Daily Archives: February 9, 2017

Former National Security Agency contractor Harold Martin was indicted today on 20 criminal counts for stealing government documents and data in his capacity as a Booz Allen Hamilton employee, according to Reuters. Each of the 20 charges carries with it a sentence of up to 10 years. Despite obvious similarities to whistleblower Edward Snowden, who also worked as a NSA contractor employed by Booz Allen Hamilton, the government is not saying what whether 52-year-old Martin actually did anything with the classified info he took. Martins arrest was first made public last October.

The Washington Post reported earlier this week that Martin may have stolen up to 50TB of classified data, which would make it the largest trove of government secrets ever stolen. US officials allege that some of that data included at least 75 percent of an elite hacking toolset used by the NSAs Tailored Access Operations (TAO). That would make Martins trove of classified data highly valuable, as TAO is tasked with developing exploits for foreign espionage.

The indictment says that Martins trove of stolen data also included documents from the CIA, the US Cyber Command, and the National Reconnaissance Office. It was allegedly all kept on computers and drives at Martins Glen Burnie, Maryland home. Martin was able to do this because of the security clearances granted to him as a contractor with at least seven different government agencies, work he began back in 1993 after serving in the US Navy, Reuters says. Martin is set to appear before a federal judge in Baltimore next week on Tuesday, February 14th.

Read more:
NSA contractor indicted for stealing more than 50TB of government secrets - The Verge

Former NSA contractor Harold T. Martin III, who remains in jail awaiting a court case for allegedly carrying out the biggest theft of classified information in U.S. history, reportedly compromised more than 75percent of hacking tools that were stored in a secretive library used by the agencys elite hacking unit.

Federal prosecutors in Baltimore may seek an incitement against Martin as early as this week, according to The Washington Post. The incident is expected to contain charges of violating the Espionage Act.

Individuals familiar with the case told the Post that Martin willfully retained information pertaining to national security, which includes classified NSA data and operational plans. Violations of the Espionage Act can carry a prison term of up to 10 years for each count.

A criminal complaint unsealed by the court in October showed that government lawyers were originally seeking to charge Martin with felony theft of government property and the unauthorized removal and retention of classified materials, which would result in a misdemeanor. Recent reports suggest a steeper penalty for Martin, who worked in the U.S. intelligence community for more than a decade as a defense contractor.

Zachary Myers, an assistant U.S. attorney with the District of Maryland, said during a detention hearing in October that Martin stole irreplaceable classified material on a breathtaking scale, roughly amounting to 50 terabytes worth of digital information.

Martins defense attorneys have consistently defended their client, describing him as a patriot that simply hoarded documents he deeply treasured. Martin, they say, acted on his own volition and was not acting on the instruction of a foreign power.

Last Fall, a U.S. District Judge declined Martins request to be released from jail pending an eventual trial or resolution of the case. At the time, the judge ruled that Martin posed a flight risk.

Read this article:
Report: NSA contractor allegedly stole armory of elite hacking tools ... - CyberScoop

If the National Security Agency and Cyber Command were to split, NSA Executive Director Corin Stone explained thatany disagreements between the agencies would be decided by the secretary of defense and the director of national intelligence, to ensure fair judgment.

There have been conflicting opinions on the decision on whether to split the NSA from U.S. Cyber Command, which have traditionally operated as separate agencies under a dual-hat system with the same head. Stone said that Cyber Command is tasked with protecting Department of Defense networks, and the NSA conducts foreign signals intelligence and protects other national security systems, which are already separate jobs.

If the dual hat splits, it wont make a huge difference, frankly, Stone said in the Steptoe Cyberlaw Podcast last week.

Stewart Baker, former National Security Agency general counsel and partner at Steptoe & Johnson, questioned what would happen if the two agencies disagreed on a course of action. For example, how would the situation be resolved if Cyber Command wanted to take down an enemys network but the NSA wanted it to remain open because it was collecting useful intelligence information from the network.

It makes it more sensible to have a civilian head, Baker said, referring to the current head of both the NSA and Cyber Command, Adm. Michael Rogers.

Baker said that it would be unfair if the military branch, Cyber Command, received more authority from a leader with a military background.

Stone said that this wouldnt be the case because in the event of a disagreement between the different agencies, the two would voice their reasoning to the secretary of defense and the director of national intelligence, who would then make a decision together.

The NSA is also trying to monitor what information goes in and out of the agency without alienating employees.

The NSA has suffered from security leaks due to employeesEdward Snowden and Harold Martin, which has forced the agency to focus more on what data is leaving Fort Meade. The NSA has also had to consider intimidating its trustworthy employees during the dip in morale following these security leaks.

Its about defeating the enemy and making sure were not doing anything to enable [them], Stone said.

Snowden and Martin, both NSA contractors, were charged with stealing classified government information. Stone said that monitoring the movement of information has become more difficult with the use of flash drives and other technology that makes data mobile.

Any leaks, any unauthorized disclosures has an impact on morale, Stone said. Weve got a dedicated workforce. Theyre extremely sophisticated technical experts working very long hours on tough, tough problems, sometimes for years at a time and when someone is a peer or a colleague or someone they knew or someone they didnt know decides to break trust with the U.S. government, with the American people, and with their peers and colleagues, thats something that does deal a blow to morale.

