Category Archives: NSA

Harold Thomas Martin III, 52, faces 20 counts of willful retention of national defense information.

The indictment alleges Martin removed classified documents from 1996 to 2016. He is accused of keeping documents in his home or car.

The documents include highly classified materials from the National Security Agency, the US Cyber Command, the CIA and the National Reconnaissance Office. Among the documents are ones that reveal US military gaps, capabilities and operations, as well as ones that contained foreign intelligence collection methods, targeting information and technical user materials.

Martin's attorney had no comment when contacted by CNN.

FBI investigators haven't concluded what Martin's motivation was for stealing the documents. At a hearing in late October a public defender representing Martin said his client was a hoarder who was "completely out of control."

Before his arrest in August, Martin worked as a contractor to the National Security Agency through consulting firm Booz Allen Hamilton, which fired him after he was charged. He has a long history working with sensitive government intelligence, and served in the US Navy and Naval Reserves for more than 10 years, reaching the rank of lieutenant.

The information he had digitally in his car, the feds said, was equivalent to approximately 50,000 gigabytes, enough to store 500 million documents containing images and text.

The government said Martin had a document "regarding specific operational plans against a known enemy of the United States and its allies." That document was not only classified but marked need-to-know only, and Martin should not have been privy to that information, prosecutors said in court filings.

Also found were files containing personal information of government employees, and an email chain with "highly sensitive information" on the back of which were handwritten notes "describing the NSA's classified computer infrastructure and detailed descriptions of classified technical operations."

Among the documents the FBI believes Martin stole were some detailing a hacking tool that the NSA developed to break into computer systems in other countries, law enforcement sources said when he was arrested. Documents detailing the tools were posted on the Internet in recent months, though no connection to Martin has been offered.

Martin's attorneys have argued previously in court that he is not a flight risk because he does not have his passport and has a wife and home in Maryland. They noted his military service.

Martin will make his next appearance in court on February 14.

CNN's Steve Almasy contributed to this report.

See the rest here:
Former NSA contractor indicted in stolen data case - CNN

Google Project Zero's Gal Beniamini details four key errors he used to bypass Knox's kernel protections on a Galaxy S7 edge.

Google's Project Zero hackers have detailed several high-severity flaws that undermined a core defense in Samsung's Knox platform that protects Galaxy handsets in the enterprise.

Since launching Knox in 2013, the platform has been certified for internal use by UK and US government departments, including the US DoD and NSA. Given these certifications, defense-in-depth mechanisms should be rock solid.

But according to Project Zero's Gal Beniamini, who last year tore apart Android's full disk encryption, a Knox hypervisor designed to protect the Linux kernel during runtime can be subverted multiple ways.

Beniamini details four key errors he used to bypass Knox's kernel protections on a Galaxy S7 edge with Samsung's Exynos chipset. They're rather serious given that compromising the kernel would allow an attacker to access system data, hide malware, change system behavior, or take over the system.

While Android's Trusted Boot protects the integrity of the kernel during boot, it doesn't protect the kernel after it's booted and running. This shortcoming was why Samsung introduced its Knox hypervisor, known as Real-time Kernel Protection or RKP, which uses the ARM TrustZone to create a "secure world" walled from the "normal world".

Samsung fixed the six RKP issues reported by Beniamini in its January Android patch and lists them as memory corruption, information disclosure, privilege escalation, and authentication bypass bugs.

As Beniamini explains, since Knox v2.6, Samsung devices implemented an exploit-mitigation feature called Kernel Address Space Layout Randomization (KASLR), which should prevent an attacker predicting the address the kernel is loaded to. However, a simple coding error by Samsung made it possible to calculate the location.

"This security feature introduces a random 'offset', generated each time the device boots, by which the base address of the kernel is shifted. Normally, the kernel is loaded into a fixed physical address, which corresponds to a fixed virtual address in the VAS of the kernel. By introducing KASLR, all the kernel's memory, including its code, is shifted by this randomized offset, also known as a 'slide'," explains Beniamini.

However, as he notes, since all of the kernel is shifted by a single slide value, "leaking any pointer in the kernel which resides at a known offset from the kernel's base address would allow us to easily calculate the slide's value".

