national security agency
Latest
NSA says Russian hackers are trying to steal COVID-19 vaccine research
The US, UK and Canada claim Cozy Bear has targeted health care organizations.
Microsoft is patching a major Windows 10 flaw discovered by the NSA (updated)
The IT world was waiting on pins and needles today for a high-profile Microsoft Windows 10 security patch, and now we know why. The US National Security Agency (NSA) acknowledged it has discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches, as reported initially by the Washington Post. That was backed by Krebs on Security, which reported that the NSA confirmed that it did find a major vulnerability that it passed on to Microsoft.
The US is suing Edward Snowden over his memoir
The United States is suing whistleblower Edward Snowden over his memoir, Permanent Record. It claims the former Central Intelligence Agency employee and National Security Agency contractor violated non-disclosure agreements with both agencies because he didn't submit the book to them for review before publication.
NSA improperly collected even more call records than we thought
According to documents obtained by the ACLU, the NSA's problem of collecting unauthorized American phone call data is worse than we first thought. Last May, the NSA deleted more than 600 million call records that it collected in error. The agency claimed that telecoms shared information on calls unrelated to NSA targets, and in doing so, violated federal laws. To be safe, the NSA dumped a massive amount of call records and said it had gotten to the "root cause" of the problem. But a report released by the ACLU, states that just a few months later, the NSA once again obtained information about Americans' phone calls that it was not authorized to collect under Section 215 of the Patriot Act.
Warrantless searches of Americans’ data spiked 28 percent in 2018
An annual transparency report published by the Office of the Director of National Intelligence shows warrantless searches of Americans' data jumped 28 percent in 2018. According to the report, the National Security Agency (NSA) conducted 9,637 warrantless search queries of Americans' calls, texts, and emails in 2018. That's up from 7,512 searches in 2017, and it's more than double the 4,672 warrantless searches the NSA made in 2015.
The NSA chose Christmas to detail 12 years of accidental spying
The NSA's idea of a Christmas present, it seems, is to release multiple reports detailing 12 years of improper conduct. The heavily redacted accounts reveal many incidents of misuse (both accidental and intentional) of the NSA's Signal Intelligence (SIGINT) systems. A large portion of the misconduct occurred due to the way agents searched the NSA's systems. Poorly constructed and sometimes unauthorized searches led to agents gleaning data on either US citizens and other unintended targets. According to an accompanying press release, data acquired illegally or accidentally is "almost always" deleted in what it refers to as a "purge process."
Daily Roundup: NSA spies on Huawei, Google Now for Chrome and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
WSJ: NSA collects data from less than one-fifth of all cellphone records
The National Security Agency might be busy collecting your Angry Birds high scores, but our previous notions that the government is collecting all of our phone data may be over-exaggerated, according to the Wall Street Journal. The publication reported this morning that in reality, the agency actually collects less than 20 percent of all call data. So what's going on? There appear to be a few factors that have formed a bit of a roadblock for the NSA's collection efforts: The rapid growth of phone use has made it hard for it to keep pace, and it's also struggled to find ways to remove location data (which is illegal to collect) from phone records; this information contradicts December reports that the NSA collects 5 billion phone location records per day.Lastly, the NSA's orders to US operators don't cover a vast majority of the cellphone records available, and its collection efforts have also been slowed down due to demands on the agency to respond to criticisms from US courts. If these sources are to be believed, apparently the NSA's collection program isn't as widespread as we originally thought. Of course, this might be one reason why it's resorting to World of Warcraft to get information.
