Mediaboss Marketing

Strings of code were released to the Internet by a group calling themselves "the Shadow Brokers". They claim the code is a tool that can be used to hack into any computer. (Jhaan Elker/The Washington Post)

Some of the most powerful espionage tools created by the National Security Agencys elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agencys operations and the security of government and corporate computers.

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agencys hacking division, known as Tailored Access Operations (TAO).

Without a doubt, theyre the keys to the kingdom, said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. The stuff youre talking about would undermine the security of a lot of major government and corporate networks both here and abroad.

Said a second former TAO hacker who saw the file: From what I saw, there was no doubt in my mind that it was legitimate.

[National Security Agency plans major reorganization]

The file contained 300 megabytes of information, including several exploits, or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used in the largest and most critical commercial, educational and government agencies around the world, said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.

Whats clear is that these are highly sophisticated and authentic hacking tools, said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.

Several of the exploits were pieces of computer code that took advantage of zero-day or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other party possibly another countrys spy agency has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.

[Russian government hackers penetrated DNC, stole opposition research on Trump]

The NSA did not respond to requests for comment.

Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff, Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. Much of this code should never leave the NSA.

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

As is typical in such cases, the true identity of whoever put the tools online remains hidden. Attached to the cache was an auction note that purported to be selling a second set of tools to the highest bidder: !!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons?

The group also said that if the auction raised 1 million bitcoins equivalent to roughly $500million it would release the second file to the world.

The auction is a joke, Weaver said. Its designed to distract. Its total nonsense. He said that bitcoin is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy.

One of the former TAO operators said he suspected that whoever found the tools doesnt have everything. The stuff they have there is super-duper interesting, but it is by far not the most interesting stuff in the tool set, he said. If you had the rest of it, youd be leading off with that, because youd be commanding a much higher rate.

TAO, a secretive unit that helped craft the digital weapon known as Stuxnet, has grown in the past decade or so from several hundred to more than 2,000 personnel at the NSAs Fort Meade, Md., headquarters. The group dates to the early 1990s. Its moniker, Tailored Access Organization, suggests a precision of technique that some officials have likened to brain surgery. Its name also reflects how coding whizzes create exquisite tools from scratch, in the same way a fine tailor takes a bolt of wool and fashions a bespoke suit only the computer geeks more often work in jeans and T-shirts. We break out the Nerf guns and have epic Nerf gun fights, one of the former hackers said.

Some former agency employees suspect that the leak was the result of a mistake by an NSA operator, rather than a successful hack by a foreign government of the agencys infrastructure.

When NSA personnel hack foreign computers, they dont move directly from their own covert systems to the targets, fearing that the attack would be too easy to trace. They use a form of proxy server called a redirector that masks the hackers origin. They use one or more such servers to make it difficult to trace a hack.

NSA is often lurking undetected for years on the ... [proxy hops] of state hackers, former agency contractor Edward Snowden tweeted Tuesday. This is how we follow their operations.

[Edward Snowden, the brand]

At the same time, other spy services, like Russias, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. Whats unprecedented is to not realize you made a mistake, he said. You would recognize, Oops, I uploaded that set and delete it.

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why its important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure.

Snowden, Weaver and some of the former NSA hackers say they suspect Russian involvement in the release of the cache, though no one has offered hard evidence. They say the timing in the wake of high-profile disclosures of Russian government hacking of the Democratic National Committee and other party organizations is notable.

Tweeted Snowden: Circumstantial evidence and conventional wisdom indicates Russian responsibility. He said that the disclosure is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this redirector or malware server by linking it to the NSA.

This could have significant foreign policy consequences, he said in another tweet. Particularly if any of those operations targeted U.S. allies or their elections.

Accordingly, he tweeted, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.

In other words, he tweeted, it looks like somebody sending a message that retaliating against Russia for its hacks of the political organizations could get messy fast.

Read more:

WikiLeaks, NSA leaker Edward Snowden clash on Twitter

The NSAs phone records program is over. That doesnt mean the data it collected is gone.

In a major cyber-hack, whom do you call? The White House spells it out.

Read the original here:
Powerful NSA hacking tools have been revealed online - The ...

Over the weekend, a mysterious group called "The Shadow Brokers" leaked what appear to be hacking tools that the U.S. National Security Agency uses to spy on people.

This bundle of computer code is about three years old. But it's still dangerous, since it puts a high-tech military arsenal online within reach of all kinds of criminals. They can use these tools to rob banks, steal government secrets or expose personal lives.

