Archive for the ‘NSA’ Category

Microsoft says users are protected from alleged NSA malware – The Mercury News

PARIS Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet.

In a blog post , Microsoft security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code . The three others affected old, unsupported products.

Most of the exploits are already patched, Misner said.

The post tamped down fears expressed by some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsofts code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the companys massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsofts fixes, also called a patch, was only released last month.

I missed the patch, said British security architect Kevin Beaumont, jokingly adding, Im thinking about going to live in the woods now.

Beaumont wasnt alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning many servers will still be affected by these flaws.

Everyone involved recommended keeping up with software updates.

We encourage customers to ensure their computers are up-to-date, Misner said.

Go here to read the rest:
Microsoft says users are protected from alleged NSA malware - The Mercury News

NSA surveillance protested with mock prayers, chants | Newsday – Newsday

Exorcists wearing tinfoil hats and burning sage staged a faux purification ritual in Manhattans TriBeCa neighborhood Saturday outside a building that they said was an outpost used by the U.S. government to surveil everyday Americans phone calls, texts and internet usage.

About 50 chanters and passers-by who joined in wailed mock prayers in the direction of the 550-foot-tall windowless monolith at 33 Thomas St., an AT&T-owned building that reportedly has space for surveillance operations by the National Security Agency.

The Intercept, one of the main online news sites publishing leaks by government whistleblower Edward Snowden, has reported that the granite and concrete building appears to have long served as a surveillance site for the agency. The NSA has not confirmed the claims.

This building has eyes, and it is watching you! performer and activist Joe Therrien, 35, of Bedford Stuyvesant, Brooklyn, shouted from inside a pen that the NYPD set up on Church Street for protesters.

The harvested data is then made accessible, added his girlfriend, Sam Wilson, 37, a puppeteer and bartender, in a Google-like mass-surveillance system that the NSA employees use to search through huge quantities of data!

The couple took turns listing the kinds: internet browsing history, chats, passwords, and phone calls.

The NSA could not be reached for comment Saturday, but agency officials have defended bulk surveillance as the only way to thwart terrorist attacks like 9/11.

An AT&T building security guard, speaking through an intercom, told a reporter seeking comment, today being Saturday, we dont have anyone.

An AT&T spokesman didnt immediately return a message seeking comment Saturday, but told The Intercept in November: NSA representatives do not have access to any secure room or space within our owned portion of the 33 Thomas St. building.

Protest organizer Noah Harley, 33, of Ridgewood, Queens, a translator and musician, said the exorcism was designed to be presented in a playful way, in contrast with other protests.

Kill em with kindness, he said.

The spectacle drew tourists, some of TriBeCas midday brunch crowd and other passers-by, including Virginia Mott of Bay Ridge, Brooklyn, and her sister, Tiffiney Biorn, who was visiting from Minneapolis.

When asked about the exorcism event, the sisters began a discussing the surveillance program.

You dont care if the NSA listens to your phone calls? Mott, 29, asked Biorn, 25.

Biorn answered: If they want but I dont do anything.

Mott said she could see both sides of the debate there could be good, there could be bad.

Regardless, she said, the government should be as transparent as possible about its surveillance practices. I mean, if theyre listening to everybody, they can say that, and then we dont know who theyre listening to.

See more here:
NSA surveillance protested with mock prayers, chants | Newsday - Newsday

New leak shows how a major hacking group cracked Windows and international banks – The Verge

This morning, a new set of hacking tools was released by TheShadowBrokers group, revealing new techniques for hacking both Windows and certain financial networks.

Likely originating with the NSA, the tools give new clues as to the groups targets in recent years, which seem to include both international anti-money-laundering groups and oil companies in the Persian Gulf region. Some of the hacking tools were flagged by antivirus services as early as 2012, but experts believe the dump contains at least some undisclosed vulnerabilities for older versions of Windows. The leak also contains new attacks against the SWIFT banking network, used to transfer money internationally.

The files are mirrored on Github here, and researchers are already poring through the findings in a dedicated #shadowbrokers room on the Freenode IRC channel. A full list of the implants is available here.

TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes.

First emerging in August, the ShadowBrokers are believed to have stolen hacking tools from the NSA, with many analysts tracing the exploits to a compromised listening post used by the service to launch attacks remotely. Less is known about the ShadowBrokers themselves, although some have speculated the group may have ties to Russia.

