nationalsecurityagency
Latest
US government declassifies documents concerning telephonic data collection
Today brings another victory for transparency as the US government has just declassified three documents pursuant to the collection of telephonic metadata authorized by section 215 of the PATRIOT Act. The documents, released by the Office of the Director of National Intelligence, include the 2009 and 2011 reports concerning the reauthorization of the PATRIOT Act as well as the order for business record collection. During a Senate Judiciary Committee hearing on the subject, NSA Deputy Director John Inglis made public for the first time the mechanism for accessing the metadata at the government's disposal. According to Inglis, telephonic information -- which does not include names, addresses, or social security numbers -- exists in databases but cannot be accessed without reasonable suspicion of association with terrorists. Deputy Attorney General James Cole went on to say, "Nobody is listening to anybody's conversations." This revelation might be cold comfort to those concerned about the government's ownership of this data to begin with, but it does pull back the curtain somewhat on the NSA's policies and procedures. To read these declassified -- and heavily redacted -- documents in full, head on over to the source link below.
Electronic Frontier Foundation sues NSA, calls surveillance programs unconstitutional
Earlier today, the Electronic Frontier Foundation sued the Obama administration over concerns surrounding the NSA's extensive surveillance programs, just weeks after the ACLU did the same. Filed on behalf of human rights, religious and environmental activist groups, the suit argues that the federal government's so-called Associational Tracking Program is inherently unconstitutional because it threatens stipulations found in the Bill of Rights, like freedom of speech and the right to assembly. The list of plaintiffs is extensive, and the suit has united groups with varying mission statements, like Human Rights Watch, Greenpeace and the National Organization for the Reform of Marijuana Laws. To read the complaint in full, head on over to the source link below.
FBI deputy director claims intelligence programs foiled NYC subway and NYSE bombings, among others (update)
The United States government's controversial data collection practices reportedly helped thwart plots to bomb the New York City subway system and New York Stock Exchange, Federal Bureau of Investigation deputy director Sean Joyce said during a House Intelligence Committee hearing this morning in Washington, DC. Information from the programs -- one focused on phone networks and another on the internet -- was also said to serve a role in stopping a separate bombing threat at Danish newspaper Jyllands-Posten in Denmark, which ran a cartoon depicting Islam's Prophet Muhammad. National Security Agency director Keith Alexander added that, "50 terror threats in 20 countries" were stopped as a result of the controversial information gathering practices. "I would much rather be here today debating this than explaining why we were unable to prevent another 9/11'' attack," he said. When asked if the NSA is technologically capable of "flipping a switch" and listening in on Americans (whether by phone or internet), Alexander flatly answered, "no." Update: According to a Wired report, the man named during today's hearing in connection with the New York Stock Exchange bombing, Khalid Ouazzani, wasn't convicted of anything regarding the NYSE. Rather, his plea cites various money laundering in connection with terrorists, and his lawyer said, "Khalid Ouazzani was hot involved in any plot to bomb the New York Stock Exchange."
JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter
After developing JailBreakMe, cracking such devices as the iPad 2 or iPhone 4 and finally scoring a paying intern gig with his nemesis, hacker Comex tweeted that he's no longer working at Apple. Also known as Nicholas Allegra, the talented coder's Cupertino situation apparently came asunder when he failed to respond to an email offer to re-up with the company, though he also told Forbes that the situation was more complicated than that. He added that "it wasn't a bad ending," and that he has fond memories of his Apple experience, but if you're hoping the Brown University student will have an iOS 6 jailbreak soon, don't hold your breath -- he's concentrating strictly on his studies, for now.