And on Tuesday morning, in a series of tweets, ex-NSA whistleblower Edward Snowden pointed out yet another potential repercussion from the leak.

If these digital weapons are found on a computer, that's evidence of an attack -- similar to finding fragments of a blown up missile.

Computer security researchers around the world are now reviewing computer networks for these tools. And wherever they find this leaked code, they'll know the NSA was spying.

The United States currently claims the moral high ground and censures China, Iran, North Korea and Russia for hacking Americans. But it could soon be caught doing the same to others.

Here's an easy-to-understand explanation of Snowden's technical commentary on Twitter this morning, in which he describes how modern-day computer spying works.

Modern day spying 101

Ever wonder how the U.S. government can accuse China of hacking the United States?

To launch an attack, an enemy government wouldn't hit American targets directly. That's too easy to trace back. Instead, foreign hackers find a dummy spot to launch their attack.

For example, Chinese hackers might slip into a computer server at a company in Peru. Then they'll use that server as a launchpad, sending commands from that computer to break into a U.S. target.

It's like China launching a missile at the United States from Peru.

The job of NSA hackers is sneak into those enemy launchpad computer servers and scrape off computer code evidence of a breach. Next time that same code is used in an attack, the NSA can trace it back to the bad guys.

But the NSA's job is also to spy on foreign governments, so it too launches hacking missions from unsuspecting servers. And foreign governments try to collect evidence of NSA tools to identify the NSA in the future.

The NSA's elite hacking team, called Tailored Access Operations, is instructed to always wipe evidence of its presence after a mission. It's like a Navy SEAL team picking up its spent ammunition shells. But sometimes evidence gets left behind.

Typically, enemy governments keep the evidence they find of an NSA hack a secret. What's new this time around is that someone is actually calling out the United States in a way that will help other countries detect American spy activity.

Here, Snowden is referring to recent veiled accusations by the United States that Russia hacked the Democratic National Committee. The U.S. government hasn't formally pointed the finger, but officials are hinting to reporters that Russia is messing with American politics.

Snowden thinks this NSA tool leak could be a message to the United States: You toy with foreign politics too -- don't be hypocritical.

Snowden ended his screed by pointing out an interesting tidbit. Even though these NSA tools have just been leaked, it appears that they were stolen back in 2013 -- a short time after Snowden blew the whistle on NSA spying on Americans. At that point, the NSA went into lockdown mode and ramped up security.

So, ironically, the NSA's response to Snowden's alleged treachery might have actually prevented enemy hackers from continuing to steal NSA tools.

CNNMoney (New York) First published August 16, 2016: 1:36 PM ET

Read more:
Snowden: NSA hack might reveal ugly side of US spying

Edward Snowden is seen on a screen as he delivers a speech during the Roskilde Festival in Roskilde, Denmark, June 28 2016. Mathias Loevgreen Bojesen / Scanpix Denmark via Reuters

In clumsily worded English, the Shadow Brokers also boasted online that they were saving their best stolen material for a public auction, to be sold to the highest bidder.

Since then, many cybersecurity experts -- including some former NSA officials -- have come to believe the material posted by the Shadow Brokers is indeed "exploits" and other specially constructed pieces of malware created by the NSA to break into the computers and communications devices of governments like Iran and China, as well as companies and individuals, and to either steal or manipulate the data they contain.

Snowden, the self-described superhacker spy, took to Twitter on Tuesday to say he thinks the public posting of what he described as NSA cybertools may be part of a broader influence operation by Russia.

The U.S. intelligence community believes Russia is behind numerous hacks of entities and people associated with the Democratic Party over the past year, and federal authorities are investigating them and the subsequent release of information via WikiLeaks and other outlets. Many U.S. officials believe those hacks are part of an effort by Russian President Vladimir Putin to help his favored candidate, Republican Donald Trump, and hinder his Democratic rival, Hillary Clinton.

But so far, the Obama administration hasn't formally accused Russia or taken steps to publicly confront it or issue sanctions. And Snowden speculated that Russia may be using the weekend disclosures to warn the White House against taking such actions.

In one tweet, Snowden noted that the "undetected hacker squatting on this NSA server lost access in June 2013," suggesting the hackers have been sitting on the material for three years.

"Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack," Snowden tweeted. He also said the weekend postings "may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks. This leak looks like a somebody [sic] sending a message that an escalation in the attribution game could get messy fast."

