Jump to content

Search the Community

Showing results for tags 'nsa'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 16 results

  1. Momentum is growing in Congress to reject the Trump administration’s request to reauthorize a controversial surveillance program. Lawmakers have until March 15 to reauthorize expiring provisions under the USA Freedom Act, including a controversial phone records program known as Section 215. The program, initially made public through leaks by former government contractor Edward Snowden, allows the National Security Agency (NSA) to collect metadata on incoming and outgoing calls from a specific number, though it does not allow the NSA to look at the content of the calls. Attorney General William Barr met with Senate Republicans on Tuesday to discuss the law and make the case for a blanket extension. But key chairmen in the House and Senate do not support reauthorizing the call records program, arguing it has been subsequently been made inoperable. “That would be a tough sell if you don’t use it,” said Senate Judiciary Committee Chairman Lindsey Graham (R-S.C.). The New York Times reported on Tuesday that Section 215 had cost $100 million between 2015 and 2019 but only in two instances provided information the FBI didn’t already have. That resulted in one investigation. This raises the odds that Congress could formally revoke authorization for the call records program while greenlighting an extension of other parts of the surveillance law set to expire. Sen. John Cornyn (Texas), a member of GOP leadership and the Senate Intelligence Committee, noted that the “experts” within the intelligence community support ending the call records program. “I don’t believe that the experts find that call record reauthorization particularly helpful. So I could support reauthorizing the other parts … and not reauthorize that,” he said. Cornyn added that he understands Barr and other administration officials want to keep the authority for the program but “I think they can come back to Congress when and if they come up with a better technology solution, and we could consider reauthorizing it then, not now.” Sens. Richard Burr (R-N.C.) and Mark Warner (D-Va.) — the chairman and vice chairman of the Intelligence Committee, respectively — have filed legislation that would formally end the call records program while providing an eight-year extension for its other provisions. Meanwhile, House Democrats on the Intelligence and Judiciary committees unveiled legislation this week that would repeal the NSA’s authority to run the program. That bill is scheduled to get a vote in the Judiciary Committee on Wednesday. The NSA shuttered the program, arguing that the changes made by the USA Freedom Act, which Congress passed in 2015, made the call records program unworkable. The law changed the bulk collection of metadata by requiring the government to specify an individual or account, a step that narrows the swath of data collected. Despite this, then-acting Director of National Intelligence Dan Coats last year formally asked Congress to reauthorize Section 215, along with the other provisions, arguing that the intelligence community should retain the authority to restart the program down the road. Barr, according to GOP senators, urged lawmakers during the private meeting on Tuesday to pass a “clean” reauthorization of all three provisions. Sen. Mike Lee (R-Utah) said in a tweet that he “made a long case against a simple reauthorization” during the closed-door lunch. But Barr appears to have the backing of Senate Majority Leader Mitch McConnell (R-Ky.), who told reporters on Tuesday that he supports extending the surveillance powers. “They’re still relevant to our effort to go after terrorists today. ... These tools have been overwhelmingly useful according to our intelligence advisors, and I hope that when the Senate deals with these expiring provisions in a couple of weeks we’ll be able to continue to have them in law,” McConnell told reporters. McConnell’s support for extending all three parts of the law, however, does not mean the Senate will do so. The GOP leader did not support the USA Freedom Act in 2015, instead trying to get the Senate to make a blanket reauthorization of the post-9/11 Patriot Act language. But the GOP leader ran into a roadblock as libertarian-minded senators, including Sen. Rand Paul (R-Ky.), blocked McConnell’s efforts to force through a short-term extension of the Patriot Act provisions. In the end, the surveillance reform bill passed the Senate with nearly 20 Republican senators supporting it. Senators stressed that the path forward on the surveillance reauthorization is fluid. Graham has not said if he will give the Burr-Warner bill a vote in committee before the March 15 deadline, saying he needs to discuss the path forward with McConnell. “We’ve got about 63.7 moving parts and they will eventually come together,” said Sen. John Kennedy (R-La.) “But there’s no way to predict what’s going to happen.” Lawmakers have 14 working days to get a reauthorization through a divided government, raising the prospect that Congress could need to pass a blanket short-term extension of the surveillance programs, delaying the ending of the call records program until later this year. “Clock’s ticking,” Warner said, asked if there was enough time to get it done by the March 15 deadline. “I would like to get this in the rearview mirror. ... My hope is it will be sooner than later.” Some House Republicans, angered over the use of warrants to surveil a former Trump campaign associate, have discussed trying to include changes to the Foreign Intelligence Surveillance Act (FISA) court warrant application process as part of the surveillance debate. Justice Department inspector general Michael Horowitz found 17 “significant inaccuracies and omissions” in the applications to monitor Trump campaign associate Carter Page, taking particular issue with applications to renew the FISA warrant and chastising the FBI for a lack of satisfactory explanations for those mistakes. Sen. Ron Johnson (R-Wis.) noted that Horowitz’s report had raised skepticism for him about the larger FISA process, and floated a short-term extension of the surveillance powers so that Congress could fold in a deal on broader FISA changes into the USA Freedom reauthorization. “Maybe what we need to do is a short-term reauthorization while we kind of think this whole process through,” Johnson said. “Somebody who has been very supportive of these authorities. When I’m questioning it, that kind of says something.” Barr told Republicans during the closed-door caucus lunch that he was planning to use his regulatory powers to make changes to the FISA process, potentially alleviating the need to inject the fight over the Page warrant application into the legislation on the surveillance programs. “My view of that would be there’s nothing wrong with the law if people tell the truth as it relates to Carter Page,” said Sen. Roy Blunt (R-Mo.), a member of the Intelligence Committee. The Senate Judiciary Committee is gearing up for an in-depth probe into the FISA warrant application process and the investigation into 2016 Russian election meddling and the Trump campaign. “Sen. Graham has a very careful schedule laid out,” Cornyn said. “We shouldn’t try to do that by March the 15th.” Source
  2. A National Security Agency (NSA) surveillance program that accessed American citizens’ domestic phone calls and text messages resulted in only one investigation between 2015 and 2019 despite costing $100 million, a newly declassified study found. The report, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday, also found that the program only yielded information the FBI did not already have on two occasions during that four-year period. “Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said, according to The New York Times. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.” The report contains no further details of the investigation in question or its outcome. The USA Freedom Act of 2015, the law that authorized the program, is set to expire March 15, but the Trump administration has asked Congress to extend it. The House Judiciary Committee is set to consider a bill that would end the program’s authorization on Wednesday. The NSA’s decision last year to suspend the program “shows a lot of judgment to acknowledge that something that consumed a lot of resources and time did not yield the value anticipated,” Adam I. Klein, chairman of the board, which was established on the recommendation of the 9/11 Commission, told the Times. “We want agencies to be able to reflect on their collection capabilities and wind them down where appropriate. That’s the best way to ensure civil liberties and privacy are balanced with operational needs,” he added. Source
  3. Inside the NSA’s Secret Tool for Mapping Your Social Network Edward Snowden revealed the agency’s phone-record tracking program. But thanks to “precomputed contact chaining,” that database was much more powerful than anyone knew. Illustration: Elena Lacey; Baikal/Alamy In the summer of 2013, I spent my days sifting through the most extensive archive of top-secret files that had ever reached the hands of an American journalist. In a spectacular act of transgression against the National Security Agency, where he worked as a contractor, Edward Snowden had transmitted tens of thousands of classified documents to me, the columnist Glenn Greenwald, and the documentary filmmaker Laura Poitras. One of those documents, the first to be made public in June 2013, revealed that the NSA was tracking billions of telephone calls made by Americans inside the US. The program became notorious, but its full story has not been told. The first accounts revealed only bare bones. If you placed a call, whether local or international, the NSA stored the number you dialed, as well as the date, time and duration of the call. It was domestic surveillance, plain and simple. When the story broke, the NSA discounted the intrusion on privacy. The agency collected “only metadata,” it said, not the content of telephone calls. Only on rare occasions, it said, did it search the records for links among terrorists. I decided to delve more deeply. The public debate was missing important information. It occurred to me that I did not even know what the records looked like. At first I imagined them in the form of a simple, if gargantuan, list. I assumed that the NSA cleaned up the list—date goes here, call duration there—and converted it to the agency’s preferred “atomic sigint data format.” Otherwise I thought of the records as inert. During a conversation at the Aspen Security Forum that July, six weeks after Snowden’s first disclosure and three months after the Boston Marathon bombing, Admiral Dennis Blair, the former director of national intelligence, assured me that the records were “stored,” untouched, until the next Boston bomber came along. Even by that account, the scale of collection brought to mind an evocative phrase from legal scholar Paul Ohm. Any information in sufficient volume, he wrote, amounted to a “database of ruin.” It held personal secrets that “if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm.” Nearly anyone in the developed world, he wrote, “can be linked to at least one fact in a computer database that an adversary could use for blackmail, discrimination, harassment, or financial or identity theft.” Revelations of “past conduct, health, or family shame,” for example, could cost a person their marriage, career, legal residence, or physical safety. Mere creation of such a database, especially