Like previous drops, the data was accompanied by an enigmatic message in purposefully broken English. Is being too bad nobody deciding to be paying theshadowbrokers, one portion reads. TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes, an apparent reference to eccentric anti-virus mogul John McAfee.

The drop comes just days after an earlier drop of Unix-focused exploits on April 8th. Those files were accompanied by a short blog post taking President Trump to task for launching military strikes in Syria, among other recent actions. TheShadowBrokers voted for you, the post read. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you.

Read the rest here:
New leak shows how a major hacking group cracked Windows and international banks - The Verge

Apple’s Mac, iPad dodge an ugly new NSA hacker bomb targeting … – AppleInsider (press release) (blog)

By Daniel Eran Dilger Friday, April 14, 2017, 04:19 pm PT (07:19 pm ET)

As noted in a report by Lorenzo Franceschi-Bicchierai for Motherboard, the NSA tools were leaked by hacker group known as the "Shadow Brokers."

The package of exploits includes "Fuzzbunch," and easy-to-use hacking tool with basic instructions that even non-technical users could follow to gain control of PCs running multiple versions of Microsoft's Windows prior to the latest Windows 10, specifically Windows XP, Vista, 7 and 8 as well as server versions including NT, 2000, 2003, 2008 and 2012.

The report cited a former employee of the U.S. Department of Defense as saying "it's not safe to run an internet facing Windows box right now," and that the payload of exploits is "the worst thing since Snowden."

Motherboard previously cited comments from security architect Kevin Beaumont, who noted that "all of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."

According to web browser stats from NetMarketshare, only 25 percent of web users are using Microsoft's latest Windows 10 (which was released in the summer of 2015), while over 66 percent of active web users are using older versions of Windows that are vulnerable to the attacks launched by the released tools.

There are many Windows PCs that are connected to the Internet but do not generate web traffic--particularly back end servers and other utilitarian machines. A worm or virus could easily launch broad exploits at Windows users and find plenty of vulnerable machines to steal data from or recruit into global botnets of exploited PCs.

Microsoft has worked aggressively to upgrade users to Windows 10, but the vast majority of PCs worldwide remain stuck on older versions with known problems. The new cache of hacker tools makes it that much easier to exploit those users.

A spokesperson for Microsoft said that it is "reviewing the report and will take the necessary actions to protect our customers."

Apple's installed base of Macs and iPad users are not affected by exploits found in Windows (apart from Macs intentionally booted up into an old version of Windows by the owner). That's a feature Apple has long advertised for Macs, and has recently noted in its ads for iPad Pro.

In part, Apple's limited exposure to malware and exploits comes from its divergence from the monoculture of Windows (or Android) software, a sort of "security by obscurity," where the easiest to use hacking tools simply don't work because the platform isn't as easy to target as Windows PCs and Android devices are.

Apple's installed base of computer users has grown rapidly however. Horace Dediu of Asymco recently noted that there are about 100-150 million Macs in active use and an installed base of over 300 million iPads. That's about the same as the 400 million PCs in the installed base of Windows 10 that Microsoft cited at its Ignite conference last fall.

The difference is that there is at least another 400-600 million PCs that are running vulnerable versions of Windows. Apple also has an even larger installed base of iPhones, but most of those are updated.

So the larger reason why Macs and iOS devices are protected from the routine efforts to hack into Android and Windows is due to Apple's far faster ability to distribute new OS updates, which it does without cost. Apple's system update efforts have resulted in the majority of iOS users rapidly adopting the latest version and regular new patches between major updates.Macs and iOS devices are protected from the routine efforts to hack into Android and Windows due to Apple's far faster ability to distribute new OS updates

As of February 20th, Apple reports that 79 percent of iOS users are on the latest iOS 10, while another 16 percent are on iOS 9, both of which are at least as recent as Microsoft's Windows 10.

Apple does not appear to report macOS version adoption figures, but Go Squared reports that 44 percent of Macs are using the latest macOS Sierra while another 21 percent are on macOS El Capitan, both of which (65 percent total) are as new as Windows 10. The same site reports adoption of Windows 10 at 49 percent, with a nearly equal number still on Windows 7.

The same site reports that 89 percent of iOS users are on the newest iOS 10, as of April.

