Category Archives: NSA

The United States cyber defense capability is terrible its wholly inadequate, the former head of the National Security Agency said Friday in a speech at Duke.

Gen. Keith Alexander, former commander of U.S. Cyber Command and former director of the National Security Agency (NSA) under Presidents Bush and Obama, said the nations cyber offense is solid. But the U.S. needs to improve defensive capabilities to protect against the growing threats from outside the country, especially against businesses.

Over the last decade cyber has become an element of national power used by us and by our adversaries. We need the defensive architecture that allows industry to defend itself long enough for government to (then) come in and help, Alexander told an audience Friday night at Gross Hall.

He called for a real-time system in which companies can jointly monitor attacks and block them instead of largely fending for themselves.

That which we store our wealth on is also the biggest vulnerability we have, Alexander said. Its not going to go away. ... We need to fix the defense.

Alexander was head of U.S. Cyber Command from 2010-2014 and director of the National Security Agency and chief of Central Security Service from 2005-2014.

Hes now CEO and president of IronNet Cybersecurity, a company that provides strategic vision to corporate leaders on cybersecurity issues.

During the roughly 90-minute talk at Duke, Alexander shared insider stories, praised the work of NSA staff, took questions from the audience and made numerous jokes (i.e., he got the NSA job because selection was alphabetical.)

Along with a stronger cyber defense alliance between government and business, Alexander said terrorist groups like ISIS should not be allowed to use online platforms to recruit and share information on how to make explosives.

Id take them off the Internet, he said. Freedom of speech is for us, its not for bad guys.

The current tensions with North Korea could also spark cyberwarfare, he said.You can bet North Korea and others who get in a dustup with us are going to use cyber against us, he said.

One way to deter such attacks is to make it clear the United States will respond decisively, perhaps even militarily. Alexander said the current administration leans on the side of taking action rather than just talking about it.

Asked about shaky security information on which the U.S. based its invasion of Iraq, Alexander said hindsight is 20-20, but noted Iraq had used chemical weapons in the past. He added that dismissing the Iraqi military after the invasion was a huge mistake.

Host Patrick Duddy, senior advisor for global strategy in the Duke University Office of Global AffairsandU.S. ambassador to Venezuela from 2007-10, said he, Alexander and Secretary of Defense James Mattis were classmates at the National War College.

Duddy asked Alexander about whether the United States Foreign Intelligence Surveillance Court -- or FISA Court -- which oversees requests for surveillance warrants against foreign spies inside the United States, provides adequate oversight on the intelligence agencies.

They dont roll over, theyre tough, Alexander said of the 11 federal judges.

As for allegedly listening to citizens phone calls, Alexander said the agency monitors to and from phone numbers for possible terrorist connections, not content. First and foremost, our government is here to protect you, not to listen to your phone calls and read your emails, he said.

Alexander said former NSA contractor Edward Snowden, who shared some of the most deeply held secrets of the agency, did huge damage to the nations national security. He added that Russia, where Snowden is in exile, may have played a role in Snowdens actions.

He also offered encouragement to his mostly student audience. Noting the exponential advances in technology since the introduction of the iPhone 10 years ago, Alexander said: Were going to solve cancer in your lifetime because of these (technological) breakthroughs, he said.

The talk was part of a new speaker series at Duke on the challenges of global governance, funded by the Ambassador Dave and Kay Phillips Family International Lectureship.

Read the original post:
US Cyber Defense 'Terrible,' Former NSA Director Says - Duke Today

Summer is coming, and for many girls and boys it means a couple of weeks at summer camp.

This year will mark the fourth year the National Security Agency and the National Science Foundation team up to sponsor GenCyber camps across the country.

The camps are free, and they are open to students and teachers at the K-12 level both for girls and boys, though some specify girls only.

Launched in 2015, the agencies are preparing for another round of teaching and learning this summer.

One of the goals is to inspire girls to consider a STEM career. STEM, of course, stands for science, technology, engineering and math. Another goal is to ensure there are enough cybersecurity experts to fill the expected need.

Our vision is for the GenCyber program to be part of the solution to the Nation's shortfall of skilled cybersecurity professionals, the GenCyber site states.

