Archive for the ‘NSA’ Category

NSA Halts Collection of Americans’ Emails About Foreign Targets – New York Times


New York Times
NSA Halts Collection of Americans' Emails About Foreign Targets
New York Times
Senator Ron Wyden, an Oregon Democrat who has long been a critic of N.S.A. surveillance, said that he would introduce legislation codifying the new limit. The law that authorizes the program, the FISA Amendments Act, is up for renewal at the end of 2017.
NSA to stop collecting some internet communicationsCNBC
NSA ends controversial collection of Americans' emails that mention foreign targetsTechCrunch
The NSA will stop reading American emails that mention intelligence targetsThe Verge
CNET -The Atlantic -KUAR
all 40 news articles »

View post:
NSA Halts Collection of Americans' Emails About Foreign Targets - New York Times

Who Is Publishing NSA and CIA Secrets, and Why? – Lawfare – Lawfare (blog)

There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.

Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA.

Three: in March, NSA Deputy Director Richard Ledgett describedhow the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more explicitly, a U.S.allymy guess is the U.K.was not only hacking the Russian intelligence agency's computers, but also the surveillance cameras inside their building. "They [the U.S. ally] monitored the [Russian] hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said."

Countries don't often reveal intelligence capabilities: "sources and methods." Because it gives their adversaries important information about what to fix, it's a deliberate decision done with good reason. And it's not just the target country who learns from a reveal. When the U.S. announces that it can see through the cameras inside the buildings of Russia's cyber warriors, other countries immediately check the security of their own cameras.

With all this in mind, let's talk about the recent leaks at NSA and the CIA.

Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking tools and documents from about three years ago. They continued to do so this yearfive sets of files in alland have implied that more classified documents are to come. We don't know how they got the files. When the Shadow Brokers first emerged, the general consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that the NSA's TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This matched the leaks, which included a "script" directory and working attack notes. We're not sure if someone inside the NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky.

That explanation stopped making sense after the latest Shadow Brokers release, which included attack tools against Windows, PowerPoint presentations, and operational notesdocuments that are definitely not going to be on an external NSA staging server. A credible theory, which I first heard from Nicholas Weaver, is that the Shadow Brokers are publishing NSA data from multiple sources. The first leaks were from an external staging server, but the more recent leaks are from inside the NSA itself.

So what happened? Did someone inside the NSA accidentally mount the wrong server on some external network? That's possible, but seems very unlikely. Did someone hack the NSA itself? Could there be a mole inside the NSA, as Kevin Poulsen speculated?

If it is a mole, my guess is that he's already been arrested. There are enough individualities in the files to pinpoint exactly where and when they came from. Surely the NSA knows who could have taken the files. No country would burn a mole working for it by publishing what he delivered. Intelligence agencies know that if they betray a source this severely, they'll never get another one.

That points to two options. The first is that the files came from Hal Martin. He's the NSA contractor who was arrested in August for hoarding agency secrets in his house for two years. He can't be the publisher, because the Shadow Brokers are in business even though he is in prison. But maybe the leaker got the documents from his stash: either because Martin gave the documents to them or because he himself was hacked. The dates line up, so it's theoretically possible, but the contents of the documents speak to someone with a different sort of access. There's also nothing in the public indictment against Martin that speaks to his selling secrets to a foreign power, and I think it's exactly the sort of thing that the NSA would leak. But maybe I'm wrong about all of this; Occam's Razor suggests that it's him.

The other option is a mysterious second NSA leak of cyberattack tools. The only thing I have ever heard about this is from a Washington Post story about Martin: "But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not thought to have shared the material with another country, the official said." But "not thought to have" is not the same as not having done so.

On the other hand, it's possible that someone penetrated the internal NSA network. We've already seen NSA tools that can do that kind of thing to other networks. That would be huge, and explain why there were calls to fire NSA Director Mike Rogerslast year.

The CIA leak is both similar and different. It consists of a series of attack tools from about a year ago. The most educated guess amongst people who know stuff is that the data is from an almost-certainly air-gapped internal development wikia Confluence serverand either someone on the inside was somehow coerced into giving up a copy of it, or someone on the outside hacked into the CIA and got themselves a copy. They turned the documents over to WikiLeaks, which continues to publish it.