in secret, profoundly changed the balance of power between government and governed. This was the Dark Mirror embodied, one side of the glass transparent and the other blacked out. If the power implications do not seem convincing, try inverting the relationship in your mind: What if a small group of citizens had secret access to the telephone logs and social networks of government officials? How might that privileged knowledge affect their power to shape events? How might their interactions change if they possessed the means to humiliate and destroy the careers of the persons in power? Capability matters, always, regardless of whether it is used. An unfired gun is no less lethal before it is drawn. And in fact, in history, capabilities do not go unused in the long term. Chekhov’s famous admonition to playwrights is apt not only in drama, but in the lived experience of humankind. The gun on display in the first act—nuclear warheads, weaponized disease, Orwellian cameras tracking faces on every street—must be fired in the last. The latent power of new inventions, no matter how repellent at first, does not lie forever dormant in government armories. These could be cast as abstract concerns, but I thought them quite real. By September of that year, it dawned on me that there were also concrete questions that I had not sufficiently explored. Where in the innards of the NSA did the phone records live? What happened to them there? The Snowden archive did not answer those questions directly, but there were clues. I stumbled across the first clue later that month. I had become interested in the NSA’s internal conversation about “bulk collection,” the acquisition of high-volume data sets in their entirety. Phone records were one of several kinds. The agency had grown more and more adept, brilliantly creative in fact, at finding and swallowing other people’s information whole. Lately the NSA had begun to see that it consumed too much to digest. Midlevel managers and engineers sounded notes of alarm in briefings prepared for their chains of command. The cover page of one presentation asked “Is It the End of the SIGINT World as We Have Come to Know It?” The authors tried for a jaunty tone but had no sure answer. The surveillance infrastructure was laboring under serious strain. One name caught my eye on a chart that listed systems at highest risk: Mainway. I knew that one. NSA engineers had built Mainway in urgent haste after September 11, 2001. Vice President Dick Cheney’s office had drafted orders, signed by President George W. Bush, to do something the NSA had never done before. The assignment, forbidden by statute, was to track telephone calls made and received by Americans on American soil. The resulting operation was the lawless precursor of the broader one that I was looking at now. Mainway came to life alongside Stellarwind, the domestic surveillance program created by Cheney in the first frantic weeks after al Qaeda flew passenger airplanes into the Pentagon and World Trade Center. Stellarwind defined the operation; Mainway was a tool to carry it out. At the time, the NSA knew how to do this sort of thing with foreign telephone calls, but it did not have the machinery to do it at home. When NSA director Mike Hayden received the execution order on October 4, 2001 for “the vice president’s special program,” NSA engineers assembled a system from bare metal and borrowed code within a matter of days, a stupendous achievement under pressure. They commandeered 50 state-of-the-art computer servers from Dell, which was about to ship them to another customer, and lashed them into a quick and dirty but powerful cluster. Hayden cleared out space in a specially restricted wing of OPS 2B, an inner sanctum of the gleaming, mirrored headquarters complex at Fort Meade, Maryland. When the cluster expanded, incorporating some 200 machines, Mainway spilled into an annex in the Tordella Supercomputer Facility nearby. Trusted lieutenants began calling in a small group of analysts, programmers, and mathematicians on October 6 and 7. On Columbus Day, October 8, Hayden briefed them on their new jobs in a specially compartmented new operation. That day he called it Starburst. The Stellarwind cryptonym replaced it soon afterward. During the same holiday weekend, Hayden dispatched personnel from Special Source Operations to negotiate the secret purchase of telephone data in bulk from companies including AT&T and Verizon. The price would surpass $102 million in the coming five years. It was impossible to hide the hubbub from other NSA personnel, who saw new equipment arriving under armed escort at a furious pace, but even among top clearance holders hardly anyone knew what was going on. Stellarwind was designated as ECI, “exceptionally controlled information,” the most closely held classification of all. From his West Wing office, Cheney ordered that Stellarwind be concealed from the judges of the FISA Court and from members of the intelligence committees in Congress. According to my sources and the documents I worked through in the fall of 2013, Mainway soon became the NSA’s most important tool for mapping social networks—an anchor of what the agency called Large Access Exploitation. “Large” is not an adjective in casual use at Fort Meade. Mainway was built for operations at stupendous scale. Other systems parsed the contents of intercepted communications: voice, video, email and chat text, attachments, pager messages, and so on. Mainway was queen of metadata, foreign and domestic, designed to find patterns that content did not reveal. Beyond that, Mainway was a prototype for still more ambitious plans. Next-generation systems, their planners wrote, could amplify the power of surveillance by moving “from the more traditional analysis of what is collected to the analysis of what to collect.” Patterns gleaned from call records would identify targets in email or location databases, and vice versa. Metadata was the key to the NSA’s plan to “identify, track, store, manipulate and update relationships” across all forms of intercepted content. An integrated map, presented graphically, would eventually allow the NSA to display nearly anyone’s movements and communications on a global scale. In their first mission statement, planners gave the project the unironic name “the Big Awesome Graph.” Inevitably it acquired a breezy acronym, “the BAG.” The crucial discovery on this subject turned up at the bottom right corner of a large network diagram prepared in 2012. A little box in that corner, reproduced below, finally answered my question about where the NSA stashed the telephone records that Blair and I talked about. The records lived in Mainway. The implications were startling. The diagram as a whole, too large to display in full, traced a “metadata flow sourced from billing records” at AT&T as they wended through a maze of intermediate stops along the way to Fort Meade. Mailorder, the next to last stop, was an electronic traffic cop, a file sorting and forwarding system. The ultimate destination was Mainway. The “BRF Partitions” in the network diagram were named for Business Records FISA orders, among them a dozen signed in 2009 that poured the logs of hundreds of billions of phone calls into Mainway. To a first-time reader of network maps, Mainway’s cylindrical icon might suggest a storage tank. It is not. The cylinder is a standard symbol for a database, an analytic service that runs on the hardware. Mainway was not a container for data at rest. The NSA has names for those. They are called data marts and data warehouses. If the agency merely stored the US telephone records, it would have left them in a system called Fascia II, the “call detail record warehouse” that feeds Mainway. Mainway’s mission, laid out in its first fiscal year, was to “enable NSA ... to dominate the global communications infrastructure, and the targets that currently operate anonymously within it.” The way the system accomplished that task had huge implications for American privacy. For reasons that will become apparent soon, I want to reproduce the entry for Mainway in the SSO Dictionary, a classified NSA reference document: There were three noteworthy terms in that short passage: volume problem, contact chaining, and precomputed. The last two, in combination, turned my understanding of the call records program upside down. Before we get to them, a note on the volume problem. The NSA has many volume problems, actually. Too much information moving too fast across global networks. Too much to ingest, too much to store, too much to retrieve through available pipes from distant collection points. Too much noise drowning too little signal. In the passage I just quoted, however, the volume problem referred to something else—something deeper inside the guts of the surveillance machine. It was the strain of an unbounded appetite on the NSA’s digestive tract. Collection systems were closing their jaws on more data than they could chew. Processing, not storage, was the problem. For a long time, intelligence officials explained away the call records database by quoting a remark from President Bush. “It seems like to me that if somebody is talking to al Qaeda, we want to know why,” he had said. In fact, that was not at all the way the NSA used the call records. The program was designed to find out whether, not why, US callers had some tie to a terrorist conspiracy—and to do so, it searched us all. Working through the FBI, the NSA assembled a five-year inventory of phone calls from every account it could touch. Trillions of calls. Nothing like that was needed to find the numbers on a bad guy’s telephone bill. This is where contact chaining came in. The phrase is used to describe a sophisticated form of analysis that looks for hidden, indirect relationships in very large data sets. Contact chaining began with a target telephone number, such as Boston bomber Dzhokhar Tsarnaev’s, and progressively widened the lens to ask whom Tsarnaev’s contacts were talking to, and whom those people were talking to, and so on. Software tools mapped the call records as “nodes” and “edges” on a grid so large that the human mind, unaided, could not encompass it. Nodes were dots on the map, each representing a telephone number. Edges were lines drawn between the nodes, each representing a call. A related tool called MapReduce condensed the trillions of data points into summary form that a human analyst could grasp. Network theory called this map a social graph. It modeled the relationships and groups that defined each person’s interaction with the world. The size of the graph grew exponentially as contact chaining progressed. The whole point of chaining was to push outward from a target’s immediate contacts to the contacts of contacts, then contacts of contacts of contacts. Each step in that process was called a hop. Double a penny once a day and you reach $1 million in less than a month. That is what exponential growth looks like with a base of two. As contact chaining steps through its hops, the social graph grows much faster. If the average person calls or is called by 10 other people a year, then each hop produces a tenfold increase in the population of the NSA’s contact map. Most of us talk on the phone with a lot more than 10 others. Whatever that number, dozens or hundreds, you multiply it by itself to measure the growth at each hop. Former NSA deputy director John C. Inglis testified to Congress in 2013 that NSA analysts typically “go out two or three hops” when they chain through the call database. For context, data scientists estimated decades ago that it would take no