Archive for the ‘NSA’ Category

Inside the NSA’s CDX, a high-tech competition pitting cadets against … – CyberScoop

Professional hackers from the NSA, U.S. Cyber Command and foreign militaries are launching a barrage of simulated cyberattacks this week as part of a training exercise to help teach students at the service academies for the Navy, Army, Coast Guard, U.S. Merchant Marine and Canadian Royal Military how to better defend sensitive computer networks.

The annual NSA-led event, named the Cybersecurity Defense Exercise, or CDX, brings together rising talent with seasoned cyber-warriors in a simulated war games environment, where the undergraduatesmust monitor, identify and ultimately defend against a wide array of remote computer intrusions.

The intrusions themselves are engineered with open-source, commercially available exploits and other hacking tools. We dont use anything homegrown, said CDX Technical Lead James Titcomb, a full-time NSA employee in the spy agencys information assurance directorate.

We dont hit them with anything on the level of a nation-state, Titcomb said. The idea is that they should at least know how to defend against these [attacks].

Each academy competes with the othersto see which can best defend its own respective network while simultaneously ensuring that it is resilient and reliable for authenticated users.

Thursday marks the fourth day of the five-day tournament.

The exercise consists of four total cells the attackers red cell, defenders blue cell, a white cell of referees and grey cell meant to represent active, neutral users relying on the networks being protected by the cadets and midshipmen. In a real-world scenario, the grey cell may represent a military unit using a communications channel that could be hacked.

Referees closely monitor the competition and are responsible for awarding points and penalizing teams if they break a strict set of predetermined rules.

Participants are working this week from computer labs based across the country, while the attacking team, or red cell, and competition administrators, operate from a high-tech facility in Columbia, Maryland a short drive away from the secretive spy agencys main headquarters at Fort Meade Army Base.

A total of more than 70 graduate and undergraduate military service academy students are involved in the 2017 CDX.

Each year, the competition offers a set of separate challenges that aredivided from the larger red team/blue team exercise. For 2017, those challenges include completing tasks related to offensive hacking, malware analysis, host forensics and defending an unmanned aerial vehicle from being compromised. Graduate-level students can also compete in two other, exclusive challenges that were established to test the ability of participants to protect data as its being transmitted between a computer, unmanned ground vehicle and small space satellite.

The simulated UAV challenge is a recent addition to the competition, organized by the Air Force Research Lab. The goal for students is to establish a secure, unbreakable communications link between their drone and its corresponding control console, explained the labs Sam Allen. As of Wednesday afternoon though, nearly all of the drones defended by the cadets had been taken over by the red cell, Allen said.

Founded in 2002, the CDX has grown and steadily evolved to match the cyber-workforce needs of the Defense Department. From a planning perspective, the competitions inclusion of a UAV, and the more recent, UGV and space satellite cyber defense challenges is reflective of how the U.S. government is broadly thinking about emerging threats.

In 2017, for the first time, a small group of undergraduates are also participating in the red cell component of the competition a move that Titcomb said will simultaneously teach cadets how to develop more effective defensive measures.

One of the few undergraduates who was supporting the Maryland-based red team spoke with CyberScoop about his CDX experience.

These guys are on a whole other level to what we do. Just being able to look over their shoulder this week has been a really great opportunity for us, said 20-year-old U.S. Military Academy student Connor Eckert. Talking to a lot of the NSA guys here, it has really opened my eyes to how much the civilian side is involved, its not just the military for cyber.

[A career in the NSA] could open up some doors for me after my time in service to do this sort of thing on an ongoing basis, said Eckert.

After graduation and the completion of their respective service requirements, its not uncommon for former CDX participants like Eckert to join the U.S. intelligence community.

Even so, Titcomb said that the competition was never designed to specifically recruit individuals to the NSA. The underlying objective, he said, is to develop talent across the various military branches.

