Mediaboss Marketing

The phenomenon of a recent widespread cyberattack, using weapons developed by the U.S. National Security Agency to disrupt major computer operations all over the globe, is not surprising, but it does call for urgent action on the federal governments part.

Weapons proliferation grew much more lethal when the United States developed the atomic bomb, intended to end World War II more rapidly. The technology then got handed to the Soviet Union. Nuclear weapons eventually ended up in the hands of China, France, India, Israel, North Korea, Pakistan, Russia and the United Kingdom, as well as the United States.

More recently, Americas and others cyberweapons creatively have been used to mess up Irans nuclear enrichment program, using the computer worm known as Stuxnet. It also appears that U.S. cyberaction has been used to gum up North Koreas rocket launches.

The problem now is that some of the clever procedures that NSA developed have leaked out, or have been developed independently by people in basements and elsewhere in Kiev, Moscow and Pyongyang, and are being used as they were last week from Ukraine to sabotage important systems, as well as to try to shake down computer system users across the world.

The NSA witness contractor-defector Edward J. Snowden is showing itself to be leaky. Its having difficulty protecting what it knows and preventing unintended use of the skills it develops.

The NSA must button up its files and techniques much more tightly. And whatever cyberweapons we have, we must also stay ahead in that game in our capacity to protect our own cyber infrastructure.

The penalty for falling behind in that development is chaos and danger in our society and country, incredibly high stakes given our vulnerability.

View original post here:
Another View: NSA needs to secure its files and techniques more tightly - Press Herald

NSA Property Holdings LLC, an affiliate of real estate investment trust National Storage Affiliates Trust (NSAT), has acquired a three-property Tri-State Self Storage portfolio in Castle County, Del., from Tri-State Realty Associates L.P. The facilities sit on approximately 28.3 acres of land, according to a press release from SkyView Advisors, the investment-sales and advisory firm that brokered the deal.

Overall, the properties comprise 264,237 rentable square feet of storage space in 2,428 units, 568 of are climate-controlled. They also contain 109 parking spaces and miscellaneous units, the release stated.

Its not often that a portfolio of this size becomes available in this region of the country, and it garnered multiple bids from national self-storage buyers, said Ryan Clark, director of investment sales for SkyView Advisors and a broker in the transaction.

Last month, NSA Property Holdingsacquired Stor-N-More Self Storage in Tampa, Fla., for $19 million. The property comprises 117,655 net rentable square feet in 1,105 units.

SkyView is a boutique firm specializing in self-storage acquisition, development, facility expansion and renovation, refinancing, and sales. Based in Tampa, the firm also has offices in Cleveland and Milwaukee.

Headquartered in Greenwood, Colo., NSAT is a self-administered and -managed REIT focused on the acquisition, operation and ownership of self-storage properties within the top 100 U.S. Metropolitan Statistical Areas throughout the United States. The company has ownership interest in 456 storage facilities in 23 states. Its portfolio comprises approximately 28 million net rentable square feet. It's owned by its affiliate operators, who are contributing their interests in their self-storage assets over the next few years as their current mortgage debt matures.

See more here:
NSA Property Holdings Acquires Tri-State Self Storage in Castle County, DE - Inside Self-Storage

Droplex Platform Financial instruments are digitize as apermissioned blockchain,here is a possibility to rapidly createtrading venues with astablevalue. And after that reduce operational overhead.Digital solutionsFull system run as a digital exchange, with fully-hosted optionsavailable. Custom deployments may be launched in less than a fewweeks.ExchangeAutomated market-making tool has got more than just one-party liquidity pool. We are honored that we can give you briliantthird-party liquidity sources. Supports multiple source exchanges and smart routing, with automated account management.Quantum defenderFeel safety with a quantum defender ! Weve already set up ameeting with D-wave company. Why ? Because Were going to beoneof the first platforms which soon tests the security systemagainstthe quantum pc. The quantum defender, is not just focused on theidea of being a wall against quantum computing attacks, but it isinpreparation to become a network of options for safe and trustedplace. We believe that blockchain needs to be involved in long-termassets and transactions, it has to think long-term. Long-term includes thinking about quantum computing and dealing with thattricks and threats.