more than six hops to trace a path between any two people on Earth. Their finding made its way into popular culture in Six Degrees of Separation, the play by John Guare (which subsequently was adapted into a film). Three students at Albright College refashioned the film as a parlor game, “Six Degrees of Kevin Bacon.” The game then inspired a website, The Oracle of Bacon, that calculates the shortest path from the Footloose star to any of his Hollywood peers. The site is still live as I write this, and it makes for an entertaining guide on hops and where they can take you. Bacon shared screen credits with a long list of actors. Those were his direct links, one hop from Bacon himself. Actors who never worked alongside him, but appeared in a film with someone who had, were two hops away from Bacon. Scarlett Johansson never worked with Bacon, but each of them had starred alongside Mickey Rourke: Bacon in Diner, Johannson in Iron Man 2. Two hops, through Rourke, connected them. If you kept on playing you discovered that Bacon was seldom more than two hops away from any actor, however removed in time and movie style. In a single-industry town like Hollywood, links like these might make intuitive sense. More surprising, if you did not spend much time around logarithms, was the distance traveled by one or two hops through the vastly larger NSA data set. Academic research suggested that an average of three hops—the same number Inglis mentioned—could trace a path between any two Americans. Contact chaining on a scale as grand as a whole nation’s phone records was a prodigious computational task, even for Mainway. It called for mapping dots and clusters of calls as dense as a star field, each linked to others by webs of intricate lines. Mainway’s analytic engine traced hidden paths across the map, looking for relationships that human analysts could not detect. Mainway had to produce that map on demand, under pressure of time, whenever its operators asked for a new contact chain. No one could predict the name or telephone number of the next Tsarnaev. From a data scientist’s point of view, the logical remedy was clear. If anyone could become an intelligence target, Mainway should try to get a head start on everyone. “You have to establish all those relationships, tag them, so that when you do launch the query you can quickly get them,” Rick Ledgett, the former NSA deputy director, told me years later. “Otherwise you’re taking like a month to scan through a gazillion-line phone bill.” And that, right there, was where precomputation came in. Mainway chained through its database continuously—“operating on a 7x24 basis,” according to the classified project summary. You might compare its work, on the most basic level, to indexing a book—albeit a book with hundreds of millions of topics (phone numbers) and trillions of entries (phone calls). One flaw in this comparison is that it sounds like a job that will be finished eventually. Mainway’s job never ended. It was trying to index a book in progress, forever incomplete. The FBI brought the NSA more than a billion new records a day from the telephone companies. Mainway had to purge another billion a day to comply with the FISA Court’s five-year limit on retention. Every change cascaded through the social graph, redrawing the map and obliging Mainway to update ceaselessly. Mainway’s purpose, in other words, was neither storage nor preparation of a simple list. Constant, complex, and demanding operations fed another database called the Graph-in-Memory. When the Boston marathon bombs exploded in April 2013, the Graph-in-Memory was ready. Absent unlucky data gaps, it already held a summary map of the contacts revealed by the Tsarnaev brothers’ calls. The underlying details—dates, times, durations, busy signals, missed calls, and “call waiting events”—were easily retrieved on demand. Mainway had already processed them. With the first hop precomputed, the Graph-in-Memory could make much quicker work of the second and the third. To keep a Tsarnaev graph at the ready, Mainway also had to precompute a graph for everyone else. And if Mainway had your phone records, it also held a rough and ready diagram of your business and personal life. As I parsed the documents and interviewed sources in the fall of 2013, the implications finally sank in. The NSA had built a live, ever-updating social graph of the US. Our phone records were not in cold storage. They did not sit untouched. They were arranged in a one-hop contact chain of each to all. All kinds of secrets—social, medical, political, professional—were precomputed, 24/7. Ledgett told me he saw no cause for concern because “the links are unassembled until you launch a query.” I saw a database that was preconfigured to map anyone’s life at the touch of a button. I am well aware that a person could take this line of thinking too far. Maybe I have. The US is not East Germany. As I pieced this picture together, I had no reason to believe the NSA made corrupt use of its real-time map of American life. The rules imposed some restrictions on use of US telephone records, even after Bush’s attorney general, Michael Mukasey, blew a hole in them. Only 22 top officials, according to the Privacy and Civil Liberties Oversight Board, had authority to order a contact chain to be built from data in Mainway’s FISA partitions. But history has not been kind to the belief that government conduct always follows rules or that the rules will never change in dangerous ways. Rules can be bypassed or rewritten—with or without notice, with or without malignant intent, by a few degrees at a time or more than a few. Government might decide one day to look in Mainway or a comparable system for evidence of a violent crime, or any crime, or any suspicion. Governments have slid down that slope before. Within living memory, Richard Nixon had ordered wiretaps of his political enemies. The FBI, judging Martin Luther King Jr. a “dangerous and effective Negro,” used secret surveillance to record his sexual liaisons. A top lieutenant of J. Edgar Hoover invited King to kill himself or face exposure. Meaningful abuse of surveillance had come much more recently. The FBI illegally planted hundreds of GPS tracking devices without warrants. New York police spied systemically on mosques. Governments at all levels used the power of the state most heavy-handedly, sometimes illegally, to monitor communities disadvantaged by poverty, race, religion, ethnicity, and immigration status. As a presidential candidate, Donald Trump threatened explicitly to put his opposing candidate in jail. Once in office, he asserted the absolute right to control any government agency. He placed intense pressure on the Justice Department, publicly and privately, to launch criminal investigations of his critics. The Graph-in-Memory knew nothing of such things. It had no awareness of law or norms or the nature of abuse. It computed the chains and made diagrams of our hidden relationships on a vast, ever-updating map. It obeyed its instructions, embedded in code, whatever those instructions said or might ever say. Adapted from Dark Mirror: Edward Snowden and the American Surveillance State by Barton Gellman. Copyright © 2020 by Barton Gellman. Published by arrangement with Penguin Press, an imprint of Penguin Publishing Group, a division of Penguin Random House LLC. Source: Inside the NSA’s Secret Tool for Mapping Your Social Network (Wired)
  4. NSA Releases Guidance on Zero-Trust Architecture A new document provides guidance for businesses planning to implement a zero-trust system management strategy. The National Security Agency (NSA) today published a document to explain the zero-trust model and its benefits, challenges involved with implementation, and advice to navigate the process. As cloud, multicloud, and hybrid network environments become the norm for businesses, the resulting complexity, combined with evolving threats, puts many at risk. Traditional perimeter-based network defenses with layers of security tools are often insufficient. Companies need a better way to protect infrastructure and provide granular access to data, services, and apps. "The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses," NSA officials wrote. Zero trust requires strong authentication for both user and device identities. Use of multifactor authentication, which is recommended in this model, can make credential theft more difficult. The implementation of zero trust takes time and effort, but it doesn't have to be done all at once. Many businesses may be able to incorporate zero-trust concepts into existing network infrastructure; however, the transition to a mature architecture often requires additional capabilities. Officials advise planning out the integration as a "continually maturing roadmap," starting with initial preparation and continuing on to basic, intermediate, and advanced stages. As with all major projects, there are challenges. Officials note potential roadblocks include lack of support from enterprise leadership or users. If leadership isn't willing to provide the needed resources to sustain a zero-trust architecture, or users are allowed to bypass policies, then zero trust won't prove beneficial, they say. Read the full document here for more details. Source: NSA Releases Guidance on Zero-Trust Architecture
  5. NSA, CISA issue guidance on Protective DNS services The sign at the headquarters of NSA and the U.S. Cyber Command in Fort Meade, Maryland. (NSA) The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) released a joint information sheet Thursday that offers guidance on the benefits of using a Protective Domain Name System (PDNS). A PDNS service uses existing DNS protocols and architecture to analyze DNS queries and mitigate threats. It leverages various open source, commercial, and governmental threat feeds to categorize domain information and block queries to identified malicious domains. According to NSA and CISA, the service provides defenses in various points of the network exploitation lifecycle, addressing phishing, malware distribution, command and control, domain generation algorithms, and content filtering. A PDNS can log and save suspicious queries and provide a blocked response, delaying or preventing malicious actions – such as ransomware locking victim files – while letting organizations investigate using those logged DNS queries. The information sheet offers a list of providers, but NSA and CISA were clear that the federal agencies do not endorse one provider over another. The six companies listed are: Akamai, BlueCat, Cisco, EfficientIP, Neustar, and Nominet. NSA and CISA based its recommendations on the lessons learned from an NSA PDNS pilot, where NSA partnered with the Department of Defense Cyber Crime Center to offer PDNS-as-a-service to several members of the defense industrial base. Over a six-month period, the PDNS service examined more than 4 billion DNS queries to and from the participating networks, blocking millions of connections to identified malicious domains. Researchers say security pros should think of PDNS solutions as a “DNS firewall” that represents a logical way to actively leverage threat intelligence related to registered domains, said Oliver Tavakoli, chief technology officer at Vectra. “Like other preventive approaches, they are useful in protecting organizations from known bads, but ultimately fall short in blocking the early stages of a new attack or more sophisticated attacks,” Tavakoli said. “So it makes sense to implement PDNS to reduce attack surface, however, it should not be thought of as a preventive silver bullet that obviates the need to detect attackers who know how to bypass these protections.” Ray Kelly, principal security engineer at WhiteHat Security, added that DNS exploitations are still incredibly rampant and require some attention because they are such an effective technique used by malicious actors. “The capability to reroute email, user web browsers, as well as distribute malware at scale are possible when a DNS address has been compromised,” Kelly said. “Any steps to mitigate attack vectors such as DNS spoofing and DNS cache poisoning will go a long way to help keep users and companies safe from such threats.” Source: NSA, CISA issue guidance on Protective DNS services
