nsa
Latest
Russian hackers reportedly stole NSA cyber defense material
The Wall Street Journal reports today that Russian hackers stole documents detailing how US agencies defend their networks against cyberattacks, how they breach foreign networks and the computer code they use to do so. Sources told the publication that the stolen files were identified through Kaspersky security software used by an NSA contractor that had taken classified material from the NSA and saved it on his come computer.
US allies accuse NSA of manipulating encryption standards
The US National Security Agency (NSA) is in the global bad books again after allegations surfaced suggesting it was trying to manipulate international encryption standards. Reuters reports that it has seen interviews and emails from experts in countries including Germany, Japan and Israel expressing concern that the NSA has been pushing two particular encryption techniques not because they are secure, but because the agency knows how to break them.
NSA once spied on your *NSYNC downloads from Kazaa
A nostalgic new cache of Edward Snowden files shows the National Security Agency (NSA) has been snooping online for a lot longer than you may think. While you were listening to Enya on your state-of-the-art iPod, the agency was looking into peer-to-peer encryption sites like Napster, Limewire and Kazaa, according to a report by The Intercept. Its crowning achievement was to crack the encryption used by at least two sites, Kazaa and eDonkey, exposing search queries and shared files.
Trump announces he’s elevating the role of US Cyber Command
In a statement today, President Trump announced that he's elevating the US Cyber Command to a unified combatant command, bringing it the level of others like the US European Command and the US Special Operations Command. "This new Unified Combatant Command will strengthen our cyberspace operations and create more opportunities to improve our Nation's defense," said Trump. "The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries."
US Cyber Command may be splitting off from the NSA
It sounds as though the United States' Cyber Command will break off from the National Security Agency and be more aligned with the military in the future. The move would "eventually" cleave Cyber Command from the intelligence-focused NSA and instead align it more with the military, according to the Associated Press. "The goal is to give Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA," AP reports. The NSA's core task of intelligence gathering sometimes is at odds with military cyber warfare operations, hence the proposed separation. Prior to this, the two had clashed on getting intel from Islamic State networks (the NSA's task) and attacking (Cyber Command's).
US hit by cyberattack that targeted Ukraine and Russia
Yesterday, a number of Ukrainian and Russian companies and state agencies reported being hit by a cyberattack, the results of which ranged from flight delays at Boryspil airport to a shutdown of Chernobyl nuclear power plant's automatic radiation monitoring system. And while those two countries took the brunt of it, the virus at the root of the attack quickly spread throughout Europe and to Asia, Australia and the US.
Report: Obama authorized a secret cyber operation against Russia
President Barack Obama learned of Russia's attempts to hack US election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the US to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former US official told The Post.
WannaCry ransomware causes Honda plant to shut down
WannaCry isn't done yet. Honda Motor Co. had to shut down its Sayama plant on Monday after finding the ransomware in its computer network. The plant's production resumed on Tuesday.
Mystery internet company challenges NSA’s mass surveillance order
Thanks to a newly-declassified document, we know that an unnamed tech company refused to comply with NSA orders to let the agency spy on the company's client users. It's the first known case of an organization from the industry outright rejecting such a request.
Russian intelligence agents targeted US voting-software company
Russia's military intelligence agency infiltrated a US voting-software company and conducted a phishing campaign targeting more than 100 local elections officials, according to top-secret National Security Agency documents published by The Intercept. The cyberattacks occurred in the months and days before the US presidential election in November. The US intelligence community concluded in January that top Russian authorities directed a hacking campaign against the US election infrastructure, including launching cyberattacks against the Democratic National Committee and the staff of candidate Hillary Clinton. The NSA documents published today offer a glimpse into how Russia actually attempted to infiltrate US elections systems, and what kind of information agents were interested in manipulating. The report does not state whether these attacks directly affected the results of the election.
Recommended Reading: The bright future of free over-the-air TV
Free Over-the-Air TV Is Going to Get Better James K. Willcox, Consumer Reports Thanks to a new standard known as ATSC 3.0, over-the-air TV broadcasts will include all the newfangled tech like 4K and HDR. Consumer Reports has the run down on what that means for OTA, including whether or not you may have to pay for it.
Facebook and Google ask Congress for surveillance reform (again)
It's no secret that the American government monitors the web data of non-citizens it considers potential threats. But major tech companies such as Facebook, Microsoft, and Google are looking to change the way that surveillance is handled by the government. The government is authorized to look through the web activity of non-US citizens located outside the United States through Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is set to expire at the end of the year. The US House of Representatives argues that, "FISA Section 702 is one of the most important legal authorities to stop terrorist attacks." The tech companies don't disagree -- they aren't campaigning against reauthorization -- but in a letter obtained by Axios, they're asking that specific privacy-related concerns be addressed.
Wikimedia is clear to sue the NSA
A federal appeals court has ruled the Wikimedia Foundation does have grounds to sue the National Security Agency over its use of warrantless surveillance tools. A district judge shot down Wikimedia's case in 2015, saying the group hadn't proved the NSA was actually illegally spying on its communications. In this case, proof was a tall order, considering information about the targeted surveillance system, Upstream, remains classified.
NSA would have to disclose its cyber exploit policies under new bill
It wasn't long after last week's devastating international ransomware attack before details surfaced about how the hackers found the exploit to target: It was stolen from the NSA, which stockpiles the digital vulnerabilities. Now, Democratic Senator Brian Schatz (HI) has introduced a bill that would create policy regulating how and when federal agencies would disclose known attack vectors.
The 'WannaCry' ransomware is a stark reminder of a broken system
In April, a hacking group called The Shadow Brokers dumped a cache of Windows' exploits it pilfered from the NSA. The group had decided to start leaking exploits it stole from the agency after it was unable to find a buyer for the government's hacking tools. Inside that April drop was a remote code execution vulnerability called "EternalBlue" (aka MS17-010). Fortunately, Microsoft issued a security patch that fixed EternalBlue in March. What's not so fortunate is that not everyone had applied it to their machines.
Microsoft blasts spy agencies for hoarding security exploits
Microsoft is hopping mad that leaked NSA exploits led to the "WannaCry" (aka "WannaCrypt") ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen."
'WannaCry' ransomware evolves despite attempts to kill it
There were predictions that the fast-spreading "WannaCry " (aka "WannaCrypt") ransomware would quickly evolve to get around its domain-based kill switch, and, well... the predictions were right. Security researchers have discovered variants of the Windows malware that either have different kill switches (easy to stop by purchasing the web domain) or don't have a kill switch at all. MalwareTech's initial findings might have stopped the original WannaCry in its tracks, but that was really just a speed bump for malicious coders.
'WannaCry' ransomware attack spreads worldwide (update)
England's healthcare system came under a withering cyberattack Friday morning, with "at least 25" hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. It's now clear that this is not a (relatively) isolated attack but rather a single front in a massive digital assault. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
DOJ code-breaking project found unencrypted on the internet
Encryption is the key to our digital privacy. It keeps eavesdroppers from reading your private conversations and checking out which sites you're visiting. It's important enough that iOS and Android will encrypt your entire device just in case it falls into the wrong hands.
NSA will stop illegally collecting American emails
The National Security Agency has enjoyed relatively broad authority to monitor communications among suspected terrorists and their associates, even when those people happen to be American citizens and even without a warrant. However, The New York Times reports the NSA is stopping one of its most controversial practices: the collection of Americans' international emails and text messages that mention a foreigner under surveillance.