Category Archives: NSA

March 9, 2017

A still redacted incident prompted both agencies to discuss concerns about computer hacking into government agencies

In April 1987, the CIAs Chief of Information Systems Security submitted a memo detailing a meeting he had recently had with the Director of the NSAs National Computer Security Security Center.

The meeting had been prompted by an earlier incident, still redacted, that had generated mass confusion.

Hints as to what the incident could have been can be gleaned from the meetings agenda, which tackled concerns about computer hacking into government agencies

and the fact that as of 1987, there were no reporting requirements for cybersecurity incidents at the federal level.

So, a few important takeaways from this meeting that changed the way federal agencies handle cybersecurity FOREVER. One, start reporting those incidents.

Two, start taking advantage of the NSAs existing database of fixes and, you know, apply them.

And three, make staff generally aware that cybersecurity is a thing, which would probably take care of 99% of the problem right there.

The CIA then sealed this historic partnership in the most literal way possible - handing their counterpart at the NSA a literal seal.

The full memo is embedded below.

Image via 20th Century FOX

View original post here:
Thirty years ago, the CIA and the NSA had a meeting that changed national cybersecurity - MuckRock

LISTEN TO TLRS LATEST PODCAST:

By: Paul Meekin

Kotaku brought the gameOrwellto my attention today. Its a game about spying on peoples personal data in order to ascertain potential terrorist activity. Your end goal is to thwart that activity. The point of the game, in addition to being an entertaining pot boiler, is the fundamental question of when, and if, its okay to violate the privacy of human beings in order to prevent acts of terror. This is a wonderful concept and one I support fundamentally as a gamer and fan of thinking critically while playing them.

The point of the article was the question if people today even careabout privacy.The most popularcomment on the article?

I dont care. I mean first off what can we do to stop them from spying on us? Nothing. Even if we did complain they could say they stopped but keep on spying anyways.

Outside of that who cares. Let them see my life. My boring facebook posts. My boring emails once and awhile. My youtube watching. Going to Kotaku. Even any porn Ive looked at.

Actually why would you worry about what people see anyways? Unless your hiding something you have no reason to worry. Do you look at child porn? Do you hire hitmen? If not then who cares.

Sorry, I just threw up in my mouth a little.In 2013 we learned the NSA was in our business. Directly or indirectly, the fact of the matter was the NSA was gathering massive amounts of data on Americans, foreigners, and scorned lovers.

Its possible youre much like the commenter above and didnt care. You had nothing to hide and are perfectly okay with invasions of personal privacy and personal data in the name of security.

But its also possible youre a principled individual and dont think the constitution should be violated just in case youre up to no good.

The beauty of Orwellis that it could change your mind one way or another.Unfortunately, as a Mac user, I am unable to play Orwell, but I support it on principle.

A game I did play, that didchange my mind, was Tom ClancysSplinter Cell: Blacklist. Released in August 2013, a few months after the scale and scope of the NSAs activities were revealed.

The backlash to these activities was massive. But along comes Splinter Cell. Without trying and without foreknowledge of this event, it made quite a case in favor of a bit of privacy invasion. Of course the reviewer of the game disregarded the plot as Right Wing mumbo jumbo on a podcast.

But it was mumbo jumbo with a point. Splinter Cell: Blacklist is a game that demonstrates the awesome force of the Military Industrial Complex. From wire tapping to drone strikes to covert operations to warrantless searches and seizures it demonstrated what a single team of highly qualified individuals were capable of when they *werent* restrained by thebureaucracy of the federal government and the morelimiting aspects of the Constitution (and The Bill of Rights in particular).

Obviously it was just a game, and not based on fact although some of the technology is quite believable in hindsight. But the point it makes has real world applications; Just how many times have lives been saved by illegal wire tapping and covert operations we never hear about?Well never know.

How many lives make that violation of privacy worth it? Batman seems to think its about two boatloads.