The NSA puts it this way on its site:

Ensuring that enough young people are inspired to direct their talents in this area is critical to the future of our countrys national and economic security as we become even more reliant on cyber-based technology in every aspect of our daily lives.

According to NSA officials. the supply of cybersecurity professionals has fallen far short of demand, with some studies estimating the gap being as large as 600,000 professionals needed to meet demand.

The stated goals of the program are to help all students understand correct and safe on-line behavior, increase diversity and interest in cybersecurity and careers in the cybersecurity workforce of the nation, and improve teaching methods for delivering cybersecurity content in K-12 computer science curricula.

Twitter: @Bernie_HITN Email the writer: bernie.monegain@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Read the rest here:
NSA summer camp aims to inspire kids to pursue cybersecurity ... - Healthcare IT News

Enlarge / A script scanning the Internet for computers infected by DoublePulsar. On the left, a list of IPs Shodan detected having the backdoor installed. On the right are pings used to manually check if a machine is infected.

Security experts believe that tens of thousands of Windows computers may have been infected by a highly advanced National Security Agency backdoor. The NSA backdoor was included in last week's leak by the mysterious group known as Shadow Brokers.

A map of affected countries.

Below0day

Countries most affected based on IP addresses returned in a scan performed by Below0day.

Below0day

Partial results of a Below0day scan.

Below0day

Not everyone is convinced the results are accurate. Even 30,000 infections sounds extremely high for an implant belonging to the NSA, a highly secretive agency that almost always prefers to abort a mission over risking it being detected. Critics speculate that a bug in a widely used detection script is generating false positives. Over the past 24 hoursas additional scans have continued to detect between 30,000 and 60,000 infectionsa new theory has emerged: copycat hackers downloaded the DoublePulsar binary released by Shadow Brokers. The copycats then used it to infect unpatched Windows computers.

"People [who] have gotten their hands on the tools just started exploiting hosts on the Internet as fast as they could," Dan Tentler, founder of security consultant Phobos Group, told Ars. "On the part of Shadow Brokers, if their intention was to get mass infections to happen so their NSA zerodays got burned, the best [approach] is to release the tools [just before] the weekend. DoublePulsar is a means to an end."

Tentler is in the process of doing his own scan on the Shodan computer search service that makes use of the DoublePulsar detection script. So far, he has run a manual spot check on roughly 50 IP addresses that were shown to be infected. All of the manual checks detected the hosts as running the NSA backdoor. Once installed, DoublePulsar waits for certain types of data to be sent over port 445. When DoublePulsar arrives, the implant provides a distinctive response. While security practices almost always dictate the port shouldn't be exposed to the open Internet, Tentler said that advice is routinely overridden.

In a statement issued several hours after this post went live, Microsoft officials wrote: "We doubt the accuracy of the reports and are investigating." For the moment, readers should consider the results of these scans tentative and allow for the possibility that false positives are exaggerating the number of real-world infections. At the same time, people should know that there's growing consensus that from 30,000 to 107,000 Windows machines may be infected by DoublePulsar. Once hijacked, those computers may be open to other attacks.

Post updated to add Microsoft comment.

Read the original here:
10000 Windows computers may be infected by advanced NSA backdoor - Ars Technica

Ramping up their Congressional investigation into alleged Russian meddling in the 2016 election, lawmakers have invited directors of the FBI and National Security Agency to testify again, in addition to expressing a desire to hear from the Obama administrations top intelligence officials.

House Intelligence Committee Chairman Rep. Mike Conaway has invited FBI Director James Comey and National Security Advisor Adm. Mike Rogers to appear at a closed hearing on May 2.

Former CIA Director John Brennan, Director of National Intelligence James Clapper and former Deputy Attorney General Sally Yates have been requested to provide public testimony after May 2.

Last month, during the House Committees first public hearing, Mr. Comey confirmed his agency has been investigating alleged Russian interference in the 2016 election.

Last October, in the heat of the presidential election, the Obama administration formally accused the Kremlin of stealing and disclosing emails from the Democratic National Committee. At the time, Mr. Clapper issued a statement detailing how leaked DNC emails were intended to interfere with the U.S. election process.

Both the Kremlin and the Trump administration insist there is no evidence of Trump-Russia collusion.

Ms. Yates, while serving as at the acting attorney general at the start of the year, battled with the White House over the legality of Mr. Trumps executive order banning certain immigrants and refugees. She questioned the legitimacy of the executive order and Mr. Trump fired her.

