nationalsecurityagency
Latest
NSA says Russian hackers are trying to steal COVID-19 vaccine research
The US, UK and Canada claim Cozy Bear has targeted health care organizations.
The US is suing Edward Snowden over his memoir
The United States is suing whistleblower Edward Snowden over his memoir, Permanent Record. It claims the former Central Intelligence Agency employee and National Security Agency contractor violated non-disclosure agreements with both agencies because he didn't submit the book to them for review before publication.
US allies accuse NSA of manipulating encryption standards
The US National Security Agency (NSA) is in the global bad books again after allegations surfaced suggesting it was trying to manipulate international encryption standards. Reuters reports that it has seen interviews and emails from experts in countries including Germany, Japan and Israel expressing concern that the NSA has been pushing two particular encryption techniques not because they are secure, but because the agency knows how to break them.
US Cyber Command may be splitting off from the NSA
It sounds as though the United States' Cyber Command will break off from the National Security Agency and be more aligned with the military in the future. The move would "eventually" cleave Cyber Command from the intelligence-focused NSA and instead align it more with the military, according to the Associated Press. "The goal is to give Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA," AP reports. The NSA's core task of intelligence gathering sometimes is at odds with military cyber warfare operations, hence the proposed separation. Prior to this, the two had clashed on getting intel from Islamic State networks (the NSA's task) and attacking (Cyber Command's).
Yahoo reportedly gave US government access to all users' emails (updated)
According to Reuters, Yahoo provided US intelligence officials access to all of its customers incoming emails last year. The publication's sources claim that the company had to comply with a classified request from the government, which allowed the National Security Agency and FBI to scan "hundreds of millions" of Yahoo Mail accounts.
EFF scores a blow against the government's domestic spying
Before we knew that the National Security Agency was getting its jollies by spying via Prism, there was Jewel vs. NSA. That case, filed by Electronic Frontier Foundation, has gotten a boost from California judge Jeffrey White who's has granted discovery to the EFF -- something the EFF says it's been barred from since 2008. Not up on your legalese? Don't worry. Discovery is the step in a court case that allows all parties involved to go into trial with as much information as possible, without either party being able to keep secrets from one another. Unless said information would result in self-incrimination, it's a fact-finding stage.
Congress to investigate US involvement in Juniper's backdoor
Congress announced plans on Friday to investigate the backdoor recently found in Juniper Networks software and whether it was intentionally placed there for the National Security Agency's benefit. The investigation is being led by the House Committee on Oversight and Government Reform, which has already sent more than two dozen letters to various agencies asking for documentation regarding their use of Juniper's ScreenOS software. The company announced in December that ScreenOS had been compromised using a technique that has widely been attributed to the NSA.
Former US national security officials back end-to-end encryption
Three former US national security officials have given their support to end-to-end encryption and criticised claims that the government should have backdoor access or "duplicate" decryption keys. Mike McConnell, a former director of the National Security Agency and director of national intelligence, Michael Chertoff, a former homeland security secretary, and William Lynn, a former deputy defense secretary voiced their approval in the Washington Post. The trio argue that requiring companies to produce duplicate keys would only increase the risk of cyberattack. In short, the location or holder of the duplicate keys would simply create another potential point of vulnerability and attract hackers.
The NSA's 2013 transparency report is more opaque
In an attempt to offer transparency to United States surveillance tactics, the Office of the Director of National Intelligence released a report today offering numbers for National Security Agency actions in 2013. The report notes thousands of orders placed for use of surveillance tactics (FISA requests: 1,899 in total), but fails to mention who or what was being targeted, not to mention exactly how. It recounts thousands of requests to the Foreign Intelligence Surveillance Court -- the court that decides which surveillance tactics are considered legal by the US government -- and thousands of "targets" (90,601). However, issues arise immediately. The word "target" is defined as such: "[It] has multiple meanings. For example, 'target' could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire."
