Category Archives: NSA

It is hard to imagine more fitting names for code-gone-bad than WannaCry and Eternal Blue. Those are just some of the computer coding vulnerabilities pilfered from the National Security Agencys super-secret stockpile that have been used in two separate global cyber attacks in recent weeks. An attack on Tuesday featuring Eternal Blue was the second of these to use stolen NSA cyber toolsdisrupting everything from radiation monitoring at Chernobyl to shipping operations in India. Fort Meades trove of coding weaknesses is designed to give the NSA an edge. Instead, its giving the NSA heartburn. And its not going away any time soon.

As with most intelligence headlines, the story is complicated, filled with good intentions and unintended consequences. Home to the nations codebreakers and cyber spies, the NSA is paid to intercept communications of foreign adversaries. One way is by hunting for hidden vulnerabilities in the computer code powering Microsoft Windows and and all sorts of other products and services that connect us to the digital world. Its a rich hunting ground. The rule of thumb is that one vulnerability can be found in about every 2,500 lines of code. Given that an Android phone uses 12 million lines of code, were talking a lot of vulnerabilities. Some are easy to find. Others are really hard. Companies are so worried about vulnerabilities that manyincluding Facebook and Microsoftpay bug bounties to anyone who finds one and tells the company about it before alerting the world. Bug bounties can stretch into the hundreds of thousands of dollars.

Writing the Rules of Cyberwar

The NSA, which employs more mathematicians than any organization on Earth, has been collecting these vulnerabilities. The agency often shares the weaknesses they find with American manufacturers so they can be patched. But not always. As NSA Director Mike Rogers told a Stanford audience in 2014,the default setting is if we become aware of a vulnerability, we share it, but then added, There are some instances where we are not going to do that. Critics contend thats tantamount to saying, In most cases we administer our special snake bite anti-venom that saves the patient. But not always.

In this case, a shadowy group called the Shadow Brokers (really, you cant make these names up) posted part of the NSAs collection online, and now its O.K. Corral time in cyberspace. Tuesdays attacks are just the beginning. Once bad code is in the wild, it never really goes away. Generally speaking, the best approach is patching. But most of us are terrible about clicking on those updates, which means there are always victimslots of themfor cyber bad guys to shoot at.

WannaCry and Eternal Blue must be how folks inside the NSA are feeling these days. Americas secret-keepers are struggling to keep their secrets. For the National Security Agency, this new reality must hit especially hard. For years, the agency was so cloaked in secrecy, officials refused to acknowledge its existence. People inside the Beltway joked that NSA stood for No Such Agency. When I visited NSA headquarters shortly after the Snowden revelations, one public-affairs officer said the job used to entail watching the phones ring and not commenting to reporters.

Now, the NSA finds itself confronting two wicked problemsone technical, the other human. The technical problem boils down to this: Is it ever possible to design technologies to be secure against everyone who wants to breach them except the good guys? Many government officials say yes, or at least no, but In this view, weakening security just a smidge to give law-enforcement and intelligence officials an edge is worth it. Thats the basic idea behind the NSAs vulnerability collection: If we found a vulnerability, and we alone can use it, we get the advantage. Sounds good, except for the part about we alone can use it, which turns out to be, well, dead wrong.

Thats essentially what the FBI argued when it tried to force Apple to design a new way to breach its own products so that special agents could access the iPhone of Syed Rizwan Farook, the terrorist who, along with his wife, killed 14 people in San Bernardino. Law-enforcement and intelligence agencies always want an edge, and there is a public interest in letting them have it.

As former FBI Director James Comey put it, There will come a dayand it comes every day in this businesswhere it will matter a great deal to innocent people that we in law enforcement cant access certain types of data or information, even with legal authorization.

Many leading cryptographers (the geniuses who design secure communications systems) and some senior intelligence officials say that a technical backdoor for one is a backdoor for all. If theres a weakness in the security of a device or system, anyone can eventually exploit it. It may be hard, it may take time, it may take a team of crack hackers, but the math doesnt lie. Its nice to imagine that the FBI and NSA are the only ones who can exploit coding vulnerabilities for the good of the nation. Its also nice to imagine that Im the only person my teenage kids listen to. Nice isnt the same thing as true. Former NSA Director Mike Hayden publicly broke with many of his former colleagues last year. I disagree with Jim Comey, Hayden said. I know encryption represents a particular challenge for the FBI. ... But on balance, I actually think it creates greater security for the American nation than the alternative: a backdoor.

