Category Archives: NSA

Egyptian authorities must conduct prompt, effective and independent investigations into the enforced disappearance for almost two years of a young mother, and her toddler, as well as the ongoing enforced disappearance of her husband, the childs father, said Amnesty International today.

The organization also urges the authorities to immediately release the mother from abusive pre-trial detention and ensure the familys right to adequate remedy and reparation proportional to the severity of violations and harm suffered.

"The Egyptian authorities have a long, grim record of forcibly disappearing and torturing people they consider government opponents or critics. However, seizing a young mother with her one-year-old baby and confining them in a room for 23 months outside the protection of the law and with no contact with the outside world show that their ongoing campaign to stamp out dissent and instil fear has reached a new level of brutality, said Philip Luther, Amnesty Internationals Research and Advocacy Director for the Middle East and North Africa.

Seizing a young mother with her one-year-old baby and confining them in a room for 23 months outside the protection of the law and with no contact with the outside world show that Egyptian authorities' ongoing campaign to stamp out dissent and instil fear has reached a new level of brutality

These unconscionable acts of cruelty violate Egypts human rights obligations, including the absolute prohibition on torture and other ill-treatment and enforced disappearances, and constitute crimes under international law. There must be urgent, independent and effective investigations into these crimes with a view to bringing those responsible to justice in a fair trial and ensuring full reparation for the victims.

National Security Agency (NSA) officers seized university teacher Manar Adel Abu el-Naga, 27, her husband, Omar Abdelhamid Abu el-Naga, 27, and their one-year-old baby boy, al-Baraa, from their home in Alexandria on 9 March 2019. Their distressed relatives and lawyers have spent the last two years trying in vain to locate them. Despite a July 2019 administrative court ruling ordering the Ministry of Interior to reveal their whereabouts, the ministry repeatedly denied having them in its custody.

On 20 February 2021, Manar Adel Abu el-Naga appeared before the Supreme State Security Prosecution (SSSP), a special branch of the public prosecution responsible for investigating national security offences, and was questioned about membership in a terrorist group and "funding a terrorist group", which she denies.

In line with NSA practice in other enforced disappearance cases documented by Amnesty International, security forces falsified her arrest date and pressured her to say that she was arrested two days before her appearance in front of the SSSP. She was taken from her place of captivity and accompanied by policemen directly to the prosecutor. A lawyer present at the SSSP premises attended her questioning but was not permitted to consult with her or examine her case file. A prosecutor ordered that she be detained for 15 days pending further investigations. According to lawyers and other informed sources, the case against her relies on secret NSA investigations and two handwritten notes that she has denies authoring.

Manar Adel Abu el-Naga was transferred to al-Qanater womens prison and has not be allowed contact with her family thus far.

Her son, al-Baraa, now nearly three, was handed over to her relatives, whom he has not seen in nearly two years. People who met the child said that he is experiencing severe mental anguish, separation anxiety and is in urgent need of mental and physical rehabilitation. The child did not seem to have bathed for a long time and repeatedly said, I want to go back to the room, referring to the room where he had been held captive.

On his Facebook page, the toddlers uncle described the devastating impact of his enforced disappearance on his mental health: "A child who does not know his relatives and is afraid of them he is only used to seeing people in uniform."

The Egyptian authorities are adding to the catalogue of violations inflicted on Manar Adel Abu el-Naga and her family by separating her from her traumatized child and denying her basic due process rights, said Philip Luther.

Given the Egyptian authorities abuse of pre-trial detention to keep thousands of men and women in jail on unfounded terrorism charges for months or even years, and the horrific circumstances surrounding the familys enforced disappearance, Amnesty International is calling for Mana Adel Abu el-Nagas immediate release. Any statements that she has made during her enforced disappearance must be excluded from legal proceedings against her.

The childs father, Omar Abdelhamid Abu el-Naga, continues to be subjected to enforced disappearance, adding to fears for his life and safety. The Egyptian authorities must immediately reveal the truth about his fate and whereabouts.

These egregious violations by security forces yet again illustrate the devastating effects of the prevailing climate of impunity in Egypt

Amnesty Internationals research over the past eight years has shown that security forces, particularly the NSA, regularly subject real or perceived opponents and critics to enforced disappearance for days, months, and sometimes years. During that time, NSA officers subject them to torture and other ill-treatment, and then routinely coerce them into supporting claims by the NSA in front of SSSP prosecutors, who systematically fail to investigate allegations of enforced disappearances or torture against NSA officers.