The rest is here:
FBI, NSA called for further testimony on Trump-Russia investigation - Washington Times

Published time: 21 Apr, 2017 14:16Edited time: 22 Apr, 2017 18:06

The biggest worry for US intelligence agencies isn't foreign spies it's insider leaks, according to retired Air Force General Michael Hayden, a former director of both the CIA and NSA.

In the past, weve lost secrets to foreign adversaries, Hayden told news outlet McClatchy in an interview. Now weve got the self-motivated insider that is our most important counterintelligence challenge.

Hayden mentioned the WikiLeaks Vault 7 release, which contains thousands of top-secret CIA documents that reveal the agency's hacking tools and represents one of the biggest security breaches in CIA history.

Read more

The FBI and CIA reportedly believe the information was leaked by an inside contractor or agent, rather than an outside hacker. That suspicion seems to align with what WikiLeaks said in the press release announcing Vault 7.

Hayden also cited the case of Edward Snowden, a former NSA contractor who leaked the agency's surveillance practices in 2013. The whistleblower currently resides in Moscow, after being granted asylum by Russia.

The former Air Force general also brought up the case of Army soldier Chelsea Manning, who was convicted in 2013 of releasing three-quarters of a million classified or sensitive military and diplomatic documents to WikiLeaks.

There is also the case of Harold T. Martin, the lesser-known NSA contractor who was accused by the Justice Department in February of hoarding 50 terabytes of highly-sensitive data from the agency at his home, in a shed, and in his car. His motives are not publicly known.

Hayden pointed out that the typical motives for spying money, ideology, compromise, and ego (MICE) were not in play during any of those cases, and thus questioned how such practices could be stopped.

No foreign service used any of those characteristics against any of the people we mentioned. Its kind of sui generis. How do you stop that? Hayden said.

Hayden's statements come at a time when Russia has been repeatedly blamed for hacking the Democratic Party's computer networks during the 2016 presidential election, with Washington claiming that Moscow was trying to "interfere" with the results.

However, there is no evidence to show that the Kremlin was behind the attack, with many in the intelligence community stating that all signs point to an insider leak, rather than a hack.

Russia has denied Washington's claims as untrue and baseless.

See the article here:
Insider leaks are biggest challenge to US security former CIA & NSA director - RT

The top Democrat on the House Intelligence Committee is calling for the National Security Agency (NSA) to be split from U.S. Cyber Command.

Rep. Adam SchiffAdam SchiffTrump may miss deadline on Russia report Schiff: Dems failed to convey why Russian meddling matters Schiff advocates for NSA, Cyber Command split MORE (D-Calif.) on Wednesday said it would be wise to have separate leaders for the two organizations, pushing for a civilian head of the NSA during remarks at Columbia Law School in New York.

The Pentagon told The Hill earlier this year that it has startedassessingwhether it should split up the dual-hat leadership.

Those are two very big jobs housed under the same hat, Schiff said. I think we would be wise to split up those responsibilities.

Experts have noted that the split is likely to happen eventually, but have warned of the risks of separating them too quickly. Cyber Command was established at NSA headquarters in 2009 and has been largely dependent on the agency.

Schiff made the comments in response to a question of whether or not the federal government has the appropriate organization structure to be effective on cyber.

More generally, he said that the government is slow to keep pace with technology and indicated that there are organizational improvements to be made.

Were probably not structured how we should be, Schiff said, adding later, were always going to be chasing this.

Read the original here:
Schiff advocates for NSA, Cyber Command split - The Hill

The latest leak by the Shadow Brokers hackers exposed classified information that could only have come from within the NSA, setting the stage for a Cold War ritualthe mole hunt.

A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed a National Security Agency operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves the Shadow Brokers began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this montha move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last years election-related hacks, but security experts say the Shadow Brokers attacks fit the pattern established by Russias GRU during its election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named Guccifer 2.0.

I think theres something going on between the U.S. and Russia that were just seeing pieces of, said security technologist Bruce Schneier, chief technology officer at IBM Resilient. What happens when the deep states go to war with each other and dont tell the rest of us?