Former NSA official says agency collects Americans' web data, director denies charges
The NSA director, General Keith Alexander, is coming under scrutiny after he told a crowd gathered at the Def Con hacker conference that the spy agency "absolutely" does not collect data from and maintain files on American citizens. A former official stopped just shy of calling Alexander a liar, accusing him of playing a "word game." William Binney left the department in late 2001, when it became apparent to him that it planned to use the terrorist attacks on September 11th as an "excuse" to launch a data collection program that was already in the planning stages. Alexander for his part maintains that any data, be it web searches, Twitter posts or emails, collected from American citizens is merely incidental, and associated with intelligence gathering on foreign entities. Of course, Binney rejects this claim and testimony from Qwest CEO James Nacchio regarding the NSA's wiretapping program would seem to contradict it. ACLU attorney Alex Abdo, who was on the panel with Alexander, cast further doubt on the director's denial. He noted that loopholes in the law allow the NSA collect vast amounts of information on Americans, without them being the "target" of the surveillance. Since the agency can hold on to any data collected, it can retroactively build dossiers on citizens, should they eventually become the focus of an investigation. For a few more details, hit up the source link.
NSA builds own model of Android phone, wants you to do the same
The NSA decided it wanted to have its own go at producing a secure Android smartphone that could encrypt communications to levels necessary for national security. Project "Fishbowl" constructed 100 handsets from off-the-shelf components that were secure enough that staffers could use them without speaking in code. All conversations are conducted across an IPsec VPN with a secure, real-time transport protocol for encrypting the voice at both ends, with the VoIP server being housed inside an NSA facility. It's part of a program to get handset makers to build this kit so the Information Assurance Directorate doesn't have to navigate the interoperability hurdles between each company's tech. The agency has launched a how-to for any manufacturer looking for a large Government contract to produce Fishbowl phones on a larger scale, although they'll probably have to change the name to something more threatening like MK-Ultraphone or the Phoneadelphia Experiment.
Telecoms win immunity in wiretapping case, US court approves separate suit against the government
Looks like a case of good news-bad news for the Electronic Frontier Foundation in its fight against warrantless wiretapping. A US appeals court upheld a 2008 ruling, granting telecoms such as AT&T, Verizon and Sprint immunity for cooperating with the government in its surveillance activities. Still, Judge Margaret McKeown of the 9th US Circuit Court of Appeals insists that immunity only applies to telecoms, not the government, and that "the federal courts remain a forum to consider the constitutionality of the wiretapping scheme and other claims." Indeed, while the 9th Circuit upheld immunity for telecoms, it also gave the go-ahead for a separate suit against the NSA, former president George W. Bush, senior members of the Bush administration and President Obama for using AT&T's network to conduct "an unprecedented suspicionless general search," according to the filing. The court's decision to allow this suit to proceed marks a reversal of an earlier ruling, in which a lower court said the plaintiffs did not have legal standing to pursue the case. [Image courtesy PBS]
US Cyber Command completes major cyber attack simulation, seems pleased with the results
The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.
ITT unveils GhostRider encryption device capable of securing US Army smartphones
That may look like a Motorola Atrix Dell Venue, but it's actually something known as the GhostRider -- a new encryption device that could go a long way toward securing the Army's smartphones. Developed by defense company ITT, this revamped handset would allow military personnel to transmit secure text messages and phone calls over the Army's network, even if they're out on the battlefield. All they'd have to do is place their personal phones next to the GhostRider, tap and hold its touchscreen to activate the security features and begin texting away. When another GhostRider user receives an SMS, he or she would have to enter a pass code before reading it. The phone's security mechanisms, meanwhile, have been certified by the cryptographers at the NSA, which would certainly help justify its $1,500 price tag. The handset's display, meanwhile, looks awfully similar to the Army's Nett Warrior platform -- an Android-based OS that features a host of mapping functions designed explicitly for war zones. Officials unveiled the latest incarnation of Nett Warrior at the recent Association of the US Army gala in DC, though the platform's creators are still looking for the appropriate commercial device to host it -- unless, of course, GhostRider's software replaces it altogether. "We think Nett Warrior should be something like this," ITT vice president Richard Takahashi told Wired. "This can be the smart device." March past the break for more information, in ITT's jargon-laced PR. Update: Thanks to readers who spotted it's a Venue rather than an Atrix. Our eyes must have been temporarily scrambled by the enemy. Just to be clear -- it's not the handset that's different, only the peripheral.