This is also a really big deal, and hugely damaging for the CIA. Those tools were new, and they're impressive. I have been told that the CIA is desperately trying to hire coders to replace what was lost.

For both of these leaks, one big question is attribution: who did this? A whistleblower wouldn't sit on attack tools for years before publishing. A whistleblower would act more like Snowden or Manning, publishing immediatelyand publishing documents that discuss what the U.S. is doing to whom, not simply a bunch of attack tools. It just doesn't make sense. Neither does random hackers. Or cybercriminals. I think it's being done by a country or countries.

My guess was, and is still, Russia in both cases. Here's my reasoning. Whoever got this information years before and is leaking it now has to 1) be capable of hacking the NSA and/or the CIA, and 2) willing to publish it all. Countries like Israel and France are certainly capable, but wouldn't ever publish. Country like North Korea or Iran probably aren't capable. The list of countries who fit both criteria is small: Russia, China, and ... and ... and I'm out of ideas. And China is currently trying to make nice with the US.

Last August, Edward Snowden guessed Russia, too.

So Russiaor someone elsesteals these secrets, and presumably uses themto both defend its own networks and hack other countries while deflecting blame for a couple of years. For it to publish now means that the intelligence value of the information is now lower than the embarrassment value to the NSA and CIA. This could be because the US figured out that its tools were hacked, and maybe even by whom; which would make the tools less valuable against U.S. government targets, although still valuable against third parties.

The message that comes with publishing seems clear to me: "We are so deep into your business that we don't care if we burn these few-years-old capabilities, as well as the fact that we have them. There's just nothing you can do about it." It's bragging.

Which is exactly the same thing Ledgett is doing to the Russians. Maybe the capabilities he talked about are long gone, so there's nothing lost in exposing sources and methods. Or maybe he too is bragging: saying to the Russians that he doesn't care if they know. He's certainly bragging to every other country that is paying attention to his remarks. (He may be bluffing, of course, hoping to convince others that the U.S. has intelligence capabilities it doesn't.)

What happens when intelligence agencies go to war with each other and don't tell the rest of us? I think there's something going on between the US and Russia that the public is just seeing pieces of. We have no idea why, or where it will go next, and can only speculate.

Original post:
Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare - Lawfare (blog)

Appeals to NSA college expansion could be coming – Moscow-Pullman Daily News

While the Moscow Board of Adjustment approved New Saint Andrews College's conditional use permit application to allow the college to expand into the former Cadillac Jack's building on North Main Street, an appeal to the board's decision could be imminent.

Moscow's assistant community development director, Mike Ray, said his office has already fielded a number of calls and emails asking about the appeal process, and he anticipates an appeal will be made. The appeal period, which starts Tuesday, will last 10 days, meaning any objections must be filed by May 11.

Ray said the Board of Adjustment will meet at 5:30 p.m. Monday in the council chambers at City Hall to approve a relevant criteria and standards document, which will reflect the board's Tuesday decision, and finalize the conditional use permit's approval. Afterward, appeals can be filed by anyone.

To appeal, the appellant is required to submit a letter to the city stating his or her reasons for the appeal and to pay a $220 appeal fee, Ray said.

The City Council would then address the appeal. No new public testimony would be allowed at that time except for comments from the appellant, Ray said. The councilors would also refer to Tuesday night's Board of Adjustment meeting for information. Ray said the City Council would be allowed to sustain the Board of Adjustment's decision, reverse the board's decision or remand the decision back to the Board of Adjustment.

The CUP would allow NSA to convert the former CJ's building at 112 N. Main St. into a music conservatory. It would be allowed a maximum enrollment of 300 full-time equivalent students and 44 full-time equivalent faculty and staff. The facility would include five classrooms/studios, nine offices, a multi-purpose room, a student lounge and a music conservatory with seating for 680 occupants, according to the Board of Adjustment packet for Tuesday night's meeting.

NSA President Benjamin Merkle said 165 students are enrolled at the college's existing campus on Main Street.

The board approved the conditional use permit with two conditions related to parking that city staff recommended. NSA must provide 47 off-street parking spaces within approximately half of a mile of the property, subject to the approval of the zoning administrator.

