Category Archives: NSA

Its been a tough year for the National Security Agency (NSA), and hacking group Shadow Brokers is responsible for much of the trouble. Over the past few months, theyve leaked more than a few implants the NSA term for malware code developed by the agency.

Recently, the agencys DOUBLEPULSAR tool was used to help spread the massive malware attack WannaCry. Bleeping Computer noted that its now on the hunt again, this time digging in with a Monero cryptocurrency miner on PCs running unsecured Server Message Block (SMB) devices.

According to the International Business Times, the new malware strain goes by the unassuming name Trojan.BtcMine.1259. First detected by Russian antivirus firm Dr. Web, the attack targets computers running unsecured SMB protocols and downloads a malware loader onto the machine. It then scans for minimal kernel threads. If PCs have enough resource room to spare, the download grabs the cryptocurrency miner and goes to work.

Based on current infection data, according to the International Business Times, researchers believe the new malware strain leverages DOUBLEPULSAR to gain access, parts of the Ghost RAT library to communicate with its command-and-control (C&C) server and other malware variants to carry out its attack. Once compromised, victim PCs mine Monero currency in the background and send the proceeds back to cybercriminals.

Why Monero? As Live Bitcoin News explained, this cryptocurrency is among the fastest-growing in the digital money market. It presents an ideal opportunity for fraudsters looking to avoid the scrutiny that comes with more traditional bitcoin transactions.

Updating to the latest Windows version should protect corporate devices from this newest attack. While DOUBLEPULSAR infections peaked at 100,000 in early April, the number fell to just 16,000 this month thanks to the MS17-010 patch, Bleeping Computer reported.

DOUBLEPULSAR isnt the first NSA tool leaked by the Shadow Brokers. In April, the group also released the EternalBlue exploit, which was used to carry out surveillance activities, according to ZDNet. It was subsequently adopted by fraudsters to attack targets in Singapore using the Ghost RAT Trojan and other parts of South Asia using Backdoor.Nitol.

This exploit also leveraged SMB vulnerabilities and is rendered useless by proper Windows patching. Since many PCs arent regularly updated or run older versions of the OS no longer covered by Windows support, however, CyberScoop argued that the tool will be used for years to come by both sophisticated cybercriminals and amateurs.

As Bob Wandell, former information assurance chief of the U.S. Department of Defense (DoD), explained to CyberScoop, The payloads that can be loaded onto EtnernalBlue are boundless and uniformly malicious.

Even government-built malware isnt safe from theft and compromise. Exploits such as EternalBlue give cybercriminals long-term access options, while backdoors such as DOUBLEPULSAR provide ways for attackers to jump on the newest malware bandwagon: background cryptocurrency mining.

Fraudsters will take what they can get. Theyll innovate if needed, but they prefer to leverage tools from other sources that can quickly compromise thousands of machines.

Its another case study for regular security updates and continual monitoring of network services. Supposed IT safety only lasts until attackers discover how to break down the door, steal the key or dig a tunnel.

Read the original:
Cryptocurrency Miner Digging Into PCs Based On NSA Exploit - Security Intelligence (blog)

CNNs claiming Democratic and Republican sources for this, but even if its gospel truth, I cant imagine itll do Trump any (further) damage on Russiagate. WaPo first reported a few weeks ago that he asked DNI Dan Coats and NSA chief Mike Rogers to intervene with Comey to try to get the FBI to back off its Russia investigation. The idea that the president might have tried to enlist one part of the intelligence community to slow down a federal probe being conducted by another part is a serious charge.

But CNN doesnt repeat that charge. They claim that Coats and Rogers told Bob Mueller and the Senate Intel Committee behind closed doors (after their famous public testimony) that Trump asked them only to speak up publicly and affirm that theres no evidence that he personally colluded with Russia. If you strain hard, you can try to stretch that into some sort of obstruction ploy Comey had refused to clear Trump publicly, after all, because the FBI investigation was still ongoing but no average voter is going to fault Trump for feeling exasperated that his deputies wouldnt lift the cloud of suspicion over him if they had reason to believe hes been falsely accused. If they thought that he had colluded and then he asked him to lie and say that he hadnt, obviously that would be a different matter. But if all he was asking was for them to tell the exculpatory truth and if it really was a request, not a direct order then whats the red-letter scandal in his interactions with Coats and Rogers?