"These egregious violations by security forces yet again illustrate the devastating effects of the prevailing climate of impunity in Egypt. They throw into sharp relief the urgent need for the international community to act in a coordinated manner, including by supporting the establishment of a monitoring and reporting mechanism on Egypt at the UN Human Rights Council," said Philip Luther.

In the absence of international action, security forces will feel empowered to continue committing grave violations of human rights and crimes under international law, destroying entire families in their wake.

Read this article:
Egypt End and redress shocking crimes against toddler and family forcibly disappeared for 23 months - Amnesty International

GREENWOOD VILLAGE, Colo.--(BUSINESS WIRE)--National Storage Affiliates Trust (NSA or the "Company") (NYSE: NSA), today announced the expansion of its Board of Trustees by one additional seat and elected Charles Wu to its Board, effective February 25, 2021.

Paul Hylbert, the Companys Lead Independent Trustee, commented, We are extremely pleased to announce Charlies addition to NSAs board, bringing the total number of Trustees to eleven while enhancing the boards diversity. Charlies significant real estate investment experience across varied private equity platforms will be a great contribution to the oversight and direction provided by our board members, while enhancing NSAs focus on continued value creation for all its stakeholders.

Mr. Wu is currently a Senior Lecturer of Business Administration at Harvard Universitys Graduate School of Business where he has taught since 2015. In 2015, he retired from his role as Managing Director of BayNorth Capital, a Boston-based private real estate equity firm which he co-founded in July 2004. Prior to co-founding BayNorth Capital, Mr. Wu co-founded the private equity firm Charlesbank Capital Partners in July 1998 and served as Managing Director for six years; served for three years as a Managing Director of its predecessor firm, Harvard Private Capital Group, the private equity and real estate investment unit of Harvard Management Company; and was a Managing Director at Aldrich Eastman & Waltch (AEW) where he directed the restructuring group and was a portfolio manager. Mr. Wu currently serves as a Trustee for the University of Massachusetts and is also a Board member of the University of Massachusetts Building Authority. Mr. Wu has an MBA, with distinction, and a BA, magna cum laude, from Harvard University.

Upcoming Industry Conference

NSA management is scheduled to participate in Citis 2021 Virtual Global Property CEO Conference, March 8 11, 2021.

About National Storage Affiliates Trust

National Storage Affiliates Trust is a real estate investment trust headquartered in Denver, Colorado, focused on the ownership, operation and acquisition of self storage properties located within the top 100 metropolitan statistical areas throughout the United States. As of December 31, 2020, the Company held ownership interests in and operated 821 self storage properties located in 36 states and Puerto Rico with approximately 52.0 million rentable square feet. NSA is one of the largest owners and operators of self storage properties among public and private companies in the United States. For more information, please visit the Companys website at http://www.nationalstorageaffiliates.com. NSA is included in the MSCI US REIT Index (RMS/RMZ), the Russell 2000 Index of Companies and the S&P SmallCap 600 Index.

Read the original here:
National Storage Affiliates Trust Announces Expansion of Board of Trustees and the Addition of Charles Wu to the Board - Business Wire

Taiwanese communications service provider Far EasTone Telecom (FET) has chosen Ericsson as its vendor for 5G Standalone (SA) and Non-standalone (NSA) dual-mode 5G Core and Voice over LTE (VoLTE) services.

The deal builds on Ericssons existing 5G partnership with FET, including thelaunch of commercial 5G in July 2020.

Ericsson will support FET in the expansion of its 5G NSA capabilities and SA evolution on the low, mid- and high-band frequencies.

In addition to end-to-end network orchestration and management, the expanded partnership will include full network design, planning and optimization services. These abilities will maximize FETs spectrum assets by expanding its mid-band base stations and modernizing existing low-band stations.

Ericsson will also provide a turnkey solution to deploycloud-nativedual-mode5G Core, including the container-basedEricsson Cloud Packet Core,Ericsson Cloud Unified Data Management and Policy,Ericsson Cloud Native InfrastructureandEricsson Orchestrator.

Ericsson Cloud VoLTEsolution will enable FET to improve voice user experience in current 4G networks in addition to being the foundation for voice use cases and 5G voice.

The deal also includesEricsson Radio Systemproducts, including antenna-integrated radios (AIR) for mid-band and millimeter wave.

Ericssons AI-poweredCognitive Optimizationwill be deployed for the first time in Taiwan as part of the expanded partnership, ensuring continuous optimization for 5G network performance and enhanced user experience.