Hayden and others argue that digital security is good for everyone. If people dont trust their devices and systems, they just wont use them. And for all the talk that security improvements will lock out U.S. intelligence agencies, that hasnt happened in the 40 years of this raging debate. Thats right. 40 years. Back in 1976, during the first crypto war, one of my Stanford colleagues, Martin Hellman, nearly went to jail over this dispute. His crime: publishing his academic research that became the foundational technology used to protect electronic communications. Back then, some NSA officials feared that securing communications would make it harder for them to penetrate adversaries systems. They were right, of courseit did get harder. But instead of going dark, U.S. intelligence officials have been going smart, finding new ways to gather information about the capabilities and intentions of bad guys through electronic means.

The NSAs second wicked problem is humans. All the best security clearance procedures in the world cannot eliminate the risk of an insider threat. The digital era has supersized the damage that one person can inflict. Pre-internet, traitors had to sneak into files, snap pictures with hidden mini-cameras, and smuggle documents out of secure buildings in their pant legs or a tissue box. Edward Snowden could download millions of pages onto a thumb drive with some clicks and clever social engineering, all from the comfort of his own desktop.

There are no easy solutions to either the technical or human challenge the NSA now faces. Tuesdays global cyber attack is a sneak preview of the movie known as our lives forever after.

Talk about WannaCry.

Originally posted here:
The NSA Confronts a Problem of Its Own Making - The Atlantic

In January, Shelby rejected an attempt by the Department of Justice to dismiss the case.

In late May, a declaration by former NSA official Thomas A. Drake, affirming the allegations, was forwarded by Anderson to Justice Department attorneys.

Drake's statement contradicted assertions by Michael Hayden, the former director of the NSA, that said neither the President's Surveillance Program (PSP) nor any other NSA intelligence-gathering activity was involved in indiscriminate and wholesale surveillance in Salt Lake City or other Olympic venues during the 2002 Winter Games.

"I have reviewed the declaration of Michael V. Hayden dated March 8, 2017," Drake's statement said. "As a result of personal knowledge I gained as a long-time contractor and then senior executive (1989-2008) of the NSA, I know the statements made by Hayden in that declaration are false or, if not literally false, substantially misleading."

The NSA has the capability to seize and store electronic communications passing through U.S. intercept centers, according to the statement from Drake.

After Sept. 11, 2001, "the NSA's new approach was that the president had the authority to override the Foreign Intelligence Surveillance Act (FISA) and the Bill of Rights, and the NSA worked under the authority of the president," Drake said. "The new mantra to intercepting intelligence was 'just get it' regardless of the law."

Additional information on the NSA's intelligence-gathering came to light in 2013 when Edward Snowden, a contractor working for the agency, revealed to the Guardian newspaper the scope of U.S. and British global surveillance programs.

csmart@sltrib.com

See more here:
Utah judge orders NSA to provide documents and data on 2002 Olympic spying allegations - Salt Lake Tribune

Photo: Michael Cummo / Hearst Connecticut Media

Purdue Pharma is headquartered at 201 Tresser Blvd., in downtown Stamford, Conn.

Purdue Pharma is headquartered at 201 Tresser Blvd., in downtown Stamford, Conn.

Purdue, sheriffs association launch next phase of naloxone initiative

STAMFORD Purdue Pharma and the National Sheriffs Association announced this week the second round of a partnership that gives officers across the country overdose kits and training for the naloxone drug, which can reverse opioid overdoses.

NSA officials credit the Purdue-funded initiative with helping to save some 120 lives since its late 2015 pilot-phase launch. In the first stage, NSA officers distributed 500 naloxone kits to 12 local law enforcement agencies in several states.

The program has also allowed NSA to reach more than 600 deputies and officers through on-site training at nine law enforcement agencies across the country.

Purdue remains committed to combating opioid abuse and equipping our communities with the tools and resources they need to do so, Gail Cawkwell, Purdues chief medical officer, said in a statement. We are motivated by the results weve seen since the launch of the pilot program and are proud to continue our partnership with NSA.