How to Disappear (almost) Completely: the illusion of privacy
Can anyone ever really leave the internet? And if you had the choice, is that something that you'd want to do? After all, abandoning the connected world might help you reclaim some privacy, but even if you smashed your PC, burned your tablet and tossed your smartphone, you might still not be able to escape constant surveillance. In our three-part series How To Disappear, we're going to look at why you'd think about going offline, what you can do to tidy up your digital footprint and what happens to those who have made the leap into the darkness.
NSA claims Snowden only sent one email questioning surveillance tactics
The man behind the biggest leak of United States government secrets in history, Edward Snowden, is having his reputation challenged by the very entity he sought to call out, the National Security Agency (NSA). According to the agency, only one email can be found which relates to him raising concerns internally about government surveillance overreach. That stands in stark contrast to what Snowden told reporters Glenn Greenwald and Laura Poitras in Hong Kong last summer, where he first detailed his history and the wealth of information he'd taken. "They would say 'this isn't your job,' or you'd be told you don't have enough information to make those kinds of judgments," Snowden says in Greenwald's recent book, No Place to Hide. "You'd basically be instructed not to worry about it."
The NSA issues its own suggestions for avoiding lost Heartbleed data
The United States National Security Agency may or may not have known about the security vulnerability known as "Heartbleed," but now that it's a widely publicized issue, the agency has some safety suggestions. Sure, you've probably heard all this before, but bear with us. First and foremost, websites/web services using the affected software (OpenSSL versions 1.0.1 through 1.0.1f) are told to update, or turn off the function which enables the security flaw. Second, a variety of OSes and client/server software use the affected service, so the NSA suggests you get in touch with your software's creator directly (Google's already taken care of it in one version of Android, for instance). Finally, after you're back up on a safe version of the website/service/OS you use, it's time to dump your current password in place of a fancy new one. Like we said, nothing you haven't heard before, but here's the NSA confirming as much. Head below for the full document in all its acronym-laden glory.
Snowden leaks and NSA reporting win Pulitzer Prizes
Both The Guardian and The Washington Post were announced as Pulitzer Prize winners today in the public service category. The prizes were awarded for The Guardian's Edward Snowden work, which revealed dozens of details about the United States government spying on citizens the world over, and for Washington Post's ongoing National Security Agency coverage, which uncovered Prism and myriad other surveillance overreaches. Of the 14 awards given, only two were given for reporting on NSA surveillance and Edward Snowden's leaks.
Bloomberg: NSA used Heartbleed exploit for 'years' without alerting affected websites, the public (update: NSA response)
The United States National Security Security Agency reportedly used the recently uncovered "Heartbleed" security exploit to access information, Bloomberg reports. According to two unnamed sources, the NSA exploited the flawed security standard for the past two years without alerting affected companies and the public at large. It's unclear what the exploit was used to access, but the flaw affects a huge portion of the web: something like two-thirds. Major services like Google are already acting, updating services and patching the issue. For those services, we suggest updating your passwords ASAP. For the still affected sites? Sadly, your best option is to wait it out. Update: The NSA insists that it only became aware of Heartbleed at the same time as everyone else. This answer isn't going to satisfy everyone given the many contradictory claims about the agency's activities, but hey -- at least it's on top of the situation.
Over 200 NSA documents collected and made searchable, from Snowden to Prism
When Edward Snowden made a name for himself last June by leaking classified NSA information, he did so by working with The Guardian and a documentary filmmaker. As such, the public learned of much of the NSA's surveillance measures through the medium of a single media outlet. In the ensuing months, much more has come to light, and today the American Civil Liberties Union is unveiling "NSA Documents Database," a searchable, categorized database of just over 200 previously classified NSA documents. That includes everything from the initial Snowden leaks through Mystic (and more). The collection comprises "all of the documents released since [June 5, 2013], both by the media and the government," and the ACLU promises more documents will be added as they become available. In so many words, if you're looking to dig in and bone up on the current government surveillance debate, this is gonna be your jam.