Chee Ching, President, Far EasToneThe recent 5G network performance recognition both by Speedtest and Opensignal confirms our commitment to providing best 5G experiences for customers in Taiwan. With the proven network performance, we are glad to extend the strong partnership with Ericsson to continue the footprint and build a world-class 5G network.

Chafic Nassif, President, Ericsson TaiwanThe value of this partnership is unique and significant at the same time. Our close collaboration with FET to deliver a world leading network shows the benefit of combining end-to-end efficient network assets with operational efficiency, to improve customer experience.

View original post here:
Far EasTone Expands 5G Partnership with Ericsson for 5G SA & NSA, Dual-mode 5G Core and VoLTE - The Fast Mode

CIA-backed threat intelligence firm Recorded Future has issued a document in which it claims that a China-linked group named RedEcho is targeting the Indian power industry. That's the meaning from the headline which is very definitive.

But within the body of that document, Recorded Future takes more than one step backward, citing characteristics of other China-related groups (related? linked?) before saying: "Despite some overlaps with previous groups, Insikt Group [the fancy name for its research wing] does not currently believe there is enough evidence to firmly attribute the activity in this particular campaign to an existing public group and therefore continues to track it as a closely related but distinct activity group, RedEcho."

Is China behind the group RedEcho? Ah, when it comes to that, the good folk at Recorded Future are every bit the bashful teenagers. The words "appear", "indicate" and "may" are used often within the document which runs to about 15 pages.

Then why issue this half-baked report? Perhaps there was a call from Langley, needing some backup for something in the political pipeline.

Given that all security firms base their attribution of the various security threats they issue statements about, using fancy names, to a few helpful hints from some intelligence agency or the other, a little help to those nameless and faceless agencies is always welcome.

But in this case, there were a few wheels within wheels. First Recorded Future leaked the document to the New York Times. As usual, the NYT made the "findings" take on a life of their own, adding more certainty to the mix than even Recorded Future had infused into its headline.

Reporters David Sanger and Emily Schnall wrote: "The study shows that as the standoff continued in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant."

But then came the admission that dealt a death-blow to these conclusions: Recorded Future could not gain access to India's power systems and hence could not examine the code involved.

Plus, the NYT pointed out that the firm had made this admission: "...the alleged link between the outage and the discovery of the unspecified malware in the system "remains unsubstantiated".

The NYT has form in this regard: beating up some information to make it appear dangerous and the harbinger of doomsday. The last time it put out something like this was in January, when Sanger and two others, Nicole Perlroth and Julian Barnes, claimed that that the wares of a software company known as JetBrains could have a connection to the supply chain incident involving SolarWinds' network management software known as Orion.

The headline on the Recorded Future study.

On that occasion, the newspaper's scribes faced the wrath of ex-NSA hacker Jake Williams who came straight to the point, saying: "As I continue to interact with folks dealing with the aftermath of the NYT JetBrains story, I'm calling it - the story was irresponsibly released.

"The story lacks any actionable details and has collectively cost overworked security teams *thousands* of hours in response."

There was yet another angle to the RedEcho story, which offered more potential for laughter. Enter Robert Lee, again an NSA alumnus, a man who runs a company known as Dragos that specialises in the security of industrial control systems.

Lee had a bet each way, seemingly keen not to offend either Recorded Future or the NYT. "Interestingly, the NYT writes: 'Now, a new study lends weight to the idea that those two events may well have been connected' referring to a power outage last year in India," he said in the first of a series of tweets. "But whats interesting is the RF analysts dont seem to say that noting instead a link is unsubstantiated."

Lee's use of the word "interesting" is indeed, well, interesting to say the least!

"It seems the NYT is just offering a potential link, but the analysts dont support it," wrote the ever-cautious Lee. "Not critiquing any party involved but kudos to the analysts for sticking to their point that what they found was interesting and targeted, but chose not to speculate further."

He found that the Recorded Future analysts were "being "very reasonable and professional". Exactly what Lee learnt at the NSA is not known, but he seems to have majored in PR.

While spreading balm on both sides, Lee also hinted that it was not worth rushing to read the RF report. "For all my colleagues in electric power theres nothing here that would say any power outage was the result of a cyber attack or anything like that and if RF had any 'imminent' risk type intel theyd have shared it. Looks isolated. So rest easy and just read the report tomorrow," was his sage advice.