Getting to know you: Comex, the boy behind iOS' JailbreakMe
See that kid above? That's Nicholas Allegra. He's the hackdom Harry Potter to Apple's Ye-Who-Shall-Not-Jailbreak-Our-Wares, and Forbes managed to sniff him out for a little bold-faced exposé. The 19-year old hero of the iOS community, better known as Comex, got his self-taught start with Visual Basic when he was still in single digits. After graduating through a venerable online forum education, the precocious coding lad set his smarts to homebrew Wii development, and the rest is JailbreakMe history. The self-described Apple fanboy admits his background is atyipcal of the cybersecurity industry, but with a former National Security Agency analyst praising his work as years ahead of his time, we don't think he should worry. For all the trouble his code has caused Cupertino, Allegra's not trying to be the embedded thorn in Jobs' side. Rather, the iPhone hacker claims "it's just about the challenge" and plans to keep on keeping ol' Steve on his billion dollar toes.
Robert Morris, man who helped develop Unix, dies at 78
We have some somber news to bring you this morning: Robert Morris, the cryptographer who helped create Unix, has died at the age of 78. Morris began his work on the groundbreaking OS back in 1970 at AT&T's Bell Laboratories, where he played a major role in developing Unix's math library, password structure and encryption functions. His cryptographic exploration continued into the late 1970s, when he began writing a paper on an early encryption tool from Germany. But the paper would never see the light of day, thanks to a request from the NSA, which was concerned about potential security ramifications. Instead, the agency brought Morris on board as a computer security expert in 1986. Much of what he did for Uncle Sam remains classified, though he was involved in internet surveillance projects and cyber warfare -- including what might have been America's first cyberattack in 1991, when the US crippled Saddam Hussein's control capabilities during the first Gulf War. Morris stayed with the NSA until 1994, when he retired to New Hampshire. He's survived by his wife, three children and one, massive digital fingerprint. [Image courtesy of the New York Times]
NSA wants $896.5 million to build new supercomputing complex
The federal government may be cutting corners left and right, but that hasn't stopped the NSA from requesting nearly $900 million to help beef up its supercomputing capabilities. According to budget documents released by the Department of Defense yesterday, the NSA is looking to construct a massive new High Performance Computing Center in Maryland, designed to harness plenty of supercomputing muscle within an energy efficient framework. As with many other data centers, the NSA's $896.5 million complex would feature raised floors, chilled water systems and advanced alarm mechanisms, but it would also need about 60 megawatts of power -- the same amount that powers Microsoft's gargantuan, 700,000 square-foot data center in Chicago. According to the DoD, however, the NSA would use that juice judiciously, in the hopes of conserving enough water, energy and building materials to obtain LEED Silver certification. Another chunk of the funding, not surprisingly, would go toward fortifying the facility. The NSA is hoping to pour more than $35 million into building security and perimeter control, which would include a cargo inspection facility, advanced surveillance, and systems designed to detect any radiological, nuclear, or chemical threats. If all goes to plan, construction would wrap up by December 2015.
NSA nearing approval of two uber-secure handhelds
If fingerprint readers and eight layers of passwords aren't secure enough for you (or your employer), the National Security Agency is reportedly nearing the end of the approval process for a duo of "secure handheld voice and data communications devices." General Dynamics, more commonly know for its array of laptops, is eagerly awaiting the thumbs-up to be given to its Sectera Edge (pictured), while L-3 Communications' Guardian should actually be available in Q4 of this year. With the coveted NSA seal of approval, "the Defense Department will be cleared to buy the devices under an indefinite-delivery, indefinite-quantity contract," but judging by the unsightly designs we're seeing on these things, don't bet on employees lining up to snag one.
