Category Archives: NSA

(Image: file photo)

A new trove of alleged surveillance tools and exploits from the National Security Agency's elite hacking team have been released by the Shadow Brokers' hacking group.

The group Friday appeared to release tools designed to target Windows PCs and servers, along with presentations and files purporting to detail the agency's methods of carrying out clandestine surveillance.

According to several documents, the NSA used the Windows hacking tools to target several banks, including the SWIFT banking system.

The dump of Windows exploits -- arguably affecting the most people and organizations and likely to cause the most damage and embarrassment to the intelligence agency -- has been expected since the hacking group first emerged on the scene last year.

In case you missed it, hacking tools that were confirmed to belong to the NSA's so-called Equation Group were stolen last year in one of the biggest breaches of classified files since the Edward Snowden revelations. These tools, allowed NSA analysts to break into a range of systems, network equipment, and firewalls, and most recently tools to target the Linux operating system -- many of which were old and outdated. The group attempted to auction off the files but failed, and have been releasing portions of the stolen files in stages.

Researchers are currently poring over the cache of files.

Several of the files we've seen appear to be "top secret" in classification, such as JeepfleaMarket, which appears to utilize the Jeepflea program to collect data on servers at least nine international banks.

The document purports to show the infrastructure behind the system, along with another document, which shows that the NSA has deep access to some networks by exploiting VPN and firewall systems.

(Image: supplied, via Kevin Beaumont)

It appears that most of the exploits target older Windows versions, dating back as early as Windows XP and Windows Server 2003.

Among the more interesting exploits found in the cache include ExplodingCan, which exploits older versions of Windows' web server Internet Information Services with a remote backdoor. Security researcher Kevin Beaumont, who examined the exploit, said in a tweet that the tool was "very well" built.

Another exploit, dubbed EmeraldThread, is a remote Windows SMB exploit for Windows XP and 2003.

And while little is known about the so-called OddJob implant, it appears to have exploits for almost every version of Windows 2000 and later, including some server editions, some of which may still work.

Other tools point to several other remote exploits in every version of Windows, according to Hacker Fantastic, a security researcher who has been analyzing the files. (The researcher followed up in a tweet noting that not current all patches were applied at the time.)

The researcher was able to run many of the exploits found in the cache, according to a tweet.

It's not known how many of the exploits, if any, are unknown to the manufacturer. These so-called zero-day vulnerabilities are closely guarded secrets to allow analysts to carry out surveillance.

But Beaumont said that some of the tools he examined "may be" previously undisclosed, but they have yet "to be confirmed."

A Microsoft spokesperson said in a statement late Friday that it has "confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products," and gave a more detailed breakdown in a blog post.

A spokesperson for the NSA did not return a call Friday.

This post has been updated several times over the past few days, and some information relating to Windows 8 was removed after claims were proven incorrect.

Everyday ways your personal privacy is under threat:

Continued here:
NSA's arsenal of Windows hacking tools have leaked | ZDNet

Common Dreams

Snowden Says Cyberweapons Dump Underscores NSA Hacking Tools Are Not Secure Common Dreams On Friday, the hacking group Shadow Brokers released a cache of cyberweapons developed by the National Security Agency (NSA) to access computers that run on Microsoft Windows, a release described by Vice New's Motherboard as "the hacking ... and more »

Link:
Snowden Says Cyberweapons Dump Underscores NSA Hacking Tools Are Not Secure - Common Dreams

PARIS Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet.

In a blog post , Microsoft security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code . The three others affected old, unsupported products.

Most of the exploits are already patched, Misner said.

The post tamped down fears expressed by some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsofts code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the companys massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsofts fixes, also called a patch, was only released last month.

I missed the patch, said British security architect Kevin Beaumont, jokingly adding, Im thinking about going to live in the woods now.

Beaumont wasnt alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning many servers will still be affected by these flaws.

Everyone involved recommended keeping up with software updates.

We encourage customers to ensure their computers are up-to-date, Misner said.

Follow this link:
Microsoft says users are protected from alleged NSA malware - The Mercury News

Word that President Donald Trump as well as some of his family and associates may have appeared in National Security Agency (NSA) intercepts as masked (and in some cases later unmasked) identities has caused a great deal of sturm und drang in the United States. Many Americans are convinced that the mentions of Trump-linked personalities in signals intelligence reports indicates that the deep state or the Obama administration was surveilling them and that this is a dangerous politicization of the intelligence community. Eli Lake of Bloomberg View, for instance, wrote:

One U.S. official familiar with the reports said they contained valuable political information on the Trump transition such as whom the Trump team was meeting, the views of Trump associates on foreign policy matters and plans for the incoming administration.