The Libertarian in me says no lives are worth it. That the fundamental cost of liberty is that the federal government shouldnt be in the business of convicting people for crimes before theyre committed and spying on them, again just in case.

If were willing to violate the privacy of lives to save lives, those lives arent worth as much as we initially thought, are they?

In playing Splinter Cell, you realize America is embroiled in a war with a stacked deck. The enemy doesnt obey the laws of combat. They fight dirty and they fight mean and they behead journalists, use children as suicide bombers, and drag bodies through the street. As a result, if we fight the war as governed by the Geneva convention, were essentially playing checkers while the enemy is playing tackle football.

Games have an amazing capacity to educate while entertaining. Unlike a movie you watch, or a book you read, you participate in a game. And the best of them, from Oregon Trail to Splinter Cell to even Madden Football, can enlighten you on a subject in a way no other media can.

Regarding the NSA? I still dont know how I feel. Theres valid arguments on both sides. I lean toward getting the government out of my computer.

Then again, I have nothing to hide.

-

gamingGeorge OrwellkotakuSplinter CellSpyingvideo games

Continue reading here:
Gaming, NSA Spying, and You: Two Games That Could Change Your Mind - The Libertarian Republic

Journalist Jason Leopold (currently in residence at Buzzfeed) has been given the nickname "FOIA terrorist" for his numerous requests and almost as numerous FOIA lawsuits. The government has taken notice of Leopold's activity. The Pentagon once offered Leopold a stack of documents in exchange for him leaving it alone. (He declined.) The FBI played keepaway with James Comey talking points, telling Leopold they were all exempt from disclosure. This obviously wasn't true, as these same talking points had been handed over to Mike Masnick by the agency months prior to the bogus denial it gave Leopold.

Now, it's the NSA using Leopold's "FOIA terrorist" nickname against him. (This is weird because federal employees gave Leopold the "terrorist" nickname. He didn't come up with it himself.) In Leopold's ongoing FOIA lawsuit against the agency, the NSA has asked for an "Open America" stay. What this would do is push Leopold's request back in line with the others the NSA has received. The agency argues that Leopold's decision to file a lawsuit over the agency's lack of a timely response shouldn't give his request precedence over FOIA requests that arrived before his did.

The agency points out its FOIA workload has increased significantly since "a former NSA contractor began a series of unprecedented, unauthorized, and unlawful disclosures" in 2013. The agency still processes thousands of FOIA requests a year, but it's unable to keep up with the increase in FOIA traffic.

What the NSA wants is more time. Three of Leopold's requests -- two of them dating back to 2014 -- are at the center of this lawsuit. The NSA wants to prevent Leopold's lawsuit from letting him jump the queue. From the filing [PDF]:

Given NSAs limited number of FOIA personnel, if the Court orders defendant to process plaintiffs requests at a rate greater than 400 pages per month, the individuals who filed the 1,603 pending requests in NSAs current backlog, many of which were filed well before plaintiffs, will be disadvantaged.

It also wants to process no more than 400 pages per month for him, despite there being more than 20,000 responsive pages.

In defense of its attempt to keep Leopold from litigating his way to the front of the line (and for delaying its already-delayed responses even further), the NSA attempts to use Leopold's press bio against him.

[P]laintiff Jason Leopold is a self-styled FOIA terrorist who, according to a recent press release by his new employer, BuzzFeed.com, makes his living by deluging the federal government with Freedom of Information Act requests. He proudly claims to have brought more FOIA lawsuits by himself than any other news organization except the New York Times.

Again, Leopold may be a "self-styled" FOIA enthusiast, but the government called him a "terrorist" first. And, again, the number of lawsuits means nothing. If the government replied in a more timely fashion, withheld fewer documents, and generally made a better effort at being transparent, it's unlikely Leopold would be chasing every FOIA request with a FOIA lawsuit.