Beniamini says most Android devices correctly implement a function known as ktpr_restrict to hide a pointer's value using the anonymizing format specifier %pK, specifically with an upper case K. As Beniamini has previously highlighted, all kernel pointers printed using %pK are hidden. However, Samsung "rather amusingly" used a lowercase k.

"This allows us to simply read the contents of pm_qos, and subtract the pointer's value from its known offset from the kernel's base address, thus giving us the value of the KASLR slide," he explains.

Beniamini details three other RKP mitigations he got around, and several recommended steps Samsung could take to shield it from future attacks.

The rest is here:
Google Project Zero: How we cracked Samsung's DoD- and NSA-certified Knox - ZDNet

A former NSA contractor was indicted by a federal grand jury on charges of stealing elite cyberweapons and sensitive government data over the course of 20 years.

According to the U.S. Department of Justice (DoJ) indictment, Harold Thomas Martin worked as a contractor for seven different companies during those 20 years. Each company, including Booz Allen Hamilton Holding Corp where former NSA contractor and whistleblower Edward Snowden also worked, was tasked with projects through the U.S. Department of Defense and the National Security Agency (NSA).

"Martin held security clearances up to top secret and sensitive compartmented information at various times, and worked on a number of highly classified, specialized projects where he had access to government computer systems, programs and information, including classified information," federal prosecutors wrote in a statement. "Over his many years of holding a security clearance, Martin received training regarding classified information and his duty to protect classified materials from unauthorized disclosure."

Leo Taddeo, CSO for Cryptzone, said it shouldn't be surprising that an NSA contractor could steal data for 20 years without anyone knowing.

"One of the challenges of protecting digital assets is that the owner doesn't always know he wasrobbed.That's not the case with say, a TV or a car.If those items are stolen, the victim notices the empty parking space or blank spot on the wall pretty quickly and calls the police," Taddeo told SearchSecuirty via email."Digital evidence can be copied and 'stolen' without the owner ever knowing unless very specific safeguards are in place and regularly monitored."

Martin was arrested in October 2016 and law enforcement reportedly seized 50 TB of federal data from his home in Glen Burnie, Md. This data, which officials said could amount to the largest theft of classified federal information in history, included documents from U.S. Cyber Command, the CIA and cyberweapons from the NSA's elite hacking team -- the Office of Tailored Access Operations (TAO) -- all stolen while Martin was an NSA contractor.

The DoJ's indictment charged Martin on 20 criminal counts, each of which could carry a maximum penalty of 10 years in prison. Federal officials have not commented on what Martin did with the stolen data, but former TAO agents confirmed NSA-made cyberweapons were leaked in a dark web auction by a group called the Shadow Brokers. It is still unclear what, if any, connection there is between Martin, the Shadow Brokers and the advanced persistent threat group, the Equation Group, which has been associated with using TAO exploits in the wild.

Willy Leichter, vice president of marketing for CipherCloud, based in San Jose, Calif. said insider threats are an issue for all enterprises.

"This latest news reinforces an unfortunate truth -- security has traditionally focused on securing the perimeter, but internal controls are often sorely lacking," Leichter told SearchSecurity. "Now that network perimeters are disappearing with cloud and mobile technology, it's forcing many organizations to look more carefully at their internal controls to classify and protect sensitive data."

Taddeo noted that recent NIST guidelines put in place following the OPM breach, which was blamed on an attack that used credentials stolen from a federal contractor, could help mitigate future issues like this.

"The new NIST guidelines are intended to ensure federal contractors, like Martin's employer, Booz Allen, have the proper safeguards in place," Taddeo said. "These security controls will help, but not guarantee, that this type of theft does not happen in the future."

Learn more about why mitigating insider threats remains a major concern.

Find out why the Shadow Brokers cancelled the auction of NSA cyberweapons.

Get info on how to address the Equation Group vulnerabilities.

Go here to see the original:
NSA contractor indicted for stealing elite cyberweapons over 20 years - TechTarget

In 2010, Thomas Drake, a former senior employee at the National Security Agency, was charged with espionage for speaking to a reporter from the Baltimore Sun about a bloated, dysfunctional intelligence program he believed would violate Americans privacy. The case against him eventually fell apart, and he pled guilty to a single misdemeanor, but his career in the NSA was over.

Though Drake was largely vindicated, the central question he raised about technology and privacy has never been resolved. Almost seven years have passed now, but Pat Eddington, a former CIA analyst, is still trying to prove that Drake was right.