Read this article:
Inside the NSA's CDX, a high-tech competition pitting cadets against ... - CyberScoop

Trump Sending NSA McMaster to Afghanistan on Heels of MOAB Bombing on Islamic State – Breitbart News

SIGN UP FOR OUR NEWSLETTER

Trump made the announcement during a press conference on Wednesday with North Atlantic Trade Organization (NATO) Secretary General Jans Stoltenberg, as reported by Military Times.

The U.S. has been at war in Afghanistan since 2001, after the September 11 attacks by radical Islamic terrorists on U.S. soil that killed 3,000 people.

The U.S. has some 8,400 troops in Afghanistan, with an additional 5,000 deployed from NATO allies, Business Insider reported. Army Gen. John Nicholson told Congress in February he needed a few thousand more troops in order to break what he called a stalemate with the Taliban terrorists.

Of about400 districts in Afghanistan,the Taliban controls, contests, or influences 171of them, according to the Special Inspector General for Afghanistan Reconstruction, Business Insider reported.

Voice of America (VOA) reported last month that the U.S. military in Afghanistan is ratcheting up theoffense against the growing Islamic State branch in the Afghanistan-Pakistan region.

Since he took office, President Donald Trump has been ramping up military operations against both the Islamic State, also known as ISIS and ISIL, as well as al-Qaeda, particularly in Yemen, VOA reported.

We stand confident that the new U.S. administration under President Trump will remain strategically engaged and continue its support, Afghanistans Foreign Minister Salahuddin Rabbani said at an appearance at the Atlantic Council in Washington.

American Navy Capt. Bill Salvin, the spokesperson and director of public affairs for the U.S./NATO-led coalition in Kabul, told VOA that our goal in 2017 is to defeat ISIS-K in Afghanistan.

Green Beret Staff Sgt. Mark De Alencar, 37, of Edgewood, Maryland, was killed earlier this month fighting jihadists in the eastern part of Afghanistan near the Pakistani border.

The fatality brings the total number of U.S. military deaths since the war started more than 15 years ago to at least 2,249, most of which occurred under former President Barack Obamas watch, according toPentagon data.

This marks the first time the bomb, known as the GBU-43, or Massive Ordnance Air Blast, (MOAB) was used in combat. Its yield is11 tons of TNTand has been nicknamed theMother of All Bombs.

It remains uncertain so far if the bombing was planned under the Obama administration or the Trump administration.

Pentagon spokesman Adam Stump said the plan has been in place for a few months, and that the weapon had been in Afghanistan for some time.

The final test of the MOAB took place on March 11, 2003 and was delivered into theater on April 1, 2003.

Originally posted here:
Trump Sending NSA McMaster to Afghanistan on Heels of MOAB Bombing on Islamic State - Breitbart News

Mysterious group posts more alleged NSA hacking tools; Russia link suspected – Wichita Eagle

Mysterious group posts more alleged NSA hacking tools; Russia link suspected
Wichita Eagle
One document appeared to show that NSA spyware had been placed on servers in South Korea, Russia, Japan, China, Mexico, Taiwan, Spain, Venezuela and Thailand, among other countries. The dump included details of how the NSA purportedly had ...

More:
Mysterious group posts more alleged NSA hacking tools; Russia link suspected - Wichita Eagle

In slap at Trump, Shadow Brokers release NSA EquationGroup files – Ars Technica

On April 8, as part of a long, awkwardly worded rant about President Donald Trump's betrayal of his "base," the individual or individuals known as the Shadow Brokers posted the password to an encrypted archive containing what appear to be components of a toolkit associated with the National Security Agency's alleged Equation Group hacking campaign. But those hoping for even more spectacular exploits than those leaked earlier by the Shadow Brokers willlikely be disappointed. However, the files do include a number of tools that may still be usable, as well as significant amounts of information about systems that appear to have been hacked by the NSA.

Many information security analysts were unimpressed.