His final words on the NYT report? "Without being ad hominem as I do like David [Sanger] (damn good journalist) I will say Ive been frustrated more than a few times with NYT cyber reporting from a technical detail perspective, but outside the one unsupported claim I called out it reads pretty reasonable."

Lee then seems to have decided that he needed to paint himself as the soul of reason. "And before anyone claims Im gatekeeping journalism with tech elitism or whatever, the frustrations Ive had in the past are over tech details that fundamentally change the story (e.g. Baltimore ransomware EternalBlue link) not just tech details. But nothing of that is here." In other words, all those nasty words in the past were really not nasty, not at all.

All's well, that ends well, it would seem. Or appear.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

Here is the original post:
Plenty of mirth as Recorded Future, NYT and ex-NSA man have a punt each way - iTWire

As more and more devastating dog attacks on livestock are being reported, the National Sheep Association (NSA) is asking sheep farmers to contribute to its survey.

The survey aims to gather data and inform policy direction on the topic that appears to have been growing in case numbers and severity over the past year.

NSA chief executive Phil Stocker said: For many years NSA has been engaged in trying to highlight the serious issue of sheep worrying attacks by dogs.

"This has seen NSA involved in many discussions with rural police forces, animal welfare charities, the veterinary sector and, of course, government as we have, alongside others, called for changes in legislation to protect sheep farmers and their stock.

To facilitate this work NSA is appealing to all sheep farmers in the UK to supply the most up to date information and experiences they may have had with attacks on their flocks in this survey.

The 2021 NSA survey includes many new elements seeking information on sheep farmers experiences and their thoughts on how the issue could be resolved.

Through completing the survey respondents are helping to ensure the best possible voice can be put forward supporting calls for legal and cultural changes.

Devastatingly NSA hears from many sheep farmers experiencing problems with dogs chasing and attacking sheep on a weekly basis with case numbers appearing to have increased whilst the nation has been in lockdown during the Covid-19 pandemic.

Mr Stocker continues: As one of the few leisure activities that the population has still been able to enjoy in the past year an increased number of walkers often accompanied by their pet dogs have been passing through farmland.

"Although thankfully the majority are responsible there is a small number that still allow their dogs to run through fields of livestock under little or no control, the resulting effect can be devastating, from extremely distressed sheep to severe injury and sadly, far too often death.

In addition to sheep worrying cases reported where dogs have chased and attacked sheep off of the lead but with owners present there is also a high proportion of cases where straying dogs are responsible.

To highlight this issue NSA will also encourage dog owners to be responsible and to ask themselves if they know where their dog is at all times as part of its ongoing campaign.

All survey data will be collected anonymously with the information gathered forming part of NSAs 2021 Sheep Worrying by Dogs campaign which is scheduled to run throughout 2021 to promote responsible dog ownership.

The survey is open now and available to complete at surveymonkey.co.uk/r/sheepworrying2021.

See the original post here:
NSA urges sheep farmers to take survey on livestock worrying - South West Farmer

By Brian Fung, Alex Marquardt and Geneva Sands, CNN

(CNN) -- The Biden administration is increasingly sounding the alarm over a series of newly discovered cyber intrusions that Microsoft said this week were linked to China.

"This is an active threat," White House press secretary Jen Psaki said Friday. "Everyone running these servers -- government, private sector, academia -- needs to act now to patch them."

Psaki's warnings followed a tweet by national security adviser Jake Sullivan Thursday evening that underscored how concerned the Biden administration is. He urged IT administrators nationwide to install software fixes immediately. Sullivan said the US government is monitoring reports that US think tanks may have been compromised by the attack, as well as "defense industrial base entities."

Later on Friday, the Cybersecurity and Infrastructure Security Agency underscored the risk in unusually plain language, stating in a tweet that the malicious activity, if left unchecked, could "enable an attacker to gain control of an entire enterprise network."

In a rare step, White House officials have urged private sector organizations running localized installations of Microsoft Exchange server software to install several critical updates that were released in what information security experts described as an emergency patch release.

The cybersecurity firm FireEye said Thursday it had already identified a number of specific victims, including "US-based retailers, local governments, a university, and an engineering firm."

Pentagon press secretary John Kirby told reporters Friday the Defense Department is currently working to determine if it has been negatively affected by the vulnerability.

"We're aware of it, and we're assessing it," Kirby said. "And that's really as far as I'm able to go right now."

Microsoft disclosed this week that it had become aware of several vulnerabilities in its server software being exploited by suspected Chinese hackers. In the past, Microsoft said, the hacker group responsible -- which Microsoft is calling Hafnium -- has gone after "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs." The group in question had not been previously identified to the public, according to Microsoft.

