« First...102030...2,4822,4832,4842,4852,486...2,4902,5002,510...Last »

Booz Allen Exec Describes How Snowden Stole Millions of Documents

Posted on by

Edward Snowden claims that he first considered exposing government secrets while working for the CIA overseas in 2007. "Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world," Snowden told The Guardian's Glenn Greenwald. "I realized that I was part of something that was doing far more harm than good." While speaking at The Wall Street Journal's CIO Network on Tuesday, Mike McConnell, a Booz Allen vice chairman and former NSA director, shared new details on how Snowden made off with vast amounts of the company's data. By McConnell's unflattering account, the key moment came when the NSA didn't offer Snowden the job he wanted. "At this point, he being narcissistic and having failed at most everything he did, he decides now I'm going to turn on them," he said.

McConnell suggests that there was truly nothing noble behind Snowden's flip, as he'd cheated his way into the position he was offered at the NSA. After leaving the NSA to work for a company in Japan, Snowden decided that he wanted to return. Backing up a claim made in 60 Minutes' recent NSA puff piece, McConnell alleges that Snowden broke into the agency's computer system and stole an admittance test with the answers. "Then he took the test and he aced it," McConnell said. "He walked in and said 'you should hire me because I scored high on the test."

After the NSA's initial offer, Snowden supposedly said he deserved a higher rank. When they refused, he turned down the job and applied to Booz Allen, with the intention of stealing documents, according to McConnell. "He targeted my company because we enjoy more access than most other firms," he said.

McConnell went on to explain that the NSA has four tiers of information access. Snowden had unfettered access to levels one and two, which include reports that don't reveal sources, and very limited access to the third level that "gets into how we do what we do." In the three months he was employed by Booz Allen, Snowden absconded with 1.7 million to 1.8 million documents, about a million of which contained "no kidding insights to understanding U.S. intelligence services," McConnell said.

Snowden, who has been increasingly vocal in recent weeks, has yet to offer a rebuttal, but his associate Glenn Greenwald made his feelings on McConnell known before he even met the leaker. In a 2010 Salon article, he said of the former NSA chief, "Few people have blurred the line between public office and private profit more egregiously and shamelessly than he."

Read this article:
Booz Allen Exec Describes How Snowden Stole Millions of Documents

Snowden aftermath: Defense contractors revamp policies, practices

Posted on by

Summary: Following the Edward Snowden wake-up call, three in four defense contractors have already made significant changes in their IT security and hiring practices.

Both the volume and the sensitivity of the information leaked by former NSA contractor Edward Snowden has compelled US defense contractors to drastically overhaul their hiring practices and reevaluate employees' data access privileges.

The new study conducted by Opinion Matters on behalf of security software provider ThreatTrack Security found that 75 percent of IT and security managers employed by defense contractors have changed their cybersecurity processes in a variety of ways.

Of the 100 respondents, 41 percent said they've implemented stricter hiring practices and 39 percent acknowledged that their own IT administrative rights have been restricted.

The depth and breadth of the Snowden leaks were also a wake-up call to enterprise companies who understand and appreciate the immense value of the intellectual property housed and accessed on their corporate networks.

"It's interesting to note that while defense contractors seem to have better security practices in place and are more transparent than many companies in the private sector, they are finding the current cyber threat onslaught just as difficult to deal with," said ThreatTrack Security CEO Julian Waits, Sr., in the report.

Fifty-five percent of defense contractors are now providing more general cybersecurity awareness training to their employees and 52 percent have reviewed or reevaluated employees' data access privileges.

It doesn't help, contractors said, that it's become increasingly difficult to find and hire qualified security staffers at a time when new threats are multiplying at an exponential rate.

Twenty-six percent of contractors said there was a shortage of "highly skilled" security personnel on staff and their existing IT security team is routinely torn between resolving new malware sample analyses and cleaning malware off executives' devices.

Read the original:
Snowden aftermath: Defense contractors revamp policies, practices

NSA scandal boosts German tech industry

Posted on by

The German IT sector is hoping to profit from trust lost in American technology firms in the aftermath of the NSA spying scandal. But critics warn that plans to create a European routing system could affect the openness of the Internet.

