Mediaboss Marketing

Machine learning is one of the biggest buzzwords in cybersecurity in 2017. But a sufficiently smart adversary can exploit what the machine learning algorithm does, and reduce the quality of decision-making.

Cyberwar and the Future of Cybersecurity

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

"The concern about this is that one might find that an adversary is able to control, in a big-data environment, enough of that data that they can feed you in misdirection," said Dr Deborah Frincke, head of the Research Directorate (RD) of the US National Security Agency/Central Security Service (NSA/CSS).

Adversarial machine learning, as Frincke called it, is "a thing that we're starting to see emerge, a bit, in the wild". It's a path that we might reasonably believe will continue, she said.

As one example, an organisation may decide to use machine learning to develop a so-called "sense of self" of its own networks, and build a self-healing capability on top of that. But what if an attacker gets inside the network or perhaps was even inside the network before the machine learning process started?

"Their behaviour now becomes part of the norm. So in a sense, then, what I'm doing is that I'm protecting the insider. That's a problem," Frincke said.

"What's also interesting in the data science, is that if you are using a data-driven algorithm, [that algorithm] is what feeds the machine learning technique that you disseminate. Unless you keep that original data, you are not going to know what biases you built into your machine learning approach.

"You would have no way of that needle in the haystack, because you threw away the haystack, and all that's left are the weightings and the neural networks and so on."

Machine learning has other limitations too.

In 2016, for example, Monash University professor Tom Drummond pointed out that neural networks, one of the fundamental approaches to machine learning, can be led astray unless they're told why they're wrong.

The classic example of this problem dates back to the 1980s. Neil Fraser tells the story in his article Neural Network Follies from 1998.

The Pentagon was trying to teach a neural network to spot possible threats, such as an enemy tank hiding behind a tree. They trained the neural network with a set of photographs of tanks hiding behind trees, and another set of photographs of trees but no tanks.

But when asked to apply this knowledge, the system failed dismally.

"Eventually someone noticed that in the original set of 200 photos, all the images with tanks had been taken on a cloudy day, while all the images without tanks had been taken on a sunny day," Fraser wrote.

"The military was now the proud owner of a multi-million dollar mainframe computer that could tell you if it was sunny or not."

Frincke was speaking at the Australian Cyber Security Centre (ACSC) conference in Canberra on Wednesday. While she did point out the limits of machine learning, she also outlined some defensive strategies that the NSA has found to be effective.

Organisations can tip the cybersecurity balance of power more in their favour by learning to deceive or hide from the adversary, for example.

By its very nature, network defence is asymmetric. That imbalance is usually expressed as the defender having to close off every security vulnerability, while the attacker only has to be right once.

"On the face of it there should be something we should be able to do about that. You'd think there'd be some home-court advantage," Frincke said.

Traditionally, organisations have tried to make their data systems as efficient as possible. It makes the network more manageable. But from an attacker's point of view, it's easy to predict what's going on in any given system at any given time.

Taking a defensive deception approach, however, means building an excess capacity, and then finding ways to leverage that excess capacity to design in a deceptive or a changing approach. That way, an attacker can't really tell where the data is.

If you process data in the cloud, then one simple example might be to duplicate your data across many more nodes than you'd normally use, and switch between them.

"If you're trying to do an integrity attack, changing that data out from under me, you don't know which of, say, those hundred nodes I'm using. Or I might be looking at a subset of those nodes, say three, and you don't know which ones I'm using. So you could try to change them all at once [but] that's a lot harder," Frincke said.

The RD's research has shown that this approach increases the attacker's cognitive load and plays on their cognitive biases.

"We can try to lead them into wrong conclusions. In other words, we're frustrating them. We're trying to make them work too hard, to gain ground that they don't need. And that will make it easier for us to find them," Frincke said.

"It's a little bit like the old honeypot [or] honeynet writ large, but designed into the system as an integral part of the way that it works, and not an add-on."

The downside to defensive deception is that it's harder to manage.

"Now I have to do more work as a system manager, and as a designer, to be sure I know which one of those three of the hundred I should use, otherwise I could end up shooting myself in the foot, especially if I've [been] deploying some kind of misleading changes for the adversary," Frincke said.