While working for Rep. Rush Holt, D-N.J., Eddington had the unique opportunity to comb through still-classified documents that outline the history of two competing NSA programs known as ThinThread and Trailblazer. Hes seen an unredacted version of the Pentagon inspector generals 2004 audit of the NSAs failures during that time, and has filed Freedom of Information Act requests.

In January, Eddington decided to take those efforts a step further by suing the Department of Defense to obtain the material, he tells The Intercept. Those documents completely vindicate those who advocated for ThinThread at personal risk, says Eddington.

The controversy dates back to 1996, whenEd Loomis, then a computer systems designer for the NSA, along with his team worked to move the NSAs collection capabilities from the analog to the digital world. The shift would allow the NSA to scoop up internet packets, stringing them together into legible communications, and automating a process to instantly decide which communications were most interesting, while masking anything from Americans. The prototype, called GrandMaster, would need to ingest vast amounts of data, but only spit out what was most valuable, deleting or encrypting everything else.

Then in the fall of 2001,four passenger airliners were hijacked by terrorists as part of a suicide plot against Washington, D.C., and New York City. The U.S. intelligence community faced a disturbing wakeup call: its vast collection systems had failed to prevent the attacks.

Yet, in response, the NSA simply started collecting more data.

The NSA sent out a bid to multiple defense contractors, seeking a program that could collect and analyze communications from phones and the internet. Science Applications Internal Corporation, or SAIC, won the contract, known as Trailblazer. Meanwhile, internally, NSA employees were developing a similar, less costly alternative called ThinThread, a follow-on to GrandMaster. ThinThread would collect online communications, sort them, and mask data belonging to Americans.

Those involved in ThinThread argue that their approach was better than a collect-it-all approach taken by NSA.

Bulk collection kills people, says Bill Binney, a former NSA analyst, who rose to be a senior technical official with a dream of automating the agencys espionage. You collect everything, dump it on the analyst, and they cant see the threat coming, cant stop it, he says.

Binney built a back-end system a processor that would draw on data collected by ThinThread, analyze it, look at whether or not the traffic was involves American citizens, and pass on what was valuable for foreign intelligence.

Bulk acquisition doesnt work, agrees Kirk Wiebe, a former NSA senior analyst, who was trying to help convince NSA of ThinThreads value at the time.

The analysts are drowning in data, and Binney and Wiebe believe ThinThread would have solved the problem by helping the NSA sort through the deluge automatically while protecting privacy using encryption.

But Binney and Wiebe say advocates of ThinThread hit every possible bureaucratic roadblock on the way, sitting in dozens of meetings with lawyers and lawmakers. In the meantime, Gen. Michael Hayden, the director of the NSA at the time, said he decided to fund an outside contract for a larger effort, focused on gathering all communications, not just those over the internet, as ThinThread was designed to do.

Additionally, while ThinThread masked American communications, Haydens legal and technical advisors were concerned the collection itself would be a problem. Some of Haydens senior officials at the NSA came from SAIC, the company that won contract to design a proof of concept for Trailblazer.

A tiny group of people at NSA had developed a capability for next to no money at all to give the government an unprecedented level of access to any number of foreign terrorists, Eddington says. Instead that system was shut down in favor of an SAIC boondoggle that cost taxpayers, by my last count, close to a billion dollars.

He argues the contract, and the incestuous relationship between the NSA chief and the contractor never received the scrutiny it deserved. It was clearly an ethical problem, Loomis said.

Ultimately, however, the NSA went with Trailblazer. Hayden rejected the ThinThread proposal because the intelligence communitys lawyers were concerned it wouldnt work on a global scale, and that it would vacuum up too much American data. Hayden has continued dismissing concerns years later as the grumblings of disgruntled employees. Hayden told PBS Frontline ThinThread was not the answer to the problems we were facing, with regard to the volume, variety and velocity of modern communications.

In 2002, Wiebe, Binney, Loomis, Drake, and Diane Roark, a Republican staffer on the House Intelligence Committee who had been advocating for ThinThread, united to complain to the Defense Departments inspector general, arguing that ThinThread, while still a prototype, would be the best surveillance system. The oversight body completed its report in 2004, which included major concerns about Trailblazer.

