Category Archives: NSA

Gemalto, the Dutch maker of billions of mobile phone SIM cards, confirmed this morning that it was the target of attacks in 2010 and 2011attacks likely perpetrated by the NSA and British spy agency GCHQ. But even as the the company confirmed the hacks, it downplayed their significance, insisting that the attackers failed to get inside the network where cryptographic keys are stored that protect mobile communications.

Gemalto came to this conclusion after just a weeklong investigation following a news report that the NSA and GCHQ had hacked into the firms network in 2011. The news was reported by The Intercept last week, which said the agencies had gained access to huge cache of the cryptographic keys used with its SIM cards.

The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened, Gemalto wrote in a press release on Wednesday. But, the company said, The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys.

Many in the information security community ridiculed Gemalto for asserting this after such a short investigation, particularly since the NSA has been known to deploy malware and techniques capable of completely erasing any signs of an intrusion after the fact to thwart forensic discovery of a breach.

Very impressive, Gemalto had no idea of any attacks in 2010, one week ago. Now they know exactly what happened, French developer and security researcher Matt Suiche wrote on Twitter.

Chris Soghoian, chief technologist for the American Civil Liberties Union had the same reaction.

Gemalto, a company that operates in 85 countries, has figured out how to do a thorough security audit of their systems in 6 days. Remarkable, he tweeted.

The Intercept alleged in its story that the spy agencies had targeted employees of the Dutch firm, reading their siphoned emails and scouring their Facebook posts to obtain information that would let them hack employee machines. Once on Gemaltos network, The Intecept reported, the spy agencies planted backdoors and other tools to give them a persistent foothold. We believe we have their entire network, boasted the author of a government PowerPoint slide that was leaked by Snowden to journalist Glenn Greenwald.

If true, this would be a damning breach. Gemalto is one of the leading makers of SIM cards; its cards are used in part to help secure the communications of billions of customers phones around the world on AT&T, T-Mobile, Verizon, Sprint and more than 400 other wireless carriers in 85 countries. Stealing the crypto keys would allow the spy agencies to wiretap and decipher encrypted phone communications between mobile handsets and cell towers without the assistance of telecom carriers or the oversight of a court or government.

Edward Snowden criticized the agencies for the hack in an Ask Me Anything session for Reddit on Monday. When the NSA and GCHQ compromised the security of potentially billions of phones (3g/4g encryption relies on the shared secret resident on the sim), Snowden wrote, they not only screwed the manufacturer, they screwed all of us, because the only way to address the security compromise is to recall and replace every SIM sold by Gemalto.

Read this article:
Gemalto Confirms It Was Hacked But Insists the NSA Didnt Get Its Crypto Keys

Tech News Today 873: NSA Eats Your Fiber
The Internet is ruining your sleep, BBM reviews getting astroturfy, YouTube taking on Spotify, and more. Steam drops the third shoe, Microsoft might steal Ford #39;s chief, Evernote #39;s thunder,...

By: Bemo Ilge

See the original post:
Tech News Today 873: NSA Eats Your Fiber - Video

NSA Planting Viruses IN COMPUTER HARDRIVES BIGGEST GOVERNMENT CONSPIRACY IN 2015
Apply To be A CableLineNetwork Partner http://goo.gl/DaOz3R Get Paid to Livestream on twitch for us: http://www.cablelinenetwork.com/get-sponsored-on-twitch.html For News Article Here:...

By: CableLine Network

Read the original here:
NSA Planting Viruses IN COMPUTER HARDRIVES BIGGEST GOVERNMENT CONSPIRACY IN 2015 - Video

Hypocrite Marco Rubio Supports Funding More NSA Spying
David Knight takes the studio for Alex Jones and breaks down how Marco Rubio has betrayed the American people. http://www.newsmax.com/Newsfront/Marco-Rubio-P...

By: THElNFOWARRlOR

See original here:
Hypocrite Marco Rubio Supports Funding More NSA Spying - Video

"I would say that it has had a material impact in our ability to generate insights as to what counterterrorism, what terrorist groups around the world are doing," Adm. Michael Rogers told a group gathered in Washington for a cybersecurity summit hosted by the New America think tank.

READ: Jeb Bush defends NSA dragnet

"Do you have new blind spots that you didn't have prior to the revelation," moderator and CNN National Security correspondent Jim Sciutto asked.