Purdue, whose drugs include the opioid OxyContin, has contributed $850,000 so far to the initiative and $500,000 will support the next phase. The NSA plans to provide during the next year the Narcan nasal spray brand of naloxone and training to at least 50 law enforcement agencies across the country.

Law enforcement officers know firsthand the impact that the right tools can have in saving lives within our communities, Sheriff Keith Cain, NSA board member and chairman of the NSAs Drug Enforcement Committee, said in a statement. NSA has identified naloxone as one of the most effective weapons in our arsenal for combatting opioid overdose, and we are continuing our work to train law enforcement and implement effective solutions on a national scale.

The U.S. Department of Health and Human Services has also endorsed naloxone.

Since 1999, the national rate of overdose deaths involving opioids including prescription drugs and heroin nearly quadrupled, and more than 165,000 people have died from prescription opioid overdoses, according to an HHS factsheet.

In a May report on the initiative, the NSA pointed to the need for a comprehensive strategy for tackling the opioid epidemic that includes raising awareness about its impact and solutions that help those affected by the crisis.

We need to have a pointed discussion that regularly and openly identifies what works, what doesn't, and where communities can go for solutions, NSA officials wrote in the report. Right now, we need to come together as a country to figure out what is already working and what we can do to implement these solutions on a national scale.

While NSA praised Purdue for its support of the naloxone program, the Stamford-based pharmaceutical company also faces a wave of litigation alleging it made false claims about OxyContin that fueled the opioid crisis. During the past month, Ohios attorney general and a group of district attorneys general in Tennessee have filed such complaints. Purdue has denied those lawsuits allegations.

pschott@scni.com; 203-964-2236; twitter: @paulschott

Originally posted here:
Purdue, sheriffs association launch next phase of naloxone initiative - The Advocate

National Security Agency (NSA) Director Mike Rogers is frustrated that he has not yet convincedPresident Trump thatU.S. intelligence indicatesRussia interferedin the 2016 presidential election, CNN reported Wednesday.

Rogers vented frustration over his fruitlessefforts to lawmakers during a recent closed-door briefing on Capitol Hill,a congressional source familiar with the meeting told the news network.

The intelligence community continues to brief the president on new informationon Russia's election involvementas itcomes to light.

An intelligence official told CNN that while Trump does not seem less engaged when being briefed on the matter, he has expressed frustration outside of the briefings that too much attention is being paid to the ongoing probe into Russia's interference in the election.

Russia, as well as other countries such as China, Iran and North Korea are consideredpotential threats by U.S. intelligence.

CNN reported that other top administration officials have also tried to emphasize the importance of a foreign nation attempting to meddle in the U.S. elections.

The president has taken to social mediato criticize formerPresident Barack ObamaBarack ObamaObama ethics czar: Trump fundraiser at his DC hotel illegal Trump greeted by protesters at campaign fundraiser Six easy wins to improve transparency on Capitol Hill MORE after a bombshell report by The Washington Post revealed his predecessor was briefed about Russia's activities in August 2016 and was slow to respond.

"I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it," Trump told Fox News in an interview that aired Sunday. "To me -- in other words -- the question is, if he had the information, why didn't he do something about it? He should have done something about it."

Trump has also repeatedly called the ongoing probe into Russia and possible ties between the Kremlin and hiscampaign a "witch hunt."

More here:
NSA director frustrated Trump won't accept Russia interfered in election: report - The Hill

The group that released two vulnerabilities used in Tuesday's ransomware outbreak one of which was also used in the similarly devastatingWannaCry outbreak in May is making an effort to capitalize on the notoriety.

The ShadowBrokers, which claims to be releasing cyber weaponry stolen from the National Security Agency, announced pricing changes to a "wine of the month"-type leak program and a new "VIP" product in their attempts to monetize the hacking tools and apparent government documents in their possession.

"Another global cyber attack is fitting end for first month of theshadowbrokers dump service. There is much theshadowbrokers can be saying about this but what is point and having not already being said? So to business! Time is still being left to make subscribe and getting June dump. Dont be let company fall victim to next cyber attack, maybe losing big bonus or maybe price on stock options be going down after attack. June dump service is being great success for theshadowbrokers, many many subscribers, so in July theshadowbrokers is raising price," the ShadowBrokers wrote in an online message released early Wednesday.

