Mediaboss Marketing

For years, U.S. government surveillance of innocent Americans has been a topic of heated debate, especially for those in the tech community.

With Congress gearing up for a fight over the 2017 reauthorization of a surveillance authority that lets the NSA spy on innocent Americans without a warrantSection 702, enacted as part of the FISA Amendments Actthat debate is sure to rage on in the coming months.

So we sent a reporter to the RSA Conference in San Francisco, California in February to ask one simple question: What dont you want the NSA to know about you?

The answers spanned the spectrum, from emails, to phone calls, to web browsing records, to financial information, to information about individuals children, to nothing.

Some got philosophical. Everyone says, I have nothing to hide, and thats not the point, one attendee told us. The point is that I want to control what people know about me.

Others turned the question on its head, asking instead why the NSA is conducting surveillance on Americans. I dont think their charter is to spy on Americans, so why are they? one asked.

And some got blunt. One attendee said he already assumes the NSA knows a lot about him already. It scares me and offends me, he said.

If the warrantless spying on Americans scares and offends you, contact your representatives in Congress and tell them to pull the plug on Section 702 surveillance. And watch the video to see other RSA Conference attendees responses.

See the article here:
What Don't You Want the NSA to Know About You? | Electronic ... - EFF

FBI Director James Comey and National Security Agency Director Admiral Michael Rogers will testify again before lawmakers on Thursday about Russian interference in the 2016 presidential election, according to a congressional aide.

Thursdays House Permanent Select Committee on Intelligence hearing will be the first since March 20, when Comey testified that the FBI is investigating Russias tampering with the presidential election and possible collusion with associates of President Donald Trump. The hearing will also be the first since Representative Devin Nunes, chairman of the committee, recused himself from the Russia probe after the House Committee on Ethics said it was investigating accusations against him.

Related: Can James Comey untangle the Trump-Russia allegations?

Subscribe to Newsweek from $1 per week

The House Intelligence Committee, the Senate Select Committee on Intelligence and the FBI are each pursuing investigations into Russias election tampering. In January, the U.S. intelligence community published a declassified report detailing the Russian interference, and last October, the Department of Homeland Security and the Office of the Director of National Intelligence issued a statementconfirmingthe subject. Newsweek learned that Comey had tried to go public earlier about Russias tampering and proposed writing an op-ed on the topic prior to the October statement.

Comey took the unusual step of corroborating the existence of the ongoing investigationto the House Intelligence Committee. I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian governments efforts to interfere in the 2016 presidential election, Comey said on March 20. That includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government, and whether there was any coordination between the campaign and Russias efforts. Unlike the open March 20 hearing, the May 4 hearing will be closed.

FBI Director James Comey, left, and NSA Director Admiral Michael Rogers, right, testified on March 20 before the House Permanent Select Committee on Intelligence. They are scheduled to testify again before the committee on May 4. Joshua Roberts/REUTERS

The FBI investigation falls under its counterintelligence program, which aims to protect American secrets and foil foreign spies. Such investigations are among the most challenging, especially when politics are involved, Frank MontoyaJr., the bureaus former national counterintelligence executive, has told Newsweek. The investigation could take years and may result in intelligence gathering, not criminal charges, according to Montoya.

The House Intelligence Committee probe will look at whether Russia directed cyber efforts against the U.S., whether Russia colluded with people involved with U.S. political campaigns, whether the U.S. governments response to Russian efforts was adequate and what leaks took place related to intelligence.

Since the March 20 hearing, the House Intelligence Committee has faced a shake-up. On April 6, Nunes recused himself from the Russia probe after opponents alleged he had shared investigation information with the White House, leading to the ethics investigation. The charges are entirely false and politically motivated, and are being leveled just as the American people are beginning to learn the truth about the improper unmasking of the identities of U.S. citizens and other abuses of power, Nunes said in a statement. He added that he would seek to end the ethics investigation.

The House Intelligence Committee had first invited Comey and Rogers in April to appear on Tuesday. The committee also invited former CIA Director John Brennan, former Director of National Intelligence James Clapper and former Deputy Attorney General Sally Yates to testify. They are not scheduled to appear on Thursday, according to the congressional aide.

Comey is also scheduled to attendtwo upcoming Senate Committee on the Judiciary hearings. On Wednesday, he is scheduled to take part in a full committee hearing on oversight of the FBI. Then, on May 8, he will speak before the Subcommittee on Crime and Terrorism about Russias election tampering.

Visit link:
FBI Director James Comey, NSA Director Michael Rogers to Testify May 4 on Russia - Newsweek

Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.

However, there are still plenty of computers and networks online using outmoded software. This makes the released exploits a threat (especially those targeting XP users, as that version will never be patched). But not much of a threat to national security, despite the comments of anonymous former Intelligence Community members. It makes them a threat to personal security, as Chris Bing at CyberScoop points out:

One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR which is used to run malicious code on an already compromised box has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers.

John Matherly, the CEO of internet scanning-tool maker Shodan.io, said that upwards of 100,000 computers could be affected.

Rather surprisingly, data gathered by security researchers shows a majority of the infected computers are in the United States. This shows Microsoft's steady updating push still faces a sizable resistance right here at home. What it also shows is how fast exploits can be repurposed and redeployed once they're made public. The scans for DOUBLEPULSAR have turned up thousands of hits worldwide.