Stone said that there has to be some layer of trust between the agency and employees because carrying flash drives has become commonplace and the agency cant inspect every one. Stone also said that the employees at NSA especially care about protecting citizen information.

The NSA is also working to increase transparency following these leaks by encouraging employees to discuss its mission with the public to be less of a mystery. This method also helps with hostile audiences, according to Baker.

If somebody is standing there and theyre talking like you, and they sound like you, and theyre just an ordinary person like you, its hard to hate them, Stewart said.

The NSAs current organizational system, which was revamped in 2016 under the name NSA21, integrates offensive and defensive cyber operations. Stone said that she believes that the focus on each side is balanced and allows the agency to tackle threats faster.

We have already seen more agility based on that integration, Stone said.

NSA has updated its goals in other ways, including fostering creativity and providing more support to its personnel throughout their careers. Stone said that the NSA has been supporting its employees by focusing on diversity efforts.

The NSA runs free GenCyber camps for students from elementary through high school to learn about cybersecurity. The NSA has also been reaching out to students at Historically Black Colleges, such as Morgan State University and Howard University, to consider careers at the agency.

Stewart said that the NSA already has some level of diversity because of the many different military and civilian backgrounds of its employees. Stone said there was more that could be done, but agreed in that respect.

We do have a level of diversity thats extraordinary, Stone said.

Continued here:
NSA Executive Explains Logistics of Possible Cyber Command Split - MeriTalk (blog)

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORIES:

--NSA CONTRACTOR INDICTED: A federal grand jury on Wednesday issued an indictment of a former National Security Agency contractor accused of stealing thousands of pages of classified documents. Herald Thomas Martin III, 52, was charged with 20 counts of "willful retention of national defense information," according to a statement released by the Justice Department shortly after the indictment was returned. Martin worked at the NSA between 2012 and 2015 while he was an employee at the consulting firm Booz Allen Hamilton. The indictment alleges that Martin had been stealing and maintaining mounds of highly classified information starting as early as 1996, until his arrest last August.

To read the rest of our piece,click here.

--FBI NOT ANTICIPATING IMMEDIATE CHANGE ON ENCRYPTION: Donald TrumpDonald TrumpTrump pens letter to Chinese president New York Post reporter sues after being fired for critical Trump tweet: report Sessions urges respect in Senate farewell speech MORE's White House has discussed encryption policy with the FBI, a bureau official indicated Wednesday. James Baker, the FBI's general counsel, said he is unaware of any planned changes on encryption policy under the new administration. "There have been some discussions, obviously, about this," he said at an encryption policy at an event in Washington, D.C. "It is a big topic and one that people have discussed," he continued. "I am not aware of any policy change or even a determination at this point in time, given how soon we are into the new administration."

To read the rest of our piece,click here.

--NATO'S NEW CYBER GUIDE: NATO on Wednesday released the first major revision to the Tallinn Manual, the closest thing there is to a rulebook for nation-led cyber operations. Like the original 2013 manual, the new version is the result of a study by NATO to gauge consensus opinions from international law experts on what types of cyber statecraft are acceptable. "Let me assure you, the manual will sit on the desk of every legal advisor in every ministry of defense and every ministry of foreign affairs in the entire world," Director and General Editor Michael Schmitt said at a press briefing before its launch at the Atlantic Council headquarters in Washington. Both manuals pull together law originally developed to cover fields ranging from armed conflicts to outer space to extrapolate the likely legal consequences for cyber operations. But while the first draft covered war-like cyber attacks between nations, the new draft adds legal analysis of peacetime operations.

To read the rest of our piece,click here.

A POLICY UPDATE:

--SENATORS MAKE PLAY ON RUSSIAN SANCTIONS: A bipartisan group of senators is moving to check President Trump on Russia by bolstering congressional oversight before he can lift sanctions.

Sens. Lindsey GrahamLindsey GrahamOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Lindsey Graham: Floor action to silence Warren long overdue Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military MORE (R-S.C.), Ben CardinBen CardinOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Senators move to limit Trump on Russia sanctions MORE (D-Md.), Marco RubioMarco RubioWarren seizes spotlight after GOP rebuke Overnight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military MORE (R-Fla.), Sherrod BrownSherrod BrownOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Sanders, Dems read Coretta Scott King's letter after Warren silenced MORE (D-Ohio), John McCainJohn McCainOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Navy's No. 2 on base closures: Don't give away 'waterfront property' MORE (R-Ariz.) and Claire McCaskillClaire McCaskillOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Senators move to limit Trump on Russia sanctions MORE (D-Mo.) introduced legislation Wednesday setting up a period of congressional oversight before Trump could roll back financial penalties.

The legislation, known as the Russia Sanctions Review Act, would require Trump to notify Congress before he lifts sanctions tied to the invasion of Ukraine or Russia's meddling in the White House race.

"To provide relief at this time would send the wrong signal to Russia and our allies who face Russian oppression. Sanctions relief must be earned, not given," said Graham, a frequent GOP critic of the president.