The ShadowBrokers have been active since summer 2016and have over time leaked potent hacking tools that could bypass security measures in popular security hardware and Windows machines, as well as documents appearing to show the NSA hacked a Middle Eastern banking services company as a vector into its clients.

Tuesday's attack also used a second ShadowBrokers vulnerability, EternalRomance, that targets Windows XP systems as well as a hacked updating feature for Ukrainian accounting software.

The Tuesday attack did most of its damage in Ukraine and Europe, but reports of infections have spread to India, throughout Asia and in the United States. Major victims include the U.S. law firmDLA Piper, the pharmaceutical giant Merck and the Russian oil firmRosneft.

WannaCry infected hundreds of thousands of computers worldwide.

The ShadowBrokers launched its monthly subscription document leaks service this month at a price of $27,000 a month in digital currency. Their new release more than doubles the price to $61,000.

The ShadowBrokers also announced a new premium service allowing customers to make requests for assistance or specific document releases.

"For months many peoples is messaging theshadowbrokers...Do you have X or Y vulnerability? Will you hack X or Y for me? Do you have intel on X or Y organization? Do you have intel on my organization? Have I been hacked? In past theshadowbrokers is not taking request or providing individual services. This changes with VIP Service," said the ShadowBrokers.

"For one time payment of [$120,000] you getting theshadowbrokers VIP attention. VIP Service is no guarantee of future good or services, negotiation for those is being separate."

The ShadowBrokers also used their latest announcement to threaten a critic, calling out someone the group only identified as "the doctor" who posted criticaltweets online. The ShadowBrokers claim the critic left enough digital breadcrumbs to embarrass them online.

"TheShadowBrokers is thinking 'doctor' person is co-founder of new security company and is having much venture capital. TheShadowBrokers is hoping 'doctor' person is deciding to subscribe to dump service in July. If theshadowbrokers is not seeing subscription payment with corporate email address of doctor@newsecuritycompany.com then theshadowbrokers might be taking tweets personally and dumping data of 'doctor' persons hacks of China with real id and security company name," it said.

More:
Alleged NSA leakers capitalize on ransomware scare based on their wares - The Hill

One of the surveillance state's biggest cheerleaders is seeing his years of support pay off.

Two congressional sources confirmed a May meeting, where Sen. John Cornyn, (R-Tex.), a vocal supporter of the intelligence community, got a private audience with the NSA Director Adm. Michael Rogers.

Cornyn also got a private tour of the signals intelligence facility at Fort Meade, Maryland at the same time as the May meeting.

Officials "familiar with the situation" (possibly read "jealous as hell") expressed concern about Cornyn's personal NSA tour. And for good reason. If Rogers and other NSA officials were feeding Cornyn information the rest of the NSA's Congressional oversight isn't privy to, that's a problem. It's more of a problem as the date for Section 702's reauthorization approaches. And it seems even more problematic that Cornyn was given a personal walk-and-talk while oversight members were failing to get substantive answers from the DNI during a Senate hearing.

There's a long history of the IC playing favorites with oversight members (and vice versa) and a long history of those favorites withholding information from other members of Congress. This visit/personal chat may have been innocuous but given its context -- the Section 702 renewal -- it looks shady as hell.

The additional context is the DNI's office believes all is forgiven -- or at least, no longer relevant. Reversing Clapper's promise to hand in something on incidentally-collected US persons' communications, the new Director is saying that's just not going to happen.

The Foreign Policy article notes that it's common for incoming reps and senators to be given a tour and that oversight members routinely visit the NSA as part of their oversight duties, but this Cornyn-only event definitely appears to be the agency making a play for unbridled support from a powerful Senator.

Original post:
NSA Appears To Be Seducing Sen. John Cornyn With Personal Tours And One-On-One Meetings - Techdirt

The seals of the U.S. Cyber Command, the National Security Agency and the Central Security Service are pictured outside the campus the three organizations share in Fort Meade, Maryland. | Getty

By Eric Geller

06/27/2017 12:16 PM EDT

Updated 06/27/2017 05:49 PM EDT

A potent ransomware attack has gripped organizations around the world for the second time in less than two months.