See more here:
DROPLEX [DROP] secure NSA bulletproof blockchain ICO - newsBTC

Geopolitical borders have softened in various ways thanks to the prevalence of the Internet. An email sent by an American could cross multiple international borders before being received by another American. A recent study by the Century Foundation revealed that the National Security Agency (NSA) reportedly utilizes various traffic shaping techniques to survey and store American communications.

Internet traffic does not travel along the shortest route, but instead favors the fastest, least congested, or least expensive course. Data from various countries is backed up in data centers around the world. Sharon Goldberg of the Century Foundation noted, An email sent from San Jose to New York may be routed through Internet devices located in Frankfurt, or be backed up on computers located in Ireland. The NSA could potentially reroute Internet communications to gather information.

The NSA is responsible for monitoring and processing data for foreign intelligence and counterintelligence purposes. American citizens are generally protected by the 4th Amendment and the rules of the Foreign Intelligence Surveillance (FISA) Court. Executive Order 12333, however, allows the collection, retention, and dissemination of information, obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation or incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws.

It is important to note that this study was largely speculation. An NSA spokesperson remarked, We do not comment on speculation about foreign intelligence activities; however, as we have said before, the National Security Agency does not undertake any foreign intelligence activity that would circumvent US laws or privacy protections.

Read more:
Snowden Leak Reveals NSA Traffic Shaping Tech That Diverts US Internet Routing For Spying - Hot Hardware

Should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes?

Wikimedia Commons

Theres a moment in Dr. Strangelove, Stanley Kubricks dark Cold War comic masterpiece, when President Merkin Muffley (played by Peter Sellers) learns that an insane general has exploited a loophole in the militarys command-control system and launched a nuclear attack on Russia. Muffley turns angrily to Air Force Gen. Buck Turgidson (played by George C. Scott) and says, When you instituted the human reliability tests, you assured me there was no possibility of such a thing ever occurring. Turgidson gulps and replies, I dont think its quite fair to condemn a whole program because of a single slip-up.

The National Security Agency currently finds itself in a similar situation.

One of the NSAs beyondtop secret hacking tools has been stolen. And while the ensuing damage falls far short of an unauthorized nuclear strike, the thieves have wreaked cybermayhem around the world.

The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy.* In May, some entitywidely believed to be North Koreansused the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.

Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members ofor criminal hackers affiliated witha Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.

Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server.

Jake Williams, founder of Rendition InfoSec LLC (and a former NSA analyst), told me on Thursday, two days after the attack, The ransomware was a cover for disrupting Ukraine; we have very high confidence of that. This disruptive attack shut down computers running Ukrainian banks, metro systems, and government ministries. The virus then spread to factories, ports, and other facilities in 60 countriesthough Williams says its unclear whether this rippling effect was deliberate. (Because computers are connected to overlapping networks, malware sometimes infects systems far beyond a hackers intended targets.)

By the way, the attack left the ransomware victims, marginal as they were, completely screwed. Once the email address was disconnected, those who wanted to pay ransom had no place to send their bitcoins. Their computers remain frozen. Unless they had back-up drives, their files and data are irretrievable.

Its not yet clear how the Shadow Brokers obtained the hacking tool. One cybersecurity specialist involved in the probe told me that, at first, he and others figured that the theft had to be an inside job, committed by a second Snowden, but the forensics showed otherwise. One possibility, he now speculates, is that an unnamed NSA contractor, who was arrested last year for taking home files, either passed them onto the Russians or was hacked by the Russians himself. The other possibility is that the Russians hacked into classified NSA files. Its a toss-up which theory is more disturbing; the upshot of both is, it could happen again.

So should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes? This remedy is probably unreasonable. After all, spy agencies spy, and the NSA spies by intercepting communications, including digital communications, and some of that involves hacking. In other words, the cyber equivalent of Gen. Turgidson would have a point if he told an angry superior its unfair to condemn a whole program for a single slip-up.

It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway.

Besides, the NSA doesnt do very many hacks of the sort that the Shadow Brokers stolehacks that involve zero-day exploits, the discovery and use of vulnerabilities (in software, hardware, servers, networks, and so forth) that no one has previously discovered. Zero-day exploits were once the crown jewels of the NSAs signals-intelligence shops. But theyre harder to come by now. Software companies continually test their products for security gaps and patch them right away. Hundreds of firms, many created by former intelligence analysts, specialize in finding zero-day vulnerabilities in commercial productsthen alerting the companies for handsome fees. Often, by the time the NSA develops an exploit for a zero-day vulnerability, someone in the private sector has also found it and already developed a patch.