NSA will be allowed to phase in the off-street parking requirement by providing 50 percent of the required parking mitigation upon occupancy of the building and the remainder when NSA's enrollment reaches 150 students, or five years from the date of the issuance of the Certificate of Occupancy of the building, whichever comes first.

Moscow Mayor Bill Lambert said he is fine with the private Christian college expanding downtown and he is happy someone plans to use the former CJ's building again. He said the proposed expansion is an emotional issue on both sides.

"It's a good use of the building as far as I'm concerned," Lambert said.

He said parking seemed to be the biggest concern and the Board of Adjustment appeared to address that with its conditions.

"I think they've been good for downtown businesses ... for restaurants and places like that," Lambert said of NSA students.

Some residents said Tuesday night that they believed colleges belong outside the Central Business Zoning District, but Lambert said he does not have a problem with allowing educational institutions downtown. He said NSA is a small school, unlike the University of Idaho.

City Councilman John Weber said his only conflict with the proposed expansion is that the former CJ's building might not be subject to property taxes. He said he would prefer to see a business that would be required to pay property taxes to occupy the building.

"Every year we're fighting the budget as all towns do and I would like to see more commercial development that pays property taxes and things like that," Weber said. "So it can be beneficial to the town as far as infrastructure and things like that."

Alyssa Hartford, Latah County senior residential appraiser, said NSA owns two buildings downtown. One of them, which fronts Friendship Square at 109 W. Fourth St., is partially exempt from property taxes since a portion of the building includes a restaurant. The other building at 409 S. Main St. is fully exempt from property taxes because it is used for educational purposes, Hartford said.

She said if NSA expanded to North Main Street, it would possibly qualify for a property tax exemption. The school could file as a property used for school or educational purposes and submit its application to the Board of County Commissioners, which would make a decision.

See the original post here:
Appeals to NSA college expansion could be coming - Moscow-Pullman Daily News

NSA Makes Pitch For Section 702 Approval While Its 702 Requests Aren’t Being Approved By The Court – Techdirt

Section 702 -- the statute that allows the NSA to collect internet communications and data in bulk -- is up for renewal at the end of this year. The NSA, thanks to Ed Snowden, faced more of an uphill battle than usual when renewing Section 215 (bulk metadata collections). For the first time in its existence, the NSA ended up with a compromise (the USA Freedom Act), rather than a straight renewal.

The Intelligence Community appears to be trying to get out ahead of straight renewal opponents. The Office of the Director of National Intelligence has released a Section 702 Q&A at millennial watering hole Tumblr. By returning its own soft serve questions with canned talking points, the ODNI is hoping to show just how lawful its upstream collection is.

It also hopes to obscure something that's been around since the 2008 FISA Amendments Act: backdoor searches. Other government agencies have had the ability to peruse the NSA's collections, which were ostensibly gathered solely for national security use. The FBI is the most frequent backdoor searcher, seeing as it has rebranded as a counterterrorism unit over the past several years, which has allowed it to expand its surveillance capabilities and increase exploitation of the NSA's data stores.

The ODNI's Q&A document sort of admits this, but tries to downplay the implications of allowing a domestic law enforcement agency free access to national security-focused surveillance intake.

The governments minimization procedures restrict the ability of analysts to query the databases that hold raw Section 702 information (i.e., where information identifying a U.S. person has not yet been minimized for permanent retention) using an identifier, such as a name or telephone number, that is associated with a U.S. person. Generally, queries of raw content are only permitted if they are reasonably designed to identify foreign intelligence information, although the FBI also may conduct such queries to identify evidence of a crime. As part of Section 702s extensive oversight, DOJ and ODNI review the agencies U.S. person queries of content to ensure the query satisfies the legal standard. Any compliance incidents are reported to Congress and the FISC.

It still sort of sounds like a backdoor search, even with supposed strict oversight, but the ODNI adds a footnote claiming it isn't:

Queries of Section 702 data using U.S. person identifiers are sometimes mischaracterized in the public discourse as backdoor searches.

Oh, that crazy "public discourse." Won't it get anything right? Here's Emptywheel's Marcy Wheeler to explain what the ODNI won't.