Lakes source is doubtless correct that these reports contained valuable political information, even if his conclusion that there is a legitimate unmasking scandal afoot is off base. Because America is important, foreigners spend a lot of time talking amongst themselves about Americans. The NSA targets the communications of influential foreigners, so we should expect the names of Americans to appear on a routine basis. Moreover, American officials who are named in intercepts often have reason to be grateful for that fact.

Consider this recently declassified NSA intercept from January 1973, part of a substantial collection of once extremely sensitive intercepts the agency posted without fanfare on its website. Back in the day, NSA entitled this particular report, U.S. Ambassador to Rome Reportedly to Succeed [U.S. Ambassador Ellsworth] Bunker in Saigon; Kissinger Reportedly Apprehensive About Possible Negotiations Failure, Surprised by Nixons Defense of [South Vietnamese President Nguyen Van] Thieu. On its face, this title makes it look like NSA is collecting on the ins and outs of State Department personnel deliberations and on the activities of President Richard Nixon and his senior aides. Shady stuff, indeed.

Actually, not really. Reading the full report makes clear that nothing of the sort was going on. In fact, the NSA says the series of intercepts

provided National Security Advisor Henry Kissinger and other senior American negotiators with unique insights into how their South Vietnamese allies were reacting to developments at the Paris Peace Talks with North Vietnamese envoy Le Duc Tho.

This particular report gave the text of a message from South Vietnamese Ambassador Pham Dang Lam in Paris to Thieu in Saigon. Saigons ambassador reported that an unnamed source close to the White House told him that U.S. diplomat Graham Martin had agreed to become ambassador to South Vietnam and had sought and received assurances from Nixon that the Communists would not be allowed to take over South Vietnam. Lam also advised Thieu that Washington Post reporter Murrey Marder had told him that National Security Advisor Henry Kissinger seemed afraid that the Paris Peace Talks would fail and was at odds with President Nixon over certain unspecified points.

This was potentially valuable information to Nixon and Kissinger because it gave them insight into what the South Vietnamese government thought the White House was planning. This information could be used to keep a step ahead of the South Vietnamese. The intercept also hinted to Nixon and Kissinger that Murrey Marder could possibly be used to influence the South Vietnamese or pass a deniable message to them. Also, the information about Kissingers pessimism and the disagreement with Nixon was potentially invaluable. If Kissinger meant to convey those impressions, then the intercept told him that he had succeeded. If, on the other hand, he had accidentally shown some of his cards, he was now aware of it and could take steps to repair the damage.

Nixon and Kissinger realized the value of having the NSA report foreign views of what they were doing. That is why you will see the notation TOHAK on this intercept and others in this lengthy series. TOHAK means to Henry A. Kissinger.

This is why I would say to Trump: Calm down, ask to read the intercepts in which you, your family members, and associates are allegedly named. The intercepts can be valuable to you. They may tell you what foreign actors really think of you and the people around you. Surely a great negotiator like you can find a way to exploit that knowledge to produce a win for the United States.

Dr. Mark Stout directs graduate programs in Global Security Studies and Intelligence at Johns Hopkins Krieger School of Arts and Sciences Advanced Academic Programs in Washington, DC. He has previously worked for the Department of the Army, the State Department, the CIA, and the Institute for Defense Analyses.

See the article here:
Whispers from the Past: Political Figures Caught Up in NSA Intercepts - War on the Rocks

For a payment of nearly $8 billion, T-Mobile yesterday potentially expanded its wireless service reach to customers across the U.S. and Puerto Rico. Its acquisition of low-band spectrum came as the Federal Communication Commission (FCC) wrapped up an historic $19.8 billion auction of airwaves voluntarily relinquished by U.S. television broadcasters.

Set in motion five years ago as part of the federal Middle Class Tax Relief and Job Creation Act, the FCC auction was aimed at reallocating spectrum to better serve today's wireless communications demands. Television broadcasters that gave up portions of their low-band spectrum for auction will receive just over $10 billion in proceeds while the U.S. government plans to use more than $7 billion of the remaining proceeds to reduce the federal deficit.