While I agree with the NSA FOIA requesters shouldn't be able to use litigation to move their requests ahead of others (who may not have the financial means to engage in litigation), the fact is without litigation, most government responses would be delayed indefinitely. Agencies are statutorily required to respond within a certain time period. After that time has elapsed, the only option in most cases is to bring a lawsuit. Periodically reminding the agency about your outstanding request has almost zero motivational effect.

Handing out litigation stays doesn't mean requesters who haven't filed a lawsuit will be receiving faster responses. All it means is litigating requesters will be receiving their responses more slowly. The NSA's inference that Leopold's requests are somehow less legit simply because there are so many of them is bogus. I'm sure Leopold would rather have faster request fulfillment than the double-duty of tracking dozens of open requests and multiple concurrent FOIA lawsuits.

If the problem is staffing, there are solutions available -- but agencies have to want to be more responsive, not just shrug their way through FOIA lawsuit filings complaining about how impossible it is to keep up. They have direct lines to the legislators that pass their budgets. If they really wanted to do more, FOIA-wise, they'd have asked for more help already.

Here is the original post:
NSA Tries To Stonewall Jason Leopold's Requests Because He's A 'FOIA Terrorist' Who's Paid To 'Deluge Agencies ... - Techdirt

By David Mann. Published Thursday, March 9th, 2017

It turns out the Tri-Cities have a great place to learn how to defend the country from cyber attacks.

The National Security Agency and the Department of Homeland Security have designated Pascos Columbia Basin College a National Center of Academic Excellence in Cyber Defense for its two-year education program.

In a letter to the school, Karen Leuschner, program manager of the Centers of Academic Excellence program at the NSA, wrote:

Your ability to meet the increasing demands of program criteria will serve the nation well in contributing to the protection of the National Information Infrastructure.

She added there is a critical shortage of professionals with skills to defend Americas cyberspace obtained by higher education.

Certificates of the NSA designation will be presented at the National Cyber Security Summit in Huntsville, Alabama from June 6 to 8.

There are currently 62 students enrolled in CBCs cyber security program.

The school started offering a bachelors degree of applied science in cyber security in 2013.

See more here:
Columbia Basin College certified by NSA for excellence in cyber defense education - KVEW

Thank you

Your message has been sent.

There was an error emailing this page.

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

The Equation's cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.

From the start, the tools and techniques used by the Equation bore a striking similarity to those described in secret documents leaked in 2013 by former NSA contractor Edward Snowden. This relationship was further strengthened by the similarity between various code names found in the Equation malware and those in the NSA files.

The new CIA documents leakedby WikiLeaks include a 2015 discussion between members of the agency's Technical Advisory Council following Kaspersky's analysis of the Equation group.

The discussion focused mostly on what the Equation did wrong that allowed Kaspersky's researchers to establish relationships between various tools and link them to the group. The goal was for the CIA's own cyber teams to learn from those mistakes and avoid them in their own tools and operations.

The Equation's errors identified during the discussion included the use of custom cryptographic implementations instead of relying on standard libraries like OpenSSL or Microsoft's CryptoAPI, leaving identifying strings in the program database (PDB), the use of unique mutexes, and the reuse of exploits.

"The 'custom' crypto is more of NSA falling to its own internal policies/standards which came about in response to prior problems," one team member said during the discussion. "In the past, there were crypto issues where people used 0 [initialization vectors] and other miss-configurations. As a result, the NSA crypto guys blessed one library as the correct implementation and everyone was told to use that."

"The Equation Group as labeled in the report does not relate to a specific group but rather a collection of tools (mostly TAO some IOC)," another member wrote.

TAO is a reference to the NSA's Office of Tailored Access Operations, a large division that specializes in the creation of hacking tools for infiltrating foreign computer systems. Meanwhile, IOC refers to the Information Operations Center, a CIA division that, according to a leaked 2013 budget justification for intelligence agencies, has shifted focus from counterterrorism to cyberespionage in recent years.