"Have I lost capability that we had prior to the revelations? Yes," Rogers responded. "Anyone who thinks this has not had an impact I would say doesn't know what they're talking about."

Snowden himself remains free in Russia. A film about him won an Academy Award on Sunday evening.

Rogers says he knew U.S. infrastructure would likely come under cyber-attack on his watch, but the target of Sony Pictures was a surprise.

"I fully expected, sadly in some ways, that in my time as the commander of United States Cyber Command the Department of Defense would be tasked with attempting to defend the nation against those kind of attacks," he said. "I didn't realize that it would be against a motion picture company, to be honest."

North Korea is widely believed to be behind the hack in response to Sony's production of the film "The Interview," which depicts a comedic plot to kill leader Kim Jong-un

Rogers declined to respond to a question if the United States was behind a retaliatory online attack that took down North Korea's Internet access.

When asked which nations had the ability to strike U.S. cyber interests Rogers declined to provide assessments of most countries.

Read the rest here:
NSA: Snowden leaks hurt ability to track terrorists - CNN.com

NSA whistleblower Edward Snowden didnt mince words during a Reddit Ask Me Anything session on Monday when he said the NSA and the British spy agency GCHQ had screwed all of us when it hacked into the Dutch firm Gemalto to steal cryptographic keys used in billions of mobile SIM cards worldwide.

When the NSA and GCHQ compromised the security of potentially billions of phones (3g/4g encryption relies on the shared secret resident on the sim), Snowden wrote in the AMA, they not only screwed the manufacturer, they screwed all of us, because the only way to address the security compromise is to recall and replace every SIM sold by Gemalto.

Gemalto is one of the leading makers of SIM cards used in billions of mobile phones around the world to secure the communications of telecom customers of AT&T, T-Mobile, Verizon, Sprint and more than 400 other wireless carriers in 85 countries. Stealing the crypto keys essentially allows the spy agencies to wiretap and decipher encrypted phone communications at will without the assistance of telecom carriers or the oversight of a court or government. The keys also allow the agencies to decrypt previously intercepted messages they hadnt been able to crack.

But in stealing the keys with the aim of targeting the communications of specific customers, the spy agencies undermine the security of billions of other customers.

Our governments should never be weighing the equities in an intelligence gathering operation such that a temporary benefit to surveillance regarding a few key targets is seen as more desireable than protecting the communications of a global system Snowden wrote.

As The Intercept reported last week, the spy agencies targeted employees of the Dutch firm, reading their siphoned emails and scouring their Facebook posts to obtain information that would help the agencies hack the employees. Once on employee systems, the spy agencies planted backdoors and other tools to give them a persistent foothold on the companys network. We believe we have their entire network, the author of a PowerPoint slide, leaked by Snowden to journalist Glenn Greenwald, boasted about the hack.

Snowden commented on the story after being asked what he thought about recent revelations from Kaspersky Lab that it had uncovered a spy module, believed to belong to the NSA, designed for hacking the firmware of hard drives. Snowden said the firmware hacking was significant but even more significant was the theft of the crypto keys.

[A]lthough firmware exploitation is nasty, Snowden responded, its at least theoretically reparable: tools could plausibly be created to detect the bad firmware hashes and re-flash good ones. This isnt the same for SIMs, which are flashed at the factory and never touched again.

Julian Sanchez of the Cato Institute shared Snowdens sentiments about the crypto theft.

We hear a great deal lately about the value of information sharing in cybersecurity, he wrote in a blog post about the hack of Gemalto. Well, heres a case where NSA had information that the technology American citizens and companies rely on to protect their communications was not only vulnerable, but had in fact been compromised.[T]his is one more demonstration that proposals to require telecommunications providers and device manufacturers to build law enforcement backdoors in their products are a terrible, terrible idea. As security experts have rightly insisted all along, requiring companies to keep a repository of keys to unlock those backdoors makes the key repository itself a prime target for the most sophisticated attackerslike NSA and GCHQ.

See the article here:
Snowden: Spy Agencies Screwed All of Us in Hacking Crypto Keys

The U.S. should be able to craft a legal framework to let government agencies read encrypted data, Rogers says

It probably comes as no surprise that the director of the U.S. National Security Agency wants access to encrypted data on computers and other devices.

The U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to, NSA director Michael Rogers said during an appearance at a cybersecurity policy event Monday.

Asked if the U.S. government should have backdoors to encrypted devices, Rogers said the U.S. government needs to develop a "framework."