More here:
Machine learning can also aid the cyber enemy: NSA research head - ZDNet

Stephanie Slade"When people in government assert that the NSA would never collect communications on an Americanany Americanthey are lying," Edward Snowden said during a taping of the Intercepted podcast with Jeremy Scahill at South by Southwest (SXSW) this morning.

The statement came in response to a question from Scahill about whether the intelligence community "would in fact collect data or communications on lawmakers or even the president." The exiled National Security Agency (NSA) whistleblower proceeded to criticize the powers that be for playing "word games" to get out of admitting it's already snooping on all of us, including elected office holders.

"In the plain use of language, what collect means to you and mewhen something travels across the phone line, when something travels across the internet line, they pick it up, they save it, and they drop it in their databasethat happens to everyone right now," he said. "Does not matter whether you're the president. Doesn't matter whether you're a congressman. Doesn't matter whether you're a lawyer, an accountant. Doesn't matter if it's you sitting in the room right now. These things happen by default. That's how, of course, the system of surveillance that we have works."

Officials deny as much, according to Snowden, by quietly redefining a critical word. "What's happening is these intelligence agencies, these lawyers up at [the Department of Justice] and up with the president, are saying that, to them, collect doesn't mean that we copied your communications, that we put it in the bucket, and that we saved it in case we want to look at it," he explained. "To them, collect means that they take it out of the bucket and actually look at it and read it."

Snowden added that officials also engage in an illegal practice called reverse targeting while pretending otherwise. "If you are an American citizen and they say, 'I want to look at your communications' and 'I want to listen to this person's phone calls and everyone they contacted,' this in theory is supposed to require a warrant," he said. But they get around that, because "if you're in that bucket and you don't have a U.S. passport, you're not a U.S. citizen, no social security card, you don't have a green card so you're not legally privileged as a U.S. person," you're not protected.

"So if they look at the other side of [the American's] communication, the communication that went overseas or involved a non-U.S. person in any way"even if it was just the target of an attempted foreign cyberattack, he said"that's entirely legal so long as I'm not targeting him officially. I'm interested in this 'known system that's affiliated with Chinese espionage' or whatever. It just happens to be Obama's Blackberry."

"That happens all day long," Snowden continued. "People at NSA are doing that right now. It's legally prohibited, but when you hit certain stop points in your investigation, you're actually coached to do this kind of thing."

See the original post:
Snowden at SXSW: Don't Believe Their Word Games; The NSA Collects Data on Us All - Reason (blog)

A contentious piece of U.S. law giving the National Security Agency broad authority to spy on people overseas expires at the end of the year. Expect heated debate about the scope of U.S. surveillance law leading up to Dec. 31.

One major issue to watch involves the way the surveillance treats communications from U.S. residents. Critics say U.S. emails, texts, and chat logs -- potentially millions of them -- are caught up in surveillance authorized bySection 702of the Foreign Intelligence Surveillance Act (FISA).

U.S. residents who communicate with foreign targets of the NSA surveillance have their data swept up in what the NSA calls "incidental" collection. The FBI can then search those communications, but it's unclear how often that happens.

A primer on Section 702:

Section 702 of FISA is the authorization the NSA needs to run programs like Prism and Upstream, revealed in 2013 by former agency contractor Edward Snowden. The U.S. intelligence community has called Section 702 surveillance its "most important tool" in its fight against terrorism, noted Representative Bob Goodlatte, a Virginia Republican, during a March 1 congressional hearing.

Section 702 surveillance is "critical" in the U.S. governments fight against terrorism, added April Doss, a lawyer at the NSA for 13 years.

At the agency, "I had the opportunity to witness firsthand the critical importance of robust intelligence information in supporting U.S. troops and in detecting terrorist plans and intentions that threatened the safety of the U.S. and its allies," she said in testimony March 1.

In the Prism program, the NSA and FBI allegedly gained access to the servers of Google, Facebook, Microsoft, Yahoo, and other internet companies as a way to collect audio, video, emails, and other content.

Upstream collectionallegedly involved the NSA intercepting telephone and internet traffic by tapping internet cables and switches.

Under 702, FISA allows the U.S. attorney general and the director of national intelligence to authorize "the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information." The U.S.Foreign Intelligence Surveillance Court reviews the targeting and minimization procedures adopted by the government and determines whether they comport with the statutory restrictions and the Fourth Amendment to the U.S. Constitution.