The CIA analysis of Kaspersky's Equation report highlights how hackers can learn to better hide their attacks based on research published by security companies. This raises the question of whether security vendors and independent researchers should be so forthcoming with the methods they use to establish links between malware tools.

It is a proven fact that attackers learn from public analyses, and this is something that all researchers consider when publishing material," researchers from Kaspersky Lab said in an emailed statement. "It is a calculated risk. Of course, not all companies choose to disclose all their findings. Some companies prefer to keep some of the details for private reports, or not to create a report at all."

"We believe that, going forward, a balance will be achieved between the amount of publicly disclosed information (just enough to highlight the risks and raise awareness) and the amount of information kept private (to allow for the discovery of future attacks)," the Kaspersky researchers said.

According to them, this new information ties into the escalating cyber arms race that has been going on since 2012 and shows no signs of slowing down.

Lucian Constantin is an IDG News Service correspondent. He writes about information security, privacy, and data protection.

Original post:
Leaked docs suggest NSA and CIA behind Equation ... - PCWorld - PCWorld

(TNS) -- WASHINGTON Nearly four years after National Security Agency whistleblower Edward Snowden blew the lid off domestic spying, the vast surveillance programs cherished as the crown jewels of the U.S. intelligence establishment are about to spring back into public debate and not just because of Donald Trumps allegation that hes been the subject of wiretaps.

The legal framework for some of the broadest U.S. surveillance programs, authorized for a five-year period in 2012, will expire Dec. 31 unless Congress reauthorizes it. Already, the debate about those programs has begun, with members of the Senate Intelligence Committee focused on finding an answer to a simple question: How many Americans have emails, text messages and telephone conversations picked up in the governments electronic sweep?

Is it a few thousand? Or is it a lot higher?

We need that number, Sen. Ron Wyden, D-Ore., told Dan Coats, Trumps nominee to serve as director of national intelligence, at a confirmation hearing Feb. 28. We have sought it for years and years. More and more Americans are getting swept up in these searches.

Wyden pressed Coats on whether he would nail down a number. Coats hedged.

It has been extremely hard to come up with that number for various reasons which I dont fully understand, said Coats, a former member of the Intelligence Committee now weighing his nomination. I will do my best to work to try to find out if we can get that number, but I need first to talk find out about why we cant get it.

Trumps allegation that President Barack Obama ordered his phones tapped last fall, a claim for which he has offered no evidence, has little to do with the coming debate. But it is an indication of the sensitivities surrounding surveillance practices that do not cleave easily along party lines.

While the issue is often cast as a balance of privacy vs. national security, many Republicans, especially those with libertarian streaks, are troubled by what they see as invasive practices. And many Democrats offer strong support of the intelligence community.

At a separate hearing before a House of Representatives committee, Rep. Jim Jordan, an Ohio Republican who earns a perfect score from the American Conservative Union, read incredulously a response he had gotten to his official query to the U.S. intelligence director in which he was told it would be difficult if not impossible to calculate the number of Americans whose communications are intercepted.

That seems like baloney to me, Jordan said. Were talking about the greatest intelligence service on the planet. Youd think they would be able to know that, right?

Rep. John Conyers, a Michigan Democrat far to Jordans political left, said, The government can, and does, collect massive amounts of information about our citizens under this authority.

At hearings, Snowdens name hardly arises. But few doubt that his revelations in 2013 helped mold the current debate. Worldwide, Snowden is seen from sharply distinct angles traitor and villain, or global celebrity for data privacy. From his exile in Moscow, where he fled after spilling the secrets, Snowden continues to cast a long shadow.

It was his disclosures that let Americans and people around the world learn of NSA programs like PRISM, Dishfire and XKeyscore, which, respectively, allowed for the monitoring of electronic data retrieved from nine large tech companies, grabbed 200 million text messages a day and saw nearly everything a targeted user did on the internet.

Leaders of allied nations like Germany and Brazil bristled when they learned from Snowdens disclosures that their officials were among dozens of leaders tapped by the NSA.

