Category Archives: NSA

CURRUPT NSA withholding(7)

By: Daniel Gartzman

See the rest here:
CURRUPT NSA withholding(7) - Video

Critics say a crisis of transparency surrounds modern spying methods in Canada after revelations that a close ally the U.S. National Security Agency has been looking at the communications traffic of at least two Canadian corporations.

There are people from the NSA working inside of CSE as we speak, said NDP defence critic Jack Harris, referring to U.S. intelligence analysts embedded inside the Communications Security Establishment, the NSAs Canadian counterpart.

Mr. Harris said he has many questions about the extent of Canadas close surveillance partnerships with the United States, but Parliamentarians are not authorized to get answers.

Were reaching a crisis point on this, he said in an interview, pointing out that the Conservative government faces several spying controversies.

The Globe and Mail reported on Tuesday that a leaked NSA document from 2012 includes Royal Bank of Canada and Rogers Communications Inc. on a list of global firms whose private communication networks the U.S. agency appeared to be interested in mapping.

The document which The Globe obtained from a confidential source suggests the agency was describing efforts to identify and analyze computer networks controlled by corporations.

Markings on the document, a presentation for intelligence officers, indicate it may have been shared with Ottawa nearly three years ago. Rogers and RBC told The Globe they had no idea the NSA had any interest in their networks, which they insist are secured against intruders.

The NSA has said it will not discuss allegations about its intelligence activities.

There is no indication the NSA went as far as getting at any data inside individual computers or reading communications related to the Canadian companies. However, the presentation suggests the agency went further in using its mapping techniques to look at the computer systems controlled by a Chinese telecom giant.

The name of Huawei Technologies Co. Ltd. appears in the presentation, and the NSA appears to have had a keen interest in isolating the corporations data channels. These links are likely to carry Huawei traffic, reads one slide.

Here is the original post:
Reports of NSA spying on Canadian companies fuel calls for more transparency

Want to know something odd? Its 2015 and all the top anti-virus products for Mac OS X use insecure lines to transmit their software to Apple Apple machines. Download files, known as .dmg files,for products including Kaspersky, Symantec Symantec, Avast, Avira, Intego, BitDefender, Trend Micro, ESET and F-Secure are all sentover unencrypted HTTP lines, rather than the more secure HTTPS. There is method in their madness, as they trust Apples Gatekeepersecurity technology to recognise the digital signatures they sign their software with that should guarantee the authenticity of the download.

But a former NSA and NASA staffer Patrick Wardle, who now heads up research at security start-up Synack, believes he has found a new way to abuse such insecure downloads and bypass protections in Apple Macs without getting caught. Normally, anyone who intercepts a download to turn it nasty wont get away with it, as Mac Gatekeeperwill see that the vendors original signature has been altered or taken away entirely, and the software tampered with, meaning its no longer trusted.

Yetthe Gatekeeper software doesnt check all components of Mac OS X download files, according to Wardle. He believes he can sneak a malicious version of whats known as a dylib file into legitimate downloads done over HTTP to infect Macs and start stealing data.These dylibs (short for dynamic libraries) are designed to be re-used by different applications; they might be used for actions such as compressing a file or using native graphics capabilities of the operating system. Theyre supposed to make apps work more efficiently.

If an attacker can hijack the dylib processes used by Mac apps, however, they can carry out nasty attacks and send user data to their own servers, the researcher explained. Such an attack would not be trivial, Wardle admits. First, the attacker would have to get on the same network as a target, either by breaching it or simply logging on to the same public Wi-Fi. They would also have to injecta legitimate yet vulnerable application into the downloadand shuffle around the content of the .dmg so thatthe injected legitimate softwareis shown to the user. The latter is not so tricky:the attacker can set the name and icon of thisvulnerable app so nothing looks suspicious, said Wardle.

Finding vulnerable apps shouldnt be too hard either.Wardle created a scanner that looked for applications that would use his naughty dylibs. He found around 150 on his own machine, including hugely popular software likeMicrosoftWord and Excel,Apples own iCloud Photos and Dropbox. The list also includedApples developer tool XCODE and email encryption key management software GPG Keychain, both of which he abused in his proof of concept attacks. According to a recent article in The Intercept, Snowden files showed researchers were demonstrating how amodified version of XCODEcould be used to siphon off targets passwords and other data. Wardle said it was 100 per cent coincidence that his former employer had also targeted XCODE.

Wardled noted that apps from Apples Mac App Store are not vulnerable.

Apps vulnerable to dylib attacks slide from Patrick Wardle

Despite the barriers to successful exploitation, his techniques have provided him with a novel way to bypass Gatekeepers draconian detection mechanism (its also not too dissimilar from DLL attacks of yore on Windows).It is, he added, a cunning way to bypass Mac OS X Gatekeeper protections and allow hackers to go back to their old tricks.

When the injected legitimateapplication is launched the unsigned malicious dylib is loaded or executed(even if the user sets his machine to accept only all apps from the Mac App Store) before theapps main code. At this point the dylib can do anything. I see it a)kicking off the legitimate application that the user was downloading sonothing seems amiss, and b) installing the implant component which will then complete the rest of the attack, persistently infecting the userscomputer. He noted theattack should also work on downloaded .zip filesthat contain applications.

Mac OS X dylib hijacking attacks slide from Patrick Wardle

See original here:
Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper

Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says.

The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers.

The interception campaign was revealed last May.

Speaking at a Cisco Live press panel in Melbourne today, Stewart says the Borg will ship to fake identities for its most sensitive customers, in the hope that the NSA's interceptions are targeted.

"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Stewart says.

"When customers are truly worried ... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going so its very hard to target - you'd have to target all of them.

