveillance - New York Times

Report: Obama era NSA admits to years of illegal searches on Americans – Valley News Live

A bombshell report claims that the NSA, under then President Obama, conducted years of illegal searches of American's private data. The report appears in the online publication Circa and details how once-classified documents show how the spy agency failed to disclose the abuses.

According to a previously classified report reviewed by Circa, one in 20 electronic communications by Americans were scooped up and kept by the NSA. The NSA admitted that the actions of the so-called 702 database potentially violated the fourth amendment protections of millions of Americans. This even after the spy agency's own supervisors agreed in 2011 to follow certain safeguards. The publication goes on to say the Obama administration self-disclosed the violations late last year just before President Donald Trump was elected. The admittance of wrongdoing was made before the Foreign Intelligence Surveillance Court. The agency received a strong rebuke from the court according to Circa.

In early January, shortly before President Trump's inauguration, Obama administration officials changed the rules regarding the handling of sensitive information of Americans scooped up in NSA data collection. The rule change did away with the previous safeguards and allowed wide dispersion of information on individuals to be spread across several agencies.

The American Civil Liberties Union expressed shock to Circa that the abuses were admitted by government officials. Over the last several months, various operatives with the government have tried to tamp down claims of intentional wiretapping by the former administration.

You can read the full report from Circa as well as the FISA court report in the link to the side of this story.

Link:
Report: Obama era NSA admits to years of illegal searches on Americans - Valley News Live

Government not ‘sitting on hundreds of zero days,’ former NSA official says – FedScoop

This story first appeared on CyberScoop.

Storm clouds are rising over the U.S. governments policy on software flawdisclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process.

Under the VEP, U.S. officials weigh the benefits of disclosing a newly discoveredflaw to the manufacturer which can issue a patch to protect customers or having the government retain itfor spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said.

We disclose something like 90 percent of the vulnerabilities we find, said Richard Ledgett, who retired April 28 as the NSAs deputy director. Theres a narrative out there that were sitting on hundreds of zero days and thats just not the case, he told Georgetown University Law Centers annualcybersecurity law institute.

On the contrary, he said, the process, led by the [White House National Security Council], is very bureaucratic and slow and doesnt have the throughput that it needs. He said itwas an issue NSA leaders had raised with both the previous administration and the Trump White House and that currenthomeland security adviser Thomas Bossert had promised to fix.

A zero day vulnerability is a newly discovered software flaw one the manufacturer has zero days to patch before it can be exploited. An exploit is a piece of code that uses a vulnerability to work mischief on a computer, for instance allowing a remote hacker to download softwareand seize control. Not all zero days are created equal, one of the architects of the VEP, former White House Cybersecurity Coordinator J. Michael Daniel, told CyberScoop recently.

Some exploits might require physical access, or need other exploits to be pre-positioned. Some might even rely on known but widely unpatched vulnerabilities, he said. One of the reasons WannaCry spread so fast despite being relatively unsophisticated in design is that it utilizes a very powerful NSA exploit called EternalBlue.

EternalBlue was one of a large cache of NSA hacking tools dumped on the web last month by an anonymous group calling itself the Shadow Brokers an event that led to calls for the government to give up stockpiling vulnerabilities altogether.

That would be a mistake, Ledgett said, in part because even disclosed vulnerabilities can be exploited. Hackers can take apart the patch and reverse-engineer the vulnerability it is fixing, and then weaponize it with an exploit. Even when theres a patch available, Ledgett noted Many people dont patch, for all sorts of reasons. Large companies, for example, often have custom software that can breakwhen an operating system is updated.

The idea that ifyou disclose every vulnerability, everything would be hunky dory is just not true, he said.

Besides, the NSAs use of its cyber-exploit arsenal wasvery tailored, very specific, very measured, addedLedgett, agreeing that the VEP policy was in about the right place.

Indeed, he said, there was an argument to be made that Microsoft, which last weekend rushed out an unprecedented patch for discontinued but still widely used software like Windows XP, should bear some of the blame for not patching the discontinued products in March, when it patched its current products apparently in response to an advance warning from the NSA.

Daniel revealed theVEP in 2014, in response to suspicions that the NSA had known about the huge Heartbleed vulnerability in a very widely used piece of open-source software it hadnt, hesaid. But the policy has been in place since 2010, according to documents declassified in response to a Freedom of Information Act request from the Electronic Frontier Foundation an internet freedom advocacy group.

And Ledgett said the NSA had previously had a similar policy in place for decades. At the heart of the process, he said, is a balancing of how valuable the vulnerability in question is for the NSAs foreign intelligence mission, versus how damaging it might be U.S. companies or Americans generally, if it were discovered by an adversaryor revealed before it could be patched.