And like the first outbreak in mid-May which claimed hundreds of thousands victims in a game-changing cyberattack Tuesday's outburst is spreading via a Microsoft flaw originally exposed in a leak of apparent NSA hacking tools.

Story Continued Below

The latest malicious software battered companies in Russia, Ukraine and many other countries in Europe, according to cybersecurity researchers, sending law enforcement officials scrambling and sparking fears about how the world would contain the outbreak of the malware, which locks up computer systems and demands ransom payments.

While the U.S. has been largely unscathed to this point, major multinational energy, shipping, banking, pharmaceutical and law firms, as well as government agencies, have confirmed they are fighting off cyberattacks.

Security firm Kaspersky Lab estimated it had seen 2,000 victims, and counting, throughout the day. While the estimate is significantly lower than the massive numbers tied to May's attack which relied on malware dubbed WannaCry some researchers noted technical details of the new malware that might make it harder to kill.

Researchers have also not yet linked the latest attack to any specific hacking group or nation-state, unlike May's digital ambush, which technical specialists and reportedly intelligence officials in the U.S. and U.K. traced to North Korean-backed hackers.

But security specialists have been warning for weeks that the recent WannaCry ransomware virus was only the beginning of these fast-spreading digital sieges.

WannaCry was powered by a variant of apparent NSA cyber weapons that were dumped online, raising questions about whether the secretive hacking agency should sit on such powerful tools instead of alerting companies like Microsoft to the deficiencies in their software.

Experts say hackers have likely been working to tweak the WannaCry malware, potentially allowing new versions to skirt the digital defenses that helped stall the first global assault.

Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

Indeed, the virus that proliferated Tuesday shares many similarities with WannaCry, but contains some striking differences.

For starters, Tuesday's virus proliferated using the same Microsoft Windows flaw as WannaCry, according to digital security firms Symantec and Bitdefender Labs. But researchers noted the malware is also capable of hopping around using multiple Microsoft flaws, not just the most famous one exposed in the online dump of the purported NSA cyber weapons.

Additionally, like WannaCry, this new malware demands that victims pay a ransom using the digital currency Bitcoin before their files can be unlocked. As of Tuesday evening, 32 victims had paid a ransom, with the number steadily climbing.

Unlike WannaCry, however, the rapidly spreading malware does not merely encrypt files as part of its ransom scheme. Rather, it changes critical system files so that the computer becomes unresponsive, according to John Miller, a senior manager for analysis at the security firm FireEye, which reviewed the malware.

Some researchers identified the infection as a novel variation of the so-called Petya malware, which has been around since 2016. But researchers at Kaspersky believe it is a totally new strain they are dubbing ExPetr.

A sample of the malware initially went undetected by nearly all antivirus software.

The digital weapon cloaks itself as a file that Microsoft has already approved as safe, helping it avoid detection, Costin Raiu, director of global research efforts at Kaspersky, said on Twitter.

The malware was written on June 18, according to a sample that Kaspersky has analyzed.

Most of the infections on Tuesday were in Ukraine, with Russia the next hardest hit, according to Kasperskys analysis. Russia was also a major victim during the WannaCry outbreak. Raiu told POLITICO that Belarus, Brazil, Estonia, the Netherlands, Turkey and the United States were also affected, but that those countries accounted for less than 1 percent of all victims.

A Department of Homeland Security spokesman said the agency was "monitoring reports" of the ransomware campaign and coordinating with international authorities.

Researchers suspect that Ukraine became the nexus of the outburst after companies using a popular tax program unknowingly downloaded an update that contained the ransomware. From there, the virus could have spread beyond those companies using various flaws in Windows.

The ransomware eruption may be responsible for several major cyber incidents that began Tuesday.

The global shipping and logistics firm Maersk which is based in Denmark confirmed that it was dealing with a intrusion affecting "multiple sites and business units." And the Russian oil company Rosneft said it was responding to "a massive hacker attack."

Ukraine's central bank and its capital city's main airport also said they were dealing with cyberattacks. The virus appeared to be hitting the country's government computers as well.

The cyberattack also forced the Ukraine-based Chernobyl nuclear power plant to revert to manual radiation monitoring, according to a Ukrainian journalist citing the country's state news service.

Elsewhere, the German pharmaceutical giant Merck said its network was compromised in the outbreak and that it was still investigating the incident.