While its true that NSA and CIA minimization procedures impose limits on when an analyst can query raw data for content (but not for metadata at CIA), thats simply not true at FBI, where the primary rule is that if someone is not cleared for FISA themselves, they ask a buddy to access the information. As a result and because FBI queries FISA data for any national security assessment and with some frequency in the course of criminal investigations. In other words, partly because FBI is a domestic agency and partly because it has broader querying authorities, it conduct a substantial number of queries as opposed to the thousands done by CIA.

Wheeler goes on to point to the Privacy and Civil Liberty Oversight Board's (RIP) report on Section 702 as evidence of this common FBI practice. While the PCLOB mostly punted on Section 702, finding it to be less blatantly-unconstitutional than the Section 215 program, it still found the FBI perused raw NSA collections quite frequently, both for foreign intelligence information and evidence of criminal activity. The PCLOB was unable to assess how frequently these "none dare call it a backdoor" searches occurred because the FBI has no way of tracking how often it dips into the NSA's collections. With no data and no reporting, it's pretty disingenuous to claim there's effective oversight over the Section 702 program.

Marcy Wheeler also noticed something unusual in the brand new FISC Section 702 report -- newly-required by the USA Freedom Act. According to the numbers released by the FISA Court, zero 702 applications were approved in 2016.

Wheeler points out the process for Section 702 approval runs much like that of Section 215, with applications either being approved by the FISA court or sent back for fixes. Once approved, extensions can be requested, but only for up to 60 days at a time. As she notes, the last 702 submission wouldn't have been able to coast through 2016 without a renewal.

The prior approval before last year was November 6, 2015, so it would only have had to have been extended 2 months to get into this year. So that seems to suggest there was at least a three month (application time plus extension) delay in approving the certifications for this year.

Note, too, that the report shows the only amicus appointed last year was Marc Zwillinger for a known PRTT application, so this hold up wasnt even related to an amicus complaint.

In any case, this may reflect significant issues with 702.

The Snowden documents -- along with some from other unidentified leakers -- generated far more scrutiny of Section 702 than the NSA has ever experienced. It's not tough to imagine at least a couple of FISA judges being surprised with the scope of what they were approving. The number of submissions is redacted, but the footnote attached makes it clear the government submitted more than one application. This span with zero approvals dates back to the middle of last year, so it's been a bit of a dry run for the NSA.

The NSA has run into issues before with Section 702, the last time being in 2011, when the FISA court found the "upstream collection" of internet data to be "deficient on constitutional and statutory grounds." The NSA obtained extensions and apparently modified the order until it reached the FISA court's standards. This long delay between approvals could suggest the NSA is back in constitutionally-deficient waters, which definitely isn't where it wants to be as the program heads for renewal.

See the article here:
NSA Makes Pitch For Section 702 Approval While Its 702 Requests Aren't Being Approved By The Court - Techdirt

NSA blimp spied on US citizens – TRUNEWS

April 26, 2017

An NSA spying blimp known as the Hover Hammer was seen by several residents of Maryland, according to The Intercept.

To residents of Maryland, catching an occasional glimpse of a huge white blimp floating in the sky is not unusual. For more than a decade, the military has used the state as a proving ground for new airships destined for Afghanistan or Iraq. But less known is that the test flights have sometimes served a more secretive purpose involving National Security Agency surveillance.

Back in 2004, a division of the NSA called the National Tactical Integration Office fitted a 62-foot diameter airship called the Hover Hammer with an eavesdropping device, he continued, adding that The agency launched the three-engine airship at an airfield near Solomons Island, Maryland.

From there, the blimp was able to vacuum up international shipping data emanating from the Long Island, New York area,' Gallagher explained, citing a classified document published on Monday. The spy equipment on the airship was called Digital Receiver Technology a proprietary system manufactured by a Maryland-based company of the same name which can intercept wireless communications, including cellphone calls.

The report continuedby saying, Unsurprisingly, privacy groups have expressed concerns about the prospect of the blimps being used domestically to spy on Americans. However, military officials have often been quick to dismiss such fears.

TRUNEWS copy/TRUNEWS analysis

Donate Today!

We believe Christians need and deserve their own global news network to keep the worldwide Church informed, and to offer Christians a positive alternative to the anti-Christian bigotry of the mainstream news media

See more here:
NSA blimp spied on US citizens - TRUNEWS