In addition to T-Mobile, other companies acquiring spectrum through the FCC auction include Dish, which paid a total of $6.2 billion, and Comcast, which paid $1.7 billion. Of the other big four wireless carriers, Sprint and Verizon did not participate, while AT&T spent just $910 million for reallocated spectrum.

'Spectrum Mother Lode'

In a video blog released after the conclusion of the auction, T-Mobile president and CEO John Legere said his company acquired "the spectrum mother lode," 45 percent of all the low-band spectrum on offer from the FCC. That acquisition quadruples T-Mobile's low-band holdings nationwide, he said.

"It's the equivalent of beachfront spectrum, the stuff that works better in buildings and travels further from the tower," Legere added.

In addition to providing better communication through walls and over long distances, more low-band spectrum in the 600 MHz range will enable wireless service providers to ease congestion and lay the groundwork for 5G connectivity, according to the FCC. A total of 50 bidders acquired 70 MHz of spectrum through the auction, with another 14 MHz available for unlicensed use and wireless microphones, the FCC said.

Many of the television broadcasters relinquishing spectrum are doing so in duopoly markets where they own two stations. NBC, for example, plans to keep the channels with better coverage in markets, such as New York, Chicago and Philadelphia, and share that coverage with other channels whose spectrum was auctioned off.

'A Long Time Coming'

Over the next 39 months, most of the 175 television stations that gave up bandwidth for the auction will begin the transition to new channel assignments, while 12 are expected to go off the air.

Wireless providers that acquired low-band spectrum in the auction will have as many as 12 years to begin using that bandwidth for services, although Legere said T-Mobile expects to begin "lighting up" its new airwave holdings later this year.

"This day has been a long time coming," FCC chairman Ajit Pai said in a statement after the auction results were announced. "While we celebrate reaching the official close of the auction, there is still much work ahead of us. It's now imperative that we move forward with equal zeal to ensure a successful post-auction transition, including a smooth and efficient repacking process."

Read the original post:
New Leak Suggests NSA Penetrated Mideast Banking Networks - NewsFactor Network

By Daniel Eran Dilger Friday, April 14, 2017, 04:19 pm PT (07:19 pm ET)

As noted in a report by Lorenzo Franceschi-Bicchierai for Motherboard, the NSA tools were leaked by hacker group known as the "Shadow Brokers."

The package of exploits includes "Fuzzbunch," and easy-to-use hacking tool with basic instructions that even non-technical users could follow to gain control of PCs running multiple versions of Microsoft's Windows prior to the latest Windows 10, specifically Windows XP, Vista, 7 and 8 as well as server versions including NT, 2000, 2003, 2008 and 2012.

The report cited a former employee of the U.S. Department of Defense as saying "it's not safe to run an internet facing Windows box right now," and that the payload of exploits is "the worst thing since Snowden."

Motherboard previously cited comments from security architect Kevin Beaumont, who noted that "all of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."

According to web browser stats from NetMarketshare, only 25 percent of web users are using Microsoft's latest Windows 10 (which was released in the summer of 2015), while over 66 percent of active web users are using older versions of Windows that are vulnerable to the attacks launched by the released tools.

There are many Windows PCs that are connected to the Internet but do not generate web traffic--particularly back end servers and other utilitarian machines. A worm or virus could easily launch broad exploits at Windows users and find plenty of vulnerable machines to steal data from or recruit into global botnets of exploited PCs.

Microsoft has worked aggressively to upgrade users to Windows 10, but the vast majority of PCs worldwide remain stuck on older versions with known problems. The new cache of hacker tools makes it that much easier to exploit those users.

A spokesperson for Microsoft said that it is "reviewing the report and will take the necessary actions to protect our customers."

Apple's installed base of Macs and iPad users are not affected by exploits found in Windows (apart from Macs intentionally booted up into an old version of Windows by the owner). That's a feature Apple has long advertised for Macs, and has recently noted in its ads for iPad Pro.

In part, Apple's limited exposure to malware and exploits comes from its divergence from the monoculture of Windows (or Android) software, a sort of "security by obscurity," where the easiest to use hacking tools simply don't work because the platform isn't as easy to target as Windows PCs and Android devices are.

Apple's installed base of computer users has grown rapidly however. Horace Dediu of Asymco recently noted that there are about 100-150 million Macs in active use and an installed base of over 300 million iPads. That's about the same as the 400 million PCs in the installed base of Windows 10 that Microsoft cited at its Ignite conference last fall.

