« First...102030...2,4752,4762,4772,4782,479...2,4902,5002,510...Last »

Cheap software helped Edward Snowden plunder NSA secrets …

Posted on by

NEW YORK: Intelligence officials investigating how Edward J Snowden gained access to a huge trove of the country's most highly classified documents say they have determined that he used inexpensive and widely available software to "scrape" the National Security Agency's networks, and he kept at it even after he was briefly challenged by agency officials.

Using "Web crawler" software designed to search, index and back up a website, Snowden "scraped data out of our systems" while he went about his day job, according to a senior intelligence official. "We do not believe this was an individual sitting at a machine and downloading this much material in sequence," the official said. The process, he added, was "quite automated".

The findings are striking because the NSA's mission includes protecting the nation's most sensitive military and intelligence computer systems from cyberattacks, especially the sophisticated attacks that emanate from Russia and China. Snowden's "insider attack," by contrast, was hardly sophisticated and should have been easily detected, investigators found.

Moreover, Snowden succeeded nearly three years after the WikiLeaks disclosures, in which military and State Department files, of far less sensitivity, were taken using similar techniques.

Snowden had broad access to the NSA's complete files because he was working as a technology contractor for the agency in Hawaii, helping to manage the agency's computer systems in an outpost that focuses on China and North Korea. A Web crawler, also called a spider, automatically moves from website to website, following links embedded in each document, and can be programmed to copy everything in its path.

Snowden appears to have set the parameters for the searches, including which subjects to look for and how deeply to follow links to documents and other data on the NSA's internal networks. Intelligence officials told a House hearing last week that he accessed roughly 1.7 million files.

Among the materials prominent in the Snowden files are the agency's shared "wikis," databases to which intelligence analysts, operatives and others contributed their knowledge. Some of that material indicates that Snowden "accessed" the documents. But experts say they may well have been downloaded not by him but by the program acting on his behalf.

Agency officials insist that if Snowden had been working from NSA headquarters at Fort Meade, Md, which was equipped with monitors designed to detect when a huge volume of data was being accessed and downloaded, he almost certainly would have been caught. But because he worked at an agency outpost that had not yet been upgraded with modern security measures, his copying of what the agency's newly appointed No. 2 officer, Rick Ledgett, recently called "the keys to the kingdom" raised few alarms.

"Some place had to be last" in getting the security upgrade, said one official familiar with Snowden's activities. But he added that Snowden's actions had been "challenged a few times."

In at least one instance when he was questioned, Snowden provided what were later described to investigators as legitimate-sounding explanations for his activities: As a systems administrator he was responsible for conducting routine network maintenance. That could include backing up the computer systems and moving information to local servers, investigators were told.

View post:
Cheap software helped Edward Snowden plunder NSA secrets ...

Snowden used low-cost common tool to find NSA data: report

Posted on by

;

AP Photo/The Guardian, Glenn Greenwald and Laura Poitras, File

TORONTO Whistleblower Edward Snowden used common low-cost web crawler software to obtain top secret NSA documents, a new report alleges, raising new concerns about the U.S. agencys security measures.

According to a new report by the New York Times, Snowden used software designed to search, index, and back up a website in order to gather data from the NSAs system with little effort. At the time, Snowden was working as an NSA contractor in Hawaii, giving him broad access to the agencys complete files.

READ MORE: What is PRISM? A cyber-surveillance explainer

The software reportedly allowed Snowden to set certain search parameters that would function while he went about his day job.

The web crawler sometimes called a spider is an Internet bot that moves from website to website by following hyperlinks. The crawler can be programmed to copy everything in its path.

Search engines like Google use web crawling software to update their content, while indexing other sites web content.

These programs are easy to come by and dont cost very much to operate.

The report, which cites unnamed intelligence officials investigating the matter, revealed that Snowden accessed roughly 1.7 million NSA files in the process.