A daily briefing on politics and cybersecurity weekday mornings, in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

But the U.S. has been largely spared so far.

The American Gas Association said in a statement that no U.S. natural gas utilities have reported infections.

However, in Pennsylvania, the Heritage Valley Health System which operates two hospitals and 60 physician offices said it was grappling with a cyberattack. The incident is widespread and is affecting the entire health system, said spokeswoman Suzanne Sakson.

Multinational law firm DLA Piper was also experiencing computer and phone outages in multiple offices, including in Washington, D.C. The company did not respond to a request for comment.

But a photo shared with POLITICO showed a sign outside the firm's Washington office that read, "All network services are down, do not turn on your computers! Please remove all laptops from docking stations and keep turned off. No exceptions."

DLA Pipers secure document storage system for clients also went down, though the firm may have done that as a precaution. A bit stressed at moment as I am unsure if our docs there are safe, one client told POLITICO.

Tim Starks contributed to this report.

Missing out on the latest scoops? Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

Read the rest here:
NSA-linked tools help power second global ransomware outbreak - Politico

Lawyers gather in court for the NSA contractor accused in top secret leak, Reality Winner, on June 27. Richard Miller

Attorney Titus Nichols told reporters outside court Tuesday afternoon that the discussion over the order centered on both sides knowing the rules of engagement regarding any potentially classified information.

That way if there is any type of information that is classified at any level, that everyone knows what the rules of engagement will be, so there is not going to be a risk of accidental release of information and definitely not going to be any intentional release of information thats classified, he said.

Prosecutor Jennifer Solari said during the hearing that a note pad with handwriting in Farsi was being reviewed and translated. Nichols told reporters after the hearing that the defense had not seen the notebook and thus was not able to discuss anything about it at the time.

Prosecutors are also examining two computers, hard drives, a tablet and four phones seized from Winner. They agreed to have all evidence discovery filed by August 25.

Nichols added that Winner was maintaining pretty well and that every conversation he had had with her has been positive, as his client remains in jail awaiting her trial.

Earlier this month,

Terry Pickard reported from Augusta, Georgia, and Daniella Silva reported from New York.

Read the original post:
Alleged NSA Leaker Reality Winner Appears in Federal Court, Trial Date Set - NBCNews.com

But the witnesses sidestepped Mr. Grahams question, saying only that they were working on his request. That provoked an angry intervention from the committee chairman, Senator Charles E. Grassley, Republican of Iowa, who banged his gavel and told Mr. Graham, his voice rising, I want you to proceed until you get an answer.

Mr. Graham eventually ended his questioning without getting one. But later in the hearing, Senator Richard J. Durbin, Democrat of Illinois, suggested that the senators emotion at the thought that their government could invade their privacy and use the information against them was just part of the bigger picture.

What about the privacy of the Americans who are not in this room? he asked.

The warrantless surveillance program traces back to President George W. Bushs Stellarwind program, introduced after the Sept. 11, 2001, attacks. Stellarwind permitted the National Security Agency to wiretap Americans international phone calls without the court orders required by the Foreign Intelligence Surveillance Act, or FISA, of 1978.

After it came to light, Congress legalized a form of the program in 2008 with the FISA Amendments Act. It permits the government to collect, from American internet or phone providers and without warrants, the communications of foreigners abroad who have been targeted for any foreign intelligence purpose even when they are talking to Americans.

Privacy advocates want Congress, as part of any bill extending the law, to require warrants before officials may use Americans identifiers, like their email addresses, to search the repository of messages previously collected by the program. But Stuart J. Evans, a top intelligence official at the Justice Department, testified on Tuesday that imposing such a limit would grind the entire FISA process to a halt because investigators need to quickly search a large volume of such queries to process leads, and because such queries are typically undertaken at an early stage, when investigators have not yet found evidence to establish probable cause of wrongdoing.

Several lawmakers also pressed the officials about a decision by Dan Coats, the director of national intelligence, to shelve an N.S.A. effort to estimate how much incidental collection of Americans information the program sweeps up. Bradley Brooker, the acting general counsel to Mr. Coats, said that systematically determining who is using email accounts that are not of foreign intelligence interest would invade peoples privacy and divert resources.