Ledgett said the new process balanced more or less the same factorsin more or less the same way although there were additional players like the State and Commerce Departments at the table in the National Security Council-led VEP.

The thing thats new since since 2014 is the risk of disclosure of a vulnerability, he said.

But former NSA director and retired four-star Air Force Gen. Michael Haydenpoints out two other things that have also changed affecting where NSA places the fulcrum in its balancing of offensive and defensive equities.

Far more often now the vulnerability in question is residing on a device that is in general use (including by Constitutionally protected US persons) than on an isolated adversary network, he wrote in a blog post for the Chertoff Group, where he now works.

He said that a comfort zone the NSA had previously enjoyed had also narrowed considerably. The comfort zone was called NOBUS, short for nobody but us. In other words,This vulnerability is so hard to detect and so hard to exploit that nobody but us (a massive, technological powerful, resource rich, nation state security service) could take advantage of it.

That playing field is being leveled, not just by competing nation states but also by powerful private sector enterprises, he concluded, The NOBUS comfort zone is considerably smaller than it once was.

This week, bipartisan bills in both chambers sought to give the VEP a basis in law.Sens. Brian Schatz, D-Hawaii, Ron Johnson, R-Wis., and Cory Gardner, R-Colo., and Reps. Ted Lieu, D-Calif., and Blake Farenthold, R-Texas, put forwardtheProtecting Our Ability to Counter Hacking Act, or PATCH Act.

Excerpt from:
Government not 'sitting on hundreds of zero days,' former NSA official says - FedScoop

‘Doomsday’ worm uses seven NSA exploits (WannaCry used two) – CNET

Cybersecurity researchers have discovered a new worm that uses seven of the NSA's leaked exploits.

If the NSA's leaked hacking tools had a Voltron, it would be EternalRocks.

On Sunday, researchers confirmed new malware, named EternalRocks, that uses seven exploits first discovered by the National Security Agency and leaked in April by the Shadow Brokers group. Experts described the malware as a "doomsday" worm that could strike suddenly.

Earlier this month, the WannaCry ransomware plagued hospitals, schools and offices around the world and spread to more than 300,000 computers. It uses two NSA exploits that were leaked by the Shadow Brokers, EternalBlue and DoublePulsar. A few days later, researchers found Adylkuzz, new malware that spread using those same exploits and created botnets to mine for cryptocurrency.

Now, there's EternalRocks. Miroslav Stampar, a cybersecurity expert for Croatia's CERT, first discovered the hodgepodge of hacks on Wednesday. The earliest findings of EternalRocks goes all the way back to May 3, he wrote in a description on GitHub.

EternalRocks uses EternalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch and SMBTouch -- all tools leaked by the Shadow Brokers. Stampar said he found the packed hack after it infected his honeypot, a trap set to monitor incoming malware.

The majority of the tools exploit vulnerabilities with standard file sharing technology used by PCs called Microsoft Windows Server Message Block, which is how WannaCry spread so quickly without being noticed. Microsoft patched these vulnerabilities in March, but many outdated computers remain at risk.

Unlike WannaCry, which alerts victims they've been infected through ransomware, EternalRocks remains hidden and quiet on computers. Once in a computer, it downloads Tor's private browser and sends a signal to the worm's hidden servers.

Then, it waits. For 24 hours, EternalRocks does nothing. But after a day, the server responds and starts downloading and self-replicating. That means security experts who want to get more information and study the malware will be delayed by a day.

"By delaying the communications the bad actors are attempting to be more stealthy," Michael Patterson, CEO of security firm Plixer, said in an emailed statement. "The race to detect and stop all malware was lost years ago."

It even names itself WannaCry in an attempt to hide from security researchers, Stampar said. Like variants of WannaCry, EternalRocks also doesn't have a kill-switch, so it can't be as easily blocked off.

For now, EternalRocks remains dormant as it continues to spread and infect more computers. Stampar warns the worm can be weaponized at any time, the same way that WannaCry's ransomware struck all at once after it had already infected thousands of computers.

Because of its stealthy nature, it's unclear how many computers EternalRocks has infected. It's also unclear what EternalRocks will be weaponized into. Plixer said the worm could be immediately turned into more ransomware or trojan attacks for banking.

The NSA has been widely criticized for holding onto these exploits without warning the companies involved. On Wednesday, Congress introduced a bill that would force the government to hand over its cyber arsenal to independent review boards.

The NSA didn't immediately respond to a request for comment.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.

Continue reading here:
'Doomsday' worm uses seven NSA exploits (WannaCry used two) - CNET