The Shadow Brokers made their debut in August, appearing out of nowhere to publish a set of secret hacking tools belonging to the Equation Groupthe security industrys name for the NSAs elite Tailored Access Operations program, which penetrates foreign computers to gather intelligence. At that time, the Shadow Brokers claimed to be mercenary hackers trying to sell the NSAs secrets to the highest bidder. But they went on to leak more files for free, seemingly timed with the public thrusts and parries between the Obama administration and the Russian government.

From the start, outside experts had little doubt that Russian intelligence was pulling the strings. Circumstantial evidence and conventional wisdom indicates Russian responsibility, exiled NSA whistleblower Edward Snowden tweeted last August. Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the [Democratic National Committee] hack.

The FBI started investigating, and in August agents arrested an NSA contractor named Hal Martin after discovering that Martin had been stockpiling agency secrets in his house for two decades. But even as Martin cooled his heels in federal custody, the Shadow Brokers continued to post messages and files.

Snowden and other experts speculated that the Russians obtained the code without the help of an insider. As a matter of tradecraft, intelligence agencies, including the NSA, secretly own, lease, or hack so-called staging servers on the public internet to launch attacks anonymously. By necessity, those machines are loaded up with at least some of the agencys tools. Snowden theorized that the Russians penetrated one of those servers and collected an NSA jackpot. NSA malware staging servers getting hacked by a rival is not new, he wrote.

Whatever their origin, the leaks dried up on Jan. 12, when the Shadow Brokers announced their retirement 10 days before Donald Trumps swearing-in. The group didnt reemerge until this month, after the Syrian militarys deadly chemical-weapons attack in Ghouta. Reportedly moved by images of the Syrian children injured or killed in the attack, Trump responded by ordering the launch of 59 Tomahawk missiles at a Syrian government air basedeparting drastically from the will of Putin, who considers Syrian President Bashar al-Assad a strategic ally.

The Russian government immediately condemned the U.S. response. Two days later, so did the Shadow Brokers. The group broke its months-long silence and released another tranche of NSA secrets along with a lengthy open letter to Trump protesting the Syrian missile strike. Abandoning any pretense of a profit motive, the Shadow Brokers claimed now to be disillusioned U.S. votersthe peoples who getting you elected, as they put in, using phrasing that holds dual meaning coming from a suspected Kremlin operation.

The Shadow Brokers have been playing hardball ever since. Their most recent release, on Friday, exposed the code for a sophisticated NSA toolkit targeting Windows machines, putting some of the agencys capabilities, circa 2013, in the hands of every newbie hacker able to use a keyboard.

This time, the Shadow Brokers didnt stop with code. For the first time in their short history, they also released internal NSA spreadsheets, documents, and slide decks, some bedecked with the insignia and Top Secret markings familiar to anyone whos browsed the Snowden leaks.

Thank You!

You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

The leak exposes in detail a 2013 NSA hacking operation called Jeep Flea Market that gained deep access to Dubai-based EastNets, a company that handles wire transfers for a number of Middle East banks, something of obvious interest to U.S. intelligence. (EastNets denies the breach.) But the Shadow Brokers exposed more than just an NSA operation. Metadata left in the files identified the full name of a 35-year-old NSA worker in San Antonio who was apparently involved in the hack. (The Daily Beast was unable to reach him for comment.)

NSA hackers dont face the same danger as CIA officers working undercover in a foreign country, but the likelihood that Russia has begun exposing them by name, while linking them to specific operations, raises the stakes for the intelligence community. If nothing else, the San Antonio NSA worker could plausibly face criminal and civil charges in the United Arab Emirates, just as hackers working for Russian and Chinese intelligence have been indicted in the U.S.

Its conceivable that the Shadow Brokers included the name by mistake. Groups like WikiLeaks and the journalists with the Snowden cache are accustomed to scrubbing identifying metadata from documents. But a less-experienced hand might overlook it. Schneier is doubtful. If were assuming an intelligent and strategic actor, which I think we are, then you have to assume that they did that on purpose, he said.

Nothing is certain; the Shadow Brokers are a puzzle with missing pieces. But Fridays Shadow Brokers release obliterated one theory on the spot. The NSA would never have put classified spreadsheets and PowerPoint slides on a staging server. They could only have come from inside the NSA.