The announcement marked the latest information security crisis to hit the US after FireEye, Microsoft and others reported a suspected Russian hacking campaign that began by infiltrating the IT software company SolarWinds. That effort has led to the compromise of at least nine federal agencies and dozens of private businesses.

But the malicious activity disclosed this week is not in any way related to the SolarWinds hack, Microsoft said Tuesday.

Microsoft typically releases software updates on the second Tuesday of each month. But in a sign of the seriousness of the threat, Microsoft published the patches addressing the new vulnerabilities which had never been detected until now -- a week early.

The Department of Homeland Security also released an emergency directive on Tuesday requiring federal agencies to either update their servers or to disconnect them. It is only the sixth such directive since the formation of CISA in 2015, and the second in three months.

"We urge network operators to take it very seriously," Psaki said of the directive. The administration is concerned there as a "large number of victims," she added.

Once the Hafnium attackers compromise an organization, Microsoft said, they have been known to download data such as address books and to gain access to its user account database.

One person working at a Washington think tank told CNN both her work and personal e-mail accounts were hit by the attackers. Microsoft sent her a warning that a foreign government was behind it. AOL sent a similar notification for the personal account.

The person was then visited by FBI agents who showed up on her doorstep, repeating that this was indeed an ongoing, sophisticated hack by a foreign government and that there is a nationwide FBI investigation underway.

The attackers had used their unauthorized access to e-mail the person's contacts, "tailoring [the messages] in a way that the recipient will not doubt I am the sender." The attackers' fraudulent emails sent in the person's name included invitations to non-existent conferences and referred to an article in her name and a book in a colleague's name, neither of which was written by them.

Each message, the person said, came with links asking people to click on them.

"This is the real deal," tweeted Christopher Krebs, the former CISA director. "If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03."

In its own advisory, CISA urged network security officials to begin looking for evidence of intrusions as far back as September 2020.

The US government's unusually public response to the incident was a surprise to many experts, a reflection of both the Biden administration's focus on cyber issues compared to the Trump White House as well as the scale of the threat.

"Is this the first time the National Security Advisor has promoted a specific patch?" John Hultquist, the vice president of FireEye's Mandiant Threat Intelligence arm, wondered aloud.

"When you wake up to the [National Security Advisor] and [Press Secretary] tweeting about cyber," National Security Agency communications official Bailey Bickley tweeted from her personal account, appending a "starstruck" emoji and quoting Sullivan's tweet from the night before.

CLARIFICATION: This story has been updated to reflect NSA official Bailey Bickley was tweeting on her personal account and not speaking for the NSA.

The-CNN-Wire & 2018 Cable News Network, Inc., a Time Warner Company. All rights reserved.

See the original post:
White House warns of 'active threat' from Microsoft email hackers - WDJT

If the big trend since the Snowden NSA data collection controversy has been the regulation of data, 2021 may see how big tech could try to set it free again.

Rules regulating data proliferated globally after the Snowden revelations, and to increasing fanfare. If the philosopher Jean-Jacques Rousseau were alive today, he may as well write, data is born free, but everywhere it is localized, surveilled, regulated, breached, censored, biased and taxed.

Data localization rules are increasingly widespread. India, under the guise of its draft data privacy law, may soon require entities to classify all data, labelling it for further yet unspecified regulator purposes like localization, taxation or mandatory sharing with the state or competitors. Chinas Technical Committee (TC) 260 has issued a variety of regulations governing data flow, privacy and cybersecurity. Faced with peaking demand for data storage, the city-state of Singapore has placed a moratorium on constructing new data centers until it develops land-use, energy and environmental sustainability rules for future new storage.

The European Unions privacy law, GDPR, did not introduce data localization rules but instead established extra-territorial rules governing data globally, dictating everything from data formatting to breach response, storage, erasure, processing, access and more. Lionised by GDPRs success, Europe now invites the US to a cage match at the OECD over taxing the delivery of digital services, while threatening uncoordinated national taxes if they demur.

The US is not excluded: it has a long history of requiring the localization of certain government and financial service sector data and has no shortage of both state-level and sectoral laws at the national level dictating various aspects of data governance.

The problem is not that there are rules. The problem is that there are 195 countries in the world, each going their own slightly (or very!) different way on surveillance, lawful access, data privacy, data breach response, digital trade, digital taxation, online harms and more. While there are no doubt good intentions behind each, the results are market access barriers, burdensome regulatory requirements, soaring compliance costs, opportunities for corruption and an exacerbated global digital divide. Something less than Fair Tech.

