Archive for the ‘NSA’ Category

Here’s how to tell if your web traffic travels through an NSA listening point – The Daily Dot

If youve ever wondered whether the National Security Agency (NSA) is monitoring your internet activity at any given moment, theres now an app for that.

A Canadian project by Internet Exchange Maps, called IXmaps, tracks the internet exchange points your information passes through. These points are buildings where your information passes along a wire and can be collected by the NSA.

Yes, a physical wire. Though we generally think of the internet as a cloud, all of our data travels along large wires and data points before it gets to its destination. Since our data travels through these wirescalled traceroutesits much easier for the NSA to intercept, track, and store it for whatever means the agency finds necessary. Its highly likely the NSA has listening posts at traceroute-connected buildings in New York and Utah.

IXmaps allows you to see if your web traffic passes through one of these suspected listening posts.

Screengrab via IXmaps

Per the U.S. Constitution, U.S. citizens are granted a certain amount of internet privacy. These rights protect citizens from the tyrannical seizure of information collections from internet data. Whether or not those rights are acknowledged in NSA tracking is a different story, though, given the documents leaked by Edward Snowden.

For non-U.S. citizens, though, theres absolutely no protection and no boundaries for what the NSA can collect. IXmaps is a Canadian project, originally created to help Canadian citizens map their internet data. The Canadian constitution provides similar privacy protections to its citizens.

For financial and political reasons, many Canadian internet routes pass across the border into the U.S.a phenomenon known as boomerang routingbefore going back into Canada to its original destination. Since Canadian citizens have no privacy rights in the U.S., their data is often collected and stored without question.

IXmaps recently went public again after undergoing a redesign, and its working to expand its maps to across the globe, but that depends on individuals tracking and submitting their own traceroutes to the database.

H/T Motherboard

See the original post here:
Here's how to tell if your web traffic travels through an NSA listening point - The Daily Dot

Closed House intel hearing with Comey and NSA cancelled – TRUNEWS

March 28, 2017

The spokesman for House Intel Chairman Devin Nunes says Tuesdays close door session with FBI Director James Comey is cancelled

(WASHINGTON, DC) The U.S. House of Representatives Intelligence Committee will not hold on Tuesday a closed briefing with the directors of the FBI and National Security Agency, a spokesman for the committee's Republican chairman said on Monday.

Representative Devin Nunes, the committee's chairman, last week said he cancelled a public hearing on the committee's investigation of Russian influence on the 2016 election because it was necessary to hold the closed session with Federal Bureau of Investigation Director James Comey and NSA Director Mike Rogers.

"Director Comey and Adm. Rogers could not come in tomorrow as wed hoped, so the Committee will continue to try to schedule a time when they can meet with us in closed session," Jack Langer, a spokesman for Nunes, said in a statement.

CNN reports that though Mr. Nunes cancelled the Tuesday close door meeting, he still plans to hold a private briefings with FBI Director James B. Comey and National Security Agency Director Mike Rodgers in the near future.

Reuters copy, TRUNEWS contribution

Donate Today!

We believe Christians need and deserve their own global news network to keep the worldwide Church informed, and to offer Christians a positive alternative to the anti-Christian bigotry of the mainstream news media

Go here to read the rest:
Closed House intel hearing with Comey and NSA cancelled - TRUNEWS

CIA’s internal hacking tools rival those of the NSA – BetaNews

Debate and discourse around WikiLeaks announcement about a series of leaks from the CIA continue unabated.Codenamed "Vault 7," WikiLeaks claims this is the largest classified information leak to have come from the CIA to date.Added to that, only one percent of documents have been made public so far.

From the leaked documents its become clear that the CIA has created its own internal hacking capabilities to rival that of the NSA.It may be more tactical than strategic --but with exploit sets including Android, IoS, Samsung TVs, Linux, Mac, zero day attacks and more, it could certainly give the NSA a run for its money.

Whats particularly interesting is the sheer enormity of the resources invested by the CIA.WikiLeaks reports:

"By the end of 2016, the CIA's hacking division [...] had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other 'weaponized' malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

Whats the target?

The answer is simple -- pretty much everything that connects to the Internet. Of all the tools uncovered by WikiLeaks, Fine Dining is the one thats grabbed my attention. The name sounds like a tasty supper, but it isnt; in fact, its rather more sinister than that.It aims to provide CIA field agents who already have insider access to a target organization with hacked versions of well-known apps that they can run as a decoy, to act as a cover for data-sniffing tools that run in the background at the same time.Why is this important?Because it shows that the agency is capable of breaking into a range of devices including smartphones, TVs and chat apps and tampering with their security libraries to bypass the encryption.

Surely this makes us more secure, not less?

Not really... it simply means the attack surface from compromised phones and systems has increased exponentially --not only the CIA but also cybercriminals and other motivated entities. I readily accept that an intelligence agency is gathering intel -- and kudos to them for working to catch up with the times and investing in the right areas.What is concerning is that these toolsets are proliferating, increasingly used by governments to monitor citizens, and that more aggressive and invasive variations will result from either a release of the sources or even from clues in these documents.