Coats and Rogers also met individually last week with the Senate intelligence committee in two closed briefings that were described to CNN by Democratic and Republican congressional sources. One source said that Trump wanted them to say publicly what then-FBI Director James Comey had told the President privately: that he was not under investigation for collusion. However, sources said that neither Coats nor Rogers raised concerns that Trump was pushing them to do something they did not want to do. They did not act on the Presidents alleged suggestion

One congressional source expressed frustration that Coats and Rogers didnt answer the questions in public, especially since what they ended up expressing in private was that they did not feel that the President pressured either of them to do anything improper.

Rogers interaction with the President is also documented in a memo written by his deputy at the NSA, Richard Ledgett.

Coats and Rogers each found Trumps request odd and uncomfortable, in CNNs words, but evidently neither believed he crossed a line. And theres no claim here that he ordered or even asked them to lean on Comey on his behalf. He wanted them to clear his name after having been told repeatedly by Comey that he wasnt personally a target of the FBI investigation. That may not have been proper protocol but everyone can sympathize with the impulse.

By the way, tomorrows the deadline for the White House to turn over any Oval Office recordings of Trump and Comey. If Trump ignores it, whats the House Intel Committees next move?

[E]ven with a subpoena, the panel stands little chance of actually compelling Trump to turn over anything he doesnt voluntarily want to produce, according to legal experts, setting lawmakers up for a high-stakes choice: Let it go, and look like they are giving the president a pass; or pursue the subpoena, and risk exposing the legislative branchs weakness in the midst of a historic probe of the president

There are exemptions for federal officials claiming executive privilege on behalf of the president and no figure in the White House is closer to the president than than the president himself. Congress can try to circumvent that hurdle by passing what is known as a contempt resolution ordering the matter to a court but against a Republican president, that is a tall order in a GOP-led Congress.

The best-case scenario for the Committee is that they somehow get Paul Ryan to go along with a contempt resolution and the court battle over whether executive privilege entitles Trump to withhold any recordings drags on for years. That is to say, this is less a matter of squeezing evidence out of Trump than it is a test of Republican loyalty to the president. Will they challenge him by issuing a subpoena, knowing that if they win in court, the audio could further damage Trumps presidency and their own electoral chances, or will they roll over by refusing to issue a subpoena, leaving potential evidence of obstruction untouched? Theres going to be a court fight over the tapes between Mueller and the White House eventually, I assume. Maybe thatll be the House GOPs out: If Muellers going to take this on, why do we have to get in the middle of it?

The likeliest outcome here, actually, will be the White House declaring tomorrow that there are no tapes of Trump and Comey. Newt Gingrich hinted to the AP in an interview that he thinks Trumps tweet about Oval Office tapes was a bluff, designed to rattle a political enemy much as Trumps foray into Birtherism was designed to rattle Obama. Well see.

Read the original post:
Report: DNI, NSA chief told Mueller that Trump asked them to say publicly that there was no collusion with Russia - Hot Air

Despite attempts to bolster security at the NSA following Edward Snowden's leaks, a new report indicates gaps remain.

A number of initiatives to strengthen security were mandated at the National Security Agency (NSA) following the leaks by Edward Snowden of 1.5 million documents, but implementation of those procedures lacked teeth, according to a report by the Department of Defense (DoD).

The 61-page report from the DoD's inspector general on the NSA's putting into practice of the Secure-the-Net (STN) initiative, faults the agency and, as security intelligence expert Christopher Burgess, writing for Sophos's Naked Security blog puts it, "the only image one can conjure up is that of the Katzenjammer Kids running amok."

Once the insider risk was presented by Snowden's leaks, the STN initiative was put into place offering 40 recommendations focused on insider threats to NSA systems, data and infrastructure.

Among that group of 40, seven directives specifically addressed secure network access, protect against insider threats and provide increased oversight of the personnel with privileged access.

The seven STN initiatives were:

The report from the DoD examined the NSA's progress in putting these seven recommendations into place, based on its study between January and July 2016 of four facilities.

The DoD report, acquired by The New York Times under a FOIA request, "takes the NSA to the woodshed," Burgess wrote. While the NSA did attempt to implement the recommendations, it failed to do an effective job in carrying out implementation, Burgess said.

The NSA only partially got some operations in place, the report explained. One example regarded two-factor authentication, which was implemented for system administrators but not for others with credentials for privileged access (which was how Snowden was able to exfiltrate data).