The difference is that there is at least another 400-600 million PCs that are running vulnerable versions of Windows. Apple also has an even larger installed base of iPhones, but most of those are updated.

So the larger reason why Macs and iOS devices are protected from the routine efforts to hack into Android and Windows is due to Apple's far faster ability to distribute new OS updates, which it does without cost. Apple's system update efforts have resulted in the majority of iOS users rapidly adopting the latest version and regular new patches between major updates.Macs and iOS devices are protected from the routine efforts to hack into Android and Windows due to Apple's far faster ability to distribute new OS updates

As of February 20th, Apple reports that 79 percent of iOS users are on the latest iOS 10, while another 16 percent are on iOS 9, both of which are at least as recent as Microsoft's Windows 10.

Apple does not appear to report macOS version adoption figures, but Go Squared reports that 44 percent of Macs are using the latest macOS Sierra while another 21 percent are on macOS El Capitan, both of which (65 percent total) are as new as Windows 10. The same site reports adoption of Windows 10 at 49 percent, with a nearly equal number still on Windows 7.

The same site reports that 89 percent of iOS users are on the newest iOS 10, as of April.

Google notes that as of April, only 4.9 percent of devices actively accessing Google Play are using the latest Android 7 Nougat, and only another 31 percent are on 2015's Android 5 Marshmallow, released alongside iOS 9. The majority of its active users are on versions of Android older than that, most of which will never be updated. Users in other regions, particularly China, are much less likely to use Google Play and even less likely to be updated to recent versions of the OS.

See the article here:
Apple's Mac, iPad dodge an ugly new NSA hacker bomb targeting ... - AppleInsider (press release) (blog)

This morning, a new set of hacking tools was released by TheShadowBrokers group, revealing new techniques for hacking both Windows and certain financial networks.

Likely originating with the NSA, the tools give new clues as to the groups targets in recent years, which seem to include both international anti-money-laundering groups and oil companies in the Persian Gulf region. Some of the hacking tools were flagged by antivirus services as early as 2012, but experts believe the dump contains at least some undisclosed vulnerabilities for older versions of Windows. The leak also contains new attacks against the SWIFT banking network, used to transfer money internationally.

The files are mirrored on Github here, and researchers are already poring through the findings in a dedicated #shadowbrokers room on the Freenode IRC channel. A full list of the implants is available here.

TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes.

First emerging in August, the ShadowBrokers are believed to have stolen hacking tools from the NSA, with many analysts tracing the exploits to a compromised listening post used by the service to launch attacks remotely. Less is known about the ShadowBrokers themselves, although some have speculated the group may have ties to Russia.

Like previous drops, the data was accompanied by an enigmatic message in purposefully broken English. Is being too bad nobody deciding to be paying theshadowbrokers, one portion reads. TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes, an apparent reference to eccentric anti-virus mogul John McAfee.

The drop comes just days after an earlier drop of Unix-focused exploits on April 8th. Those files were accompanied by a short blog post taking President Trump to task for launching military strikes in Syria, among other recent actions. TheShadowBrokers voted for you, the post read. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you.

Read the original:
New leak shows how a major hacking group cracked Windows and international banks - The Verge

SIGN UP FOR OUR NEWSLETTER

Trump made the announcement during a press conference on Wednesday with North Atlantic Trade Organization (NATO) Secretary General Jans Stoltenberg, as reported by Military Times.

The U.S. has been at war in Afghanistan since 2001, after the September 11 attacks by radical Islamic terrorists on U.S. soil that killed 3,000 people.

The U.S. has some 8,400 troops in Afghanistan, with an additional 5,000 deployed from NATO allies, Business Insider reported. Army Gen. John Nicholson told Congress in February he needed a few thousand more troops in order to break what he called a stalemate with the Taliban terrorists.

Of about400 districts in Afghanistan,the Taliban controls, contests, or influences 171of them, according to the Special Inspector General for Afghanistan Reconstruction, Business Insider reported.

Voice of America (VOA) reported last month that the U.S. military in Afghanistan is ratcheting up theoffense against the growing Islamic State branch in the Afghanistan-Pakistan region.

Since he took office, President Donald Trump has been ramping up military operations against both the Islamic State, also known as ISIS and ISIL, as well as al-Qaeda, particularly in Yemen, VOA reported.

We stand confident that the new U.S. administration under President Trump will remain strategically engaged and continue its support, Afghanistans Foreign Minister Salahuddin Rabbani said at an appearance at the Atlantic Council in Washington.