Google notes that as of April, only 4.9 percent of devices actively accessing Google Play are using the latest Android 7 Nougat, and only another 31 percent are on 2015's Android 5 Marshmallow, released alongside iOS 9. The majority of its active users are on versions of Android older than that, most of which will never be updated. Users in other regions, particularly China, are much less likely to use Google Play and even less likely to be updated to recent versions of the OS.

Here is the original post:
Apple's Mac, iPad dodge an ugly new NSA hacker bomb targeting ... - AppleInsider (press release) (blog)

Inside the NSA’s CDX, a high-tech competition pitting cadets against … – CyberScoop

Professional hackers from the NSA, U.S. Cyber Command and foreign militaries are launching a barrage of simulated cyberattacks this week as part of a training exercise to help teach students at the service academies for the Navy, Army, Coast Guard, U.S. Merchant Marine and Canadian Royal Military how to better defend sensitive computer networks.

The annual NSA-led event, named the Cybersecurity Defense Exercise, or CDX, brings together rising talent with seasoned cyber-warriors in a simulated war games environment, where the undergraduatesmust monitor, identify and ultimately defend against a wide array of remote computer intrusions.

The intrusions themselves are engineered with open-source, commercially available exploits and other hacking tools. We dont use anything homegrown, said CDX Technical Lead James Titcomb, a full-time NSA employee in the spy agencys information assurance directorate.

We dont hit them with anything on the level of a nation-state, Titcomb said. The idea is that they should at least know how to defend against these [attacks].

Each academy competes with the othersto see which can best defend its own respective network while simultaneously ensuring that it is resilient and reliable for authenticated users.

Thursday marks the fourth day of the five-day tournament.

The exercise consists of four total cells the attackers red cell, defenders blue cell, a white cell of referees and grey cell meant to represent active, neutral users relying on the networks being protected by the cadets and midshipmen. In a real-world scenario, the grey cell may represent a military unit using a communications channel that could be hacked.

Referees closely monitor the competition and are responsible for awarding points and penalizing teams if they break a strict set of predetermined rules.

Participants are working this week from computer labs based across the country, while the attacking team, or red cell, and competition administrators, operate from a high-tech facility in Columbia, Maryland a short drive away from the secretive spy agencys main headquarters at Fort Meade Army Base.

A total of more than 70 graduate and undergraduate military service academy students are involved in the 2017 CDX.

Each year, the competition offers a set of separate challenges that aredivided from the larger red team/blue team exercise. For 2017, those challenges include completing tasks related to offensive hacking, malware analysis, host forensics and defending an unmanned aerial vehicle from being compromised. Graduate-level students can also compete in two other, exclusive challenges that were established to test the ability of participants to protect data as its being transmitted between a computer, unmanned ground vehicle and small space satellite.

The simulated UAV challenge is a recent addition to the competition, organized by the Air Force Research Lab. The goal for students is to establish a secure, unbreakable communications link between their drone and its corresponding control console, explained the labs Sam Allen. As of Wednesday afternoon though, nearly all of the drones defended by the cadets had been taken over by the red cell, Allen said.

Founded in 2002, the CDX has grown and steadily evolved to match the cyber-workforce needs of the Defense Department. From a planning perspective, the competitions inclusion of a UAV, and the more recent, UGV and space satellite cyber defense challenges is reflective of how the U.S. government is broadly thinking about emerging threats.

In 2017, for the first time, a small group of undergraduates are also participating in the red cell component of the competition a move that Titcomb said will simultaneously teach cadets how to develop more effective defensive measures.

One of the few undergraduates who was supporting the Maryland-based red team spoke with CyberScoop about his CDX experience.

These guys are on a whole other level to what we do. Just being able to look over their shoulder this week has been a really great opportunity for us, said 20-year-old U.S. Military Academy student Connor Eckert. Talking to a lot of the NSA guys here, it has really opened my eyes to how much the civilian side is involved, its not just the military for cyber.

[A career in the NSA] could open up some doors for me after my time in service to do this sort of thing on an ongoing basis, said Eckert.

After graduation and the completion of their respective service requirements, its not uncommon for former CDX participants like Eckert to join the U.S. intelligence community.

Even so, Titcomb said that the competition was never designed to specifically recruit individuals to the NSA. The underlying objective, he said, is to develop talent across the various military branches.

Read this article:
Inside the NSA's CDX, a high-tech competition pitting cadets against ... - CyberScoop