  6. NSA: Top 5 vulnerabilities actively abused by Russian govt hackers A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks. The NSA is advising all organizations to immediately patch vulnerable devices to protect against cyberattacks that lead to data theft, banking fraud, and ransomware attacks. "The vulnerabilities in today's release are part of the SVR's toolkit to target networks across the government and private sectors," Rob Joyce, NSA Director of Cybersecurity, said in a statement to BleepingComputer. "We need to make SVR's job harder by taking them away." Vulnerabilities used in different phases of attack The U.S. government strongly advises that all admins "urgently implement associated mitigations" for these vulnerabilities to prevent further attacks by the Russian SVR and other threat actors. "Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors." "In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA," warns the joint advisory. Below are the top five vulnerabilities the NSA, CISA, and the FBI have seen targeted by the Russian SVR. CVE-2018-13379 targets Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12: In Fortinet Secure Sockets Layer (SSL) Virtual Private Network (VPN) web portals, an Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") allows an unauthenticated attacker to download system files via special crafted HTTP resource requests Threat actors have extensively used this vulnerability in the past to target government agencies and corporate networks, including U.S. govt elections support systems, COVID-19 research organizations, and more recently, to deploy the Cring ransomware.In November 2020, a threat actor leaked the credentials for almost 50,000 Fortinet VPN devices on a hacker forum. Government advisories: APT29 targets COVID-19 vaccine development & Mitigating Recent VPN Vulnerabilities CVE-2019-9670 targets Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 In Synacor Zimbra Collaboration Suite, the mailboxd component has an XML External Entity injection (XXE) vulnerability. Government advisories: APT29 targets COVID-19 vaccine development CVE-2019-11510 targets Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 In Pulse Secure VPNs, an unauthenticated remote attacker can send a specially crafted Uniform Resource Identifier (URI) to perform an arbitrary file read. Pulse Secure VPNs have been a favorite for threat actors for some time, being used to gain access to US government networks, attack hospitals, and deploy ransomware on networks. Government advisories: Mitigating Recent VPN Vulnerabilities and APT29 targets COVID-19 vaccine development CVE-2019-19781 targets Citrix ADC and Gateway versions before,,, and and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions before 10.2.6b and 11.0.3b. Citrix Application Delivery Controller (ADC) and Gateway allow directory traversal. The CVE-2019-19781 vulnerability is known to be used by threat actors, including ransomware gangs, to gain access to corporate networks and deploy malware. Government advisories: Mitigate CVE-2019-19781, APT29 targets COVID-19 vaccine development, and Detect and Prevent Web Shell Malware. CVE-2020-4006 targets VMware One Access 20.01 and 20.10 on Linux, VMware Identity Manager 3.3.1 - 3.3.3 on Linux, VMware Identity Manager Connector 3.3.1 - 3.3.3 and 19.03, VMware Cloud Foundation 4.0 - 4.1, and VMware Vrealize Suite Lifecycle Manager 8.x. VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector have a command injection vulnerability. In December 2020, the US government warned that Russian state-sponsored threat actors were exploiting this vulnerability to deploy web shells on vulnerable servers and exfiltrate data. Government advisories: Russian State-Sponsored Actors Exploiting Vulnerability and Performing Out-of-Band Network Management. As the Russian SVR has been utilizing a combination of these vulnerabilities in their attacks, it is strongly advised that all administrators install the associated security updates immediately. The NSA warned last year that two of these vulnerabilities, CVE-2019-11510 and CVE-2019-19781, are also in the top 25 vulnerabilities utilized by China state-sponsored hackers. Source: NSA: Top 5 vulnerabilities actively abused by Russian govt hackers
  7. Python Programming Language: Now you can take NSA's free course for Beginners NSA releases Python course after receiving a Freedom of information Act (FOIA) request for its training materials. Developers already have numerous options from the likes of Microsoft and Google for learning how to code in the popular Python programming language. But now budding Python developers can read up on the National Security Agency's own Python training materials. Software engineer Chris Swenson filed a Freedom of information Act (FOIA) request with the NSA for access to its Python training materials and received a lightly redacted 400-page printout of the agency's COMP 3321 Python training course. Swenson has since scanned the documents, ran OCR on the text to make it searchable, and hosted it on Digital Oceans Spaces. The material has also been uploaded to the Internet Archive. There doesn't look to be anything controversial in the documents, which contains course material sessions that would take between 45 and 90 minutes to complete in a class setting. The COMP 3321 course can be completed over a "full-time, two-week block" with 10 modules covered per week. The NSA also suggests that the material could be taught at a more "leisurely pace, for instance during a weekly brown bag lunch" over several months or even over a three-day workshop. The course offers a quick introduction to Python, its creator Guido van Rossum, and what the language is suitable for, such as automating tasks, creating a web application or doing advanced mathematical research. It also explains why Python has become so popular among beginning developers and data scientists. "If you don't know any programming languages yet, Python is a good place to start. If you already know a different language, it's easy to pick Python on the side. Python isn't entirely free of frustration and confusion, but hopefully you can avoid those parts until long after you get some good use out of Python," writes the NSA. Students use version 4.4.0 of the Anaconda3 Python distribution and can run Python in the command line or through a Jupyter notebook from the browser. Python developer Kushal Das has pulled out some interesting details from the material. He found that the NSA has an internal Python package index, that its GitLab instance is gitlab.coi.nsa.ic.gov, and that it has a Jupyter gallery that runs over HTTPS. NSA also offers git installation instructions for CentOS, Red Hat Enterprise Linux, Ubuntu, and Windows, but not Debian.
  8. The Drovorub Mystery: Malware NSA Warned About Can't Be Found NSA and FBI Released Detailed Information on Drovorub Linux Malware, But Major Cybersecurity Firms Found No Samples A piece of malware linked by U.S. intelligence agencies to hackers believed to be backed by the Russian government remains a mystery to the private sector, which apparently hasn’t found a single sample of the malware, and one researcher went as far as suggesting that it may be a false flag set up by the United States itself. In August 2020, the NSA and the FBI released a joint cybersecurity advisory detailing a piece of malware they named Drovorub. According to the agencies, Drovorub was designed to target Linux systems as part of cyber espionage operations conducted by Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, which has been linked to attacks conducted by the threat actor tracked as APT 28, Fancy Bear, Sednit and Strontium. The 45-page report released by the NSA and FBI describes Drovorub as a “Linux malware toolset” that consists of an implant with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control (C&C) server. “When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as ‘root’; and port forwarding of network traffic to other hosts on the network,” the agencies wrote in their advisory. The advisory shares information on how Drovorub works, how it can be detected, and how organizations can protect their systems against attacks involving the malware. In November, French industrial giant Schneider Electric issued an advisory to warn customers about the potential threat posed by Drovorub to some of its products, but the company told SecurityWeek at the time that it hadn’t been aware of any actual incident involving the malware — its alert was issued based on the information from the NSA advisory. In fact, no one in the private sector appears to have seen Drovorub attacks, or samples of the malware. SecurityWeek has reached out to several major cybersecurity solutions providers and no one seems to have obtained actual samples — or at least they’re currently not willing to share any information — despite the fact that the NSA’s advisory contains Snort rules, Yara rules and other technical information that would make it easy to find the malware on infected systems. Contacted companies include Bitdefender, Symantec, ESET, Trend Micro, CrowdStrike, Google’s Chronicle, Kaspersky, FireEye, Microsoft, and ReversingLabs. “It’s a highly advanced sample, used in very targeted ways by a very sophisticated threat actor against a small number of selected targets. So by the very nature of it, you will only get such a sample if one of those victims discloses it, and if those victims are themselves highly sensitive – it is unlikely they would disclose that,” Robert McArdle, director of Trend Micro's Forward Looking Threat Research, said via email. ESET said it had not seen Drovorub or any similar malware in the wild. “Unlike mass-spreading malware, it looks like this malware is used in targeted intrusions against a small set of victims,” ESET researcher Anton Cherepanov told SecurityWeek. “In addition to that, usually Linux servers don't have any security software in place. That's why it's really hard to find samples of this malware in the wild.” SecurityWeek has also reached out to the NSA and the FBI to see if the agencies had shared samples with the private sector or if they had plans to do so. The NSA did not respond and the FBI said it does not have any additional information to share beyond what was published in the advisory. Drovorub is also mentioned in a recently published 400-page book, titled “Loaded for Guccifer2.0: Following A Trail of Digital Geopolitics,” written by David Jonathon Blake. In his book, Blake goes as far as suggesting that Drovorub is a false flag deployed by the United States to make it appear as if Russia was preparing an attack on critical infrastructure. The author says he’s not a security expert, but claims that for the past several years — full time, for a large part of it — he has been researching what he believes to be false flag operations set up and conducted by the U.S. in an effort to blame Russia for various cyberattacks. The book, which suggests that even the 2016 attack on the Democratic National Committee was actually conducted by U.S. agencies, is a combination of technical research and speculation, and sounds very much like conspiracy theory. In their report, the NSA and FBI shared little information on how they linked Drovorub to Russian intelligence. As an example related to attribution, they provide an IP address,, used by the malware for C&C, which was at some point allegedly accessed by an IP previously linked by Microsoft to Strontium. Blake said was associated with a physical server located in Latvia, but the IP address was also connected to a domain apparently registered by someone in a Russian city where the GRU is known to have a presence. However, the author claims that the same domain — for a very short while in 2018 — resolved to an IP address that always belonged to a major US tech company that provides services to the U.S. government. Source: The Drovorub Mystery: Malware NSA Warned About Can't Be Found