For those interested in learning what German Interior Minister Thomas de Maizire thinks of the Internet, a visit to the little-known website bevoelkerungsschutz-portal.de (population protection) can be instructive.

The website is full of information regarding Germany's response to potential catastrophes: mass epidemics, terrorist attacks, floods and the like. Last week, the site posted a video from a conference during which de Maizire discussed Internet security with the country's digital elite.

In the video, the interior minister, a member of Chancellor Angela Merkel's Christian Democratic Union, speaks of a "devastating crisis of confidence," but he shies away from explicitly naming the danger.

Instead of talking about the United States' NSA intelligence agency or about whistleblower Edward Snowden, he talks of "the recent events" and of "those who collect data." He says the task is now that of rebuilding trust.

Read more:
NSA scandal boosts German tech industry

The Pentagon’s Mad Science Is Going Open Source

Posted on by

National security is often synonymous with secrecy. But when it comes to software development, the U.S. defense and intelligence establishment can be surprisingly open.

This week, the Defense Advanced Research Projects Agency or DARPA, the research arm of the U.S. Defense department published a list of all the open source computer science projects it has funded, including links to source code and academic papers that detail the codes underlying concepts.

Anyone is free to not only peruse the source code and add to it, but actually use it to build their own software and that includes foreign governments. The belief is that because anyone can contribute to these projects, the quality of the code will only improve, making the software more useful to everyone. Its an approach that has paid off in spades among web companies from Google and Facebook to Twitter and Square, and the government has now realized that it too can benefit from the open source ethos.

DARPA is known for some pretty whacked out projects. Mind controlled exoskeletons. Space colonization. Turning pets into intelligence assets. That sort of thing. But it does have a more sober side. The agency funded the creation of the network that eventually became the internet, for example. And, more recently, it funded work on Mesos, the open source platform used by Twitter to scale applications across thousands of servers. Its more of the latter that shows up on DARPAs new site.

The site is focused on computer science research, so projects that fall outside of that discipline such as the OpenBCI brain scanner and the open source amphibious tank wont be found on the list. But theres still quite a few important projects, including Mesos, the in-memory data processing system Apache Spark, and the Julia programming language for mathematicians and scientists.

Most of these DARPA-backed projects are on GitHub, the popular code hosting and collaboration service that has come to symbolize the type of non-hierarchical collaboration celebrated by open source enthusiasts and tech culture in general. The site makes it easy for anyone to examine source code, suggest changes, and discuss decisions. Mirroring the way it treats software, the company itself operates with no job titles, no middle management, and only a thin layer of top-level management, preferring instead flat or holacratic structure.

That sort of non-hierarchical thinking may seem at odds with military culture, but in reality, many of these ideas were pioneered by military researchers. Today, we often trace the origins of open source software to work done by industrial research labs like Bell Labs and Xerox PARC. But in his book From Counterculture to Cyberculture, Fred Turner argues that open sources roots stretch back even further to the World War II era defense research laboratories that created technologies such as radar, the atomic bomb, submarines, aircraft, and, yes, digital computers. The laboratories within which the research and development took place witnessed a flourishing of nonhierarchical, interdisciplinary collaboration, Turner writes.

He points to the MIT Radiation Laboratory which was formed by the National Defense Research Committee, a predecessor of sorts to DARPA as a model example. It brought together scientists and mathematicians from MIT and elsewhere, engineers and designers from industry, and many different military and government planners, Turner says. Formerly specialized scientists were urged to become generalists in their research, able not only to theorize but also to design and build new technologies.

Today, were more familiar with the NSAs cloak and dagger approach to research, but the collaborative approach of the WWII era military-industrial-academic complex has never really gone away. The Army recently partnered with Local Motors to crowdsource new military vehicle designs. The CIA created In-Q-Tel, a venture capital firm that funds tech startups, including open source big data companies like Cloudant and MongoDB. Even the NSA is part of the action, open sourcing its big data storage system Accumulo.

In other words, the defense industry sees what Facebook and Twitter and so many other web companies see: that innovation often comes from openness.