More and more, in recent years, the NSA chooses to tell companies about a problem and even help them fix it. This trend accelerated in December 2013, when a five-member commission, appointed by President Obama in the wake of the Snowden revelations, wrote a 300-page report proposing 46 reforms for U.S. intelligence agencies. One proposal was to bar the government from doing anything to subvert, undermine, weaken, or make vulnerable generally available commercial software. Specifically, if NSA analysts found a zero-day exploit, they should be required to patch the hole at once, except in rare instances when the government could briefly authorize the exploit for high-priority intelligence collection, though, even then, only after approval not by the NSA directorwho, in the past, made such decisionsbut rather in a senior interagency review involving all appropriate departments.

Obama approved this recommendation, and as a result his White House cybersecurity chief, Michael Daniel, drafted a list of questions that this senior review panel must ask before letting the NSA exploit, rather than patch, the zero-day discovery. The questions: Would this vulnerability, if left unpatched, pose risks to our own societys infrastructure? If adversaries or crime groups knew about the vulnerability, how much harm could they inflict? How badly do we need the intelligence that the exploit would provide? Are there other ways to get this intelligence? Could we exploit the vulnerability for just a short period of time, then disclose and patch it?

A 2016 article in Bloomberg News reported that, due in part to this new review process, the NSA keepsand exploits for offensive purposesonly about two of the roughly 100 zero-day vulnerabilities it finds in the course of a year.

The vulnerability exploited in the May ransomware attack was one of those zero-days that the NSA kept for a while. (It is not known for how long or what adversaries it allowed us to hack.) The vulnerability was in a Microsoft operating system. In March, the government notified Microsoft of the security gap. Microsoft quickly devised a patch and alerted users to install the software upgrade. Some users did; others didnt. The North Koreans were able to hack into the systems of those who didnt. Thats how the vast majority of hacks happenthrough carelessness.

It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway. Both are necessary for modern life, and both advance freedoms, but they also carry responsibilities and can do great harm if misused. It would be excessive to require the equivalent of drivers licenses to go online; a government that can take away such licenses for poor digital hygiene could also take them away for impertinent political speech. But its not outrageous to impose regulations on product liability, holding vendors responsible for malware-infected devices, just as car companies are for malfunctioning brakes. Its not outrageous to force government agencies and companies engaged in critical infrastructure (transportation, energy, finance, and so forth) to meet minimal cybersecurity standards or to hit them with heavy fines if they dont. Its not outrageous to require companies to program their computers or software to shut down if users dont change or randomize their passwords or if they dont install software upgrades after a certain amount of time. Or if this goes too far, the government could require companies to program their computers or software to emit a loud noise or flash a bright light on the screen until the users take these precautionsin much the same way that drivers hear ding-ding-ding until they fasten their seatbelts.

Some of these ideas have been kicking around for decades, a few at high levels of government, but theyve been crushed by lobbyists and sometimes by senior economic advisers who warned that regulations would impede technical progress and harm the competitive status of American industries. Resistance came easy because many of these measures were expensive and the dangers they were meant to prevent seemed theoretical. They are no longer theoretical. The cyberattack scenarios laid out in government reports decades ago, dismissed by many as alarmist and science fiction, are now the stuff of front-page news stories.

Cyberthreats will never disappear; cybervulnerabilities will never be solved. They are embedded in the technology, as its developed in the 50 years since the invention of the internet. But the problems can be managed and mitigated. Either we take serious steps now, through a mix of regulations and market-driven incentivesor we wait until a cybercatastrophe, after which far more brutal solutions will be slammed down our throats at far greater cost by every measure.

*Correction, June 30, 2017: This article originally misstated that the NSA tool stolen by the Shadow Brokers was called WannaCry. It was called Eternal Blue, and its code was used to create WannaCry. (Return.)

See the rest here:
The NSA's inadvertent role in Petya, the cyberattack on Ukraine. - Slate Magazine