Perhaps even more critical, the report found that the NSA could not determine who had elevated access privileges. In light of Snowden's actions and then the later acquisition by the Shadow Brokers of NSA materials, there is lax security within the agency, the DoD report stated.

The tightening up of its operations was the intent of the STN initiatives. While Burgess, a former CIA operations officer, said some good resulted primarily an insider threat program initiated at all facilities insiders are still capable of harvesting NSA data, as evidenced by the arrest in May of Reality Winner, another NSA contractor, who used her privileged access to remove NSA material regarding Russian interference in the U.S. presidential election and then provided it to the media.

"Reality Winner did not have need-to-know access," Burgess told SC Media on Wednesday. He pointed to one of the recommendations included in the seven STN initiatives: Oversee privileged user activities. Winner had privileged access, Burgess explained, but had no need to know about Russian meddling in the presidential election.

"Had monitoring activity been in place," Burgess said, "she would have been detected."

Clearly, Burgess concluded, some tweaking is still needed to the NSA's STN program to plug insiders' capabilities.

See more here:
DoD faults NSA for lax security implementations, Sophos report - SC Magazine

The WCry ransomware worm has struck again, this time prompting Honda Company to halt production in one of its Japan-based factories after finding infections in a broad swath of its computer networks, according to media reports.

Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that theWCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch thatMicrosoft released in March.

In May, it was hard to excuse so many companies not yet applying a two-month-old patch to critical systems that were vulnerable to advanced NSA exploit code put into the public domain. The failure is even harder to forgive five weeks later, now that WCry's wake of destruction has come into full view.

Continue reading here:
Honda shuts down factory after finding NSA-derived Wcry in its networks - Ars Technica

VR Systems provides voter registration software and hardware to elections offices in eight states. Courtesy of VR Systems hide caption

VR Systems provides voter registration software and hardware to elections offices in eight states.

The Florida elections vendor that was targeted in Russian cyberattacks last year has denied a recent report based on a leaked National Security Agency document that the company's computer system was compromised.

The hackers tried to break into employee email accounts last August but were unsuccessful, said Ben Martin, the chief operating officer of VR Systems, in an interview with NPR. Martin said the hackers appeared to be trying to steal employee credentials in order to launch a spear-phishing campaign aimed at the company's customers.

VR Systems, based in Tallahassee, Fla., provides voter registration software and hardware to elections offices in eight states.

"Some emails came into our email account that we did not open. Even though NSA says it's likely that we opened them, we did not," Martin says. "We know for a fact they were never opened. They did not get into our domain."

VR Systems COO Ben Martin told NPR that no elections vendor would send customers software updates once voting had begun, which it had in this case. Dina Ivory/Courtesy of VR Systems hide caption

Instead, Martin said, the company isolated the suspicious emails and alerted law enforcement authorities, who it was already working with because of two attempts to break into state voter registration databases earlier last summer.

The NSA document said that at least one of the company's email accounts was "likely" compromised based on information uncovered later in the spear-phishing campaign. That attack took place days before the November election and involved fake emails sent to as many as 122 local election officials in an apparent effort to trick them into opening attachments containing malicious software.

"They tried to pretend to be us to leverage our relationship with our customers," said Martin.

But Martin noted that while the NSA says the emails were made to look as if they came from VR Systems, they were sent from a phony email address vr.elections@gmail.com. He said his company does not use Gmail and never sends its customers documents in the form of email attachments. He added that no elections vendor would send customers software updates once voting had begun, which in this case it had.

"That's why I believe most of our customers knew immediately that this was bogus," said Martin. The company was alerted to the fake emails by one of its customers, and Martin said it immediately warned its other customers. So far, there is no evidence that any of the recipients opened the attachments or had their systems infected with the malicious software.

Still, cybersecurity experts say the attempted attacks are a clear sign of Russian interest in interfering with U.S. elections either by manipulating votes or causing chaos at the polls. Some have warned that vendors might be exploited to gain access to local or state voting systems.

In this case, the NSA report concluded that the purpose of the malicious software was "to establish persistent access or survey the victim for items of interest to the threat actors." While last year's attacks appeared to only involve voter registration systems, some experts say such systems can be used as a gateway to actual voting machines.

The Senate and House intelligence committees will explore Russia's efforts to interfere in U.S. elections last year and how to prevent future attacks at two hearings on Wednesday. Former Secretary of Homeland Security Jeh Johnson will appear before the House committee. The Senate panel will hear from current U.S. intelligence officials and state election experts.