"You don't want the FBI and you don't want the NSA unilaterally deciding, 'So, what are we going to access and what are we not going to access?'" Rogers said during his appearance at the New America Foundation. "That shouldn't be for us. I just believe that this is achievable. We'll have to work our way through it."

Justsecurity.org has a transcript of an exchange between Rogers and Yahoo CISO Alex Stamos at Monday's event.

Rogers isn't the first member of President Barack Obama's administration to call for encryption workarounds in recent months. In September, after Apple and Google announced encryption features on their smartphone OSes, both FBI Director James Comey and Attorney General Eric Holder raised concerns that additional encryption tools would hinder law enforcement investigations.

Stamos questioned whether it is a good idea to build backdoors in encryption. "If we're going to build defects/backdoors or golden master keys for the U.S. government, do you believe we should do so .... for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government?" he said, according to the Justsecurity transcript.

Rogers objected to using the word "backdoor". "When I hear the phrase 'backdoor', I think, 'Well, this is kind of shady. Why would you want to go in the backdoor? It would be very public,'" he said. "Again, my view is: We can create a legal framework for how we do this. It isn't something we have to hide, per se."

An NSA spokeswoman wasn't immediately available for further comment.

Continued here:
NSA director wants gov't access to encrypted communications

"I would say that it has had a material impact in our ability to generate insights as to what counterterrorism, what terrorist groups around the world are doing," Adm. Michael Rogers told a group gathered in Washington for a cybersecurity summit hosted by the New America think tank.

READ: Jeb Bush defends NSA dragnet

"Do you have new blind spots that you didn't have prior to the revelation," moderator and CNN National Security correspondent Jim Sciutto asked.

"Have I lost capability that we had prior to the revelations? Yes," Rogers responded. "Anyone who thinks this has not had an impact I would say doesn't know what they're talking about."

Snowden himself remains free in Russia. A film about him won an Academy Award on Sunday evening.

Rogers says he knew U.S. infrastructure would likely come under cyber-attack on his watch, but the target of Sony Pictures was a surprise.

"I fully expected, sadly in some ways, that in my time as the commander of United States Cyber Command the Department of Defense would be tasked with attempting to defend the nation against those kind of attacks," he said. "I didn't realize that it would be against a motion picture company, to be honest."

North Korea is widely believed to be behind the hack in response to Sony's production of the film "The Interview," which depicts a comedic plot to kill leader Kim Jong-un

Rogers declined to respond to a question if the United States was behind a retaliatory online attack that took down North Korea's Internet access.

When asked which nations had the ability to strike U.S. cyber interests Rogers declined to provide assessments of most countries.

Follow this link:
NSA: Snowden leaks hurt ability to track terrorists

"I would say that it has had a material impact in our ability to generate insights as to what counterterrorism, what terrorist groups around the world are doing," Adm. Michael Rogers told a group gathered in Washington for a cybersecurity summit hosted by the New America think tank.

READ: Jeb Bush defends NSA dragnet

"Do you have new blind spots that you didn't have prior to the revelation," moderator and CNN National Security correspondent Jim Sciutto asked.

"Have I lost capability that we had prior to the revelations? Yes," Rogers responded. "Anyone who thinks this has not had an impact I would say doesn't know what they're talking about."

Snowden himself remains free in Russia. A film about him won an Academy Award on Sunday evening.

Rogers says he knew U.S. infrastructure would likely come under cyber-attack on his watch, but the target of Sony Pictures was a surprise.

"I fully expected, sadly in some ways, that in my time as the commander of United States Cyber Command the Department of Defense would be tasked with attempting to defend the nation against those kind of attacks," he said. "I didn't realize that it would be against a motion picture company, to be honest."

North Korea is widely believed to be behind the hack in response to Sony's production of the film "The Interview," which depicts a comedic plot to kill leader Kim Jong-un

Rogers declined to respond to a question if the United States was behind a retaliatory online attack that took down North Korea's Internet access.

When asked which nations had the ability to strike U.S. cyber interests Rogers declined to provide assessments of most countries.

See the original post here:
NSA: Snowden leaks hurt us

NSA hides Spying Software deep within Hard Drives
Feb. 17 -- Bloomberg #39;s Cory Johnson reports on Kaspersky Lab finding concealed software on drives made by Western Digital, Seagate, Toshiba and others. Johns...

By: Matthew Hardy

More here:
NSA hides Spying Software deep within Hard Drives - Video