Items tagged with NSA
At this point in time it is no secret that the United States National Security Agency (NSA) is able to access citizen’s phone calls and text messages. But has the NSA’s various surveillance programs yielded any results? It was recently revealed that the USA Freedom Act of 2015 has cost taxpayers over $100 million USD but has only led to one noteworthy investigation. The USA Freedom Act of 2015 was originally passed to modify the controversial Patriot Act. One of the purposes of the act was to limit the amount of data that the NSA received from telecommunication companies like AT&T and Verizon. However, these telecommunication companies continued to share mass amounts of data,...
Read more...
Field of Dreams taught us, "If you build it, he will come," referring to a deceased baseball legend wandering out of a corn field in Iowa. When it comes to PC security, though, if you discover it ("it" being a vulnerability), the proof of concepts will come, and that is precisely what has happened with a "CurveBall" flaw the National Security Agency (NSA) recently discovered. I wrote about this earlier in the week, noting a report that Microsoft's Patch Tuesday update would plug up a cryptography security hole discovered by the NSA. Part of the reason it was notable (and still is) is because this is the first time the NSA has reported a major bug in Windows to Microsoft (you know, as opposed...
Read more...
The National Security Agency (NSA) has a program in place called Upstream that taps directly into the Internet backbone to search traffic. The agency has claimed in the past that the warrantless searches of email are allowed under Section 702 enacted as part of the FISA Amendments Act. The agency made changes in 2017 to stop collecting communications of U.S. persons who aren't in direct contact with a foreign intelligence target. However, a pair of House lawmakers are pushing for an amendment that would defund the massive data collection operation run by the NSA unless the government promises not to collect data on Americans. The bipartisan amendment is very short spanning just 15 lines. It would...
Read more...
When we think of the National Security Agency (NSA) and cybersecurity, we think of the intelligence agency’s grab bag of security exploits that it uses to enhance its own spying efforts. But one particular remote code execution exploit, which has been dubbed BlueKeep, has the NSA actually warning Windows users to patch their systems immediately. "This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," writes the NSA. "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against...
Read more...
Back in 2017, the National Security Agency (NSA) lost control of one of its hacking tools called EternalBlue. Since the hacking tool slipped into the world, it has been picked up by hackers in North Korea, Russia, and China, among other places. The tool has been used to allegedly create billions of dollars in damage around the world. Unfortunately, the hacking tool has now been deployed against cities and states in America as well. For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more....
Read more...
In somewhat of a surprise, the National Security Agency announced the release of Ghidra, a free and open source software reverse engineering toolkit, at the RSA security convention. Ghidra is what the NSA has been using for years, though it is not clear if the public release is the exact same version that it uses internally. So, why release something like this to the public? It is not to encourage black hat hacking. Instead, NSA director Rob Joyce said he hopes it will lead to better research in software security. He also assured attendees that there is nothing sinister going on, and specifically said Ghidra does not contain a backdoor. "There is no backdoor in Ghidra. This is the last community...
Read more...
Let's start with the good news. Cryptocurrency mining on GPUs has waned considerably, and the shortage of graphics cards that made it nearly impossible to score a mid-range or high-end GPU at or near MSRP is over (for the most part). Are you ready for the bad news? Be that as it may, cryptocurrency mining hacks are on the rise, and a leaked tool by the US National Security Agency (NSA) may be partially to blame. That's the takeaway from a new report by Cyber Threat Alliance (CTA), a cybersecurity association with some major names among its members, including Cisco, Juniper Networks, McAfee, Sophos, Symantec, and others. The tool in question is "EternalBlue," developed by the NSA and leaked last...
Read more...
US Intelligence officials have determined that phones and services provided by Huawei, a Chinese smartphone manufacturer in China, and Chinese telecom ZTE pose a security risk to Americans, and that consumers should avoid both companies altogether. The determination was made known by half a dozen US intelligence chiefs, each of which told the Senate Intelligence Committee on Tuesday that Americans should steer clear of both companies. Among the six top intelligence chiefs were the heads of the Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), along with the director of national intelligence. At first, they all indicated a lack of trust...
Read more...
A team of researchers from Positive Technologies have dug into the innards of Intel Management Engine (ME) 11 and have found a way to turn the feature off. If you aren't familiar with ME, it's a separate processor that is tucked away inside Intel CPUs that allows companies to manage the computers on their networks. Essentially, it allows the IT team to get into your machine to fix issues or apply updates among other things. The catch is that ME 11 is essentially a backdoor leaving some concerned about potential security exploits and privacy concerns. That fact has left many people who use Intel CPUs and have no need for that feature unhappy that a potential backdoor is in their system. This is...
Read more...
WikiLeaks, the non-profit organization that publishes secret information provided by anonymous sources, released details about a tool that was used by the United States Central Intelligence Agency (CIA) to ensure that other government intelligence agencies were sharing the biometric information they collected. That includes the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Department of Homeland Security (DHS). That's right, the CIA has (or had) a tool to spy on the government's spy agencies. The tool is called ExpressLane and it would be installed and run under the cover of upgrading the biometric software by intelligence officials who visit liaison sites. ExpressLane...
Read more...
Geopolitical borders have softened in various ways thanks to the prevalence of the Internet. An email sent by an American could cross multiple international borders before being received by another American. A recent study by the Century Foundation revealed that the National Security Agency (NSA) reportedly utilizes various “traffic shaping” techniques to survey and store American communications. Internet traffic does not travel along the shortest route, but instead favors the fastest, least congested, or least expensive course. Data from various countries is backed up in data centers around the world. Sharon Goldberg of the Century Foundation noted, “An email sent from San Jose to New York may...
Read more...
Have the most recent Microsoft exploits been keeping you up at night? Microsoft recently remarked that almost all of the exploits have already been patched, while the remaining ones can not reproduced on supported platforms. On Friday, a hacking group referred to as the “Shadow Brokers” revealed a number of programs that could potentially be used to attack different versions of Windows operating systems. Microsoft maintains that the vast majority of these exploits have already been patched. “ETERNALCHAMPION”, a SMBv1 exploit, was patched by Windows updates CVE-2017-0146 & CVE-2017-0147. EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan” have not been reproduced on supported platforms....
Read more...
What do you collect? Rare stamps? Falcons fans’ tears? How about classified national defense documents? Former National Security Agency (NSA) contractor Harold Thomas Martin III was recently indicted by a federal grand jury on the charge that he purposely collected classified information regarding national defense. He faces twenty criminal accounts, each punishable by up to 10 years in prison. Rod J. Rosenstein, the United States attorney for Maryland, remarked, “The indictment alleges that for as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government by stealing documents containing highly classified information.”Martin spent over twenty years hoarding...
Read more...
President Obama appears to be making the most out of his last few days in office. The Obama administration has just issued Executive Order 12333. The order will make it easier for the various intelligence agencies to access and share personal information about American citizens and people currently located in the United States. Executive Order 12333 allows intelligence agencies, specifically the NSA, to “disseminate information to other appropriate IC (Intelligence Communities) elements for purposes of allowing the recipient element to determine whether the information is relevant to its responsibilities and can be retained by it.” The intelligence agencies can request information concerning...
Read more...