The NSA leaker also said any U..S. action against Russia could result in the public disclosure of embarrassing information about cyber-operations of its own: "Here's why that is significant," Snowden said. "This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server."

Such a disclosure could have huge foreign policy consequences, Snowden said, especially if it shows that NSA hackers were targeting U.S. allies. "Particularly if any of those operations targeted elections," he said.

The NSA did not respond to requests for comment, but when asked if the agency had been hacked, one NSA official told NBC News that, "I don't have anything for you on that."

NSA expert James Bamford said the hack appeared to be significant, but he cautioned against pointing the finger at Russia, especially the government, given how many different groups of hackers routinely target NSA servers.

"There are so many unknowns here, and a lot of people in the hacking community don't think this is the Russian government," said Bamford, the author of three books about the NSA who has also visited Snowden in Russia and interviewed him there.

"I don't know how Snowden would have any idea who did this, sitting there in an apartment in Moscow," Bamford said. "Even the NSA probably doesn't know who did this."

In recent days, other security experts also have come to believe that the computer code comes from the NSA and that Russia is behind its theft and release.

Former NSA general counsel Stewart Baker told NBC News that "there is a lot of consensus among technical experts" that the cybertools were indeed stolen from the NSA, most likely from an external command and control server created to launch hacking operations that couldn't be traced back to the U.S.

"The more disastrous and less likely scenario is that someone has hacked U.S. infrastructure and extracted large files," said Baker, a prominent international cybersecurity lawyer.

Either way, the weekend postings are cause for dismay, Baker said, noting that "the assumption that it is Russian intelligence is a good first estimate, as it's one of a half dozen leaks of information directly hostile to the U.S. government and U.S. institutions."

"It shows how very sophisticated the spy-vs-spy game in cyberspace has become," he said. "What we are now seeing is an example of one spy agency trying to compromise the infrastructure of another spy agency and how that it is happening at an almost unfathomably sophisticated level."

See more here:
Were Russians Involved in NSA Hack? - NBC News

At least some of the hacking weapons possibly pilfered from an NSA-linked cyberoperation and exposed publicly earlier this week are real and include a zero-day exploit, according to two companies whose products were targeted.

Cybersecurity companies Cisco and Fortinet announced online Wednesday that some code published by the mysterious Shadow Group affected legacy versions of their firewalls, but the vulnerabilities already were addressed in upgraded versions. More severely, however, Cisco said one of the exploits in the code was unknown to the company until it popped up online and is still a threat.

If the right configurations are present, Cisco said, the vulnerability "could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system."

Yvonne Malmgren, a spokeswoman for Cisco, told ABC News that the company is directing its customers to workarounds to "mitigate that particular vulnerability" and that a fix is coming "in the near future."

Cybersecurity experts and former U.S. officials who have analyzed some of the code released online by the Shadow Brokers were already convinced at least some of it appeared very real. Zero-day vulnerabilities those that are unknown to makers of the target software are particularly valuable on the cyber black market because, by definition, there's no specific defense against them.

The Shadow Brokers a name that's new to the cybersecurity community and could be a reference to a popular video game popped up online over the weekend claiming to have broken into the files of another elite hacking team known as the Equation Group. The Equation Group was first identified in February 2015 by the Russian cybersecurity firm Kaspersky Lab, which recently described it as the "apex predator" of the hacking world.

In its initial report, Kaspersky said that the Equation Group "is unique almost in every aspect of their activities: They use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims."

Kaspersky also said the Equation Group appeared to have "solid links" with the creators of the cyber-superweapon Stuxnet, which was reportedly the product of a joint U.S. National Security AgencyIsraeli intelligence operation. That link, along with Equation Group's reported long-time targeting of Iranian, Russian, Chinese and Pakistani systems, among others, has led observers to suspect the Equation Group is at least connected to the NSA or some Western intelligence agency.

The names of some of the exploits released by the Shadow Brokers refer to operations exposed by former NSA contractor Edward Snowden, but researchers pointed out that since his revelations in 2013, those names have been public information.

The Shadow Brokers announced in stilted English earlier this week that they plan to put the best of the cyberweapons up for auction and that if it nets at least 1 million bitcoins (worth over $560 million), they will release more Equation Group files to the public. As of this report, the auction has pulled in less than $1,000.

It's unclear how the Shadow Brokers got a hold of the cyberweapons; the group claims to have "followed" Equation Group traffic to its "source range" and then hacked it.

