Archive for the ‘NSA’ Category

Warning Sony of Coming Storm Wasn't NSA's Department

The United States National Security Agency knew in advance that North Korea was about to hack into Sony's systems, according to The New York Times.

The NSA apparently penetrated North Korea's network through several vectors, including Chinese networks used to connect with the rest of the world and hacker connections in Malaysia. The NSA was able to burrow in using the networks of South Korea and other allies.

Leveraging the South Korean network was referenced in this now-unclassified NSA document published by Der Spiegel.

The evidence gathered by the NSA reportedly spurred President Obama's accusation that North Korea was behind last year's cyberattacks on Sony.

The report triggered a media storm and drew a wide gamut of responses from readers.

"I wonder if perhaps the NSA did get wind of the planned attack but deliberately withheld that info from Sony because it, the NSA, feared that Sony might react by tightening its security, thereby tipping off NK that the NSA knew what it was up to," mused archer717. "I'll bet Sony's execs are asking themselves just that question as they read this article."

Several expressed support for the NSA's monitoring North Korea's systems.

For example, "I'm very glad the U.S. has the capability to monitor these rogue actors," Tim wrote, pointing out that the NSA's stated mission is collecting foreign signals intelligence to prevent strategic surprises.

On the other hand, many, like Phil Green, argued that the U.S.' own hands are not clean.

"You always figure that, when the U.S. accuses another nation of bad behavior, that the U.S. has done the very act complained of," Green suggested. "We hacked Iran's and Brazil's oil companies and invaded the privacy of everyone on Earth long before we were caught, but not before we had accused others of doing what we do best and more of than anyone else."

More:
Warning Sony of Coming Storm Wasn't NSA's Department

Total Surveillance NSA tampers with US made internet routers to collect your data May 13, 2014 – Video


Total Surveillance NSA tampers with US made internet routers to collect your data May 13, 2014
Hi Friends,how are you? If You Like My Channel Then Please Like,Share And Subscribed To My Channel for daily Update...:)

By: John Salina

Read the original here:
Total Surveillance NSA tampers with US made internet routers to collect your data May 13, 2014 - Video

Giving Hypocrisy a Bad Name NSA Backing Senate Intel Chair Blasts CIA for Spying on Torture Probe – Video


Giving Hypocrisy a Bad Name NSA Backing Senate Intel Chair Blasts CIA for Spying on Torture Probe
Please Like And Subscribed For daily Update ;.....:)

By: Johnny Dipper

View original post here:
Giving Hypocrisy a Bad Name NSA Backing Senate Intel Chair Blasts CIA for Spying on Torture Probe - Video

Report: NSA not only creates, but also hijacks, malware

In addition to having its own arsenal of digital weapons, the U.S. National Security Agency reportedly hijacks and repurposes third-party malware.

The NSA is using its network of servers around the world to monitor botnets made up of thousands or millions of infected computers. When needed, the agency can exploit features of those botnets to insert its own malware on the already compromised computers, through a technology codenamed Quantumbot, German new magazine Der Spiegel reported Sunday.

One of the secret documents leaked by former NSA contractor Edward Snowden and published by Der Spiegel contains details about a covert NSA program called DEFIANTWARRIOR thats used to hijack botnet computers and use them as pervasive network analysis vantage points and throw-away non-attributable CNA [computer network attack] nodes.

This means that if a users computer is infected by cybercriminals with some malware, the NSA might step in, deploy their own malware alongside it and then use that computer to attack other interesting targets. Those attacks couldnt then be traced back to the NSA.

According to the leaked document, this is only done for foreign computers. Bots that are based in the U.S. are reported to the FBI Office of Victim Assistance.

The NSA also intercepts and collects data that is stolen by third-party malware programs, especially those deployed by other foreign intelligence agencies, if it is valuable. It refers to this practice as fourth party collection.

In 2009, the NSA tracked a Chinese cyberattack against the U.S. Department of Defense and was eventually able to infiltrate the operation. It found that the Chinese attackers were also stealing data from the United Nations so it continued to monitor the attackers while they were collecting internal UN data, Der Spiegel reported.

It goes deeper than that. One leaked secret document contains an NSA workers account of a case of fifth party collection. It describes how the NSA infiltrated the South Korean CNE (computer network exploitation) program that targeted North Korea.