  9. The U.S. National Security Agency (NSA) is warning that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against United States organizations and interests. In an advisory issued today, the NSA is aware of targeted attacks by Chinese state-sponsored hackers against National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and the Department of Defense (DoD) information networks. As part of these attacks, the NSA has seen twenty-five publicly disclosed vulnerabilities exploited to gain access to networks, deploy malicious mobile apps, and spread laterally through a system while attackers steal sensitive data. The NSA is advising all organizations to immediately patch vulnerable devices to protect against cyberattacks that lead to data theft, banking fraud, and ransomware attacks. “We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,” NSA Cybersecurity Director Anne Neuberger said. “We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems." Vulnerabilities used in different phases of attack The NSA has categorized the vulnerabilities into different buckets to illustrate how they are being used in cyberattacks. Exploit secure remote access: To gain access to networks, Chinese threat actors utilize seven different vulnerabilities, many of which also provide credentials that can be used to spread further on the network. CVE-2019-11510 - A Pulse Secure VPN vulnerabilities that allow an unauthenticated attacker to gain access to VPN credentials. CVE-2020-5902 - A F5 BIG-IP® 8 proxy / load balancer remote code execution vulnerability. CVE-2019-19781 - A Citrix Application Delivery Controller (ADC) and Gateway directory traversal vulnerability, which can lead to remote code execution without credentials. CVE-2020-8193 - Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP vulnerability allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users CVE-2020-8195 - Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP vulnerability allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users CVE-2020-8196 - Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP vulnerability allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users CVE-2019-0708 - The Windows BlueKeep Remote Desktop Service vulnerability allows unauthenticated users to perform remote code execution. Exploit Mobile Device Management (MDM): By compromising MDM servers, threat actors can push out malicious mobile apps or change device configurations that send traffic through attacker-controlled proxy servers or hosts. CVE-2020-15505 - A remote code execution vulnerability in the MobileIron 13 mobile device management (MDM) Exploit Active Directory for Lateral Movement and Credential Access: CVE-2020-1472 - The critical 10/10 Windows ZeroLogon Netlogon elevation of privilege vulnerability allows threat actors to quickly gain access to domain administrator credentials on a domain controller. From there, they can harvest sensitive data or deploy malware, such as ransomware. CVE-2019-1040 - A Windows NTLM vulnerability allows attackers to reduce the built-in security for the Windows operating system. Exploit public-facing servers: Attackers use these vulnerabilities to bypass authentication in web servers, email servers, or DNS to remotely execute commands on the internal network. For compromised web servers, attackers can utilize them in watering-hole attacks to target future visitors. CVE-2020-1350 - The Windows DNS server SigRed vulnerability allows attackers to spread laterally through a network. CVE-2018-6789 - An Exim mail server vulnerability allows unauthenticated, remote code execution. CVE-2018-4939 - Adobe ColdFusion 14 vulnerability that could lead to arbitrary code execution Exploit internal servers: These vulnerabilities are used to spread laterally throughout a network and gain access to internal servers, where the attackers can steal valuable data. CVE-2020-0688 - A Microsoft Exchange vulnerability that allows authenticated users to perform remote code execution. CVE-2015-4852 - The WLS Security component in Oracle WebLogic15 Server allows remote attackers to execute arbitrary commands via a crafted serialized Java16 object. CVE-2020-2555 - A vulnerability exists in the Oracle® Coherence product of Oracle Fusion® Middleware. This easily exploitable CVE-2019-3396 - A server-side template injection vulnerability is present in the Widget Connector in Atlassian Confluence servers that allows remote attackers to perform remote code execution and path traversal. CVE-2019-11580 - Attackers who can send requests to an Atlassian® Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, permitting remote code execution. This vulnerability was used in GandCrab ransomware attacks in the past. CVE-2020-10189 - Zoho ManageEngine 18 Desktop Central vulnerability allows remote code execution. This bug was used in attacks to deploy backdoors. CVE-2019-18935 - A vulnerability in Telerik 19 UI for ASP.NET AJAX can lead to remote code execution. It was seen used by a hacker group named 'Blue Mockingbird' to install Monero miners on vulnerable servers but could be used to spread laterally as well. Exploit user work workstations for local privilege escalation: When an attacker gains access to a workstation, their ultimate goal is to gain administrative credentials or privileges. Using these vulnerabilities, a hacker can elevate their privileges to SYSTEM or administrator access. CVE-2020-0601 - A Windows CryptoAPI Spoofing vulnerability discovered by the NSA allows attackers to spoof code-signing certificates to make malicious executables appear to be signed by a legitimate trusted company. CVE-2019-0803 - An elevation of privilege vulnerability exists in Windows® when the Win32k component fails to properly handle objects in memory. Exploit network devices: This final bucket of vulnerabilities allows attackers to monitor and modify network traffic as it flows over the device. CVE-2017-6327 - The Symantec 22 Messaging Gateway can encounter a remote code execution issue. CVE-2020-3118 - A Cisco 'CDPwn' vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS 23 XR Software could allow remote code execution. CVE-2020-8515 - DrayTek Vigor 24 devices enable remote code execution as root (without authentication) via shell metacharacters As Chinese state-sponsored hackers have been seen utilizing a combination of these vulnerabilities, it is strongly advised that all administrators patch them as soon as possible. Source
  10. NEW YORK — Where were you when you first heard about the Snowden leak? The huge breach of the National Security Agency’s domestic surveillance program in June 2013 was one of the proudest moments in modern journalism, and one of the purest: A brave and disgusted whistleblower, Edward Snowden, revealed the government’s extensive surveillance of American and foreign citizens. Two journalists protected their source, revealed his secrets and won the blessings of the Establishment — a Pulitzer Prize and an Oscar for it. One of the people who fell in love with that story was Pierre Omidyar, the earnest if remote billionaire founder of eBay. That October, he pledged $250 million for a new institution led by those two journalists, Glenn Greenwald and Laura Poitras. Omidyar was the benefactor of journalists' dreams. He promised total independence for a new nonprofit news site, The Intercept, under the umbrella of his First Look Media. The Intercept was founded in the belief that “the prime value of journalism is that it imposes transparency, and thus accountability, on those who wield the greatest governmental and corporate power.” The outlet’s first mission was to set up a secure archive of Snowden’s documents, and to keep mining them for stories. The recent history of the news business has been about what happens when your traditional business is disrupted by the internet and your revenues dry up. But at The Intercept and First Look, the story is of a different destabilizing force: gushers of money. In 2017, the for-profit arm of the company had budgeted $40 million for a growing staff and bets on movies and television shows, a former executive said, while the nonprofit arm spent about $26 million in 2017 and again in 2018, according to its public filings, most of it on The Intercept. High-profile stars collected big salaries — Greenwald brought in more than $500,000 in 2015 — and they sometimes clashed in public with their titular bosses over the rocky efforts to build an organization. Writers warred on Twitter and in Slack messages over Donald Trump, race and the politics of the left. Greenwald continues to infuriate younger colleagues with tweets like one denouncing “woke ideologues.” Not long after Omidyar wired his first dollar, he found himself presiding over chaos so public that Vanity Fair asked in 2015 “whether First Look Media can make headlines that aren’t about itself.” All the drama would make this another colorful story about extreme newsroom dysfunction had The Intercept not caught the attention of a naive NSA linguist with the improbable name of Reality Winner in 2017. Winner, then 25, had been listening to the site’s podcast. She printed out a secret report on Russian cyberattacks on American voting software that seemed to address some of Greenwald’s doubts about Russian interference in the 2016 campaign and mailed it to The Intercept’s Washington, D.C., post office box in early May. The Intercept scrambled to publish a story on the report, ignoring the most basic security precautions. The lead reporter on the story sent a copy of the document, which contained markings that showed exactly where and when it had been printed, to the NSA media affairs office, all but identifying Winner as the leaker. On June 3, about three weeks after Winner sent her letter, two FBI agents showed up at her home in Georgia to arrest her. They announced the arrest soon after The Intercept’s article was published on June 5. “They sold her out, and they messed it up so that she would get caught, and they didn’t protect their source,” her mother, Billie Winner-Davis, said in a telephone interview last week. “The best years of her life are being spent in a system where she doesn’t belong.” Failing to protect an anonymous leaker is a cardinal sin in journalism, though the remarkable thing in this instance is that The Intercept didn’t seem to try to protect its source. The outlet immediately opened an investigation into its blunder, which confirmed the details that the Justice Department had gleefully announced after it arrested Winner. They included the fact that The Intercept led the authorities to Winner when it circulated the