Archive for the ‘NSA’ Category

SolarWinds Is Not the ‘Hack of the Century.’ Its Blowback for the NSA’s Longtime Dominance of Cyberspace – Common Dreams

Last month, the private security firm FireEye discovered a widespread breach of government and corporate computer networks through a so-called "supply chain" exploit of the network management firm SolarWinds, conducted by nation-state-level hackers, widely thought to be Russia. Most coverage of the breach featured ominous headlines and quotes from current and former government officials describing it as the biggest hack of modern times. Occasionally, buried in one of the closing paragraphs, there was an official quoted admitting that, so far, only "business networks" were known to be compromisedsensitive but unclassified email systems and data on job descriptions and HR functions.

"Like our nuclear policy before it, the stated goal is deterrence, but the actual goal is to create a cover for unchecked aggression and dominance."

These stories lack context of the true state of cyber espionage over the last few decades. The SolarWinds hack is certainly a large and very damaging breach, but one could almost pick at random any five or ten of the hundreds of codename programs revealed in the Snowden documents that would top it. The mother of all supply chain attacks (that we know of publicly) may have been the clandestine American role behind CryptoAGwhich allowed the NSA to sell scores of foreign governments broken cryptographic systems through which it was possible to crack the encryption on their top-level government and military communications for decades. And of course the first, and one of the only, actual cyberattacks in history was the Stuxnet program conducted by Israeli and American services against Iranian nuclear centrifuges.

Yet the American public may be left with the impression that Russian hacking poses a uniquely aggressive and destabilizing threat to the international order, and therefore must be punished. News coverage has been leadened with apoplectic quotes from senior officials and lawmakers that the breach represents "virtually a declaration of war," that we need to "get the ball out of their hands and go on offense," that "we must reserve our right to unilateral self-defense," and even that "all elements of national power must be placed on the table" (All elements? Tanks? Nuclear weapons?). This kind of hyperbolic reaction cannot be driven by sincere shock at the idea of a government hacking into and spying on another governments networks. More plausibly, it is driven by outrage at the idea of any other nation challenging the United States' overwhelming dominance to date in network espionage.

The Pentagon has so far responded to the breach by proposing a rearrangement of the organizational chart for our cyber army. And if history is any guide, Congress will respond as they have to past intelligence failures: by throwing more money at the bureaucracy to feed its legion of private contractors. In other words: more of what contributed to this breach in the first place. The ever-growing feeding frenzy for beltway bandits not only increases the attack surface for foreign hackers, it ensures that Congress does not have the capacity (even if it had the will) to understand and oversee increasingly complex supply chains to ensure basic security standards for the very companies who will be called on to fix these vulnerabilities. Few were even aware of the ubiquity of SolarWinds presence across so many of our government networks, and the lax security practices of this key software provider have only come under scrutiny retroactively. According to reports, the update server for SolarWinds softwarean incredibly sensitive key piece of any software supply chainwas publicly accessible by a default password that had leaked to the internet in 2019, and the company had been warned both by its employees and by independent security researchers.

Here another tragic irony emerges: whatever internal channels were used to warn of these security lapses were clearly not effective, but if a whistleblower had taken this kind of sensitive national security information to the presspublication of which perhaps could have forced action and prevented a major act of espionage against our governmentthey would have put themselves at risk of prosecution under the Espionage Act.

"If reports are true that Russia was behind SolarWinds, and was using its access to case physical infrastructure networks in the U.S., their motivation may have been to gain a small measure of deterrence against the overwhelming superiority of American offensive capabilities."

So while the pundits clamor for retaliation and Washington bickers about rearranging the desks at Fort Meade, we still do not get a debate on alternatives that might better serve the American people. In secret, and without public consultation, the NSA long ago decided to use our privileged position sitting atop the internet backbone not to secure it; to level up the safety of key systems for all its users (but to poke more holes in it); and to stockpile exploits and hoard vulnerabilities in order to dip its hands into nearly every network, communications protocol, and computer system of consequence on the planet, both foes and allies alike.

Even our defensive strategy has become a policy of aggression. Dubbed "defend forward," it has us maintaining backdoors and software implants on key infrastructure systems around the world, as a way of keeping a loaded gun pointed at any real or potential adversary. Like our nuclear policy before it, the stated goal is deterrence, but the actual goal is to create a cover for unchecked aggression and dominance. If reports are true that Russia was behind SolarWinds, and was using its access to case physical infrastructure networks in the U.S., their motivation may have been to gain a small measure of deterrence against the overwhelming superiority of American offensive capabilities.

The wisdom of such an aggressive posture towards the global internet was one of the key questions Edward Snowden posed to the public after his disclosures. We should not fail to consider it as we increasingly get a taste of what the rest of the world has been subjected to by American spies for decades.