What is billionaire, libertarian big tech CEOs in Silicon Valley to do? One might be tempted to imagine outlandish schemes worthy of the most diabolical Bond villain: secret underwater lairs and commercial space travel to private space stations. In fact, industry news demonstrates that many such schemes are not just underway but at hand.

In 2020, Microsoft unveiled Project Natick, an ambitious effort for sub- sea data storage. Microsoft submerged sealed data centers off the Orkney Islands of Scotland for two years to test the feasibility of offshore data centers. The tagline: 50 percent of us live near the coasts, why shouldnt our data?. Yet in addition to the benefits of proximity to population, natural coolant, sustainable energy usage and ultra-low rent, hosting data at the bottom of international waters also raises a lot of interesting questions, specifically about which laws are and arent applicable to that data.

Not to be outdone, the Spacebelt satellite constellation seeks to provide highly secure cloud data to customers from low-earth orbit in outer space. Designed by the Cloud Constellation Corporation, the LA-based start-ups marketing collateral touts the ability to comply with data sovereignty requirements and avoid jurisdictional hazards.

If they hadnt got there, Virgin Orbit, OneWeb, SpaceX and Amazons Project Kuiper are not far behind. Each deploys broadband connectivity solutions in space: how long before the product shifts from connectivity to cloud-based services from orbit? Think Blue Origins rockets plus Kuipers satellites plus AWS cloud connectivity. All owned by Jeff Bezos, and all without the algae, barnacles and snooping submarines Microsofts Natick may face. Besides, if youre a data center architect looking for energy efficiency options, the only place that requires less coolant than the bottom of international waters may just be outer space.

It didnt have to be like this - data didnt need to go and hide in outer space or at the bottom of the sea. But what do data regulators expect? As rules for data flow, localization, storage, processing, accessibility, readability, lawful access and tax accumulate in number and complexity, it is natural for heavily regulated companies to go venue shopping. Brussels isnt the only culprit. As America and China decouple, America doesnt want its citizens using Chinese tech, and China doesnt want its citizens using American tech. It is easier, less political and far more green to simply collect, process, store and move data outside of any national borders in order to reach any customer anywhere, globally.

Regulators have three choices. The first is to start now devising data regulations for companies that may soon operate from international waters or from outer space to pre-empt big tech circumventing law. This could be via a national act, a regional one by the EU or ASEAN or a multilateral initiative in a forum like the ITU. Its the easiest of the three because it plays to what regulators do best: regulate.

The second option is to work harder to align regulations globally across trading and economic partners. This option allows regulators to do what they do best but to do it hand-in-hand with global friends and allies so they can reap the benefits of technological deployment and adoption that come with providing technology companies with the opportunities for scale. This is slow work and hard going.

The third option is the hardest for regulators: regulatory humility. That means, instead of seeing big tech as the bad guy and its CEOs as modern Bond villains, taking a hard look at whether regulations both on the books and in train actually drive progress and innovation or stifle it. It means examining whether regulatory action designed to inflict harm on a basket of five highly successful West Coast companies incidentally raises barriers to market entry for new competitors that could drive down price and drive-up choice for consumers.

Better, higher quality choices and lower prices are foundational elements of Fair Tech.

Michael A. Clauser, Data & Trust, Access Partnership

Continued here:
Frictionless data: Escaping the gravity of regulation - ITProPortal

Babagana Monguno, national security adviser (NSA), says some people are taking advantage of the deteriorating security situation in the country.

Speaking on Tuesday after the national security council meeting presided over by President Muhammadu Buhari, Monguno said the government will not tolerate the situation.

He warned anyone stoking violence to desist or have themselves to blame.

Of course, the president still remains concerned about the level of security, which seems to be cascading for the worse. Given the fact that we have a new organisation with new service chiefs, the president has charged all of us to redouble our efforts, especially in view of the occurrences of the last couple of weeks, Monguno said.

Now, I need to stress also that there are individuals in this country who have assumed a status that is beyond what they should be. The intelligence from our own sources, the intelligence at my disposal and the disposal of the other intelligence hence, reveals that we have certain entities, certain individuals who are making capital out of insecurity, especially kidnapping.

This is a situation that has to be brought to an end and Im sending a warning to anybody who is hiding beneath a veneer of some status, whether official, in terms of an official capacity or traditional or religious, to stoke the flames of disorder will have himself to blame.