The Office of the Director of National Intelligence (ODNI) says it conducts its surveillance with the "knowledge of the service provider," although several internet companies have denied cooperating with the NSA.

Doss and other defenders of Section 702 surveillance say that it's targeted, not so-called "bulk" surveillance. But the descriptions of both Prism and Upstream from the Snowden leaks and subsequent government descriptions suggest the surveillance is widespread. The intelligence community has long arguedthe legal definition of "bulk" surveillance is very specific.

The NSA also collected U.S. telephone records for several years under a separate program. The NSA and the FBI pointed to a different provision of FISA, Section 501, as authorization for the controversial metadata collection program. Congress curtailed the phone metadata collection program in the USA Freedom Act, passed in mid-2015.

Congress is certain to extend the surveillance authority in some form, even though many tech companies and privacy groups are pushing lawmakers to rein in the NSAs surveillance programs, both in the U.S. and abroad.

Most lawmakers see value in extending Section 702, although many Democrats and some Republicans have talked about ending or limiting the ability of the FBI and other intelligence agencies to search for U.S. communications swept up in the surveillance.

Given that Section 702 is one of the main authorizations for the NSA to conduct foreign surveillance, not even the most ardent privacy advocates believe Congress will let the provision expire.

Section 702 prohibits the NSA from targeting people inside the U.S., but the agency, in "incidental" collection, gathers information from U.S. residents who are communicating with the agencys overseas targets.

The law then allows the FBI and other intelligence agencies to search those U.S. communications for evidence of crimes, including crimes not connected to terrorism. Many digital rights groups, along with some lawmakers, want to end this so-called backdoor search of Section 702 records.

This collection of U.S. communications without a warrant is, "in a word, wrong," Representative John Conyers Jr., a Michigan Democrat, said during the March 1 hearing.

Details about the incidental collection are fuzzy. Going back to 2011, lawmakers have repeatedly asked for numbers of U.S. residents affected but have received no details from the ODNI.

In addition to the incidental collection of U.S. residents' communications, privacy advocates complain about an expansive surveillance of foreigners allowed under Section 702.

The provision allows the NSA to collect foreign intelligence information from "anyone" outside the U.S. not just suspected agents of foreign powers, said Greg Nojeim, senior counsel at the Center for Democracy and Technology. "Intelligence information" is also defined broadly, he said.

"Once you remove that, it's open season on many foreigners who pose no threat to U.S. national security," he added.

House members, in their March 1 hearing, talked little about the impact on people outside the U.S. At this point, it seems unlikely that U.S. lawmakers will limit the provisions foreign data collection.

Privacy advocates have an ace up their sleeves, however. Several privacy groups have encouraged the European Union to get involved in the debate and threaten to revoke Privacy Shield, the cross-Atlantic agreement that allows U.S. companies to handle EU residents'data, unless significant changes are made to 702.

The European Commission "has made it clear that it takes seriously its obligations to review the Privacy Shield Agreement," said Nathan White, senior legislative manager at Access Now, a digital rights group.

EU nations understand surveillance is can be necessary, but "surveillance must respect human rights," White added. "Surveillance doesnt trump human rights responsibilities."

The U.S. intelligence communitys surveillance programs have stirred up new controversies in recent weeks. In early March, President Donald Trump, in a series of tweets, accused former President Barack Obama of wiretapping Trump Tower in New York City during the last presidential campaign.

While Trump has provided no evidence of the bombshell charge, it appears that the NSA intercepted some of his campaign staffers' communications when they talked to foreign surveillance targets. That type of surveillance would likely be authorized by Section 702.

A few days later, WikiLeaks published more than 8,700 documents that it says came from the CIA. The documents describe the spy agency's efforts to compromise iPhone, Android devices, smart TVs, automobile software, and major operating systems.

The CIA, however, runs separate surveillance programs from the NSA. CIA surveillance is supposed to be focused on specific foreign targets, as opposed to the widespread surveillance that the NSA does under the authority of Section 702. The CIA says it is "legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans."

Tell us what you know on our Facebook page.

Read this article:
The NSA's foreign surveillance: 5 things to know - CSO Online

SIGN UP FOR OUR NEWSLETTER

Given his background, those words carried weight and contributed to the climate of fear and division that burdens our democracy today, including within the intelligence agencies.