Go here to read the rest:
SolarWinds Is Not the 'Hack of the Century.' Its Blowback for the NSA's Longtime Dominance of Cyberspace - Common Dreams

Companies Pay Criminal Penalties And Compensation For Undermining Competition – JD Supra

[co author: Markus Speidel]

Berlitz and CLCI admitted to violating 18 U.S.C. 371 by discussing, agreeing to, and facilitating the submission of false and misleading information to the National Security Agency (NSA) between March and December 2017. The charges relate to a multiple award indefinite delivery, indefinite quantity (IDIQ) contract vehicle for foreign language instruction, under which the NSA awarded three prime contracts. To qualify as technically acceptable, offerors needed the capacity to provide language training in all six specified geographic areas. Following award of the IDIQ contracts, the awardees would then compete against each other for individual delivery orders to provide training in a particular language at particular locations.

According to their stipulations, Berlitz and CLCI submitted invoices and received payments based on non-competitive bids. In furtherance of the conspiracy, and to qualify as technically acceptable when it otherwise would have been ineligible for award, CLCI falsely and misleadingly claimed the capacity to perform training services at a particular facility in Odenton, Maryland a facility that turned out to be solely owned and operated by its competitor, Berlitz. Berlitz provided CLCI with a floor plan to the Odenton facility, which CLCI submitted as our Odenton, MD location in its proposal. In exchange for this favor, CLCI agreed not to bid against Berlitz for any delivery orders involving language training near the Odenton facility. CLCI memorialized the agreement with a draft letter in an email to Berlitz. On two separate occasions in August 2017, the companies maintained the agreement by email exchanges, confirming that CLCI would not bid on a delivery order NSA sent out for instruction in Maryland.

Under the deferred prosecution agreements, which resolved the charges, both companies agreed to cooperate fully in any related criminal investigation and prosecution, and to implement a compliance and ethics program to detect and prevent future violations. Both companies also agreed to pay criminal penalties, $147,000 for Berlitz and $140,000 for CLCI, and victim compensation to NSA to the tune of $57,000. Violations of 18 U.S.C. 371 carry a maximum company fine of $500,000.

Takeaway: Contractors and prospective contractors would do well to heed the lessons here. When submitting information to the government, truthfulness is paramount. And it should go without saying that colluding with other competitors to stifle competition is illegal. Companies that violate these legal and ethical norms not only face criminal penalties, but also may end up suspended or debarred from government contracting. Companies should ensure their regular ethics training addresses these and other aspects of integrity in the bidding process.

*Markus Speidel is a Law Clerk in our Washington, D.C. office and not admitted to the bar.

[View source.]

Follow this link:
Companies Pay Criminal Penalties And Compensation For Undermining Competition - JD Supra

Coronavirus: NSA to extend demacation of seats across the various stadia – GhanaWeb

Sports News of Friday, 29 January 2021

Source: Happy 98.9FM

The NSA has warned that anybody who flouts the COVID-19 protocols would be punished

The Director-General for the National Sports Authority (NSA), Professor Peter Twumasi, has disclosed to Happy Sports that there are plans to ensure that proper spacing is done at the various stadia across the country to prevent the spread of the COVID-19.

According to the NSA boss, the COVID-19 is on the rise and the Authority is putting in measures to ensure that there is strict adherence to the protocols on match days.

He stressed that the NSA will ensure strict adherence to the COVID-19 protocols in accordance with the 25 per cent capacity allowed to watch the games.

We are in tougher times during this COVID-19. So we are putting in measures to make sure everyone adheres strictly to the COVID-19 protocols when they come to the stadium, he told Odiasempa Kwame Oware on Wamputu Sports on Happy 98.9FM.

In order to ensure that there is proper spacing done at the venue, we have done a proper demarcation so the fans know where to sit. We will make sure we will replicate this around all the various stadia, he added.

Professor Peter Twumasi warned that anybody who flouts the COVID-19 protocols would be punished.

Read this article:
Coronavirus: NSA to extend demacation of seats across the various stadia - GhanaWeb

January 30, 1981, Forty Years Ago: Assam DIG arrested – The Indian Express

The Assam government has made its intention clear in no uncertain terms by arresting the states DIG Hiranya Kumar Bhattacharya under the National Security Act. Bhattacharya is an alleged sympathiser of the agitation on the foreigners issue. Professor Lakhinandan Bora of the Assam Agricultural University was also arrested under the NSA. Oil supplies from the state to the refinery in Barauni in Bihar have resumed. The developments signal that the hardliners in the Union cabinet on the Assam issue have won at a time when the resumption of talks between the agitators and the Centre was looking imminent. While resumption of oil supplies was always on the cards, the arrests, especially that of Bhattacharya. took everyone by surprise. The DIG, who is on leave, has apparently been taken to Ranchi.