Original post:
Despite NSA Claim, Elections Vendor Denies System Was Compromised In Hack Attempt - NPR

When Edward Snowden walked out of the NSA in 2013 with thumb drives full of its most secret files, the agency didn't have a reliable list of peoplelike Snowdenwho had privileged access to its networks. Nor did it have a reliable list of those who were authorized to use removable media to transfer data to or from an NSA system.

That's one of the alarming revelations in a Department of Defense Inspector General report from last year. The report, which was ordered by Congress, reviewed whether the NSA had completed some of the most important initiatives it has started in response to the Snowden leak to make its data more secure. The New York Times obtained the DOD IG report via FOIA.

The most shocking detail in the report is that even at the new National Security Agency data center in Utah, "NSA did not consistently secure server racks and other sensitive equipment" in data centers and machine rooms. At the Utah Data Center and two other facilities, the report stated, "we observed unlocked server racks and sensitive equipment." The finding that the NSA wasn't locking down all its server racks was first disclosed and reported in a House Intelligence Committee Report on Edward Snowden's leaks released in December.

But the more fundamental problem revealed in the report is that the NSA has done little to limit the number of people who have access to what are supposed to be the most protected hardware the NSA has.

The IG report examined seven of the most important out of 40 "Secure the Net" initiatives rolled out since Snowden began leaking classified information. Two of the initiatives aspired to reduce the number of people who had the kind of access Snowden did: those who have privileged access to maintain, configure, and operate the NSA's computer systems (what the report calls PRIVACs), and those who are authorized to use removable media to transfer data to or from an NSA system (what the report calls DTAs).

The government's apparent lack of curiosity is fairly alarming

But when DOD's inspectors went to assess whether NSA had succeeded in doing this, they found something disturbing. In both cases, the NSA did not have solid documentation about how many such users existed at the time of the Snowden leak. With respect to PRIVACs, in June 2013 (the start of the Snowden leak), "NSA officials stated that they used a manually kept spreadsheet, which they no longer had, to identify the initial number of privileged users." The report offered no explanation for how NSA came to no longer have that spreadsheet just as an investigation into the biggest breach thus far at NSA started. With respect to DTAs, "NSA did not know how many DTAs it had because the manually kept list was corrupted during the months leading up to the security breach."

There seem to be two possible explanations for the fact that the NSA couldn't track who had the same kind of access that Snowden exploited to steal so many documents. Either the dog ate their homework: Someone at NSA made the documents unavailable (or they never really existed). Or someone fed the dog their homework: Some adversary made these lists unusable. The former would suggest the NSA had something to hide as it prepared to explain why Snowden had been able to walk away with NSA's crown jewels. The latter would suggest that someone deliberately obscured who else in the building might walk away with the crown jewels. Obscuring that list would be of particular value if you were a foreign adversary planning on walking away with a bunch of files, such as the set of hacking tools the Shadow Brokers have since released, which are believed to have originated at NSA.

NSA headquarters in Maryland. Image: MJB/Flickr

The government's apparent lack of curiosityat least in this reportabout which of these was the case is fairly alarming, because it is a critically important question in assessing why NSA continues to have serious data breaches. For example, it would be important to know if Hal Martin, the Booz Allen Hamilton contractor accused of stealing terabytes of NSA data in both hard copy and digital form, showed up on these lists or if he simply downloaded data for decades without authorization to do so.

Even given the real concern that Russia or someone else might have reason to want to make the names of PRIVACs and DTAs inaccessible at precisely the time the NSA reviewed the Snowden breach, the NSA's subsequent action does provide support for the likelihood the agency itself was hiding how widespread PRIVAC and DTA access was. For both categories, DOD's Inspector General found NSA did not succeed in limiting the number of people who might, in the future, walk away with classified documents and software.

With PRIVACs, the NSA simply "arbitrarily" removed privileged access from some number of users, then had them reapply for privileged access over the next 3 months. The NSA couldn't provide DOD's IG with "the number of privileged users before and after the purge or the actual number of users purged." After that partial purge, though, NSA had "a continued and consistent increase in the number of privileged users."