document in an effort to verify it, and then published the document, complete with the identifying markings, on the internet. Internal emails and records I obtained reveal the tumult that led to one of the highest-profile journalistic disasters in recent memory and provide broader insights into the limits of a news organization dependent on an inattentive billionaire’s noblesse oblige. A spokeswoman for Omidyar declined to make him available for an interview. The New York Times is not publishing the documents, which run to more than 100 pages, because they include discussions of sourcing and security measures. The documents, among them two internal reports on the Reality Winner incident that have not been made public, were given to me by people who were senior employees in 2017 and contend that the organization failed to hold itself accountable for its mistakes and for what happened to Winner as a result. Some current and former staff members I interviewed expressed fundamental questions about the internal investigation into the debacle, including why The Intercept hadn’t brought in an outside law firm or other independent entity to conduct the inquiry. They also asked why Betsy Reed, the editor-in-chief, had assigned the investigation to Lynn Dombek, then The Intercept’s head of research, who reported directly to her. Reed, who had been brought in to stabilize The Intercept and rein in its big personalities in 2015, told me she faced “a treacherous situation” after the article was published. She needed to balance a “legitimate demand for transparency” that aligned with The Intercept’s founding values with lawyers' strong advice to stay silent to protect her reporters and their sources. Poitras said The Intercept should have held itself to a higher standard. “We founded this organization on the principle of holding the powerful accountable and protecting whistleblowers,” Poitras said in an interview. “Not only was this a cover-up and betrayal of core values, but the lack of any meaningful accountability promoted a culture of impunity and puts future sources at risk.” The internal tensions were boiling over one night, just before Thanksgiving 2017, when the two U.S. journalists who helped bring Snowden’s revelations public were exchanging late-night emails, which I obtained. They were writing not about government misconduct but their own newsroom’s. Reed’s oversight of the investigation, Poitras wrote, was an attempt “to cover up what happened for self-protective reasons.” It was, Greenwald agreed in response, a “whitewash.” The documents fall short of revealing a conspiratorial cover-up. Instead they show an extreme version of the human errors, hubris and mismanagement familiar to anyone who has worked in a newsroom — and the struggle of The Intercept to live up to its lofty founding ideals in dealing with its own errors. Winner may have thought she was mailing the documents to Greenwald and Poitras, who went to great lengths to protect Snowden. But Greenwald was in Brazil, and when he heard about the document, he was not interested. He told me that he considered its claims about Russian hacking during the 2016 race “wildly overblown” and that it didn’t include direct evidence to convince him otherwise. Poitras, meanwhile, had at that point left The Intercept, and established a nonprofit production firm, Field of Vision, a part of First Look Media, which also includes The Intercept and Omidyar’s other ventures. Reed and her deputy, Roger Hodge, gave the story to a pair of established television journalists: Matthew Cole and Richard Esposito. Cole, formerly of NBC, had collaborated with Greenwald on the Snowden stories and was on staff. Esposito, also a veteran of broadcast news at NBC News and ABC News, was brought in from outside and is now the top spokesman for the New York Police Department. Reed told me she’d brought them in partly because The Intercept’s outsider posture had left it without the inside sources who could verify documents like Winner’s. But their reflex to reach out to national security officials carried its own risk. “If you get a document that purports to be from the NSA, it should be a five-alarm fire,” a member of The Intercept’s high-powered security team, Erinn Clark, said in her interview for the internal inquiry. “Go to a secure room, with an editor, freeze where you are. You are not aware who you are exposing or putting at risk.” Instead, Cole put the document in his bag and got on a train to New York. One concern did cross his mind. “I thought at the time there would be an audit if they printed on a government printer,” he said, according to the internal review notes. “I forgot about that thought.” Later, he called a source in the intelligence community in an attempt to verify the document, and casually revealed its postmark. “My source said something about, ‘How did it come to us?’ I said in the mail, from Georgia, and my source laughed about that,” he recalled during the internal investigation. Then Cole mentioned that the postmark was Fort Gordon, Georgia, which is home to the NSA’s Cryptologic Center. " ‘There’s a logic to that,’ the source said." The startling carelessness about protecting Winner was particularly mystifying at an organization that had been founded on security. Steps from Cole’s desk in The Intercept’s open-plan office in Manhattan sat Clark and Micah Lee, leading figures in digital security. Cole did not involve them at all. Cole and Esposito said they’d been pushed to rush the story to publication, but Cole also acknowledged that failing to consult with the security team was a “face plant.” The Intercept’s leaders argued in 2017, and still contend, that the narrative laid out by the Justice Department in its prosecution of Winner was shaped to make The Intercept — a thorn in the government’s side — look bad. And Winner’s own carelessness — she printed the document at work — could easily have gotten her caught even if The Intercept had been more cautious. But they also knew they had made real journalistic errors. And so a key question was who to blame for this catastrophe and what consequences they should suffer. Dombek, who undertook the internal investigation, concluded that the editors — Reed and Hodge — needed to take responsibility. Others, including Greenwald, were demanding that Cole and Reed be fired, and The Intercept provide a public reckoning. (Greenwald later relented and said he understood the desire not to “scapegoat” for an institutional failure.) On July 11, 2017, Reed published a post on The Intercept announcing that First Look would pay for Winner’s legal defense. Reed also announced that an “internal review of the reporting of this story has now been completed.” “We should have taken greater precautions to protect the identity of a source who was anonymous even to us,” she wrote. “As the editor-in-chief, I take responsibility for this failure, and for making sure that the internal newsroom issues that contributed to it are resolved.” But the drama didn’t end there. Greenwald and Jeremy Scahill, an investigative reporter who is the third founder of The Intercept, publicly demanded a more thorough investigation, and in response to their pressure, the company commissioned a second internal report, by a First Look lawyer, David Bralow. Bralow’s report, issued four months later, cited as central issues the decision to share the document with the NSA, Cole’s discussion of the postmark and the publication of the identifying markings. “While each of these actions may or may not amount to an error in all cases, in this instance, these actions fell below The Intercept’s goals of protecting sources who seek to share information of significant public importance,” he wrote. “The procedures for authenticating leaked, classified documents reveal institutional weaknesses.” Winner was sentenced to five years and three months in federal prison in 2018, and The Intercept has covered her case regularly, always noting its own role — “an important part of accountability,” Reed said. But there hasn’t been any further accounting. Neither internal report was shared with the public. Nobody at The Intercept was fired, demoted or even reassigned. Reed and Bralow argued that any public reckoning could still expose other sources they spoke to about the document. The story has clearly been a psychic blow to the idealism that marked the founding of The Intercept. The outlet has stepped back from its early ambitions. The archive of Snowden documents, which it received from Greenwald and Poitras on the condition that the company maintain a specific, complex security protocol and a staff to support it, was closed after Reed reduced its staff, citing budget cuts. Poitras, who furiously objected to the cuts at the time, called the move “staggering.” The repository had been “the most significant historical archive documenting the rise of the surveillance state in the twenty first century,” Poitras wrote in a memo to The Intercept’s parent company. Closing it did a disservice to “the public for whom Edward Snowden blew the whistle.” The Intercept never fully regained its swagger after the Reality Winner case, though it has continued to produce notable stories. It has broadened its original mandate to reporting on “civil liberties, social justice, the fight against corruption,” Reed said, and broken stories including revelations from the Snowden files of AT&T’s role in NSA surveillance and an investigative profile by Cole of Erik Prince, the founder of Blackwater, the private security contractor. Nowadays, it seems more taken by politics, both in Brazil, where Greenwald lives, and in the United States, where it has become a hub for the fiery ideological battles playing out among the American left. A leak to Greenwald last year showed how corruption investigations had been politicized in Brazil; the reporting reshaped the country’s politics. In the United States, Greenwald has been increasingly engaged in the bitter feuds with others on the left, charging that liberals — including some of his Intercept colleagues — have become fixated on identity politics and Russia, and ignored the more insidious workings of corporate power. His most memorable television appearances these days seem to be on Fox’s Tucker Carlson show, during which the two men denounce the “deep state.” Meanwhile, his colleagues have refashioned the site to champion insurgents and critics of the Democratic mainstream, including a woman who accused Joe Biden of sexual assault, Tara Reade, as mainstream outlets raised doubts about her story. The business conceived to underwrite the journalism at The Intercept — the for-profit moviemaking arm — has sputtered, too, failing to produce another hit since “Spotlight” in 2015. The documents I obtained show a bitter internal fight over leaders' refusal to give a top female executive a producer credit. Another of its highest-profile hires, former Topic.com editor Anna Holmes, who left in 2019, told me: “I’ve always admired First Look Media’s stated commitment to free speech, transparency and speaking truth to power. So in that spirit I’ll say this: My tenure there was creatively rewarding — it was also personally and professionally demoralizing.” Reality Winner, meanwhile, is recovering from the coronavirus in federal prison in Texas. She’s still short of breath sometimes, said her mother, who still blames The Intercept for the disastrous consequences of her daughter’s incautious effort to blow the whistle, though First Look is also paying the legal bills. Winner-Davis recently abandoned her retirement to take a job as a corrections officer at a local jail so she could feel closer to her daughter and understand her experience behind bars. “It tears me apart every day going into that setting and knowing this is what my daughter is going through,” she said. Source