He further warned non-state actors causing problems in different parts of the country to desist from doing so, adding that they have been placed under surveillance by the intelligence agencies.

Monguno added that the president has directed the new service chiefs to reclaim all areas of the country dominated by bandits.

Im sure youre all aware of the fact that no country will tolerate a group of non-state actors. No sovereign nation will allow a group of non-state actors to bring it down to its knees and render the state in state of panic, apprehension, mistrust, disorder, and so on and so forth, he said.

I think weve had enough of violence, enough of chaos, enough of anarchy, but I want to stress once more that any individual or group that thinks it can take it upon itself to cause disunity, disharmony and push the country to the brink should have a rethink.

Any individual who thinks he has any support, who thinks he can undermine this government, anybody, any human being, as long as its a citizen of this country, anyone person who thinks hes the cats whiskers, or he can be rocky on the perch and lead us into a situation of unhappiness, will have himself to blame at the end of the day.

See original here:
NSA: We have intelligence reports on those profiting from insecurity - TheCable

This blog provides overview of end-to-end encryption and how it protects the enterprise.

Over the past few years, the vulnerability of social networks like Facebook or messaging apps like Chat has given rise to using end-to-end encrypted platforms to protect communications. Today, platforms like WhatsApp, Signal and PreVeil use end-to-end encryption to protect the exchanges of users data. Yet what is end-to-end encryption and how does it work? How does it differ from other forms of data protection and how does end-to-end encryption ensure the protection of data?This piece will focus on providing answers to these questions.

End-to-end encryption provides the gold-standard for protecting communication. In an end-to-end encrypted system, the only people who can access the data are the sender and the intended recipient(s) and no one else. Neither ackers nor unwanted third parties can access the encrypted data on the server.In true end-to-end encryption, encryption occurs at the device level. That is, messages and files are encrypted before it leaves the phone or computer and isnt decrypted until it reaches its destination. As a result, hackers cannot access data on the server because they do not have the private keys to decrypt the data. Instead, secret keys are stored with the individual user on their device which makes it much harder to access an individuals data.The security behind end-to-end encryption is enabled by the creation of a public-private key pair. This process, also known as asymmetric cryptography, employs separate cryptographic keys for securing and decrypting the message. Public keys are widely disseminated and are used to lock or encrypt a message. Private keys are only known by the owner and are used to unlock or decrypt the message.In end-to-end encryption, the system creates public and private cryptographic keys for each person who joins.

An example

Lets say Alice and Bob create accounts on the system. The end-to-end encrypted system provides each with a public-private key pair, whereby their public keys are stored on the server and their private keys are stored on their device.Alice wants to send Bob an encrypted message. She uses Bobs public key and encrypts her message to him with it. Then, when Bob receives the message, he uses his private key on his device to decrypt the message from Alice.When Bob wants to reply, he simply repeats the process, encrypting his message to Alice using Alices public key.

Security practitioners often point out that security is a chain that is only as strong as the weakest link. Bad guys will attack the weakest parts of your system because they are the parts most likely to be easily broken. Given that data is most vulnerable when stored on a server, hackers techniques are focused on gaining access to servers.As the Department of Homeland Security has written:Given that attackers will go after low hanging fruit like where the data is stored, a solution that does not protect stored data will leave information extremely vulnerable.End-to-end encryption however does protect stored data. In fact it secures and protects data throughout its journey. As such, end-to-end encryption is the safest option for data security available.As the DHS goes on to state in its report:Attacking the data while encrypted is just too much work [for attackers].

End-to-end encryption is important because it provides users and recipients security for their email and files from the moment the data is created by the user until the moment it is received by the recipient. It also ensures that no third party can read the exchanged messages.Services like Gmail, Yahoo or Microsoft enable the provider to access the content of users data on its servers because these providers hold copies to the decryption keys. As such, these providers can read users email and files. In Googles case, its possession of decryption keys has enabled them in the past to provide the Google account holder with targeted ads.By contrast, in well-constructed end-to-end encrypted systems, the system providers never have access to the decryption keys.

The NSA recently issued guidelines for using collaboration services. At the top of the NSAs list was the recommendation that collaboration services employ end-to-end encryption.End-to-ends inclusion in the NSAs list highlights its shift to the mainstream by an organization known to seek the highest levels of security for themselves and their technologies. The NSA notes that by following the guidelines it defines, users can reduce their risk exposure and become harder targets for bad actors.