As with PRIVACs, the NSA "could not provide supporting documentation for the total number of DTAs before and after the purge" and so was working from an "unsubstantiated" estimate. After the Snowden leak, the NSA purged all DTAs and made them reapply, which they did in 2014. The NSA pointed to the new number of DTAs and declared it a reduction from its original "unsupported" estimate. When asked how it justified its claim that it had reduced the number of people who could use thumb drives with NSA's networks when it didn't know how many such people it had to begin with, the NSA explained, "although the initiat[iv]e focused on reducing the number of DTA, the actions taken by NSA were not designed to reduce the number of DTAs; rather they were taken to overhaul the DTA process to identify and vet all DTAs." The IG Report notes that the NSA "continued to consistently increase the number of DTAs throughout the next 12 months."

When, in 2008, someone introduced a worm into DOD's networks via a thumb drive, it decreed that it would no longer use removable media. Then, after Chelsea Manning exfiltrated a bunch of documents on a Lady Gaga CD, the government again renewed its commitment to limiting the use of removable media. This report reveals that only in the wake of the Snowden leaks did the NSA get around to developing a vetted list of those who could use thumb drives in NSA's networks. Yet as recently as last year, Reality Winner (who, as an Air Force translator, was presumably not a privileged access user at all) stuck some kind of removable media into a Top Secret computer, yet the government claims not to know what she downloaded or whether she downloaded anything at all (it's unclear whether that Air Force computer came within NSA's review).

When contacted with specific questions about its inability to track privileged users, the NSA pointed to its official statement on the DOD IG Report. "The National Security Agency operates in one of the most complicated IT environments in the world. Over the past several years, we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock." The Office of Director of National Intelligence did not immediately respond with comment to my questions.

Yet this issue pertains not just to the recent spate of enormous data breaches, which led last month to the worldwide WannaCry ransomware attack using NSA's stolen tools. It also pertains to the privacy of whatever data on Americans the NSA might have in its repositories. If, three years after Snowden, the NSA still hasn't succeeded in limiting the number of people with the technical capability to do what he did, how can NSA ensure it keeps Americans' data safe?

Read more:
The NSA Has Done Little to Prevent the Next Edward Snowden ... - Motherboard

Oversight

The National Security Agency is still not fully implementing all necessary security protocols to minimize the potential of another Edward Snowden-like data breach, according to a newly declassified 2016 Pentagon watchdog report.

In the wake of the Snowden breach, the NSA outlined 40 privileged-access Secure-the-Net initiatives designed to guard against insider threats by tightening controls over data and monitoring of user access.

The Defense Department's Office of the Inspector General audited seven of the STN protocols and found that the NSA implemented or partially implemented four of the audit sample. Those related to developing a new system administration model, assessing the number of systems administrators, implementing two-stage authentication controls and deploying two-person access controls.

According to the heavily redacted report, the NSA culled the number of systems administrators and implemented a tiered system to take away privileged access from those who do not require it.

The report states the NSA only partially implemented two-stage authentication and two-person access controls and did not consistently secure server racks and other sensitive equipment in data centers and machine rooms.

The three audit initiatives where the NSA missed the mark were in reducing the number of privileged users and data transfer agents as well as fully implementing technology to oversee privileged-user activities.

NSA did not effectively implement the three initiatives because it did not develop an STN strategy that detailed a structured framework and methodology to implement the initiatives and measure completeness, states the audit. As a result, NSAs actions to implement STN did not fully meet the intent of decreasing the risk of insider threats to NSA operations and the ability of insiders to exfiltrate data.

The report states that prior to 2013, the NSA did not know how many privileged users and data transfer agents it had, and that throughout 2014 the number of DTAs actually increased.

The report acknowledges that it is not possible to protect against all insider threats, but stresses that NSA must at least implement all of its own stated protocols.

Although the NSA worked in a fluid situation, NSA should have developed a strategy that detailed a structured framework and methodology for implementing STN to ensure its actions were effective in mitigated vulnerabilities exploited during the security breach, the report states.

The NSAs woes did not end with the Snowden breach. In August 2016, a cryptic group or individual going by the name TheShadowBrokers announced it had acquired a trove of NSA hacking tools and has since been leaking some of the data in an attempt to seduce buyers to pay for the remaining stash.

It is still not clear whether the so-called ShadowBrokers obtained the data through an insider.

The DOD OIG report made three recommendations -- all of which were fully redacted -- and according to the document, the NSA agreed with the recommendations.

The NSA responded to questions about the audit from FCW with an email statement.

The National Security Agency operates in one of the most complicated IT environments in the world, the NSA stated. Over the past several years, we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock.

