Archive for the ‘NSA’ Category

5G Summit panel optimistic about industry meeting December deadline for 5G NSA – FierceWireless

The industry, namely 3GPP, has a lot of work to do if its going to meet the December 2017 deadline to finalize the specifications for Non-Stand Alone (NSA) 5G New Radio (NR), but participants in a panel appearing at the Brooklyn 5G Summit seem to think its achievable.

A member of the audience, who is thoroughly involved in the 3GPP standards debates, cited challenges around the radio side and very specific items, saying hes concerned there are major problems to be solved before the end of the year and not enough time to address them. He asked the panel, which included representatives from AT&T, Deutsche Telekom, NTT DoCoMo, KT and Intel, if they share those concerns or think it will all magically sort itself out.

Theres always a concern, said Dave Wolter, assistant VP, Radio Technology & Architecture at AT&T. We share those concerns, we talk with our vendors, we talk with other service providers and the feeling right now, I think you saw that going into the last 3GPP meeting where we had, I think it was 22 companies sign onto the acceleration, the feeling is it can get done. At this point, Id leave it to my standardization colleagues to really address some of the specifics, but I think at this point I have to trust that theyre going to get there and well be doing the testing to ensure that it does, along the way, and well have to adjust as required, but Im cautiously optimistic.

Ken Stewart, senior fellow at Intel, said RAN 4, the radio performance group, to some extent is the victim of the other groups inside the 3GPP because they have to define in many ways the fundamental performance requirements that devices and base stations, to some extent, live up to. The workload on that group over the next 12 months will be extraordinary, Stewart said.

There may be ways to reduce the load, but my personal view is it will require all of the skill of all the delegates who have been in the group for many years to get the job done. It will be a very significant task, but with pragmatism, its just about achievable, he said, adding with a smile to the audience member who posed the question: I want to thank you right now for all the work youre going to be doing over the next 12 months.

Related: Controversial plan to accelerate 5G NR timeline gets OK in 3GPP

After months of debate, the 3GPP agreed last month to accelerate some elements in the 5G NR timeline, and for AT&T, that means it will be able to launch standards-based mobile 5G services starting as early as late 2018. That was announced last month by Andre Fuetsch, president, AT&T Labs and CTO, and when Fuetsch talks about delivering something in that kind of timeframe, we take that as a command to make it happen before 2018 is over, Wolter said during his keynote at the Summit on Thursday.

Related: AT&T moves needle on standards-based 5G to late 2018

A number of things have to be addressed and decided, including MIMO transmit schemes, for the industry to meet its goals for 5G.

Its a pretty aggressive list, so were all going to have to kind of buckle down as an industry and really work hard to make sure that we can get this done, but we think thats really going to pay off in much earlier equipment availability that is NR based, Wolter said.

AT&T is prioritizing the NSA version as opposed to the stand-alone (SA) version in part because weve got a lot of LTE out there, and there isnt going to be widespread 5G coverage for a while, he said.

Plus, in the U.S., there hasnt been new spectrum that has been allocated that the industry can use for 5G with the possible exception of 3.5 GHz. That CBRS band, however, has some rules that dont make it terribly attractive for a base 5G layer. The FCC is taking another look at some of those rules around the licensing structure, and that may change, he said. If that licensing structure changes, we may find that the 3.5 GHz band is a good band for us to be looking at, and it goes from 3.55 to 3.7 GHz.

In general for millimeter wave spectrum, AT&T will be relying heavily on 39 GHz spectrum since Verizon pretty much snapped up a lot of the 28 GHz and AT&T is making some key acquisitions for 39 GHz, but it still will probably be doing some things at 28 GHz.

Read more from the original source:
5G Summit panel optimistic about industry meeting December deadline for 5G NSA - FierceWireless

FBI, NSA call for further testimony on Trump-Russia investigation – Washington Times

Ramping up their Congressional investigation into alleged Russian meddling in the 2016 election, lawmakers have invited directors of the FBI and National Security Agency to testify again, in addition to expressing a desire to hear from the Obama administrations top intelligence officials.

House Intelligence Committee Chairman Rep. Mike Conaway has invited FBI Director James Comey and National Security Advisor Adm. Mike Rogers to appear at a closed hearing on May 2.