DOUBLEPULSAR is simply a backdoor, but an extremely handy one. Once installed, it makes targeted computers extremely receptive to further malware payloads.

The presence of DOUBLEPULSAR doesnt mean theyre infected by the NSA, it means there is a loading dock ready and waiting for whatever malware anyone wants to give it, Tentler said. The chances are none that all theses hosts [were hacked by] the NSA.

So, there's that small bit of comfort. It's not the NSA nosing around the innards of your Windows box, but a bunch of script kiddies playing with new toys adding them to the normal rolls of malware purveyors seeking to zombify your device and/or make off with whatever information is needed to open fraudulent credit card accounts or whatever.

The NSA certainly could have informed Microsoft of these exploits before it ended support for certain platforms, thus ensuring late- (or never-) adopters were slightly more protected from malware merchants and state agencies. But that's the Vulnerabilities Equity Process for you: no forewarning until a third party threatens to turn your computing weapons over to the general public.

Here is the original post:
Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit - Techdirt

Thank you

Your message has been sent.

There was an error emailing this page.

The U.S. National Security Agency is now suggesting government departments and businesses buy smartphones secured using virtualization, a technology it currently requires only on tablets and laptops

The change comes about with the arrival of the first virtualization-based smartphone security system on the U.S. Commercial Solutions for Classified list.

CSFC is a program developed by the NSA to help U.S. government agencies and the businesses that serve them to quickly build layered secure systems from approved components.

AnHTC A9 smartphone security-hardened by Cog Systemsusing its D4 virtualization platform is now on that list, alongside devices without virtualization from Samsung Electronics, LG Electronics, and BlackBerry.

In the modified A9, communications functions are secured by running them in separate virtual machines on the D4 virtualization platform.

It's the first smartphone on the CSFC list to use virtualization, which the NSA has only required on more powerful devices such as tablets and laptops until now.

"If virtualization technology was commonly available in the smartphone, we could leverage it for some solutions. To date, the devices that have been considered did not offer that technology," the NSA's technical guidance reads.

Cog Systems' position on the list isn't definitive yet: It's still seeking certification for the D4/A9 combination against the National Information Assurance Partnership's mobile platform and IPSec VPN Client protection profiles. Vendors typically have six months to obtain the certification in order to remain on the list. For now, D4's validation is ongoing at Gossamer Security Solutions' Common Criteria Testing Laboratory.

Vendors don't seek certification lightly, according to Carl Nerup, chief marketing officer at Cog Systems. "It's a very expensive process," he said, between US$500,000 and $700,000 for each new model.

Somehow, though, Cog Systems is eating the additional cost of certification: The price for its security-hardened A9 is the same as HTC's list price for an unmodified phone, said Nerup. "We have multiple groups within the U.S. Department of Defense that have procured the device," he added.

A commercial off-the-shelf (COTS) smartphone like the modified A9 isn't only of interest to government customers, though, Cog Systems CEO Dan Potts pointed out. "In the oil and gas industry, they want to buy COTS. They want it to be at a competitive price, but with a greater concern for security."

Once certification for the modified A9 is in the bag, Potts is looking forward to seeking certification for D4 virtualization on other smartphones. The first time around takes time because there is a lot of preparatory work to do, but much of that work will also apply to other smartphones. Potts expects certification of D4 on other hardware to go more quickly.

Eric Klein, director for mobile software and enterprise mobility at analyst firm VDC Research, has had his eye on Cog Systems since meeting the company at Mobile World Congress.

He sees the broadest opportunity for Cog Systems in the enterprise market -- and expects that its approach to endpoint security could even take some business away from enterprise mobility management vendors.

Peter Sayer covers European public policy, artificial intelligence, the blockchain, and other technology breaking news for the IDG News Service.

See the original post:
NSA suggests using virtualization to secure smartphones | PCWorld - PCWorld

The NSA has stopped collecting messages sent from US citizens that cross international borders and mention foreign intelligence targets, according to a new report in The New York Times. The controversial practice, made public by Edward Snowden in 2013, allowed the agency to collect emails and other messages that mention a foreign intelligence target, even if neither party is subject to surveillance and one of the parties is a US citizen (and thus subject to constitutional protections against unwarranted searches).

The NSA confirmed the change in a subsequent announcement, writing that the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.

The truth changed everything.

In practical terms, this meant that including an email or phone number associated with a surveillance target (say, osamabinladen@gmail.com) in the body of an email could lead to the message being surfaced to NSA analysts.

According to the Times, the change came about last year after the NSA discovered analysts querying databases in violation of court guidelines set forth in 2011. Those violations triggered a broader review of NSA practices, which ultimately forced the NSA to discontinue the practice.

The move comes amid a broader debate over Section 702 of the FISA Amendments Act, the legal authority used by the NSA to justify this collection. Signed into law in 2008, the laws authorities are scheduled to expire at the end of this year unless renewed by Congress. Surveillance critics are hoping to significantly curtail those authorities, leading to significant debate in Congress.

Speaking on Twitter, Edward Snowden applauded the change, saying simply, The truth changed everything.

Update 3:09PM ET: Updated with NSA announcement.

Read more:
The NSA will stop reading American emails that mention intelligence ... - The Verge