The archive, which the Shadow Brokers previously attempted to auction off, contains just over 300MB of files. It does not appear to contain the entire archive of Equation Group tools. Many of the tools apparently date back to the 1990s, targeting platforms like the Digital Equipment Corp., Alpha, Sun Solaris 2, the defunct Chinese Red Flag Linux, and other older Linux distributions. Other tools are apparently focused on telecom targets, including tools for getting into GSM cellular networks and breaking DES encryption.

The dates rangebetween August of 2000 and August of 2010, referencing code names including Incision, Orangutan, Reticulum, Jackladder, and Patchicillin.Based on the files, a majority of the systems targeted appear to be Sun Solaris systems running on SPARC architecture.

The post from Shadow Brokers, entitled "Don't Forget Your Base," is (like previous posts) in strangely wordedEnglish and delivers a white-supremacist, isolationist, anti-"globalist" message, offering "constructive criticism" on Trump's recent policy moves, including the strike on Syria, and offering the password to the encrypted archive previously upfor auction as "our form of protest."

Ars is continuing to examine the contents of the files and will post a more complete report soon.

Go here to see the original:
In slap at Trump, Shadow Brokers release NSA EquationGroup files - Ars Technica

NSA gives military students a leg up on cyber with real-time exercise … – FederalNewsRadio.com

The National Security Agency is amping up its game when it comes to challenging young, college-age students in military academies on their cyber skills.

The agency is hosting its 17th annual Cyber Defense Exercise (CDX), but with a few new twists.

The exercise challenges students at the U.S. Military, Naval, Coast Guard and Merchant Marine academies, as well as undergraduate and graduate students from the Royal Military College of Canada.

Their mission is to defend networks they have created from a red team comprised of U.S., Canadian and industry cyber warriors.

Sponsored Content: Why Governance, Risk and Compliance is Everyones Business - Download the Executive Brief Today.

Along with defending the network, the teams have certain challenges they need to secure as well.

What this does is challenges them to look into forensics and see where malware lies and where things happen, said James Titcomb technical lead for CDX said April 12.

The challenges consist of reverse engineering and malware analysis, network forensics, offensive ethical hacking and control of a simulated drone.

The graduate students are testing two new challenges that involve securing a space satellite and an unmanned ground vehicle.

This year whats new is we have two cadets from the Air Force academy participating in the red team, said Shirley McMonigle, CDX program lead. This is also the first year the undergraduates will participate in the drone challenge.

This year teams will have to deal with ransomeware as well. The teams can either pay points to get out of the hack or try to fix it.

March TSP returns: In like a lamb, out like a lion

Teams are scored on network confidentiality, usability, integrity and on the challenges.

NSA uses a red team to interfere with students networks and their ability to complete the challenges. Much of the intrusions find their way into the students networks through a gray team, which acts as a network user.

The gray team may fall for social engineering tactics.

Most of our access is done through the gray cell. We call it the user that clicks on everything. What we do is we purposely throw things and have the gray cell open those links so that we can own their work stations. [The teams] have to go in and mitigate that, Titcomb said.

The red teams are a way for those in the military to keep their skills sharp too.

Air Reservist Lt. Tim Li said he works in cybersecurity for J.P. Morgan. He said acting as a hacker helps him understand the other side of the cybersecurity coin.

Its fun, its the opposite for me of what I do on the outside. Its learning what the attacker would do, so it will definitely be beneficial for me once I return to my civilian job, Li said.

The students embedded this year with the red team said they were taking in a lot from the experience.

Nick Co, a 22-year-old midshipman, said he could see himself working for U.S. Cyber Command or the NSA at some point in the future.

Thats good news for the military, which is strapped for people with cyber talent in the service.

I think for us some of it is trying to understand the basics first. We are still hugely learning, but we know that the field is really growing and we definitely know they could use some officers out there, Co said. These guys are the real professionals so its fun to really learn from them and take this back and hopefully when we graduate implement this.

Read more here:
NSA gives military students a leg up on cyber with real-time exercise ... - FederalNewsRadio.com