Former CIA Director John Brennan, Director of National Intelligence James Clapper and former Deputy Attorney General Sally Yates have been requested to provide public testimony after May 2.

Last month, during the House Committees first public hearing, Mr. Comey confirmed his agency has been investigating alleged Russian interference in the 2016 election.

Last October, in the heat of the presidential election, the Obama administration formally accused the Kremlin of stealing and disclosing emails from the Democratic National Committee. At the time, Mr. Clapper issued a statement detailing how leaked DNC emails were intended to interfere with the U.S. election process.

Both the Kremlin and the Trump administration insist there is no evidence of Trump-Russia collusion.

Ms. Yates, while serving as at the acting attorney general at the start of the year, battled with the White House over the legality of Mr. Trumps executive order banning certain immigrants and refugees. She questioned the legitimacy of the executive order and Mr. Trump fired her.

See the rest here:
FBI, NSA call for further testimony on Trump-Russia investigation - Washington Times

Alleged NSA hack of Swift service bureau revives ‘back door’ debate – Information Management

Reports that the National Security Agency infiltrated bank servers through a Swift service bureau highlight a recurring concern for financial institutions about the unintended consequences of U.S. government snooping.

The leaks that came out late last week from a hacking collective called Shadow Brokers indicate that the NSA exploited vulnerabilities in Microsoft Windows systems to break into servers at EastNets, a Dubai company that provides outsourced Swift connectivity to 260 financial institutions and corporations.

From there, Shadow Brokers documents suggest, the NSA was able to access computers used by some Middle Eastern bank members of Swift, the Society for Worldwide Interbank Financial Telecommunication. The NSAs goal, according to The New York Times, was to track money movements and thereby gain insight into potential terrorist groups or government officials.

The most immediate danger for U.S. banks (and any Windows user, for that matter) that the weaknesses in Microsoft code still exist, rendering every internet-connected computer running Windows open to hacking has passed. Microsoft said patches for all the vulnerabilities were issued more than a month ago, so any company that is up to date on Windows patching is safe from these.

But the U.S. governments insistence on using so-called back doors to access financial and customer information remains a concern. The same tools the NSA uses to prop open doors to such information could be used by cybercriminals and nation-states with more sinister motives. And it also raises privacy issues for companies and consumers that dont want the government watching their every move.

Governments are constantly going after different networks for espionage and national security purposes, said John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center, an industry trade group. Thats a reality we recognize.

The NSA headquarters in Fort Meade, Maryland. A financial industry cybersecurity trade group is "asking for clarification" from the agency about undisclosed software vulnerabilities it may be exploiting.The FS-ISAC, whose more than 7,000 financial services members share information with each other about cyberthreats, does not have an official position on whether the NSA should be using back doors for this type of monitoring, but Carlson noted the instabilities this kind of activity causes.

We would want the government to disclose zero days a type of vulnerability in software "so those can be fixed and mitigated, he said. Theres been dialogue in the past about governments buying up zero days so they can use them for espionage and national security purposes; that puts information at risk.

Asked if the FS-ISAC was talking to the NSA about this, Carlson said: Were asking for clarification. We havent gotten answers. (The spy agency did not respond to an email from American Banker requesting comment.)

Concerns about back doors came up last year when the FBI wanted Apple to give it a key to unlock all iPhones, ostensibly for the sole purpose of viewing the San Bernardino shooters calls. Apple refused, and the government found another way to unlock the phone.

It also arose in the financial industry two years ago when a startup software company called Symphony balked at providing regulators with a back door to the instant messages of its Wall Street clients. (They worked out an agreement through which a copy of all messages is kept by a third party.)

Traces of spyware

Shadow Brokers leaked a spreadsheet on Friday that indicates the NSA was able to access and infect with its spyware computers run by several bank clients of EastNets, including Qatar First Investment Bank, Tadhamon International Islamic Bank and Noor Islamic Bank.

Later the same day, EastNets issued a statement denying it had been hacked.

Reports of an alleged hacker-compromised EastNets Service Bureau network are totally false and unfounded, the company said in its press release. The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities.