The average user has no way to know if they're compromised, and even sophisticated users need to expend some effort to know. More technical details may come, but, for now, how do you know if the CIA is watching you?You don't. And to be fair it is not only the CIA you need to be worried about. All major world governments are after the bad guys for obvious reasons and their citizens for not so obvious reasons.

The silver lining?

The fact that Julian Assange has publicly stated that Wikileaks will share exploit details with the impacted vendors is a positive step (even though he has since issued demands to be met first). However, in a recent Twitter tweet survey 57 percent of the participants (out of about 52.5 thousand participants) agreed that Wikileaks should work directly with the tech vendors. The gist of Wikileaks conditions, while unclear, point to their desire to secure a 90-day deadline for vulnerability disclosure and patching.

However, whatever the reason is behind Mr Assanges demands, this prolongs the existence of unaddressed security issues that expose both businesses and individuals. If the goal is to ensure resolution of the issues found in the leaked documents, it might be better to go public with his demands and pressure the vendors that way.

Whats the impact?

On the public policy front, this Wikileak points to the increasing erosion of public safety. Despite having these tools at hand, world governments (US, UK, Germany) continue to push for encryption back doors. Equation Groups leak (NSA) late 2016 and this latest CIA leak once again prove all organizations have their OpSec issues.Backdoors, once discovered, work just as well for foreign spies, cyber-criminals and script kiddies.

Vigilance remains the default position

Todays reality is that we are being hacked and are subject to surveillance by legitimate and illegitimate entities.Their tool sets are improving, and policy makers are doing little to provide protection. We cant control most external factors, but we can mature our security awareness. For example, on the business side the traditional program content could be extended to cover employees personal technology decisions.Ultimately all users should be aware of some security awareness basis:

Finally, for allof us, this means a little paranoia goes a long way... people with situational awareness improve a companys security baseline and protect their personal privacy, implicitly decreasing the attack surface with better security decisions --- overall it is a win-win situation, for individuals and the companies they support.

In short, whoever you are, at least put up a little fight before you become a statistic.

Efe Orhun, CISSP, managing partner of Derivative Technology.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Follow this link:
CIA's internal hacking tools rival those of the NSA - BetaNews

US needs to stop Russian electoral interference, NSA’s top civilian leader says – Washington Post

The U.S. government has not figured out how to deter the Russians from meddling in democratic processes, and stopping their interference in elections, both here and in Europe, is a pressing problem, the top civilian leader of the National Security Agency said.

The NSA was among the intelligence agencies that concluded that Russian President Vladimir Putin ordered a cyber-enabled influence campaign in 2016 aimed at undermining confidence in the election, harming Democratic nominee Hillary Clinton and helping elect GOP nominee Donald Trump.

This is a challenge to the foundations of our democracy, said NSA Deputy Director Richard Ledgett, 58, who is retiring at the end of April, in an interview at Fort Meade, Md., the agencys headquarters. Its the sanctity of our process, of evaluating and looking at candidates, and having accurate information about the candidates. So the idea that another nation state is [interfering with that] is a pretty big deal and something we need to figure out. How do we counter that? How do we identify that its happening in real time as opposed to after the fact? And what do we do as a nation to make it stop?

The lack of answers, he said, as an American citizen ... gives me a lot of heartburn.

Ledgett, known as a straight-shooting, unflappable intelligence professional, began his NSA career in 1988 teaching cryptanalysis how to crack codes and rose to become the agencys top civilian leader . The NSA, with 35,000 civilian and military employees, gathers intelligence on foreign targets overseas through wiretaps and increasingly by cyberhacking. Its other mission is to secure the government computers that handle classified information and other data critical to military and intelligence activities.

Asked whether the NSA had any inkling that the Kremlin was going to orchestrate the release of hacked Democratic National Committee emails last July, he demurred. I actually dont want to talk about that.

At the same time, he said, what Moscow did was no strategic surprise. Rather, what may have been a tactical surprise was that they would do it the way they did.

Campaigns of propaganda and disinformation, dating back to the Soviet Union, have long been a staple of the Kremlins foreign policy. Now, however, it is making effective use of its hacking prowess to weaponize information and combine it with its influence operations, or what intelligence officials call active measures.

In general, if youre responding to nation-state actions like that, you have to find out what are the levers that will move the nation-state actors and are you able and willing to pull those levers? said Ledgett when asked how the United States should respond.

The Obama administration slapped economic sanctions on two Russian spy agencies involved in hacking the DNC, three companies believed to have provided support for government cyber operations, and four Russian cyber officials. The administration also ordered 35 Russian operatives to leave the United States and shut down Russian-owned facilities on Marylands Eastern Shore and on Long Island believed to have been used for intelligence purposes.