We talked about going for the nuclear option, Wiebe said, referring to discussions at the time about contacting the press.

But Drake went it alone, however, never telling his colleagues what he planned to do. Stories about the disagreements started showing up in news headlines based on leaks. The Bush administration in 2007 sent the FBI after the whistleblowers, raiding each of the whistleblowers homes who raised complaints to the Pentagon inspector general. Drake faced espionage charges after speaking to a reporter from the Baltimore Sun about the alleged mismanagement and waste in the NSA.

Though Drake wasnt sent to prison, he lost his career in government, and now works at an Apple store. The question of whether ThinThread would have provided a better capability than Trailblazer was never resolved.

While ThinThread never made it to production, some of the analytic elements, minus the privacy protections, made it into Fort Meade as part of a massive surveillance program now known as Stellar Wind.

But there may be a way to settle the debate. The watchdog agency tasked with oversight of the Department of Defense completed a full investigation into the battle between ThinThread and the Trailblazer. The Pentagon inspector general published a heavily redacted version of that investigation in 2011; that report is now the only public record available, aside from the account of the whistleblowers who exposed it.

Despite everything thats come out about its surveillance programs, the NSA still wont release the full ThinThread investigation. I dont really know what theyre trying to hide, said Loomis.

Loomis says he thinks those redactions were more for the sake of Haydens reputation than protecting real classified information. He eventually documented the saga in a self-published book called NSAs Transformation: An Executive Branch Black Eye.

Drake told The Intercept in an email that efforts to uncover the Pentagon inspector generals ThinThread investigation were a large part of his defense. Since then, the Office of Special Counsel concluded last March that the Department of Justice may have destroyed evidence that might have helped exonerate him.

In the meantime, however, hope is fading that the entire story of ThinThread will emerge from behind the government door of secrecy. Weve been trying for 15 or 16 years now to bring the U.S. government the technical solution to save lives, but they fight us left and right, said Wiebe.

Eddington says the ThinThread controversy demonstrates the lack of oversight of the intelligence community. The mentality that gave us this system is still in place, he says. We could see this become de facto permanent, he said.

Read more:
Former CIA Analyst Sues Defense Department to Vindicate NSA Whistleblowers - The Intercept

Microsoft announced that the NSA has cleared Windows 10 and the Surface tablet for classified use. The company also teased security improvements that will be discussed at the annual RSA Conference next week, where security experts from all over the world will gather.

Being cleared for classified use could help Microsoft do business with government agencies, independent contractors, and other groups that handle sensitive data. A place on the NSA's list of approved devices also gives Microsoft bragging rights--and the company put 'em to good use in its blog post:

Our customers are the most security-conscious in the world and demonstrating our commitment to meeting their needs is incredibly important to us. Today, Im excited to share that both Windows 10 and Surface devices including Surface Pro 3, Surface Pro 4 and Surface Book have been added to the NSAs Commercial Solutions for Classified Programs (CSfC) list. The CSfC program listing demonstrates Windows 10, as well as Surface devices (the only Windows 10 devices currently on the list), when used in a layered solution, can meet the highest security requirements for use in classified environments.

But that doesn't mean Microsoft is done battening down the hatches of its software and hardware. The company also teased a number of security improvements that have either recently debuted or are expected to be released this year. These include more control over devices via Surface Enterprise Management Mode (SEMM), expanded device management, and updates to Windows Defender Advanced Threat Protection (WDATP), among others.

Many of those updates share a common goal: letting businesses use Windows 10 to control end points and defend against common threats. Microsoft said updates to SEMM will let companies disable a tablet's camera or microphone, for example, whereas updated Windows Analytics will let them know if software updates are being installed like they should be. To abuse the obvious pun--Windows is getting some bars, locks, and other reinforcements.

Microsoft also touted some of the operating system's existing features, such as Windows Hello, which allows people to sign in to their PC via facial recognition or fingerprint scan instead of a password. Combine that with a feature that automatically locks a PC when a paired smartphone leaves its vicinity--which is already available to Windows Insider program members--and Microsoft can help prevent careless mistakes on Windows 10 devices.

More information about these updates is available from Microsoft's blog post, and still more will be revealed in the days leading up to the RSA Conference that will run February 13-17. The bottom line is this: Windows 10 and Surface got a vote of confidence from the NSA, and over the next couple months, Microsoft will make it easier for businesses to manage their own security instead of relying on their employees' competence.