WSJ: Four ways to distance the NSA from phone records that'll be considered by government
President Obama has his work cut out for him as he tries to restore faith in the US government following the whole NSA spying scandal. He first talked of surveillance reform last year, then in a January 2014 speech promised to revamp the NSA's program for collecting phone records. While the agency must now seek court approval to access phone data, The Wall Street Journal is reporting that "administration lawyers" have finished drafting several proposals that would bring about more radical changes to the program by taking the database out of the NSA's hands. These are said to be part of a wider report due in March, in which other scenarios that strip some power from the government spy agency will be explored. One of the proposals would see phone companies responsible for managing the records, which the NSA would then request on a case-by-case basis. Apparently the idea hasn't gone down too well, with companies wary of being inundated with data requests from elsewhere; not to mention they haven't been involved in crafting the proposals. (Besides, do you trust AT&T and Verizon anymore than the government?) Another idea would see a different government entity such as the FBI (which is allegedly a contender, despite its own indiscretions) or Foreign Intelligence Surveillance Court be put in charge. It's also been suggested a new independent organization be created that would technically be neither a part of the government nor a phone company. Though, the concern there is any newly created body would ultimately end up serving as an extension of the NSA. Of course, there's always the last option of doing away with the phone surveillance altogether, which we're sure many would celebrate, but seems highly unlikely. There's always the possibility that another solution is agreed upon, but for now these seem to be the primary options available to the Commander in Chief.
NSA reportedly infiltrated Xbox Live and World of Warcraft in hunt for terrorists
According to documents leaked by Edward Snowden and brought to light today by The Guardian, the NSA has been monitoring online gaming communities since 2008 and has even been sending real-life agents into online RPGs posing as players. Xbox Live was apparently one of the biggest services to be targeted, while World of Warcraft and Second Life also came under some degree of scrutiny. It's not totally clear why the NSA, along with its UK equivalent the GCHQ, thought such operations were necessary, but there seems to have been a general sense that online games could be used as communication hubs by evil-doers, as well as some evidence that Hezbollah had developed its own game for the purpose of recruitment. None of the leaked files suggest that the agent-avatars caught any terrorists, even though undercover operations were apparently so numerous that, at one point, an NSA analyst called for a "deconfliction group" to be set up to prevent the agency's personnel from inadvertently spying on each other. Meanwhile, Microsoft and Linden Labs have refused to comment, but Blizzard Entertainment has said it was unaware of any surveillance taking place in World of Warcraft and certainly has never granted any permission for its players to be observed. The Guardian says it'll publish the relevant files later today, in partnership with the New York Times and ProPublica. Update: We asked Microsoft how this happened, and a spokesperson told us that Redmond wasn't aware of any surveillance activity. "If it occurred as has been reported, it certainly wasn't done with our consent."
NSA reportedly cracks down on staff who thought it was okay to share their logins with Edward Snowden
In a slightly ironic twist for the National Security Agency, Reuters reports that as many as 25 members of its staff have been "removed from their assignments" because they shared their private passwords with Edward Snowden while he worked there. A number of government offices are currently trying to find out just how Snowden got hold of so much confidential data, and sources close to those investigations now claim that the PRISM whistleblower used his position as a systems admin to dupe colleagues into handing over their passwords. It's not clear whether the NSA staff involved in the breach have been fired or re-assigned, but if the allegations are true then there are likely to be some red faces at the agency once the various investigations reach their conclusions, because such a large-scale failure by supposedly highly-trained staff would implicate the NSA's systems and practices, rather than just a few naive individuals.
Secret NSA project gathered American cellphone location data
The NSA's been rather busy over the past few years, tracking everything from your emails to phone calls, and now the New York Times is reporting that it even conducted a secret project to collect data about the location of American's cellphones in 2010 and 2011. The project was ultimately not implemented and only recently surfaced in a pre-written answer for the director of national intelligence, James R. Clapper, should the subject come up in a Senate Judiciary Committee hearing. According to the Times, details about the project are scarce, and Senator Ron Wyden said that "the real story" behind the project has yet to be declassified. The answer obtained by the paper reads:"In 2010 and 2011 N.S.A. received samples in order to test the ability of its systems to handle the data format, but that data was not used for any other purpose and was never available for intelligence analysis purposes."
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