Yet, intelligence officials including NSA Director Michael S. Rogers and FBI Director James B. Comey said on Monday that they believe Moscow will strike again in 2020, if not in 2018.

[FBI Director Comey confirms probe of possible coordination between Kremlin and Trump campaign]

So should the government mull other options, such as hacking Russian officials emails or financial records and releasing them in a bid to embarrass or show corruption? I think every element of national power is something we should consider, he said. That would probably fall under something like a covert action. But if thats the right answer, thats the right answer.

Ledgett is probably most well known for leading the agency task force that handled the fallout from the leaks of classified information by former NSA contractor Edward Snowden in 2013. The disclosures prompted a national and global debate about the proper scope of government surveillance and led Congress to pass some reforms, including the outlawing of bulk collection of Americans phone metadata.

But the disclosures also caused great upheaval in NSAs collection efforts, hurt morale, and damaged relations with allies and with tech firms that enable court-ordered surveillance, Ledgett said. It was a terrible time for the agency, he said.

He oversaw the probe of the internal breach; relations with Congress, the White House, foreign governments and the press; and the effort to prevent a recurrence. There was a bit of a narrative on the outside about this evil agency that hoovered up all the communications in the world and rooted through them for things that were interesting, and that wasnt actually true.

The operational hit was significant, he said. More than 1,000 foreign targets whether a person or a group or an organization altered or attempted to alter their means of communications as a result of the disclosures, he said. They tried with varying degrees of success to remove themselves from our ability to see what they were doing, he said.

The agency, which has some 200 stations worldwide, reworked capabilities including virtually all of its hacking tools. In some cases, we had to do things very differently to gather the same foreign intelligence as before.

Raj De, a former NSA general counsel, said Ledgett was relied on heavily by both Rogers and Rogerss predecessor, Keith B. Alexander. He has really been a source of steadiness for the agency, said De, now head of the Cybersecurity & Data Privacy practice at Mayer Brown, a global law firm. What is particularly notable about Rick is his willingness to engage with all types of people, to keep an open mind.

In December 2013, Alexander, when he was the NSA director, said that Snowden should be given no amnesty. But Ledgett told CBSs 60 Minutes then that my personal view is yes, its worth having a conversation about.

In his interview earlier this week, however, he said what he meant was that by engaging Snowden in conversation, the agency might have been able to learn what material had not been released and where it was.

Today, he said, there is no longer any need to talk to Snowden. Hes past his usefulness to us. Snowden, who is living in Moscow under a grant of asylum, has been charged with violating the Espionage Act, and Ledgett said he should not be pardoned. Ive always been of the idea that Hey, I think he needs to face the music for what he did.

Julie Tate contributed to this report.

Original post:
US needs to stop Russian electoral interference, NSA's top civilian leader says - Washington Post

Donald Trump’s presidency could be finished by Russia investigations, former NSA analyst says – The Independent

Donald Trump could be forced to leave office overthe investigations into his administrations links with Russia, a former national NationalSecurityAgency (NSA) analysthas warned.

John Schindler, a security expert and former counterintelligence officer, said that if the US President was to face an indictment over allegations hiscampaign team colluded with Russia to disrupt the presidential election, it could put an end to his presidency.

Speaking to CBC radio, Mr Schindler said: If, not just people around him, but the president himself is facing possible indictment down the road, that could be a game changer. He could be removed from office for that, whether he wants to be or not."

Mr Schindler said that with the FBI investigation, actions by Congress and a possible independent inquiry, Mr Trump and his teams alleged ties to Russia would"inevitably" be made public.

The administration isnt getting away from this story, he said.

It comes after FBI director James Comey's confirmed the Bureau was looking into both Russias alleged interference with the 2016 election and also possible links between Moscow and members of Mr Trumps campaign team.

Other congressional committees also are investigating a possible Russian connection mostly behind closed doors.

Republican says there is 'more than circumstantial evidence' of Trump-Russia collusion

But there havealso been suggestionsthe investigation could lead nowhere.

Carl Bernstein, one of the journalists who broke the Watergate scandal, claimed the US President was involved in a cover up to hide connections between members of his campaign team and Russia.

Responding to these concerns, Mr Schindler said it was possible the investigation could come to a dead end and added: Trump, by inclination, doubles down, triples down, quintuples down at every opportunity.

Mr Trumps formerelection campaign manager, Paul Manafort, who was accused of once working to further the interests ofRussian President Vladimir Putin,is nowa leading focus of the investigation by American intelligence.

Mr Manafort volunteered to testify as part of the investigation and he is expected to be interviewed by the House Intelligence Committee, the panels chairman has said.

For Mr Schindler, the fact Mr Manafort is willing to testify showshe knows he is facing some very serious federal charges and wants to clear the air.

He said: It tells me that Trump's whole defence is one member of his inner circle away from turning state's evidence and spilling some beans and it starts to be all over. We're not there yet. But I think that day's coming."

See the rest here:
Donald Trump's presidency could be finished by Russia investigations, former NSA analyst says - The Independent