Original post:
Microsoft Gets NSA Approval For Windows 10 And Surface - Tom's Hardware

[JURIST] A former National Security Agency (NSA) [official website] contractor was indicted [indictment, PDF] on Wednesday by a federal grand jury on charges that he willfully retained national defense information. US officials are stating [press release] that the theft by Harold Thomas Martin may have been the largest heist of classified government information in history. Martin allegedly spent over 20 years stealing highly sensitive government material [CNN report] related to national defense. It is unclear what, if anything, Martin did with all the stolen data. Martin now faces 20 criminal counts, each of which is punishable by up to 10 years in prison. Martin worked for Booz Allen Hamilton Holding Corp, which also employed Edward Snowden. Martin was employed as a private contractor for at least seven different companies, beginning in 1993. His positions dealing with government computer systems, gave him various security clearances that routinely provided him access to top-secret information. The indictment alleges Martin stole documents from US Cyber Command, the CIA, the NSA and the National Reconnaissance Office [official websites]. Martin's initial appearance in the US District Court for the District of Maryland is scheduled for next Tuesday.

Governments around the world have re-examined their data privacy laws in the wake of a myriad of data leaks, including the Edward Snowden [JURIST backgrounder] leaks. National governments around the world have attempted [JURIST op-ed] to gain control over data transferred within their borders. On Tuesday the US House approved [JURIST report] a measure that would updat US privacy laws in regards to e-mails and cloud storage. In October 2015 the European Court of Justice ruled [JURIST report] that EU user data transferred to the US was not sufficiently protected. In June 2015 a court in The Hague struck down [JURIST report] a Dutch law that allowed the government to retain telephone and Internet data of Dutch citizens for up to 12 months in an effort to combat terrorism and organized crime.

More:
Former NSA contractor indicted in theft of classified government information - JURIST

MSNBC

New Russia revelations pose new problems for Trump's NSA MSNBC Michael Flynn, Donald Trump's National Security Advisor, has maintained close ties to Moscow in recent years, even getting paid by the Kremlin's propaganda outlet. It therefore caused quite a stir a month ago, when the Washington Post noted that Flynn ... CIA freezes out top Flynn aidePolitico Trump says he has 'full confidence' in Michael Flynn amid allegations over phone call with RussiaBusiness Insider National security adviser Flynn discussed sanctions with Russian ambassador, despite denials, officials sayWashington Post New York Times -CBS News all 178 news articles »

More here:
New Russia revelations pose new problems for Trump's NSA - MSNBC

A federal grand jury has indicted Harold Thomas Martin III, the former NSA private contractor who prosecutors say spent decades stealing national security secrets, on charges that could see him serve a lengthy prison term if he's convicted.

When federal prosecutors charged Martin, a 52-year-old U.S. Navy reservist, with using his Top Secret security clearance to amass a huge cache of paper and electronic documents, the Justice Department called the case "breathtaking in its longevity and scale."

Martin has been in custody since a search of his home in suburban Maryland turned up "six bankers boxes' worth of paper documents and 50,000 gigabytes of electronic materials," as NPR's Carrie Johnson reported.

As Carrie notes, the charges of "willful retention of national defense information" that Martin now faces come from a section of the Espionage Act.

Martin worked at the Pentagon and the NSA for the contractor Booz Allen Hamilton. The government says that from December 1993 through Aug. 27, 2016 the date of his arrest Martin worked for at least seven different private companies and was assigned as a contractor to work at "a number of government agencies."

If he's convicted, Martin could face a maximum sentence of 10 years in prison for each of the 20 counts against him, according to the the U.S. Attorney's Office in Maryland. The defendant is slated to appear in federal court in Baltimore at 11 a.m. ET on Tuesday.

Read more here:
Ex-NSA Contractor Accused Of Taking Classified Information Is Indicted - NPR

William Warren Whitescarver, who owned a defined contribution and pension plan business and had been a code-breaker during the Cold War, died of cancer Monday at his Ruxton home. He was 81.

Born in Baltimore and raised in Homeland and Roland Park, he was the son of James Field Whitescarver, a World War I aviator and chemical engineer, and Annie Crewe Warren, a Virginia native.