Put your emoji where we can see them! The NSA collected text messages, too
Secretly sifting through your text messages isn't just for overprotective parents and paranoid lovers anymore. Now the NSA's prying eyes have shifted from your call logs and location data to your texts in a not-so-secret initiative called Dishfire. The Guardian reported that the NSA collected some 200 million text messages per day globally, extracting location data, contact information and credit card numbers. This revelation, unsurprisingly, sprung from documents leaked by Edward Snowden. According to the paper, the British intelligence agency known as the Government Communications Headquarters (GCHQ) also used the NSA's database to cull information about "untargeted and unwarranted" communications by UK citizens, noting that the program collects "pretty much everything it can." In addition to collecting and storing data from texts, a 2011 NSA presentation titled "SMS Text Messages: A Goldmine to Exploit," revealed a second program, referred to as "Prefer." Under Prefer, the agency used information pulled from automated text messages, missed call and network roaming alerts and electronic business cards to collect information pertaining to users' travel habits and social connections. While the documents, complete with smiley face Venn diagrams and gemstone metaphors, stated that US phone numbers were either removed or minimized. The same cannot be said for numbers from the UK and elsewhere. In a response to the report, an NSA spokesperson told The Guardian that the information would only be used against "valid foreign intelligence targets." Meanwhile the GCHQ claims it used the Dishfire data to develop new targets. According to a representative from the UK carrier Vodafone, the findings came as a shock and the program sounded like it circumvented UK privacy and security standards. Joseph Volpe contributed to this report
Secret NSA project gathered American cellphone location data
The NSA's been rather busy over the past few years, tracking everything from your emails to phone calls, and now the New York Times is reporting that it even conducted a secret project to collect data about the location of American's cellphones in 2010 and 2011. The project was ultimately not implemented and only recently surfaced in a pre-written answer for the director of national intelligence, James R. Clapper, should the subject come up in a Senate Judiciary Committee hearing. According to the Times, details about the project are scarce, and Senator Ron Wyden said that "the real story" behind the project has yet to be declassified. The answer obtained by the paper reads:"In 2010 and 2011 N.S.A. received samples in order to test the ability of its systems to handle the data format, but that data was not used for any other purpose and was never available for intelligence analysis purposes."
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter
After developing JailBreakMe, cracking such devices as the iPad 2 or iPhone 4 and finally scoring a paying intern gig with his nemesis, hacker Comex tweeted that he's no longer working at Apple. Also known as Nicholas Allegra, the talented coder's Cupertino situation apparently came asunder when he failed to respond to an email offer to re-up with the company, though he also told Forbes that the situation was more complicated than that. He added that "it wasn't a bad ending," and that he has fond memories of his Apple experience, but if you're hoping the Brown University student will have an iOS 6 jailbreak soon, don't hold your breath -- he's concentrating strictly on his studies, for now.
Former NSA official says agency collects Americans' web data, director denies charges
The NSA director, General Keith Alexander, is coming under scrutiny after he told a crowd gathered at the Def Con hacker conference that the spy agency "absolutely" does not collect data from and maintain files on American citizens. A former official stopped just shy of calling Alexander a liar, accusing him of playing a "word game." William Binney left the department in late 2001, when it became apparent to him that it planned to use the terrorist attacks on September 11th as an "excuse" to launch a data collection program that was already in the planning stages. Alexander for his part maintains that any data, be it web searches, Twitter posts or emails, collected from American citizens is merely incidental, and associated with intelligence gathering on foreign entities. Of course, Binney rejects this claim and testimony from Qwest CEO James Nacchio regarding the NSA's wiretapping program would seem to contradict it. ACLU attorney Alex Abdo, who was on the panel with Alexander, cast further doubt on the director's denial. He noted that loopholes in the law allow the NSA collect vast amounts of information on Americans, without them being the "target" of the surveillance. Since the agency can hold on to any data collected, it can retroactively build dossiers on citizens, should they eventually become the focus of an investigation. For a few more details, hit up the source link.
NSA builds own model of Android phone, wants you to do the same
The NSA decided it wanted to have its own go at producing a secure Android smartphone that could encrypt communications to levels necessary for national security. Project "Fishbowl" constructed 100 handsets from off-the-shelf components that were secure enough that staffers could use them without speaking in code. All conversations are conducted across an IPsec VPN with a secure, real-time transport protocol for encrypting the voice at both ends, with the VoIP server being housed inside an NSA facility. It's part of a program to get handset makers to build this kit so the Information Assurance Directorate doesn't have to navigate the interoperability hurdles between each company's tech. The agency has launched a how-to for any manufacturer looking for a large Government contract to produce Fishbowl phones on a larger scale, although they'll probably have to change the name to something more threatening like MK-Ultraphone or the Phoneadelphia Experiment.
Telecoms win immunity in wiretapping case, US court approves separate suit against the government
Looks like a case of good news-bad news for the Electronic Frontier Foundation in its fight against warrantless wiretapping. A US appeals court upheld a 2008 ruling, granting telecoms such as AT&T, Verizon and Sprint immunity for cooperating with the government in its surveillance activities. Still, Judge Margaret McKeown of the 9th US Circuit Court of Appeals insists that immunity only applies to telecoms, not the government, and that "the federal courts remain a forum to consider the constitutionality of the wiretapping scheme and other claims." Indeed, while the 9th Circuit upheld immunity for telecoms, it also gave the go-ahead for a separate suit against the NSA, former president George W. Bush, senior members of the Bush administration and President Obama for using AT&T's network to conduct "an unprecedented suspicionless general search," according to the filing. The court's decision to allow this suit to proceed marks a reversal of an earlier ruling, in which a lower court said the plaintiffs did not have legal standing to pursue the case. [Image courtesy PBS]
US Cyber Command completes major cyber attack simulation, seems pleased with the results
The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.