Much of the bulk collection of data by the NSA was rolled back or halted in 2015 under the USA Freedom Act.

On Capitol Hill, Snowdens name is sometimes uttered with revulsion mixed with recognition that his actions accelerated change.

What he exposed, Im glad that we learned about it. It allowed us to make reforms that were necessary, said Rep. Eric Swalwell, a California Democrat who sits on the House Intelligence Committee. But the way that he did it was so reckless. He exposed information that put our troops at risk and hurt important relationships with our allies.

Trump called Snowden a terrible traitor in a 2013 television interview and suggested he should be executed.

Digital rights activists credit Snowden with forcing major intelligence agencies to talk more openly about surveillance.

What Snowden did was enable the debate and provide more disclosures by the intelligence community when it saw the debate move in a direction it didnt like, said Gregory T. Nojeim, senior counsel at the Center for Democracy & Technology, a Washington research group that advocates for an open and free internet.

Civil rights activists voice concern over what they describe as gaps in Section 702 of the Foreign Intelligence Surveillance Act, which provides the legal framework for the NSA to monitor non-U.S. persons without warrants.

As of 2015, the Office of the Director of National Intelligence reported that 94,368 foreigners or entities abroad were targets of U.S. surveillance for intelligence purposes. The NSA is presumed to vacuum up hundreds of millions of electronic communications a year from those foreign targets, including any they may have had with Americans.

The impact is actually much greater than 94,000 because each of these individuals talks to potentially hundreds of people, said Neema Singh Guliani, legislative counsel for the Washington office of the American Civil Liberties Union.

How many Americans have their communications monitored in so-called incidental collection remains a guess. In the House hearing last week, Rep. Louie Gohmert, R-Texas, pressed Elizabeth Goitein, an expert on surveillance at the Brennan Center for Justice at New York University Law School, for an estimate.

If you conservatively assume that even 1 out of 100 of every foreign targets communications was with an American that would still be millions of American communications, Goitein said.

Pressed further at another point, Goitein said: I had said millions earlier, which I think is conservative. Potentially tens of millions. I dont know. I really hesitate to speculate.

Foreign Intelligence Surveillance Act regulations require the NSA, CIA and FBI all of which have access to the database of collected communications to minimize information about U.S. citizens or green card holders when it is incidentally swept up.

But the databases are widely available one report on how the FBI handles searches of the databases monitored use in 13 FBI field offices and agents in those offices can query the databases even when they have no suspicion of wrongdoing, said David Medine, who until July 1 was chair of the Privacy and Civil Liberties Board, a bipartisan watchdog that seeks to ensure government compliance with privacy and civil liberties rules.

They are just sort of entitled to poke around and see if something is going on, Medine told a Senate panel in May.

Critics of Section 702 say that sort of backdoor search allows authorities to snoop on citizens without having to show probable cause and obtain constitutionally required warrants.

You have this authority, and the government says the goal is national security and to help us prevent terrorism. The reality is that they can collect information that has no connection to terrorism, national security or weapons of mass destruction, Guliani said.

Defenders of Foreign Intelligence Surveillance Act surveillance said they hoped legislators reauthorized its use. They say evidence of abuse is minimal.

Throughout my time at NSA, I routinely saw analysts self-report if they ran an improper query, April Doss, a former assistant general counsel at the agency, wrote in her submitted testimony to the House Judiciary Committee on March 1.

Auditors review logs for signs of improper queries, Doss said in an interview, calling existing laws robust and effective and noting the oversight of three branches of government.

Doss and other supporters of the status quo make an unusual argument: Simply trying to satisfy legislators who want to know how many U.S. citizens turn up in the electronic sweeping would require the NSA to act intrusively, would divert analysts from hunting terrorists and would possibly even break the law by actively tracking the Americans they find, raising new privacy concerns.

It would prompt intelligence analysts to look for communications that they would not otherwise see, communications that have no intelligence value, Doss said.