  11. Senator Wyden puts surveillance nerve-center on blast It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. However, curiously enough, the NSA has been unable to find a copy of that report. On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden's efforts to determine whether the NSA is still in the business of placing backdoors in US technology products. Wyden (D-OR) opposes such efforts because, as the Juniper incident demonstrates, they can backfire, thereby harming national security, and because they diminish the appeal of American-made tech products. But Wyden's inquiries, as a member of the Senate Intelligence Committee, have been stymied by lack of cooperation from the spy agency and the private sector. In June, Wyden and various colleagues sent a letter to Juniper CEO Rami Rahim asking about "several likely backdoors in its NetScreen line of firewalls." Juniper acknowledged in 2015 that “unauthorized code” had been found in ScreenOS, which powers its NetScreen firewalls. It's been suggested that the code was in place since around 2008. The Reuters report, citing a previously undisclosed statement to Congress from Juniper, claims that the networking biz acknowledged that "an unnamed national government had converted the mechanism first created by the NSA." Wyden staffers in 2018 were told by the NSA that a "lessons learned" report about the incident had been written. But Wyden spokesperson Keith Chu told Reuters that the NSA now claims it can't find the file. Wyden's office did not immediately respond to a request for comment. The reason this malicious code was able to decrypt ScreenOS VPN connections has been attributed to Juniper's "decision to use the NSA-designed Dual EC Pseudorandom Number Generator." The company has yet to clarify exactly why it made that decision. Juniper did not respond to a request for comment. When former NSA contractor Edward Snowden leaked agency secrets in 2013, Reuters reported that years earlier security firm RSA, now part of storage biz EMC, had accepted a $10m contract with the NSA to use Dual Elliptic Curve, or Dual EC, encryption. RSA at the time denied some of the claims without disputing the existence of the contract. The NSA had been keen to see Dual EC adopted and worked with the US Commerce Department to promote it. But in 2007, two Microsoft researchers reported there were serious flaws with the Dual Elliptic Curve Deterministic Random Bit Generator that led it to produce weak cryptography. By 2014, US standards agency NIST withdrew support for Dual EC. Juniper at some point between 2008 and 2009 appears to have added Dual EC support to its products at the request of "a single customer," widely believed to be the NSA. After Snowden's disclosures about the extent of US surveillance operations in 2013, the NSA is said to have revised its policies for compromising commercial products. Wyden and other lawmakers have tried to learn more about these policies but they've been stonewalled, according to Reuters. The NSA also declined to provide backdoor policy details to Reuters, stating that it doesn't share "specific processes and procedures." The news agency says three former senior intelligence officials have confirmed that NSA policy now requires a fallout plan with some form of warning in the event an implanted back door gets discovered and exploited. The Register asked the NSA to comment. We've not heard back. Source
  12. Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users And don't forget to limit ad tracking. Advisory contains a host of recommendations. Enlarge Christine Wang / Flickr 81 with 61 posters participating The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. “Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.” NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all. The cost of convenience But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers. Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods. The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that’s within radio range. To prevent these types of privacy invasions, the NSA recommends the following: Disable location services settings on the device. Disable radios when they are not actively in use: disable BT and turn off Wi-Fi if these capabilities are not needed. Use Airplane Mode when the device is not in use. Ensure BT and Wi-Fi are disabled when Airplane Mode is engaged. Apps should be given as few permissions as possible: Set privacy settings to ensure apps are not using or sharing location data. Avoid using apps related to location if possible, since these apps inherently expose user location data. If used, location privacy/permission settings for such apps should be set to either not allow location data usage or, at most, allow location data usage only while using the app. Examples of apps that relate to location are maps, compasses, traffic apps, fitness apps, apps for finding local restaurants, and shopping apps. Disable advertising permissions to the greatest extent possible: Set privacy settings to limit ad tracking, noting that these restrictions are at the vendor’s discretion. Reset the advertising ID for the device on a regular basis. At a minimum, this should be on a weekly basis. Turn off settings (typically known as FindMy or Find My Device settings) that allow a lost, stolen, or misplaced device to be tracked. Minimize Web browsing on the device as much as possible, and set browser privacy/permission location settings to not allow location data usage. Use an anonymizing Virtual Private Network (VPN) to help obscure location. Minimize the amount of data with location information that is stored in the cloud, if possible. If it is critical that location is not revealed for a particular mission, consider the following recommendations: Determine a non-sensitive location where devices with wireless capabilities can be secured prior to the start of any activities. Ensure that the mission site cannot be predicted from this location. Leave all devices with any wireless capabilities (including personal devices) at this non-sensitive location. Turning off the device may not be sufficient if a device has been compromised. For mission transportation, use vehicles without built-in wireless communication capabilities, or turn off the capabilities, if possible. Mobile phone use means being tracked Patrick Wardle, a macOS and iOS security expert and a former hacker for the NSA, said the recommendations are a “great start” but that people who follow the recommendations shouldn’t consider them anything close to absolute protection. “As long as your phone is connecting to cell towers, which it has to in order to use the cell network... AFAIK that’s going to reveal your location,” Wardle, who is a security researcher at the macOS and iOS enterprise management firm Jamf, told me. “It, as always, is a tradeoff between functionality/usability and security, but basically if you use a phone, assume that you can be tracked.” He said that recent versions of iOS make it easy to follow many of the recommendations. The first time users open an app, they get a prompt asking if they want the app to receive location data. If the user says yes, the access can only happen when the app is open. That prevents apps from collecting data in the background over extended periods of time. iOS also does a good job of randomizing MAC addresses that, when static, provide a unique identifier for each device. More recent versions of Android also allow the same location permissions and, when running on specific hardware (which usually come at a premium cost), also randomize MAC addresses. Both OSes require users to manually turn off ad personalization and reset advertising IDs. In iOS, people can do this in Settings > Privacy > Advertising. The slider for Limit Ad Tracking should be turned on. Just below the slider is the Reset Advertising Identifier. Press it and choose Reset Identifier. While in the Privacy section, users should review which apps have access to location data. Make sure as few apps as possible have access. Change some settings In Android 10, users can limit ad tracking and reset advertising IDs by going to Settings > Privacy and clicking Ads. Both the Reset Advertising ID and Opt Out of Ads personalization are there. To review which apps have access to location data, go to Settings > Apps & notifications > Advanced > Permission Manager > Location. Android allows apps to collect data continuously or only when in use. Allow only apps that truly require location data to have access, and then try to limit that access to only when in use. Tuesday’s advisory also recommends people limit sharing location information in social media and remote metadata showing sensitive locations before posting pictures. The NSA also warns about location data being leaked by car navigation systems, wearable devices such as fitness devices, and Internet-of-things devices. The advice is aimed primarily at military personnel and contractors whose location data may compromise operations or put them at personal risk. But the information can be useful to others, as long as they consider their threat model and weigh the acceptable risks versus the benefits of various settings. Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users
  13. NSA Urges SysAdmins to Replace Obsolete TLS Protocols The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols. The National Security Agency (NSA) is lighting a fire under system administrators who are dragging their feet to replace insecure and outdated Transport Layer Security (TLS) protocol instances. The agency this week released new guidance and tools to equip companies to update from obsolete older versions of TLS (TLS 1.0 and TLS 1.1) to newer versions of the protocol (TLS 1.2 or TLS 1.3). TLS (as well as its precursor, Secure Sockets Layer, or SSL) was developed as a protocol aimed to provide a private, secure channel between servers and clients to communicate. However, various new attacks against TLS and the algorithms it uses have been revealed – from Heartbleed to POODLE – rendering the older versions of the protocol insecure. “The standards and most products have been updated, but implementations often have not kept up,” said the NSA in its guidance this week. “Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. As a result, all systems should avoid using obsolete configurations for TLS and SSL protocols.” The NSA’s alert adds on to an existing collective push for updating TLS protocols, with some of the biggest standards bodies and regulators mandating that web server operators ensure they move to TLS 1.2 before the end of 2020. At the same time, many major browsers – including Chrome and Mozilla– have deprecated support for TLS 1.0 and TLS 1.1. As of March 2020, more than 850,000 websites still used TLS 1.0 and 1.1 protocols. Meanwhile, according to the SANS ISC in December, TLS 1.3 is supported by about one in every five HTTPS server, showing steady adoption of the newer protocol version. “TLSv1.3 is arguably the first TLS protocol version which focused more on security concerns than it did on compatibility issues,” Craig Young, principal security researcher at Tripwire, told Threatpost. “TLSv1.2 and earlier specifications have repeatedly included esoteric workarounds for known attacks rather than deprecating broken technologies. TLSv1.3 introduces new handshake mechanisms and ciphersuites with mandated perfect