Category Archives: NSA

One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drives firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmwarethe guts of any computersurpasses anything else they had ever seen.

The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named nls_933w.dll, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered.

It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. This lets spies like the Equation Group bypass disk encryption by secreting documents they want to seize in areas that dont get encrypted.

Kaspersky has so far uncovered 500 victims of the Equation Group, but only five of these had the firmware-flashing module on their systems. The flasher module is likely reserved for significant systems that present special surveillance challenges. Costin Raiu, director of Kasperskys Global Research and Analysis Team, believes these are high-value computers that are not connected to the internet and are protected with disk encryption.

Heres what we know about the firmware-flashing module.

Hard drive disks have a controller, essentially a mini-computer, that includes a memory chip or flash ROM where the firmware code for operating the hard drive resides.

When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one. The researchers uncovered two versions of the flasher module: one that appears to have been compiled in 2010 and is used with EquatinoDrug and one with a 2013 compilation date that is used with GrayFish.

The Trojanized firmware lets attackers stay on the system even through software updates. If a victim, thinking his or her computer is infected, wipes the computers operating system and reinstalls it to eliminate any malicious code, the malicious firmware code remains untouched. It can then reach out to the command server to restore all of the other malicious components that got wiped from the system.

Even if the firmware itself is updated with a new vendor release, the malicious firmware code may still persist because some firmware updates replace only parts of the firmware, meaning the malicious portions may not get overwritten with the update. The only solution for victims is to trash their hard drive and start over with a new one.

The attack works because firmware was never designed with security in mind. Hard disk makers dont cryptographically sign the firmware they install on drives the way software vendors do. Nor do hard drive disk designs have authentication built in to check for signed firmware. This makes it possible for someone to change the firmware. And firmware is the perfect place to conceal malware because antivirus scanners dont examine it. Theres also no easy way for users to read the firmware and manually check if its been altered.

View post:
How the NSAs Firmware Hacking Works and Why Its So Unsettling

With the snow-capped Montana mountains behind him, flannel-clad Steve Daines blasted the National Security Agencys sweeping surveillance practices. I stood up to the Washington establishment in support of [a bill] to stop the NSA from collecting the records of innocent Americans, he said. Big government can take away our freedoms.

That was Mr. Daines campaign ad. And the message clearly resonated Daines, a former House representative from Montana, won his election to the Senate.

Security and privacy became hot-button issues in political races across the country after former NSA contractor Edward Snowden disclosed the spy agencys collection of millions of Americans call records. With several national polls showing Americans support curbing the controversial program, many wannabe senators, like Daines, spoke out about the need to protect civil liberties.

Now, 13 new senators are here in Washington and their votes will be crucial in the upcoming debates over surveillance reform.

Congress failed to pass a reform bill last year, despite President Obamas urging and recommendations from government-appointed privacy and civil liberties boards to end the domestic call record bulk collection program. In a Republican-controlled Congress, however, the politics of privacy are even more complex.

After the November elections, incoming Senate Majority Leader Mitch McConnell encouraged his Republican colleagues to oppose advancing the USA Freedom Act because it could hurt the fight against terrorism. With the threat from the Islamic State in the news, the vote to debate the surveillance reform bill fell short by just two votes. This time around, privacy advocates are warily watching the fresh crop of senators all Republican but one.

If they stay consistent with their past pro-privacy positions, they could very well tip the precarious balance in the upper chamber in favor of reform.

Theres a pretty short list of issues where our phones start ringing off the hook here, Daines told Passcode. Guns, he says, is a key one and when you start looking at surveillance and the federal government overreach, our phone really starts ringing.

This year, the pressures on: A key provision of the Patriot Act the NSA says provides the legal authority for the domestic spying program is set to sunset in June.

Its something the Republican Party is going to have to debate, says Mark Jaycox, legislative analyst for the Electronic Frontier Foundation. The question is going to be, can new members convince the leadership that these authorities need to be reformed?

Continue reading here:
Can the Senates new Republicans usher in NSA surveillance reform?

Each passing leak from former National Security Agency (NSA) contractor Edward Snowden seems to paint a darker picture of the state of privacy and data security in the United States, and the world at large. At this point weve heard about mass surveillance of nude Webcam chats, the NSA tapping international leaders phones, mass metadata collection, spies pretending to be Facebookto infect computers, and countless other programs. Now, an even more frightening Snowden leak has appeared on the Intercept.

The NSA and GCHQ have had access to the vast majority of cell phone communications around the world since 2010.

In other words, the NSA and GCHQ have had access to the vast majority of cell phone communications (even encrypted communication) around the world since 2010. Theyve listened to your phone calls; theyve read your texts; and theyve almost certainly monitored the websites youve visited on your mobile devices.

To make matters worse, the same hacked company that makes SIM cards also makes the chips that are embedded into your next-generation credit cards and next-generation passports.

Heres everything you need to know about how these agencies pulled off this massive hack without anyone noticing, who they targeted, and how to protect yourself from surveillance.

Read more:
The NSA has hacked your phone: What you need to know, and how to protect yourself

ShmooCon 2015 - NSA USB Playset
CyberPunk http://n0where.net.

By: Ra Darth

Excerpt from:
ShmooCon 2015 - NSA USB Playset - Video

GCHQ Unlawful NSA and The Apostle Paul #39;s Experience

By: Edifying Others

Original post:
GCHQ Unlawful NSA and The Apostle Paul's Experience - Video

NSA Bulk Data Collection Will Continue Despite Reforms
U.S. intelligence critics say the reforms for the NSA and other agencies fell short of expectations. Follow Christian Bryant: http://www.twitter.com/bryantcp...

By: Newsy Politics

Originally posted here:
NSA Bulk Data Collection Will Continue Despite Reforms - Video

Google Gagged and Ordered by NSA and FBI to Release Personal Data of Wikileaks Staffers
Michael Ratner says that US government is still pursuing criminal investigations against Wikileaks Editor and staffers, not just because of what they have al...

By: TheRealNews

See the original post:
Google Gagged and Ordered by NSA and FBI to Release Personal Data of Wikileaks Staffers - Video

Interview with NSA Whistleblowers on Privacy and Metadata
On January 22nd, the Ceremony for the Sam Adams Award was held in Berlin. This year #39;s awardee William Binney gave us an interview, as well as the Whistleblow...

By: samuel ezerzer

Continue reading here:
Interview with NSA Whistleblowers on Privacy and Metadata - Video

The NSA may have a backdoor in your computer that you cant get rid of
Russian security software maker Kaspersky Lab announced that a cyber espionage group, perhaps connected to the NSA, has developed a means to hide spying soft...

By: TomoNews US

Read more here:
The NSA may have a backdoor in your computer that you cant get rid of - Video

Laura Poitras on being Edward Snowden #39;s first contact over leaked NSA documents
Oscar-nominated filmmaker Laura Poitras talks about what it was like to be Edward Snowden #39;s first contact over leaked NSA documents. Subscribe to The National to watch more videos here:...

By: The National

Visit link:
Laura Poitras on being Edward Snowden's first contact over leaked NSA documents - Video