To underscore their message that the program is too valuable to curtail, Mr. Brooker and other officials disclosed several additional examples where the program had been useful. They included detecting an unidentified country that was smuggling goods in violation of sanctions, and finding someone in Western Europe who was talking to a member of the Islamic State about purchasing material to build a suicide belt.

Mr. Ghattas said the government had used the program to investigate Shawn Parson, a Trinidadian social media propagandist for the Islamic State whose network distributed prolific amounts of English-language recruiting pitches and calls for attacks before he was killed in Syria in August 2015.

The F.B.I. had been investigating Mr. Parson since October 2013 based on his online postings, Mr. Ghattas said, and information it shared from that collection with unspecified allies had helped them identify other Islamic State supporters and had potentially prevented attacks in those countries.

Follow Charlie Savage on Twitter @charlie_savage.

A version of this article appears in print on June 28, 2017, on Page A14 of the New York edition with the headline: Up-and-Down Hearing On Surveillance Program.

See the original post:
NSA Warrantless Surveillance Aided Turks After Attack, Officials Say - New York Times

PARIS (AP) UPDATE (1:30 p.m.):

Security experts say Tuesday's cyberattack shares something in common with last month's WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web.

Security vendors Bitdefender Labs and Kaspersky Labs say the NSA exploit, known as EternalBlue, is allowing the malware to spread inside an organization's network. Other than that, the latest malware is different from WannaCry.

Organizations should be protected if they had installed a fix that Microsoft issued in March.

But Chris Wysopal, chief technology officer at the security firm Veracode, says that's only the case if 100 percent of computers were patched. He says that if one computer gets infected, the new malware has a backup mechanism to spread to patched computers within the network as well.

Wysopal says the attack seems to be hitting large industrial companies that "typically have a hard time patching all of their machines because so many systems simply cannot have down time."

Organizations hit include the Russian oil company Rosneft and the Danish oil and shipping company AP Moller-Maersk.

_____

UPDATE (12:10 p.m.):

The second-largest drugmaker in the United States is confirming it's been affected by a cyberattack.

In a message sent using its verified Twitter account, Merck confirmed Tuesday that its computer network was "compromised" as part of a global attack.

Officials said the Kenilworth, New Jersey-based company was investigating the incident but provided no further details.

Merck has global locations including in Ukraine, where a new and highly virulent outbreak of malicious data-scrambling software causing mass disruption across Europe appeared to be hitting especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, "the whole network is down."

Dutch-based transport company TNT Express, which was taken over last year by FedEx, also said Tuesday that it is suffering computer disruptions. Spokesman Cyrille Gibot says that "like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network. We are assessing the situation and are implementing remediation steps as quickly as possible and we regret any inconvenience to our customers." He declined further comment.

_____

A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, "the whole network is down." Ukraine's prime minister said the attack was unprecedented but that "vital systems haven't been affected."

Russia's Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant A.P. Moller-Maersk.

"We are talking about a cyberattack," said Anders Rosendahl, a spokesman for the Copenhagen-based group. "It has affected all branches of our business, at home and abroad."

The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a real-world crisis. Dutch daily Algemeen Dagblaad says that container ship terminals in Rotterdam run by a unit of Maersk were also affected. Rosneft said that the company narrowly avoided major damage.

"The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system," the company said.

There's very little information about what might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.

"A massive ransomware campaign is currently unfolding worldwide," said Romanian cybersecurity company Bitdefender. In a telephone interview, Bitdefender analyst Bogdan Botezatu said that he had examined samples of the program and that it appeared to be nearly identical to GoldenEye, one of a family of hostage-taking programs that has been circulating for months.

It's not clear whether or why the ransomware has suddenly become so much more potent, but Botezatu said that it was likely spreading automatically across a network, without the need for human interaction. Self-spreading software, often described as "worms," are particularly feared because they can spread rapidly, like a contagious disease.

"It's like somebody sneezing into a train full of people," said Botezatu. "You just have to exist there and you're vulnerable."

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

This particular variant of ransomware leaves a message with a contact email; several messages sent to the address were not immediately returned.

___ Vladimir Isachenkov in Moscow and Jan M. Olsen in Copenhagen, Denmark contributed to this report.

Read this article:
New cyberattack uses same NSA-developed exploit - WHSV.com - WHSV