forward secrecy and authenticated encryption. The overall impact is a strong protection against downgrade attacks and other cryptographic attacks.” The NSA’s alert, intended for the National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) cybersecurity leaders, as well as system administrators and network security analysts, provided further guidance on how to detect and update outdated TLS versions. Part of the NSA’s recommendations include using network monitoring systems to detect obsolete TLS versions. The NSA also provided further information about prioritization of remediation for obsolete TLS versions. “Network monitoring devices can be configured to alert analysts to servers and/or clients that negotiate obsolete TLS or can be used to block weak TLS traffic,” according to the NSA. “The choice to alert and/or block will depend on the organization. To minimize mission impact, organizations should use a phased approach to detecting and fixing clients and servers until an acceptable number have been remediated before implementing blocking rules.” Security focused content delivery network provider Cloudflare has previously stated that “both TLS 1.0 and TLS 1.1 are insufficient for protecting information due to known vulnerabilities. Specifically for Cloudflare customers, the primary impact of PCI is that TLS 1.0 and TLS 1.1 are insufficient to secure payment card related traffic.” Cloudflare did not respond to a request for comment from Threatpost. “There really is no reason for organizations to delay in deploying TLSv1.3 in 2021, but some organizations may be hesitant because of the potential impact on SSL/TLS inspection systems,” Young told Threatpost. “This is a potential problem because these products often work by intercepting TLS connections and TLSv1.3 has been designed to guard against this.” Source: NSA Urges SysAdmins to Replace Obsolete TLS Protocols
  14. NSA advises companies to avoid third party DNS resolvers The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors' DNS traffic eavesdropping and manipulation attempts and to block access to internal network information. NSA's recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environments, an encrypted domain name system (DNS) protocol that blocks unauthorized access to the DNS traffic between clients and DNS resolvers. "NSA recommends that an enterprise network’s DNS traffic, encrypted or not, be sent only to the designated enterprise DNS resolver," the US intelligence agency said. "This ensures proper use of essential enterprise security controls, facilitates access to local network resources, and protects internal network information." Block third-party DNS services Companies are suggested to use their own enterprise-operated DNS servers or externally hosted services with built-in support for encrypted DNS requests such as DoH. "However, if the enterprise DNS resolver does not support DoH, the enterprise DNS resolver should still be used and all encrypted DNS should be disabled and blocked until encrypted DNS capabilities can be fully integrated into the enterprise DNS infrastructure," the NSA added [PDF]. The NSA urges enterprise network administrators to disable and block all other DNS services besides their organizations' dedicated ones. Network admins who disable DoH on their networks are also recommended to block "known DoH resolver IP addresses and domains" to block client attempts from using their own DoH resolvers instead of the DHCP-assigned DNS resolver. The agency's advisory also provides additional details on the purpose of DoH and the importance of correctly configuring it to augment enterprise DNS security controls. "We are releasing this guidance to our NSS, DIB, and DoD partners to help them manage encrypted DNS as it is automatically enabled by more applications, as part of our continuous efforts to provide timely, actionable, and relevant cybersecurity guidance," Neal Ziring, Technical Director at NSA, told BleepingComputer. "Encrypted DNS features are becoming more widely supported in commercial products, and our customers need to understand the technology and potential trade-offs." Today’s #cybersecurity release recommends how enterprises can adopt the encrypted DNS protocol DoH without sacrificing security control. Network owners and admins must understand the benefits/risks before adopting. Read more: https://t.co/qkKzckcltw — NSA Cyber (@NSACyber) January 14, 2021 US government agencies also told to avoid third-party resolvers Last year, US government agencies' CIOs were recommended to disable third-party encrypted DNS services until an official DNS resolution service with DoH and DNS over TLS (DoT) support would be available. CISA also reminded that agencies are legally required to use the EINSTEIN 3 Accelerated (E3A) DNS service on all devices connected to federal agency networks as the primary (or ultimate) upstream DNS resolver for all local DNS recursive resolvers. Until a DNS resolution service with DoH and DoT support was made available, federal agencies were also recommended to "set and enforce enterprise-wide policy (e.g., Group Policy Objects [GPO] for Windows environments) for installed browsers to disable DoH use." DoH allows DNS resolution requests over encrypted HTTPS connections, while DoT will encrypt and wrap all DNS queries using the Transport Layer Security (TLS) protocol instead of using insecure plain text DNS lookups. "The 'Adopting Encrypted DNS in Enterprise Environments' Cybersecurity Information Sheet provides National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators guidance on proper network configuration for handling encrypted domain name system traffic," Ziring added. "NSA recommends customer enterprise network owners and administrators follow the guidance as detailed in the information sheet." Source: NSA advises companies to avoid third party DNS resolvers
  15. NSA Publishes Cybersecurity Year in Review Report The United States National Security Agency (NSA) has released its 2020 Cybersecurity Year in Review report, which summarizes the NSA Cybersecurity Directorate's first full year of operation. The Cybersecurity Directorate was formally announced in July 2019, with a focus on protecting national security networks and the defense industrial base. Led by Ms. Anne Neuberger, Director of Cybersecurity, the Directorate was also aiming to improve cybersecurity efforts through partnerships. The Cybersecurity Directorate remained true to its goal throughout 2020, the report claims, working to prevent and eradicate cyber threats through combining threat intelligence and cryptography knowledge with vulnerability analysis and defense operations. “Drawing on lessons learned from the 2016 presidential election and the 2018 mid-term elections, NSA was fully engaged in whole-of-government efforts to protect the 2020 election from foreign interference and influence. Cybersecurity was a foundational component of NSA’s overall election defense effort,” the report (PDF) reads. Last year, the NSA helped the Department of Defense (DoD) eliminate weak cryptography and approved quantum-resistant cryptographic algorithms, to ensure that the Department’s cryptography is modern enough to resist quantum computing attacks. In the context of the COVID-19 pandemic, the NSA helped the DoD’s transition to telework, providing solutions for approximately 100,000 users to work remotely securely. Furthermore, the Agency was involved in Operation Warp Speed (OWS), an effort aimed at accelerating the development of a COVID-19 vaccine. Since the Directorate’s creation, the NSA has provided 30 unique, timely and actionable cybersecurity products to alert the National Security System (NSS), DoD, and Defense Industrial Base (DIB) network owners of cyber-threats. Some of the intelligence shared by the Agency in 2020 includes details on Windows 10 flaws and on Drovorub malware, IOCs associated with the targeting of Exim mail servers by the Russia-linked Sandworm Team, details on bugs threat actors abuse to install web shell malware on web servers, and a list of 25 vulnerabilities commonly targeted by Chinese threat actors. Although the Cybersecurity Advisories (CSAs) were mainly destined for NSS, DoD, and DIB owners, the private sector in the United States and abroad could also leverage the intelligence to strengthen security posture, the NSA says. Furthermore, the NSA released guidance on properly configuring IPsec VPNs (IP Security Virtual Private Networks), on how to customize the Unified Extensible Firmware Interface (UEFI) Secure Boot, and how to security networks and employees during telework. Last year, NSA’s Cybersecurity Collaboration Center worked on advancing public-private collaboration and on refocusing Enduring Security Framework (ESF) efforts toward the security of 5G deployments. The Agency also launched the Center for Cybersecurity Standards (CCSS), meant to engage with standards bodies. “NSA also continues to discover and release cybersecurity vulnerabilities to private industry through an approved, intra-government process. For the past three years, vulnerability disclosures by NSA have trended upward, as the Agency commits to enabling the security of commercial technologies that the U.S. Government, our military, our businesses, and our citizens rely upon,” the Agency notes. Source: NSA Publishes Cybersecurity Year in Review Report
  16. Documents that were leaked by NSA whistleblower Edward Snowden prove that the United States has been ruled by a race of tall, white space aliens who also assisted the rise of Nazi Germany in the 1930s. A Federal Security Services (FSB) report on the nearly two million highly classified top-secret documents obtained from the United States Department of Defense (DOD) run National Security Agency-Central Security Service (NSA/CSS) by the American ex-patriot Edward Snowden states that this information is providing “incontrovertible proof” that an “alien/extraterrestrial intelligence agenda” is driving US domestic and international policy. Snowden, who has been given asylum in Russia, leaked documents that a race of extraterestrial “tall whites” arrived on Earth, helped Nazi Germany build a fleet of advanced submarines in the 1930s, and then met in 1954 with President Dwight Eisenhower “where the ‘secret regime’ currently ruling over America was established. This FSB report warns that the ‘Tall White’ agenda being implemented by the ‘secret regime’ ruling the United States calls for the creation of a global electronic surveillance system meant to hide all true information about their presence here on earth as they enter into what one of Snowden’s documents calls the ‘final phase’ of their end plan for total assimilation and world rule.” The report further says that the U.S. government is embroiled in a “cataclysmic” power struggle between President Obama, who heads the alien shadow government, and some unknown force that opposed the U.S.-alien alliance. “Most to be feared by Russian policy makers and authorities, this [FSB] report concludes, is if those opposing the ‘Tall White’ ‘secret regime’ ruled over by Obama have themselves aligned with another alien-extraterrestrial power themselves.” Any good conspiracy theory needs a patina of truth, a bit of intellectual cover to camouflage the craziness. In this case, the whatdoesitmean.com/Fars story cites Paul Hellyer, the 1960s Canadian defense minister who is now a fervent UFO activist. Hellyer allegedly has confirmed the accuracy of Snowden’s UFO leaks. Source ======================== A rebuttal has been found, claiming the source is a "semi-official" news agency.
  • Create New...