For his part, Swalwell, the California legislator, said convincing the citizenry that surveillance was being done properly was vital to the health of the intelligence community.

The more transparent we are about 702, the better, he said. When Americans understand how their government is protecting them, theyre more willing, I think, to go along with whats necessary to keep us safe.

2017 McClatchy Washington Bureau Distributed by Tribune Content Agency, LLC.

Originally posted here:
Controversial NSA Surveillance Programs Up for Renewal at Year's End - Government Technology

CNET

How do WikiLeaks' CIA hacking claims differ from Snowden NSA?: CNET News Video CNET Top tech companies begin issuing official statements in response to the "Vault 7" documents released by WikiLeaks. Play video. Video: 'Twin Peaks' posters ask where is Laura Palmer? 'Twin Peaks' posters ask where is Laura Palmer? 0:34 March 7, 2017. and more »

View original post here:
How do WikiLeaks' CIA hacking claims differ from Snowden NSA?: CNET News Video - CNET

By Curt Mills | U.S. News

President Donald Trump is "absolutely right" to claim he was wiretapped and monitored, a former NSA official claimed Monday, adding that the administration risks falling victim to further leaks if it continues to run afoul of the intelligence community.

"I think the president is absolutely right. His phone calls, everything he did electronically, was being monitored," Bill Binney, a 36-year veteran of the National Security Agency who resigned in protest from the organization in 2001, told Fox Business on Monday. Everyone's conversations are being monitored and stored, Binney said.

Binney resigned from NSA shortly after the U.S. approach to intelligence changed following the attacks of Sept. 11, 2001. He "became a whistleblower after discovering that elements of a data-monitoring program he had helped develop -- nicknamed ThinThread -- were being used to spy on Americans," PBS reported.

On Monday he came to the defense of the president, whose allegations on social media over the weekend that outgoing President Barack Obama tapped his phones during the 2016 campaign have rankled Washington.

The rest is here:
NSA Whistleblower Backs Trump Up on Wiretap Claims - Fox News

Former CIA and NSA director Gen. Michael Hayden said Tuesday there was no body of evidence for President Trump to make the claim that former President Barack Obama ordered wiretaps of his phones during the election.

What was claimed is inconsistent with the way I know the system works, Hayden told FOX Business Neil Cavuto.

According to Hayden, the president hasnt had the authority to order a wiretap since the 1970s. Instead, the request would need to go through a court, he said.

Since the president took office, the White House has been plagued with intel leaks. Hayden, who took over as CIA director in May 2006, said he faced a similar issue.

"One of the biggest problems we had was leaks. And my first speech to the workforce was: this is stopping. We are out of this as source or subject, Hayden said, adding that he does not believe people within the intelligence community should immediately be blamed.

I would not automatically assume that the source of this are intel people, even when the data being leaked is intelligence, he said.

Continue Reading Below

ADVERTISEMENT

Furthermore, Hayden offered advice to the administration, based on his past experience.

My tool though wasnt a vendetta, wasnt an investigation, wasnt beating people up, he said. My tool was openness within the agency, so that people actually felt they had a place in which their views were valued. Id suggest that approach for the administration.

He added: What youve got is a situation that we as Americans have to agree is really bad. We cannot have the permanent government at war with the incoming administration. Both sides need to step back, take a breath.

Read the original:
No Evidence for Trump's Wiretap Claims, Former CIA, NSA Chief Says - Fox Business

Washington Times

FBI, NSA called to testify on Trump-Russia investigation Washington Times FBI Director James B. Comey and NSA Director Mike Rogers are invited, as are Mr. Obama's CIA director, national intelligence director and deputy attorney general, each of whom has been critical of President Trump in recent weeks. Top officials from ... FBI Director James Comey was 'incredulous' over Trump's tweetsCNN all 109 news articles »

Here is the original post:
FBI, NSA called to testify on Trump-Russia investigation - Washington Times