Read this article:
The Pentagon's Mad Science Is Going Open Source

Oi, Android devs! Facebook wants your apps to be more secure

Posted on by

The Benefits and Significance of Private Platform as a Service

Facebook has released the source code of a software library that's designed to make it easier for developers to implement fast, secure cryptography in their Android apps.

Dubbed Conceal, the library was developed for a limited range of tasks with the specific needs of Android developers in mind, allowing app makers to include encryption without being cryptography experts.

"Unlike other libraries, which provide a wide range of encryption algorithms and options, Conceal prefers to abstract this choice and include sensible defaults," Facebook engineer Subodh Iyengar wrote in a blog post. "We think this makes sense because encryption can be very tricky to get right."

Facebook hasn't tried to write its own crypto code from scratch. Rather, Conceal takes advantage of a number of cherry-picked algorithms from the industry-standard OpenSSL open source library.

By eliminating the parts of OpenSSL it didn't need, however, Facebook managed to slim down its encryption code to a mere 85KB. By comparison, the full OpenSSL library takes up around 1MB when compiled for ARM chips.

The algorithms that Conceal uses are also fast, even on low-powered ARM chips. In Facebook's own tests on a low-end Samsung Galaxy Y smartphone, Conceal performed significantly better than both stock Java cryptography and the Bouncy Castle library.

Not just easy, but fast: Conceal can encrypt and decrypt data many times faster than other methods

Conceal offers up these algorithms via a simple API that abstracts away most of the choices that other libraries require developers to make. Pass an I/O stream to Conceal, and Conceal returns a wrapped stream that's automatically decrypted or encrypted as it's read or written.

That means Conceal won't be useful for every encryption application, but it will work for a few use cases that crop up frequently on Android. Foremost, it can be used to encrypt data that's stored on SD cards, which is why Facebook invented it in the first place.

View original post here:
Oi, Android devs! Facebook wants your apps to be more secure

Cryptocurrency Hackathon will talk Bitcoin, Dogecoin and more for coders and novices

Posted on by

Whether you're well-versed in the ways of Bitcoin or you're a fan of the "Doge" meme and can't quite believe it inspireda form of digital currency,theCryptocurrency Hackathonat the Madworks Coworking Space is the occasion to dig deeper.

The Hackathon will run similar to a Startup Weekend, said Brian Samson, who is overseeing the event. Rather than focusing on jump-starting a business, though, the goal of participants will be to create and complete a tech project.

The winner of the Hackathon will receive one bitcoin valued currently at about $850.

"All day long, we'll be focused on making cool stuff writing software, doing a project," Samson said.

The event is scheduled to run from 8 a.m.-9 p.m. on Feb. 15, at the Madworks Coworking Space, 550 S. Rosa Road, Suite 225. The entry fee is $5 (or 0.005887 BTC), which includes registration, some Dogecoins and breakfast, lunch and dinner. Participants can pay via credit card, or with Bitcoin, Dogecoin or Litecoin.

The Hackathon is designed for people who know how to write code and are interested in learning more about cryptocurrency, Samson said. But for people who aren't well-versed in programming, there's another option.

After announcing the event, interest grew among non-coders who had a general interest in learning more about cryptocurrency. Because of that, the organizers decided to host an "unconference" that will run parallel to the Hackathon.

"While people are writing code and hacking on stuff, were going to have some of the other conference rooms, giving little talks," Samson said. "An intro to what is cryptocurrency, how does it work."

The first cryptocurrency to begin trading was Bitcoin, in 2009. The digital exchange medium has grown in popularity in recent years, with a number of "altcoins" some serious, like Litecoin, and some based on jokes, like Dogecoinand the recently shut-down Coinye West entering the market.

But even the joke-coins can have some serious real-word impact. Although Dogecoin was inspired by a Shiba Inu who thinks in Comic Sans, it's also sending athletes from India and Jamaica to the Olympics. An effort to fund the Jamaican bobsleigh team's travel expenses surpassed its $30,000 goal in one day, with more than 26 million DOGE donations. A separate effort netted more than $6,000 and will send two skiers from India to the games.

See more here:
Cryptocurrency Hackathon will talk Bitcoin, Dogecoin and more for coders and novices


« First...102030...2,4822,4832,4842,4852,486...2,4902,5002,510...Last »