According to the statement, the NSA has undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the Intelligence Community.

NSA has never stopped seeking and implementing ways to strengthen both security policies and internal controls, the statement concluded.

About the Author

Sean Carberry is an FCW staff writer covering defense, cybersecurity and intelligence. Prior to joining FCW, he was Kabul Correspondent for NPR, and also served as an international producer for NPR covering the war in Libya and the Arab Spring. He has reported from more than two-dozen countries including Iraq, Yemen, DRC, and South Sudan. In addition to numerous public radio programs, he has reported for Reuters, PBS NewsHour, The Diplomat, and The Atlantic.

Carberry earned a Master of Public Administration from the Harvard Kennedy School, and has a B.A. in Urban Studies from Lehigh University.

Go here to read the rest:
Watchdog: NSA needs to boost insider-threat protocols - FCW.com

The National Society of Accountants and their Scholarship Foundation announced this week that 30 students have been awarded this year's annual scholarships, receiving $37,950 in all.

This year's scholarships ranged from $500 - $3,000. Undergrad and graduate students were chosen based on their notable academics, leadership, activities on and off campus, career goals, and individual financial need.

These students are the best and brightest candidates working to earn accounting degrees, stated NSA Scholarship Foundation president Sharon Cook. We are pleased to support them and look forward to having them join the accounting profession.

The NSA's Scholarship Foundation has now provided over $1 million to students pursuing an accounting career since its inception in 1969.

Below are the 2017 scholarship winners, listed alongside their current universities, NSA Affiliated Organization or scholarship, and scholarship value:

For more information on the NSA's Scholarship Foundation, head to organization's site here.

Sean McCabe is a senior editor with Accounting Today.

See original here:
NSA Scholarship Foundation names 2017 recipients - Accounting Today

Circa News has been covering the alleged abuses of the intelligence community against Americans. They noted how the unmasking protocol for intercepts collected by the National Security Agency changed under the Obama administration, supposedly to better catch terrorists prepping for lone wolf attacks, could open Americans up to political espionage. Then, they wrote about how the FBI may have illegally shared spy data on Americans with unauthorized parties who did not have clearance to view such information. The Foreign Intelligence Surveillance Court (FISA) wrote a ten-page ruling listing hundreds of privacy violations committed by the FBI when gathering information during the tenure of then-FBI Director James Comey. Now, a former NSA contractor has filed a lawsuit against James Comey, allegedly a covering up the illegal methods that are being used to monitor Americans and violate their constitutional privacy rights. Once again, John Solomon and Sara Carter were on the case.

The contractor Dennis Montgomery reportedly took multiple hard drives containing 600 million classified documents to prove how the intelligence community is violating Americans privacy. He was granted immunity, but the FBI never followed through. The FBI has documentation of them taking possession of the hard drives. Montgomery alleges that over 20 million Americans identities were illegally unmasked:

A former U.S. intelligence contractor tells Circa he walked away with more than 600 million classified documents on 47 hard drives from the National Security Agency and the CIA, a haul potentially larger than Edward Snowden's now infamous breach.

And now he is suing former FBI Director James Comey and other government figures, alleging the bureau has covered up evidence he provided them showing widespread spying on Americans that violated civil liberties.

The suit, filed late Monday night [June 12] by Dennis Montgomery, was assigned to the same federal judge who has already ruled that some of the NSA's collection of data on Americans violates the U.S. Constitutions Fourth Amendment, setting up an intriguing legal proceeding in the nations capital this summer.

Montgomery says the evidence he gave to the FBI chronicle the warrantless collection of phone, financial and personal data and the unmasking of identities in spy data about millions of Americans, This domestic surveillance was all being done on computers supplied by the FBI," Montgomery told Circa in an interview. "So these supercomputers, which are FBI computers, the CIA is using them to do domestic surveillance."

[]

Montgomery alleges that more than 20 million American identities were illegally unmasked - credit reports, emails, phone conversations and Internet traffic, were some of the items the NSA and CIA collected.

He said he returned the hard drives to the FBI, a fact confirmed in government documents reviewed by Circa.

As Congress wallows in Russian collusion hysteria, maybe they should also put these under the microscope since a) its more grounded in reality; and b) there appears to be an actual paper trail.