The question remains whether the Equation Group or another U.S.-aligned or -allied hacking group, private contractor or intelligence agency was actually hacked and, more immediately, whether the yet-to-be-released cyberweapons are as real as the teaser code. The Shadow Group billed the unseen payloads as "better than Stuxnet," the game-changing worm that physically damaged an Iranian nuclear facility.

Snowden noted on Twitter that date references in the released code end in the fall of 2013, just after he went public with revelations about NSA surveillance operations. He speculated that perhaps an NSA outside "staging server" essentially a holding pen for malware had been hacked and the NSA migrated the malware to a different server after he went public as a security precaution, inadvertently but fortuitously cutting off the hackers' access.

Oren Falkowitz, a former NSA hacker with the agency's elite Tailored Access Operations, said he strongly doubted the NSA itself was hacked a sentiment shared by two other cybersecurity experts who spoke to ABC News.

"I can think of a dozen ways" the tools could have been stolen, Falkowitz said, such as being taken from an outside server and being pilfered from an unsecured laptop. The NSA from time to time outsources the development of offensive cyberweapons to private contractors, according to cybersecurity experts.

As for who the Shadow Brokers are, there's only speculation, which runs the gamut from a disgruntled insider at a U.S.-linked group to a sophisticated nation-state like Russia. But the group's public posturing has thrown observers for a loop.

"Revealing the results [of a major hack] in this way is extremely atypical," Falkowitz said. "To do something as childish as hold a public auction with bitcoin ... just seems like not consistent with the way really sophisticated government groups would operate."

"It's really bizarre," he said.

Fortinet did not immediately respond to a request for comment for this report.

Read the original post:
In 'Bizarre' NSA-Linked Hacking Saga, Some Exploits Prove ...

Welcome !2015 NSA Adult and YouthSoftball and BPA Youth Baseball

Adult Coaches

New for 2015, here are a few changes you need to know about.

1. Players will give the coach they want to play for their Player number.

2. Coach signs in to team account and starts building roster by putting in player numbers to be added automatically to the roster.

3. No more Coach sending invites and waiting for Player accept.

4. No more Players signing in to Accept to be on a roster.

5. Player is officially on the roster once they sign the printed online roster.

This is NSAs way to make the process easier and simpler for coaches and players.

We are looking for sponsors for the 2015 softball tournaments. If you, or anyone you know might be interested in sponsoring one tournament, or be a sponsor for a series of tournaments, please contact me. We are looking at some exciting changes to our tournament structure, and are sure that you will like what we have coming in 2015 with our Tournaments.

Weinvite you tosanction your teams here on-linefor the 2015 season, beginning in January, 2015. Look here for UpcomingLeague play,info for Tournaments, Updated National rules, Classification & Roster rules, Post season play, NSA points system, SUPER WORLD SERIES info, Hotels, NSA links and Sponsors.If you are interested in becoming a Tournament Director or run the NSA Program at your Ball Park, PleaseContact us at bhancock@playnsa.com,or call the NSA State Director Bill Hancock at 918-607-1661.We look forward to seeing yourSoftball Team on the Diamonds in 2015 !!

Indian Springs 2015 SUMMER LEAGUES

Clinton Oklahoma - Acme Brick Ballpark

Coweta Softball Complex

All Star Sports Complex- Batting Cages/Practice

Oklahoma NSA Headquarters

Bill Hancock

StateDirector

(918)607-1661

So, If you are looking for Post season play with an Association that works hard to put teams in their CORRECT Classification, Thenwe look forward to seeing your teamat many of the Ball Parks in Oklahoma this year. We want to see as many teams as possible qualify for World Series and "Super" World Series events in September and October.

Clarion Hotel

2600 N. Aspen Ave

Broken Arrow, OK

918-258-7085

Free HOT breakfast

Outdoor Swimming Pool

Pet Friendly

Ask for Oklahoma NSA Special Rate.

ECONOLODGE HOTEL

2600 N. Aspen Ave Building B

Broken Arrow, OK

918-251-1010

Free Continental Breakfast

Pet Friendly

Special Oklahoma NSA Rates

Sleep Inn and Suites, Tulsa Central/I44

8021 E. 33rd St South (I-44 and Memorial)

Tulsa, OK 74145

Tel: (918) 663-2777

Fax: (918) 858-4445

QUALITY INN

10829 e. 41ST ST.

918-665-0220

Free HOT breakfast

Free WIFI

Microwave and Refrigerator in every room

Outdoor Pool

Special Okahoma NSA Room Rates

More here:
Oklahoma NSA Softball