Which sets the stage for a revival of a storied Cold War intelligence ritual, with the declining agency morale that comes with it: the Russian mole hunt. I think were most likely looking at someone who went rogue from within, or a contractor who had access to this information, said Eric ONeill, national-security strategist for Carbon Black. Either way, we have someone in the intelligence community thats a pretty high-placed spy.

A former FBI surveillance specialist, in 2001 ONeill helped bring down Robert Hannsen, a double agent in the bureau whod been secretly spying for Russia. The FBI must be scrambling right now, he said. Theres so many leaks going on: this leak, the CIA Vault7 leaks, and at the same time theres the investigation into any administration ties to Russia, and the DNC intrusion, and all these leaks coming out of the White House. Theres only so much that the FBIs national security agents can do.

If Russia did have a mole inside the NSA in 2013, the most recent date of the documents, Schneier thinks it unlikely that it does now, or else the Shadow Brokers wouldnt exist. You only publish when its more useful as an embarrassment than as intelligence, he said. So if you have a human asset inside the NSA, you wouldnt publish. That asset is too important.

Its also possible, though unprecedented in the public record, that Russia found a way into the NSAs classified network. A competing theory focuses on the FBIs early suspect, Hal Martin. Hes not the Shadow Brokers, but he reportedly worked in the NSAs Tailored Access Operations program and had 50,000 gigabytes of classified material in his home. Might he himself have been hacked? Martin is charged in Maryland with 20 counts of willful retention of national defense information, but prosecutors have not made any accusation that his trove slipped into enemy hands.

As Snowden demonstrated when he walked out of the NSA with a thumb drive of secrets, its comparatively easy now to steal and smuggle classified information. But ONeill says the FBIs counterintelligence mission is easier too, because of the rampant audit trails and server logs in classified networks.

Its much easier getting the secrets out now, but on the flip side, its also easier for law enforcement and the FBI to track down who had access to the data, he says. I like to think this mole hunt is going to be a little easier than it was in the past.

Until then, expect the Shadow Brokers to stick around. In their Friday dump, they hinted at more revelations this week: Who knows what we having next time?

Read more here:
Is There a Russian Mole Inside the NSA? The CIA? Both? - Daily Beast

TSA or NSA? The Chicago Maroon Recently, after the Transportation Security Agency (TSA) pressured a NASA scientist to turn over his cell phone at a Houston airport, a floodgate burst in the media. Stories of others who had been coerced into handing over their phones and passcodes at ...

Visit link:
TSA or NSA? - The Chicago Maroon

NIGERIAN TRIBUNE (press release) (blog)

Osinbajo meets with NSA, IG, DSS, EFCC bosses, others NIGERIAN TRIBUNE (press release) (blog) Those who were at the Presidential Villa, Abuja for the meeting at the Vice President's office were the National Security Adviser (NSA), Babagana Monguno, Director General of the Department of State Services (DSS), Lawal Daura and the Chairman of the ... Osinbajo, NSA, AGF grill Magu, Daura, IG of PoliceDaily Post Nigeria Osinbajo meets with Magu, DG DSS, NSA, othersThe Eagle Online all 23 news articles »

Read more from the original source:
Osinbajo meets with NSA, IG, DSS, EFCC bosses, others - NIGERIAN TRIBUNE (press release) (blog)

A group of hackers released on Friday what appears to be the most extensive data dump yet from the National Security Agency.

The hack could have consequences for the relationship between big software companies and the U.S. government and could make it harder for Europe to trust the U.S. to respect privacy agreements.

Experts believe the hacker group behind the leak, Shadow Brokers, is connected with the Russian government. The group has released stolen information from the NSA before.

If documents released by the hack are authentic, it would show that the NSA has compromised a Dubai-based firm that routes bank transfers between countries. The hack also revealed how to break into Microsoft software. Heres a more detailed explainer from George Washington University professor Henry Farrell.

Here are some things found in the dump.

Why it matters: The U.S. government is technically allowed to access data from Swift only through a formal safeguarded process, but information revealed in the hack indicates the NSA is secretly accessing information outside this agreement. This is bound to upset European regulators.

Why it matters: If the NSA didnt let Microsoft know about the zero-day vulnerabilities, that could further undermine tech companies already eroded trust of the government.

See the original post here:
What you need to know about that latest NSA data dump - Recode