There is always going to be inherent risk."

Stewart says some customers drive up to a distributor and pick up hardware at the door.

He says nothing could guarantee protection against the NSA, however. "If you had a machine in an airtight area ... I stop the controls by which I mitigate risk when I ship it," he says, adding that hardware technologies can make malicious tampering "incredibly hard".

Cisco has poked around is routers for possible spy chips, but to date has not found anything because it necessarily does not know what NSA taps may look like, according to Stewart.

Original post:
Cisco posts kit to empty houses to dodge NSA chop shops

Wikimedia sues NSA over Prism mass surveillance
The NSA is being sued by Wikimedia and other groups challenging one of its mass surveillance programs For more videos, head over to http://www.ibtimes.co.uk/tv.

By: IBTimes UK

See original here:
Wikimedia sues NSA over Prism mass surveillance - Video

NSA Agent Prank - How to Get Out of ANY Ticket - Social Experiment - Funny Videos - Pranks 2015
pranks pranks 2015...NSA Agent Prank - How to Get Out of ANY Ticket - Social Experiment - Funny Videos - Pranks 2015 - fails Subscribe to SoFloComedy ...

By: SoFloComedy

Original post:
NSA Agent Prank - How to Get Out of ANY Ticket - Social Experiment - Funny Videos - Pranks 2015 - Video

The lawsuit by Wikimedia and other plaintiffs challenges the National Security Agency's use of upstream surveillance, which collects the content of communications, instead of just the metadata. Patrick Semansky/AP hide caption

The lawsuit by Wikimedia and other plaintiffs challenges the National Security Agency's use of upstream surveillance, which collects the content of communications, instead of just the metadata.

Earlier this week, Wikimedia, the parent company of Wikipedia, filed a lawsuit against the National Security Agency, saying that the NSA's use of "upstream" mass surveillance violates the First and Fourth Amendments.

Under "upstream" surveillance, an American sending an email or making a video call to someone in another country could have the content of their correspondence collected by the NSA. That might even be true if the message is sent to someone in the U.S., but the data was passed through a foreign server.

Wikimedia was joined by several other plaintiffs in the suit, and will be helped by the American Civil Liberties Union, Wikipedia founder Jimmy Wales wrote in an op-ed in the New York Times.

Stephen Vladeck, a professor at the American University Washington College of Law and an expert on national security law, explained the lawsuit and its implications to NPR's Arun Rath.

On what the upstream surveillance program does

Under upstream, what the NSA is apparently doing is they're tapping the backbone of the Internet. In effect, if we think of the Internet as a highway, they're on the highway and intercepting traffic as it crosses the highway.

In critical distinction to the programs that we've learned about already, the programs that are already being challenged, part of what the NSA is collecting through upstream is content that is to say, the content of phone calls, the content of emails, and not just the metadata that has been at the heart of, for example, the bulk phone records program.

On privacy concerns

Go here to see the original:
An 'Upstream' Battle As Wikimedia Challenges NSA Surveillance

The National Security Agency needs to establish a broader dialogue across the nation in order to better strike a balance between an individuals rights to privacy and the need to intelligently secure our nation, said Admiral Michael Rogers, NSA director and U.S. Cyber Command commander.

Its not me as director of the NSA that ought to be making that decision [to find a balance]. We as a nation need to decide what are we comfortable with, whats the right balance, he said.

Admiral Rogers, who has been in command since April 2014, spoke to an audience of students, faculty, and community members in a conversation titled Challenges and Opportunities in an Interconnected World in Alexander Hall at Princeton University on Tuesday.

He opened the conversation with an introduction to the missions of the NSA and Cyber Command, and his expectations for the organizations core priorities: obeying the rule of law, being accountable to the citizens they defend, acknowledging mistakes, and not cutting corners.

In the end, NSA is a group of highly motivated men and women who are trying to do the right thing the right way, but they are men and women. They will sometimes make mistakes, Admiral Rogers said. So we say, hey, if we make a mistake, we stand up, we tell the court we made a mistake, we tell Congress we made a mistake, we tell the attorney general that we made a mistake.

During the subsequent question and answer session, Admiral Rogers emphasized the need for the NSA to create more public confidence in its mission.

If were honest with each other, what is our confidence in Congress and the world were living in right now? Admiral Rogers asked. Not as high as we all wish it were.

He noted that after Senate investigation into intelligence community abuses of the rights of citizens, Congress passed the Foreign Intelligence Surveillance Act of 1978, which created a new legal framework of oversight for the NSA yet national confidence in the NSA remains low.

The very mechanisms, almost 40 years ago, that we put in place to try to generate confidence are now questioned by our citizens. Its not a criticism, its just a fact, he said. What are the mechanisms we can create that will engender greater confidence?

In response to a question about cyberspace deterrence, Admiral Rogers advocated for a proportional and specific response. He also noted that much of the current research about deterrence is done in the private academic sector and called on the Princeton community to help address these difficult questions for the nation.

See original here:
PRINCETON: NSA director says better balance needed between individual privacy and national security

NSA building damaged by multiple gunshots - reports Daboo77
National Security Agency (NSA) headquarters building in Fort Meade, Maryland. (Reuters / NSA / Handout via Reuters) NSA building damaged by multiple gunshots...

By: Truth-worx Cornelia

Read more:
NSA building damaged by multiple gunshots - reports Daboo77 - Video

NSA PUA - Statements 05.03.2015 (1)
Martina Renner Konstantin von Notz zu den aufgetauchten 130 Akten , die dem Ausschuss vorenhalten wurden.

By: Daniel Lcking

Read the original:
NSA PUA - Statements 05.03.2015 (1) - Video