To read the rest of our piece,click here

A LIGHTER CLICK:

--FAR MORE THAN YOU COULD EVER WANT TO KNOW ABOUT ALUMINUM CANS. A palate cleansinginformational videofor stressful times. (Via Boing Boing)

A REPORT IN FOCUS:

--ENCRYPTION CHALLENGES FOR FBI 'MANAGEABLE': The challenges that data encryption pose for law enforcement are manageable, according to a new analysis by a Washington, D.C., think tank, to be released later Thursday.

The research from the Center for Strategic and International Studies, which was shared with The Hill, found no instances in which encryption played a "determinative role" in recent major terrorist attacks in Europe and the United States.

The think tank also concluded that encryption does not play a major role in terrorists' efforts to recruit followers over the internet.

The report comes at a moment of heightened concern over cybersecurity and a debate about encryption and federal authorities' access to secured communications.

To read the rest of our piece,click here.

WHO'S IN THE SPOTLIGHT:

--EVERYBODY: Here are16 people to watch in tech, including a bunch of cybersecurity folk.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Most Americansthink they know more about cybersecuritythan Donald Trump or Hillary ClintonHillary Rodham ClintonKaine: Sometimes I feel like I live in 'alternate reality' Warren seizes spotlight after GOP rebuke Overnight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia MORE. (The Hill)

A digital liberties group is pushing the EU toabandon its data transfer pactwith the U.S. (The Hill)

President Trump and Intel tout new$7 billion investmentto create 10K jobs. (The Hill)

FTC names a deregulation supporterhead ofits Bureau of Consumer Protection. (The Hill)

DHS is bringingmarket-ready techto the RSA conference. (The Hill)

ForcePoint Security Labs spots a reconnaissancehacking campaigntargeting U.S. based embassies. (ForcePoint blog)

Republicans flock to "Confide,"a secure messaging app, to avoid email breaches. (Axios)

Websites should let youcut and paste passwords.(Troy Hunt)

The Virginian cybersecurity firmInvincia is soldto the Brit behemoth Sophos. (Washington Post)

If you'd like to receive our newsletter in your inbox,please sign up here.

More here:
Overnight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to ... - The Hill

By reproducing the slime, Navy researchers one day could replace synthetic products derived from petroleum products such as Kevlar, which is used in bulletproof vests. Its not just science fiction, either.

It looks and feels a lot like snot, but Navy researchers believe slime produced by the primitive hagfish could help save lives.

The bottom-dwelling hagfish is commonly referred to as a slime eel because it looks like an eel and produces a slimy substance that quickly expands in water to enable it to escape from predators by clogging up their attackers gills.

That unique capability is what has captured the imagination of the United States Navy. Its researchers believe that, by reproducing the slime, they one day could replace synthetic products derived from petroleum products such as Kevlar, which is used in bulletproof vests. Its not just science fiction, either.

The Navy says one of its research teams in Bay County already has recreated the material. Now its beginning to work on how best to turn the synthetic slime into something useful.

From a tactical standpoint, it would be interesting to have a material that can change the properties of the water at dilute concentrations in a matter of seconds, Ryan Kincer, a materials engineer at Naval Surface Warface Center, Panama City Division, said in a statement.

The Navy also envisions using the material in products to protect firefighters and divers, as an anti-shark spray, and as a coating for ships to protect against algae, barnacles and other aquatic life that typically attach to them. Eventually, some products derived from the slime could work their way into the private sector.

While there are several varieties of hagfish frequently called one of the worlds ugliest species Navy researchers used the Pacific hagfish in their slime-duplication efforts. Thats because the Pacific hagfish has already been genetically sequenced.

Josh Kogot, a biochemist at Naval Surface Warfare Center Panama City Division, said using the Pacific hagfish allowed researchers to work quickly by specifically looking into its DNA sequence and proteins. The slime theyre interested in is a combination of two proteins and saltwater.

Kogot said it took about six months to be able to reproduce the slime into a filament.

Whats fascinating to me is just how simple in the grand scheme of things this system is. Its really a two-protein system with seawater, and its able to be this strong and expansive, he said. It can expand 10,000 times in volume in milliseconds.

To create the proteins, Kogot grew them in separate E. coli dishes, isolated and purified them, and then combined them with a centrifuge. Researchers knew they had successfully duplicated the slime by examining their version with a scanning electron microscope.

Kogot said no special equipment was necessary, either; its all equipment most biotechnology researchers already have. The filament thats created is stored in a screwtop vial and is kept in a refrigerator when its not in use, although it maintains its properties at room temperature.

Kogot said some practical-application testing on the material alreadyhas begun, but he did not elaborate for what uses.

Right now, his team is looking for ways to increase the duplicated slimes ability to attach to different surfaces, potential delivery systems, and enhancing its stability in different environments, according to the Navy.

Kogot said its too early to tell when a product using the synthetic slime could be integrated into the fleet, but testing on specific applications could begin within six months to a year.

Go here to see the original:
Hagfish slime aids NSA PC researchers - The News Herald