Go here to see the original:
ICYMI: Former NSA Contractor Sues James Comey, Alleges Cover Up Of Spy Activities On Over 20 Million Americans - Townhall

It appears the NSA hasn't learned much since Ed Snowden left with several thousands of its super-secret documents. Agency officials were quick to claim the leaks would cause untold amounts of damage, but behind the scenes, not much was being done to make sure it didn't happen again.

A Defense Department Inspector General's report obtained via FOIA lawsuit by the New York Times shows the NSA fell short of several security goals in the post-Snowden cleanup. For an agency that was so concerned about being irreparably breached, the NSA still seems primed for more leakage. Charlie Savage reports:

The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Departments inspector general completed in 2016. The report was classified at the time and made public in redacted form this week in response to a Freedom of Information Act lawsuit by The New York Times.

The agency also failed to meaningfully reduce the number of officials and contractors who were empowered to download and transfer data classified as top secret, as well as the number of privileged users, who have greater power to access the N.S.A.s most sensitive computer systems. And it did not fully implement software to monitor what those users were doing.

Let's not forget the NSA wants to be engaged in ensuring the cybersecurity of the nation. It's repeatedly asked for more power and a better seat in the CyberWar room. But it doesn't even take its OWN security seriously. The NSA told its oversight it was engaging in 40 "Secure the Net" initiatives, directly after the first Snowden leak. Two years later, it told Congress it had completed 34 of 40 STN initiatives. The term "completion" apparently has multiple definitions, depending on who's using the word. The IG sampled only seven of the initiatives and found four were mostly done and three were nowhere near completed. Extrapolating from the sampling, it's safe to assume the NSA's internal security efforts are only slightly more than half-baked.

The three the NSA failed to implement are of crucial importance, especially if it's looking to keep its in-house documents safe at home. From the report [PDF]:

NSA officials did not effectively implement three PRIVAC [Privileged Access]-related STN initiatives:

- fully implement technology to oversee privileged user activities;

- effectively reduce the number of privileged users; and

- effectively reduce the number of authorized DTAs [Data Transfer Agents].

First off, the NSA -- prior to the Snowden leaks -- had no idea how many users had privileged access. Post-Snowden, things hardly improved. Considering the tech capabilities of the agency, it's incredibly amusing to see how the NSA "tracked" privileged users.

NSA officials stated they used a manually kept spreadsheet, which they no longer had, to identify the initial number of privileged users.

Pretty much useless, considering this number the NSA couldn't verify (thanks to its missing spreadsheet) was supposed to be used to establish a baseline for the planned reduction in privileged users. Despite missing this key data, the NSA moved ahead, "arbitrarily revoking access" and asking users to reapply for privileged status. It then reported a reduction by citing the number of users it denied restoration of access privileges. It did not factor in any new users it granted privileged access to or tally up the number of accounts it never bothered to revoke.

As the fully-redacted chart presumably points out (according to the text above it), the NSA had a "continued and consistent increase in the number of privileged users once the [redacted] enrollment process began."

The NSA also claimed it had reduced the number of DTAs. And again, the NSA had no receipts.

Although repeatedly requested, NSA officials could not provide supporting documentation for the total number of DTAs before and after the purge or the actual number of users purged.

The NSA's objectively-terrible internal controls (again) ensured no number could be verified.

NSA did not know how many DTAs it had because the manually kept list was corrupted during the months leading up to the security breach.

The NSA handled these missing numbers the same way it had privileged users: it made up a new baseline, arbitrarily decided it could show a downtrend in DTAs, and delivered this as "proof" of another completed security initiative.

The report points out repeatedly the NSA's failure to provide documentation backing its STN claims -- either from before the initiatives took force or after they supposedly hag been completed. The IG's comments note the NSA's response to the report ignored its detailed description of multiple failures in order to spin this as a "win" for the agency.

Although the Director, Technology Directorate NSA/CSS Chief Information Officer, agreed, he did not address all the specifics of the recommendation. Therefore, we request that the director provide additional comments on the final report that identify specific actions NSA will take.

Here's how the NSA portrayed the report's findings:

While the Media Leak events that led to Secure the Net (STN) were both unforeseen and serious, we consider the extensive progress we made in a short time to be a "good news" story.

Sure, if you consider a half-done job securing NSA assets to be "good news," rather than just an ongoing series of security holes left halfway unplugged while agency officials testify before Congressional oversight in front of a "MISSION ACCOMPLISHED" banner backdrop.

Read more:
Oversight Report Shows NSA Failed To Secure Its Systems Following The Snowden Leaks - Techdirt