See more here:
Snowden used low-cost common tool to find NSA data: report

NSA spying undermines separation of powers: Column

Posted on by

Glenn Harlan Reynolds 2:28 p.m. EST February 10, 2014

The White House.(Photo: Susan Walsh, AP)

Most of the worry about the National Security Agency's bulk interception of telephone calls, e-mail and the like has centered around threats to privacy. And, in fact, the evidence suggests that if you've got a particularly steamy phone- or Skype-sex session going on, it just might wind up being shared by voyeuristic NSA analysts.

But most Americans figure, probably rightly, that the NSA isn't likely to be interested in their stuff. (Anyone who hacks my e-mail is automatically punished, by having to read it.) There is, however, a class of people who can't take that disinterest for granted: members of Congress and the judiciary. What they have to say is likely to be pretty interesting to anyone with a political ax to grind. And the ability of the executive branch to snoop on the phone calls of people in the other branches isn't just a threat to privacy, but a threat to the separation of powers and the Constitution.

As the Framers conceived it, our system of government is divided into three branches -- the executive, legislative and judicial -- each of which is designed to serve as a check on the others. If the president gets out of control, Congress can defund his efforts, or impeach him, and the judiciary can declare his acts unconstitutional. If Congress passes unconstitutional laws, the president can veto them, or refuse to enforce them, and the judiciary, again, can declare them invalid. If the judiciary gets carried away, the president can appoint new judges, and Congress can change the laws, or even impeach.

But if the federal government has broad domestic-spying powers, and if those are controlled by the executive branch without significant oversight, then the president has the power to snoop on political enemies, getting an advantage in countering their plans, and gathering material that can be used to blackmail or destroy them. With such power in the executive, the traditional role of the other branches as checks would be seriously undermined, and our system of government would veer toward what James Madison in The Federalist No. 47 called "the very definition of tyranny," that is, "the accumulation of all powers, legislative, executive, and judiciary, in the same hands."

That such widespread spying power exists, of course, doesn't prove that it has actually been abused. But the temptation to make use of such a power for self-serving political ends is likely to be very great. And, given the secrecy surrounding such programs, outsiders might never know. In fact, given the compartmentalization that goes on in the intelligence world, almost everyone at the NSA might be acting properly, completely unaware that one small section is devoted to gather political intelligence. We can hope, of course, that such abuses would leak out, but they might not.

Rather than counting on leakers to protect us, we need strong structural controls that don't depend on people being heroically honest or unusually immune to political temptation, two characteristics not in oversupply among our political class. That means that the government shouldn't be able to spy on Americans without a warrant a warrant that comes from a different branch of government, and requires probable cause. The government should also have to keep a clear record of who was spied on, and why, and of exactly who had access to the information once it was gathered. We need the kind of extensive audit trails for access to information that, as the Edward Snowden experience clearly illustrates, don't currently exist.

In addition, we need civil damages with, perhaps, a waiver of governmental immunities for abuse of power here. Perhaps we should have bounties for whistleblowers, too, to help encourage wrongdoing to be aired.

Is this strong medicine? Yes. But widespread spying on Americans is a threat to constitutional government. That is a serious disease, one that demands the strongest of medicines.

Go here to see the original:
NSA spying undermines separation of powers: Column

Unitrends Data Backup Webinar: Utilizing The Cloud, Deduplication, and Encryption – Video

Posted on by


Unitrends Data Backup Webinar: Utilizing The Cloud, Deduplication, and Encryption
This 45 minute webinar will help you understand the various approaches to outlining and implementing a new approach to your old backup plan, including how to...

By: Unitrends Inc.

Here is the original post:
Unitrends Data Backup Webinar: Utilizing The Cloud, Deduplication, and Encryption - Video

Townsend Security Releases Encryption Key Management Virtual Machine for Windows Azure

Posted on by

Olympia, WA (PRWEB) February 10, 2014

Townsend Security, a leading authority in data privacy solutions, today announced Alliance Key Manager for Windows Azure. Deployed as a virtual machine in Microsoft Corp.s Windows Azure, the solution relies on the same FIPS 140-2 compliant technology as the companys flagship Alliance Key Manager HSM.