The firm said its Swift service runs on a separate secure network that cannot be accessed over public networks.

The photos shown on Twitter, claiming compromised information, are about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013, EastNets stated. It said it can confirm that no customer data was compromised in any way.

EastNets continues to guarantee the complete safety and security of its customers' data with the highest levels of protection from its SWIFT certified Service bureau," Hazem Mulhim, CEO and founder of EastNets, said in the statement.

The hacking tools that Shadow Brokers said the NSA used to monitor the Middle Eastern banks also appear to be outdated. The group pointed to seven vulnerabilities in Microsoft Windows software that were used to break into servers.

In a blog post early Saturday, Microsoft said those vulnerabilities had all been patched more than a month earlier. (Deviating from its normal practice, Microsoft did not disclose who found the vulnerabilities. This has led to speculation about possible collusion between the NSA and Microsoft.)

Microsoft declined to comment further. EastNets could not line up an executive by deadline.

In a statement provided midday eastern time Monday, Swift said it has "no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.

Persistent vigilance

For now, the industry is watching this case closely.

Were still trying to understand the impact to the financial sector, said Carlson at the FS-ISAC.

We think the potential impact of the disclosures to this sector is relatively low but warrants attention," Carlson said. "Well be playing close attention to this.

Bankers, he said, should keep their systems up to date in the meantime.

Its very important to make sure all their systems are patched and that third-party providers patch their systems as well, Carlson said. There may be patches individual firms have not executed.

He also stressed the importance of having layered defense and redundant systems.

The biggest buzzword would be persistent vigilance, Carlson said. You have to be constantly vigilant about these kinds of threats. Adversaries will be looking to exploit any vulnerability out there and its up to firms to be constantly on guard, educating users on best way to defend the organization. Its part and parcel of our digital economy.

Penny Crosman is Editor at Large at American Banker.

Go here to see the original:
Alleged NSA hack of Swift service bureau revives 'back door' debate - Information Management

Trove of Stolen NSA Data Is ‘Devastating’ Loss for Intelligence Community – Foreign Policy (blog)


Foreign Policy (blog)
Trove of Stolen NSA Data Is 'Devastating' Loss for Intelligence Community
Foreign Policy (blog)
On Friday, the mysterious group known as the Shadow Brokers released a large number of sophisticated, refined capabilities most likely developed by some of the NSA's top hackers the Tailored Access Operations group, known as TAO. Those capabilities ...
What you need to know about that latest NSA data dumpRecode
Hacker Documents Show NSA Tools for Breaching Global Money Transfer SystemFortune
What Windows users should know about the latest bugs revealed by NSA leakersWashington Post
New York Times -TechNet Blogs - Microsoft -PCWorld -Medium
all 398 news articles »

Read the rest here:
Trove of Stolen NSA Data Is 'Devastating' Loss for Intelligence Community - Foreign Policy (blog)

Schiff advocates for NSA, Cyber Command split – The Hill

The top Democrat on the House Intelligence Committee is calling for the National Security Agency (NSA) to be split from U.S. Cyber Command.

Rep. Adam SchiffAdam SchiffSchiff advocates for NSA, Cyber Command split Schiff to Trump: End casual talk on North Korea Why an independent counsel is necessary in an election probe MORE (D-Calif.) on Wednesday said it would be wise to have separate leaders for the two organizations, pushing for a civilian head of the NSA during remarks at Columbia Law School in New York.

The Pentagon told The Hill earlier this year that it has startedassessingwhether it should split up the dual-hat leadership.

Those are two very big jobs housed under the same hat, Schiff said. I think we would be wise to split up those responsibilities.

Experts have noted that the split is likely to happen eventually, but have warned of the risks of separating them too quickly. Cyber Command was established at NSA headquarters in 2009 and has been largely dependent on the agency.

Schiff made the comments in response to a question of whether or not the federal government has the appropriate organization structure to be effective on cyber.

More generally, he said that the government is slow to keep pace with technology and indicated that there are organizational improvements to be made.

Were probably not structured how we should be, Schiff said, adding later, were always going to be chasing this.

See the original post:
Schiff advocates for NSA, Cyber Command split - The Hill