SIGN UP FOR OUR NEWSLETTER

Hayden also signed a letter last August urging Americans to vote against Donald Trump. Anything Hayden says about politics today must therefore be interpreted in that context. He is hardly a disinterested observer, and clearly resents the fact that the American people ignored his unsolicited advice.

Now, Hayden tells the Business Insider that Breitbart News has an illegitimate worldview. He was apparently objecting to Breitbart News storylast week documenting mainstream media reports that the Obama administration had conducted surveillance at Trump Tower and of people connected to the Trump campaign, and that it had disseminated the products of that surveillance.

Hayden admitted that he had not examinedthose media reports themselves. Nevertheless, he attacked Breitbart, Drudge and others:

The retired four-star Air Force general said too that theres an amazing consistency on numerous subjects between the information disseminated by Russian media outlets and that of conservative American sources like the Drudge Report, radio and television host Sean Hannity, and Breitbart.

You have a Breitbart News story essentially launching the Starfleet of the federal government about one of the most horrible political scandals in American history, if true, Hayden said, adding that it was very troubling the president seeming to value Breitbart reports over data compiled by intelligence agencies.

Breitbart doesnt do any creative journalism it just moves the parts around, Hayden continued. And I havent done this personally, but Ive heard others say, when you dig into the Breitbart sources, the articles dont really say that.

They have a worldview, and they are playing with it, he said. I think its an illegitimate worldview, and I think its a non-fact-based worldview. Its a worldview in which preexisting visions seem to be being used to distort the fact pattern that exists.

The proper address for Haydens complaints is the mainstream media, and possibly the Obama administration. Regardless, the views he considers illegitimateareenjoyed by the 45 million unique visitors who read our website every month.

The fact that Hayden and other disgruntled members of the Washington establishment still refuse to acknowledge the basic validity of a different perspective outside the Beltway and the mainstream media is precisely why Trump won in November.

Joel B. Pollak is Senior Editor-at-Large at Breitbart News. He was named one of the most influential people in news media in 2016. His new book,How Trump Won: The Inside Story of a Revolution, is available from Regnery. Follow him on Twitter at @joelpollak.

See the rest here:
NeverTrumper Michael Hayden of CIA, NSA: Breitbart News ... - Breitbart News

5526154

WASHINGTON Congresswants answers about the National Security Agencys expansion of powers in respect to sharing intercepted personal communications with 16 other federal agencies.

President Barack Obama amended an executive order last January that expanded the NSAs abilities to share intelligence.

So that was in the works for a long time. At this point I know that thats out there. Were asking questions about it. I dont think theres anything that that that issue would have to deal with the investigation, but weve asked questions about it, House Intelligence Committee Chairman Devin Nunes told reporters Thursday night, adding that members on the floor had asked him about it as a result of the coverage of the issue in the news.

Other intelligence committee members in their respective chambers had little to say about the effect the new rule has had. Texas Democratic Rep. Joaquin Castro said he did not like to comment off the cuff on about intelligence security matters and the Senate Intelligence Committee Ranking member said he could not comment at the time.

House Minority Leader Nancy Pelosi, one of eight congressional leaders who receives exclusive intelligence information,would only say she did not believe the change in the NSAs powers caused recent leaks about sensitive information related to the Trump administration to occur.

I mean, I think that we all dont want everybody in pipeline, so were not having the benefit of information or intelligence to keep the American people safe. But I dont think that has anything to do with leaks, she said.

Texas Republican Rep. Louie Gohmert warned that reversing the NSAs expansion would be more difficult now.

Sure, that could be reversed. But its one of those things where youd be able to put you know that virus back into the little box or is it growing and spread too far, because you know its a legitimate question, Gohmert said.

He explained, Now that the intelligence community has seen what its like to spread what is supposed to be very private confidential classified wiretap information, and thats spread across 16 or 17 other federal agencies. I dont know if they would want to give that up. And even if they change the executive order, if that will be complied with.

Gohmert added, This is a very scary time for those of us who believe in a constitutional democratic republic.

Follow Kerry on Twitter

View post:
Congress Seek Answers On NSA's New Powers | The Daily Caller - Daily Caller