The U.S. State Department has also wised up to the benefits of end-to-end encryption with their ITAR Carve out for Encrypted Technical data . The carve out establishes that defense companies can now share unclassified technical data outside the U.S. with authorized persons. This exchange can be done without requiring an export license so long as the data is properly secured with end-to-end encryption. If the data is end-to-end encrypted, the exchange is not considered an export.The NSAs and State Departments statements acknowledge that end-to-end encryption provides a significant advantage to users over traditional forms of encryption. End-to-end encryption secures data on the users device and only ever decrypts it on the recipients device. This means, the data can never be decrypted on the server nor in transit nor on the users device.

At PreVeil, end-to-end encryption is at the core of how we users protect email and files. Today, hundreds of companies rely on PreVeil to protect their customers most sensitive data.Learn more about how PreVeil uses end-to-end encryption to protect your data. Download our architectural whitepaper today.

The post What is end-to-end encryption & how does it work? appeared first on PreVeil.

*** This is a Security Bloggers Network syndicated blog from Blog PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/end-to-end-encryption/

Read more here:
What is end-to-end encryption & how does it work? - Security Boulevard

More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raisedwhether any intelligence agency can prevent its "zero-day" stockpile from falling into the wrong handsstill haunts the security community. That wound has now been reopened, with evidence that Chinese hackers obtained and reused another NSA hacking tool years before the Shadow Brokers brought it to light.

On Monday, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group, a security industry name for the highly sophisticated hackers widely understood to be a part of the NSA. According to Check Point, the Chinese group in 2014 built their own hacking tool from EpMe code that dated back to 2013. The Chinese hackers then used that tool, which Check Point has named "Jian" or "double-edged sword," from 2015 until March 2017, when Microsoft patched the vulnerability it attacked. That would mean APT31 had access to the tool, a "privilege escalation" exploit that would allow a hacker who already had a foothold in a victim network to gain deeper access, long before the late 2016 and early 2017 Shadow Brokers leaks.

Only in early 2017 did Lockheed Martin discover Chinas use of the hacking technique. Because Lockheed has largely US customers, Check Point speculates that the hijacked hacking tool may have been used against Americans. "We found conclusive evidence that one of the exploits that the Shadow Brokers leaked had somehow already gotten into the hands of Chinese actors," says Check Point's head of cyber research Yaniv Balmas. "And it not only got into their hands, but they repurposed it and used it, likely against US targets."

When we got the results, we were in shock.

Itay Cohen, Check Point

A source familiar with Lockheed Martin's cybersecurity research and reporting confirms to WIRED that the company found the Chinese hacking tool being used in a US private sector networknot its own or part of its supply chainthat was not part of the US defense industrial base, but declined to share more details. An email from a Lockheed Martin spokesperson responding to Check Point's research states only that the company's "cybersecurity team routinely evaluates third-party software and technologies to identify vulnerabilities and responsibly report them to developers and other interested parties."

Check Point's findings aren't the first time that Chinese hackers have reportedly repurposed an NSA hacking toolor at least, an NSA hacking technique. Symantec in 2018 reported that another powerful Windows zero-day vulnerability, exploited in the NSA hacking tools EternalBlue and EternalRomance, had also been repurposed by Chinese hackers prior to their disastrous exposure by the Shadow Brokers. But in that case, Symantec noted that it didn't seem that the Chinese hackers actually gained access to the NSA's malware. Instead, it appeared they had seen the agency's network communications and reverse engineered the techniques it used to build their own hacking tool.

APT31's Jian tool, by contrast, appears to have been built by someone with hands-on access to the Equation Group's compiled program, Check Point's researchers say, in some cases duplicating arbitrary or nonfunctional parts of its code. "The Chinese exploit copied some part of the code, and in some cases they seem like they didn't really understand what they copied and what it does," says Check Point researcher Itay Cohen.

While Check Point states with certainty that the Chinese group took its Jian hacking tool from the NSA, there's some room for debate as to its origins, says Jake Williams, the founder of Rendition Infosec and a former NSA hacker. He points out that Check Point reconstructed that code's history by looking at compile times, which could be faked. There could even be a missing, earlier sample that shows the tool originated with the Chinese hackers and was taken by the NSA, or even that it started with a third hacker group. "I think they have a field-of-view bias by saying this was definitely stolen from NSA," Williams says. "But for whatever its worth, if you forced me to put money on who had it first, Id say NSA."

Read the original here:
China Hijacked an NSA Hacking Tool in 2014and Used It for Years - WIRED