Mr. Whitescarver attended the Gilman School, where he learned to play golf and participated in squash and tennis. He was a 1954 graduate of St. James School in Hagerstown. He then joined the Army and served in the 101st Airborne Division at Fort Jackson, S.C.

Because of his aptitude in mathematics and puzzle solving, Mr. Whitescarver was assigned to the Army Security Agency School at Fort Devens, Mass., where he was trained as a cryptanalyst shortly after the end of the Korean War.

"My father said he had to master several languages, including Chinese," said a daughter, Virginia Whitescarver Pittman of Glyndon. "He said his work was like solving a puzzle. He looked for repeated letters or patterns. For him, there was always a way to take a language apart."

After he left military service, Mr. Whitescarver earned a bachelor's degree at the John Hopkins University. While a student, and for several years after graduation, he worked for the National Security Agency.

"He would go to cocktail parties, but he couldn't discuss anything he was doing," his daughter said. "He said it was tough to get dates because there was nothing to talk about."

In 1956, he married Virginia Conradt "Connie" Boyce, who was later board manager of the Woman's Industrial Exchange. The couple owned hunting and steeplechase horses.

Mr. Whitescarver left the NSA and joined the old Mercantile-Safe Deposit and Trust Co., where he worked in employee benefit plans.

"My father had a mind for mathematics," his daughter said.

In 1969, he left the bank and became a consultant to Herget and Co. in Charles Center. He later worked in the Baltimore-Washington office of Meidinger and Associates, another actuarial firm, also located in downtown Baltimore. In order to increase his knowledge of the field, he earned a master's degree in tax law at the University of Baltimore.

In 1985, Mr. Whitescarver co-founded Benefits Designers of Maryland. He had a Redwood Street office.

He worked with local employers to create retirement savings plans and custom-tailored investments for their workers. Among his clients was the Maryland Thoroughbred Horsemen's Association. As part of his duties, he visited the state's race courses and counseled workers on retirement plans.

"He was an early leader in the field of defined contribution and pension plans," said another daughter, Annie Whitescarver Brown of Ruxton, a T. Rowe Price vice president. She said she entered the field of finance because of her father.

"He pushed me forward in my knowledge of this industry. He was an articulate man and good writer who could explain a complicated financial concept."

He sold his business in 2007, and then joined Chapin, Davis; he became its vice president of investments and a member of its board. He worked in an office in the Village of Cross Keys. His wife also worked there, and their offices faced each other.

Mr. Whitescarver taught law at the University of Baltimore. He was chair of the Episcopal Diocese of Maryland's Compensation Review Committee.

Gov. Robert L. Ehrlich Jr. named him to the board of the Maryland Supplemental Retirement Plans, and he was a past chair of its investment committee.

Mr. Whitescarver enjoyed tenpin bowling, tennis and golf. He earned the nickname "Skipper" after one of his shots skipped across a pond at the Green Spring Valley Hunt Club course.

In 1999, with his longtime partner, Thomas Swindell, he won the Green Spring Valley Hunt Club's Invitational Tournament. He also rated golf courses for Golf Week magazine, traveling to Australia, Ireland, South Africa and throughout the U.S.

"My father started as a caddie at the old Baltimore Country Club course in Roland Park in the 1940s. He would tell stories about how Falls Road cut the course in half," said another daughter, Mary Warren Whitescarver Scholtes of Phoenix in Baltimore County. "He was also a graceful dancer and could sweep a novice partner across any dance floor."

His daughters said their father was a humorist and storyteller. They said he had a contagious laugh accented by his twinkling blue eyes.

A life celebration will be held from 2 p.m. to 4 p.m. Saturday at the Green Spring Valley Hunt Club.

In addition to his three daughters, survivors include a sister, Frances Cook of Denver, and six grandchildren. His wife of 49 years died in 2015.

jacques.kelly@baltsun.com

More:
William W. Whitescarver, Army and NSA code-breaker and retirement investment planner, dies - Baltimore Sun

US indicts NSA contractor with taking top-secret information over 2 decades Fresno Bee Investigators zeroed in on Martin exactly two weeks after a group calling itself the Shadow Brokers posted a batch of what it claimed were NSA hacking tools, a major embarrassment to the agency. How the Shadow Brokers obtained the tools is not clear.

Read this article:
US indicts NSA contractor with taking top-secret information over 2 decades - Fresno Bee