ITT unveils GhostRider encryption device capable of securing US Army smartphones
That may look like a Motorola Atrix Dell Venue, but it's actually something known as the GhostRider -- a new encryption device that could go a long way toward securing the Army's smartphones. Developed by defense company ITT, this revamped handset would allow military personnel to transmit secure text messages and phone calls over the Army's network, even if they're out on the battlefield. All they'd have to do is place their personal phones next to the GhostRider, tap and hold its touchscreen to activate the security features and begin texting away. When another GhostRider user receives an SMS, he or she would have to enter a pass code before reading it. The phone's security mechanisms, meanwhile, have been certified by the cryptographers at the NSA, which would certainly help justify its $1,500 price tag. The handset's display, meanwhile, looks awfully similar to the Army's Nett Warrior platform -- an Android-based OS that features a host of mapping functions designed explicitly for war zones. Officials unveiled the latest incarnation of Nett Warrior at the recent Association of the US Army gala in DC, though the platform's creators are still looking for the appropriate commercial device to host it -- unless, of course, GhostRider's software replaces it altogether. "We think Nett Warrior should be something like this," ITT vice president Richard Takahashi told Wired. "This can be the smart device." March past the break for more information, in ITT's jargon-laced PR. Update: Thanks to readers who spotted it's a Venue rather than an Atrix. Our eyes must have been temporarily scrambled by the enemy. Just to be clear -- it's not the handset that's different, only the peripheral.
Getting to know you: Comex, the boy behind iOS' JailbreakMe
See that kid above? That's Nicholas Allegra. He's the hackdom Harry Potter to Apple's Ye-Who-Shall-Not-Jailbreak-Our-Wares, and Forbes managed to sniff him out for a little bold-faced exposé. The 19-year old hero of the iOS community, better known as Comex, got his self-taught start with Visual Basic when he was still in single digits. After graduating through a venerable online forum education, the precocious coding lad set his smarts to homebrew Wii development, and the rest is JailbreakMe history. The self-described Apple fanboy admits his background is atyipcal of the cybersecurity industry, but with a former National Security Agency analyst praising his work as years ahead of his time, we don't think he should worry. For all the trouble his code has caused Cupertino, Allegra's not trying to be the embedded thorn in Jobs' side. Rather, the iPhone hacker claims "it's just about the challenge" and plans to keep on keeping ol' Steve on his billion dollar toes.
Robert Morris, man who helped develop Unix, dies at 78
We have some somber news to bring you this morning: Robert Morris, the cryptographer who helped create Unix, has died at the age of 78. Morris began his work on the groundbreaking OS back in 1970 at AT&T's Bell Laboratories, where he played a major role in developing Unix's math library, password structure and encryption functions. His cryptographic exploration continued into the late 1970s, when he began writing a paper on an early encryption tool from Germany. But the paper would never see the light of day, thanks to a request from the NSA, which was concerned about potential security ramifications. Instead, the agency brought Morris on board as a computer security expert in 1986. Much of what he did for Uncle Sam remains classified, though he was involved in internet surveillance projects and cyber warfare -- including what might have been America's first cyberattack in 1991, when the US crippled Saddam Hussein's control capabilities during the first Gulf War. Morris stayed with the NSA until 1994, when he retired to New Hampshire. He's survived by his wife, three children and one, massive digital fingerprint. [Image courtesy of the New York Times]
NSA wants $896.5 million to build new supercomputing complex
The federal government may be cutting corners left and right, but that hasn't stopped the NSA from requesting nearly $900 million to help beef up its supercomputing capabilities. According to budget documents released by the Department of Defense yesterday, the NSA is looking to construct a massive new High Performance Computing Center in Maryland, designed to harness plenty of supercomputing muscle within an energy efficient framework. As with many other data centers, the NSA's $896.5 million complex would feature raised floors, chilled water systems and advanced alarm mechanisms, but it would also need about 60 megawatts of power -- the same amount that powers Microsoft's gargantuan, 700,000 square-foot data center in Chicago. According to the DoD, however, the NSA would use that juice judiciously, in the hopes of conserving enough water, energy and building materials to obtain LEED Silver certification. Another chunk of the funding, not surprisingly, would go toward fortifying the facility. The NSA is hoping to pour more than $35 million into building security and perimeter control, which would include a cargo inspection facility, advanced surveillance, and systems designed to detect any radiological, nuclear, or chemical threats. If all goes to plan, construction would wrap up by December 2015.