We found a few instances where there were NK officials with SK implants on their boxes, so we got on the exfil [data exfiltration] points, and sucked back the data, the NSA staffer wrote in the document. However, some of the individuals that SK was targeting were also part of the NK CNE program. So I guess that would be the fifth party collect you were talking about.

In other words, the NSA spied on a foreign intelligence agency that was spying on a different foreign intelligence agency that had interesting data of its own.

Visit link:
Report: NSA not only creates, but also hijacks, malware

NSA secretly hijacked existing malware to spy on N. Korea, others

When the NSA had limited access to North Korea's networks, the agency secretly tapped into South Korea's surveillance malware.

A new wave of documents from Edward Snowden's cache of National Security Agency data published by Der Spiegel demonstrates how the agency has used its network exploitation capabilities both to defend military networks from attack and to co-opt other organizations' hacks for intelligence collection and other purposes. In one case, the NSA secretly tapped into South Korean network espionage on North Korean networks to gather intelligence.

The documents were published as part of an analysis by Jacob Appelbaum and others working for Der Spiegel of how the NSA has developed an offensive cyberwarfare capability over the past decade. According to a report by the New York Times, the access the NSA gained into North Korea's networkswhich initially leveraged South Korean "implants" on North Korean systems, but eventually consisted of the NSA's own malwareplayed a role in attributing the attack on Sony Pictures to North Korean state-sponsored actors.

Included with the documents released by Der Spiegel are details on how the NSA built up its Remote Operations Center to carry out "Tailored Access Operations" on a variety of targets, while also building the capability to do permanent damage to adversaries' information systems, including internal NSA newsletter interviews and training materials. Also included was a malware sample for a keylogger, apparently developed by the NSA and possibly other members of the "Five Eyes" intelligence community, which was also included in the dump. The code appears to be from the Five Eyes joint program "Warriorpride," a set of tools shared by the NSA, the United Kingdom's GCHQ, the Australian Signals Directorate, Canada's Communications Security Establishment, and New Zealand's Government Communications Security Bureau.

It's not clear from the report whether the keylogger sample came from the cache of documents provided by former NSA contractor Edward Snowden or from another source. As of now, Appelbaum and Der Spiegel have not yet responded to a request by Ars for clarification. However, Appelbaum has previously published content from the NSA, including the NSA's ANT catalog of espionage tools, that were apparently not from the Snowden cache.

The core of the NSA's ability to detect, deceive, block, and even repurpose others' cyber-attacks, according to the documents, are Turbine and Turmoil, components of the Turbulence family of Internet surveillance and exploitation systems. These systems are also connected to Tutelage, an NSA system used to monitor traffic to and from US military networks, to defend against attacks on Department of Defense systems.

When an attack on a DoD network is detected through passive surveillance (either through live alerts from the Turmoil surveillance filters or processing by the Xkeyscore database), the NSA can identify the components involved in the attack and take action to block it, redirect it to a false target to analyze the malware used in the attack, or do other things to disrupt or deceive the attacker. This all happens outside of DOD's networks, on the public Internet, using "Quantum" attacks injected into network traffic at a routing point.

But the NSA can also use others' cyberattacks for its own purposes, including hijacking botnets operated by other actors to spread the NSA's own "implant" malware. Collection of intelligence of a target using another actor's hack of that target is referred to within the signals intelligence community as "fourth party collection." By discovering an active exploit by another intelligence organization or other attacker on a target of interest, the NSA can opportunistically ramp up collection on that party as well, or even use it to distribute its own malware to do surveillance.

In a case study covered in one NSA presentation, the NSA's Tailored Access Office hijacked a botnet known by the codename "Boxingrumble" that had primarily targeted the computers of Chinese and Vietnamese dissidents and was being used to target the DOD's unclassified NIPRNET network. The NSA was able to deflect the attack and fool the botnet into treating one of TAO's servers as a trusted command and control (C&C or C2) server. TAO then used that position of trust, gained by executing a DNS spoofing attack injected into the botnet's traffic, to gather intelligence from the bots and distribute the NSA's own implant malware to the targets.

Things get even more interesting in the case of the NSA's urgent need to gather more intelligence from North Korea's networks. In a question-and-answer posting to the NSA's intranet, an NSA employee recounted a "fifth party" collection that occurred when the NSA hacked into South Korea's exploit of North Korean computersand ended up collecting data from North Korea's hack of someone else:

View post:
NSA secretly hijacked existing malware to spy on N. Korea, others