Congress Leader

Laxmi Narain Induria, general secretary of Madhya Pradesh Congress (I), has been sacked. Induria belongs to the Vidya Charan Shukla group, which has been complaining to the Centre against Chief Minister Arjun Singh. He along with several other MLAs and MPs from Madhya Pradesh have been camping in Delhi to seek a meeting with Prime Minister Indira Gandhi.

Asiad Woes

The cost of the Asian Games may soar to Rs 700 crore taking into account the cost of flyovers, hotels, roads, railway lines. A hush-hush government study has revealed that the work on the main stadia is running behind schedule and theres a possibility that the games could be postponed by a year. Opposition parties are not too happy about holding the games in Delhi, but they dont want to appear churlish by starting an agitation. The Lok Dal, however, is determined to protest against the games. When the Janata government approved the Asian Games proposal, the estimated cost was around Rs 250 crore.

Go here to see the original:
January 30, 1981, Forty Years Ago: Assam DIG arrested - The Indian Express

Harold T. Martin III – Wikipedia

American citizen accused of stealing digital data from the NSA

Harold Thomas Martin III

1964 (age5657)

Harold Thomas Martin III (born November 1964) is a former contractor for Booz Allen Hamilton who has been accused of stealing approximately 50 terabytes of data from the National Security Agency (NSA).[4][5]

Investigators have reportedly had difficulty determining if Martin was engaged in conventional espionage or digital hoarding.[6] Public reporting has indicated that United States government agencies apparently failed to note or effectively respond to a number of issues with Martin's security practices and behaviors over a period of 10 to 20 years.[7][8]

Martin earned a bachelor's degree in economics and math from the University of Wisconsin-Madison in 1989, and a master's degree in information systems from George Mason University in 2004.[9][10] At the time of his arrest, Martin was pursuing a PhD in Computing from the University of Maryland, Baltimore County.[11][12] His research area was Virtual Interfaces for Exploration of Heterogeneous & Cloud Computing Architectures.[13][14]

Martin previously worked for Computer Sciences Corp and Tenacity Solutions.[15] Martin worked for the National Security Agency between 2012 and 2015, including spending some time with the elite Tailored Access Operations unit, albeit in a support capacity.[16]

Martin had previously served as a Surface Warfare Officer in the United States Navy, serving from 1987 until 2000.[17][18][19] He moved to the United States Navy Reserve, which was when he first received access to classified data.[20] In 2015, while still a Booz Allen Hamilton contractor, he was transferred to the Department of Defense's Office of Acquisition, Technology and Logistics (AT&L).[21]

While attempting to trace the source of the Shadow Brokers leak in the summer of 2016, the Federal Bureau of Investigation (FBI) was alerted by the NSA to an internet post made by Martin, who allegedly communicated via the Twitter account @HAL_999999999.[22][23][24] Martin used Twitter to contact Russian-based Kaspersky Lab, a cyber-security firm, which in turn alerted the National Security Agency.[25][26] The Federal Bureau of Investigations used the information provided by Kaspersky researchers to obtain a search warrant of Martin's residence.[25]

Subsequently, according to the United States Department of Justice, the FBI discovered thousands of pages and terabytes of data of classified information in Martin's residence and personal vehicle, including classified computer code.[27][28][29] Martin is reported to have stolen the classified information simply by walking out of secure workplaces with it in his possession.[30] Prosecutors have stated that the stolen classified information includes the names of covert intelligence officers.[31]

According to the indictment, Martin stole materials from the Central Intelligence Agency, the National Security Agency, the United States Cyber Command, the United States Department of Defense and the National Reconnaissance Office.[32][33] According to the prosecutors, there is no evidence that Martin actually accessed any of the files he stole.[34][35]

Martin was charged by the United States Department of Justice with "willful retention of national defense information".[36][37] Martin entered a plea of not guilty.[38][39] In an October 2016 hearing at the United States District Court for the District of Maryland, Magistrate Judge A. David Copperthite sided with the prosecution in agreeing that Martin was a flight risk and would not be released pending trial.[40][41] The FBI's failure to provide Martin with a Miranda warning led to U.S. District Court Judge Richard Bennett rendering many of Martin's statements as inadmissible.[23]

Martin's defense attorneys argued that he suffered from mental health issues, of which his hoarding was a symptom.[42] Martin agreed to plead guilty in December 2017.[43][44] This was scheduled to occur on January 22, 2018.[45] Martin pled not guilty. According to the court's Memorandum Opinion dated December 3, 2018, Martin's trial date was scheduled for June 17, 2019.[22] On March 17, 2019, Martin agreed to plead guilty to "Willful Retention of National Defense Information," the deal called for nine years in prison, three years supervised release and a fine of up to $250,000.[46]

On July 19, 2019, Martin was sentenced to nine years in prison.[47]

View original post here:
Harold T. Martin III - Wikipedia