American Navy Capt. Bill Salvin, the spokesperson and director of public affairs for the U.S./NATO-led coalition in Kabul, told VOA that our goal in 2017 is to defeat ISIS-K in Afghanistan.

Green Beret Staff Sgt. Mark De Alencar, 37, of Edgewood, Maryland, was killed earlier this month fighting jihadists in the eastern part of Afghanistan near the Pakistani border.

The fatality brings the total number of U.S. military deaths since the war started more than 15 years ago to at least 2,249, most of which occurred under former President Barack Obamas watch, according toPentagon data.

This marks the first time the bomb, known as the GBU-43, or Massive Ordnance Air Blast, (MOAB) was used in combat. Its yield is11 tons of TNTand has been nicknamed theMother of All Bombs.

It remains uncertain so far if the bombing was planned under the Obama administration or the Trump administration.

Pentagon spokesman Adam Stump said the plan has been in place for a few months, and that the weapon had been in Afghanistan for some time.

The final test of the MOAB took place on March 11, 2003 and was delivered into theater on April 1, 2003.

Visit link:
Trump Sending NSA McMaster to Afghanistan on Heels of MOAB Bombing on Islamic State - Breitbart News

Mysterious group posts more alleged NSA hacking tools; Russia link suspected Wichita Eagle One document appeared to show that NSA spyware had been placed on servers in South Korea, Russia, Japan, China, Mexico, Taiwan, Spain, Venezuela and Thailand, among other countries. The dump included details of how the NSA purportedly had ...

Follow this link:
Mysterious group posts more alleged NSA hacking tools; Russia link suspected - Wichita Eagle

The National Security Agency is amping up its game when it comes to challenging young, college-age students in military academies on their cyber skills.

The agency is hosting its 17th annual Cyber Defense Exercise (CDX), but with a few new twists.

The exercise challenges students at the U.S. Military, Naval, Coast Guard and Merchant Marine academies, as well as undergraduate and graduate students from the Royal Military College of Canada.

Their mission is to defend networks they have created from a red team comprised of U.S., Canadian and industry cyber warriors.

White House ends hiring freeze, mandates workforce, mission restructuring

Along with defending the network, the teams have certain challenges they need to secure as well.

What this does is challenges them to look into forensics and see where malware lies and where things happen, said James Titcomb technical lead for CDX said April 12.

The challenges consist of reverse engineering and malware analysis, network forensics, offensive ethical hacking and control of a simulated drone.

The graduate students are testing two new challenges that involve securing a space satellite and an unmanned ground vehicle.

This year whats new is we have two cadets from the Air Force academy participating in the red team, said Shirley McMonigle, CDX program lead. This is also the first year the undergraduates will participate in the drone challenge.

This year teams will have to deal with ransomeware as well. The teams can either pay points to get out of the hack or try to fix it.

March TSP returns: In like a lamb, out like a lion

Teams are scored on network confidentiality, usability, integrity and on the challenges.

NSA uses a red team to interfere with students networks and their ability to complete the challenges. Much of the intrusions find their way into the students networks through a gray team, which acts as a network user.

The gray team may fall for social engineering tactics.

Most of our access is done through the gray cell. We call it the user that clicks on everything. What we do is we purposely throw things and have the gray cell open those links so that we can own their work stations. [The teams] have to go in and mitigate that, Titcomb said.

The red teams are a way for those in the military to keep their skills sharp too.

Air Reservist Lt. Tim Li said he works in cybersecurity for J.P. Morgan. He said acting as a hacker helps him understand the other side of the cybersecurity coin.

Its fun, its the opposite for me of what I do on the outside. Its learning what the attacker would do, so it will definitely be beneficial for me once I return to my civilian job, Li said.

The students embedded this year with the red team said they were taking in a lot from the experience.

Nick Co, a 22-year-old midshipman, said he could see himself working for U.S. Cyber Command or the NSA at some point in the future.

Thats good news for the military, which is strapped for people with cyber talent in the service.

I think for us some of it is trying to understand the basics first. We are still hugely learning, but we know that the field is really growing and we definitely know they could use some officers out there, Co said. These guys are the real professionals so its fun to really learn from them and take this back and hopefully when we graduate implement this.

See the original post:
NSA gives military students a leg up on cyber with real-time exercise ... - FederalNewsRadio.com