This solution directly addresses security concerns that CISOs and Security Architects have regarding adopting the cloud. Key management is critical for effective encryption and data protection in ever-evolving virtual and cloud environments. By using Alliance Key Manager for Windows Azure, business leaders can now provably meet industry standards and best practices for protecting their sensitive data and business applications.

Available at no extra charge, Townsend Security includes ready-to-use security applications for Microsoft SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption, Microsoft SharePoint encryption, Volume and folder encryption with TrueCrypt for Windows, and other applications. There are never extra fees for deploying client-side applications.

Encryption and key management have become a key strategic IT security issue. Protecting your encryption keys mitigates the risk of data breaches and cyber-attacks, as well as protects an organizations brand, reputation and credibility, said Patrick Townsend, CEO of Townsend Security. Through our relationship with Microsoft we can provide customers with the encryption and key management tools for Windows Azure.

In line with Microsofts longstanding and deep commitment to security, Windows Azure is designed to meet the highest security standards, said Sarah Fender, director, Windows Azure Product Marketing. Townsend Security builds on that security foundation, helping address enterprise customers need for data protection in the cloud. Townsend Securitys Alliance Key Manager for Windows Azure gives Windows Azure customers a comprehensive encryption key management solution to help safeguard data and meet compliance requirements.

Alliance Key Manager for Windows Azure at a glance:

Alliance Key Manager for Windows Azure is available for a free 30-day trial.

---

About Alliance Key Manager for Windows Azure Townsend Securitys Alliance Key Manager for Windows Azure allows enterprises to properly manage their encryption keys while meeting security requirements in less time and at a lower cost. Using the same FIPS 140-2 validated key management technology available in Townsend Securitys HSM and in use by over 3,000 customers worldwide, Alliance Key Manager for Windows Azure provides full life-cycle management of encryption keys for a wide variety of applications to help organizations meet PCI DSS, HIPAA, and PII compliance.

Read more:
Townsend Security Releases Encryption Key Management Virtual Machine for Windows Azure

OpenDaylight Summit: SDN Needs Open Source and Open Standards

Posted on by

The OpenDaylight open source Software Defined Networking project kicked off its first ever OpenDaylight Summit today, highlighted by the Hydrogen SDN platform release.

The event also served as a proof point for the power of open source and why it is a model appropriate not just for operating system software like Linux, but also for networking. Jim Zemlin, executive director of the Linux Foundation, delivered one of the day's keynotes, starting off by telling the audience that technically he was Linux creator Linus Torvalds's boss.

That, however, doesn't mean that he directs Torvalds's activities. Zemlin said that his five-year-old daughter and Torvalds are very much alike.

"Both are adorable and both are geniuses and neither listen to me at all," Zemlin said.

On a more serious note, Zemlin noted that from his earliest days of involvement with Linux, he was told and reminded by industry experts that Linux would fail. Time has proven those experts wrong. The modern world literally runs on Linux.

"A world without open source would be a pretty grim world," Zemlin said. "85 percent of the world's stock exchanges would shut down, you wouldn't have any friends - Facebook runs on Linux, and you'd have to go the bookstore to buy books, since Amazon runs on Linux."

Zemlin added that during the recent Consumer Electronics Show (CES), he was hard-pressed to find any technology that wasn't running on Linux and open source.

The same types of criticism that were leveled against open source and Linux in general were also leveled against OpenDaylight when the project first started. Zemlin argued that the Hydrogen release and the incredible amount of participation in the release prove the naysayers wrong. Over 1 million lines of code developed by over 150 developers landed in the Hydrogen release.

"We're on the right side of history in terms of what people want and creating a better way to innovate and a better, faster, cheaper way to create products," Zemlin stressed. "The future is open."

Open Source vs Open Standards

Original post:
OpenDaylight Summit: SDN Needs Open Source and Open Standards


« First...102030...2,4752,4762,4772,4782,479...2,4902,5002,510...Last »