Items tagged with NSA
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has been muddied and compromised itself. Early in October, KrebsOnSecurity received word that someone with access to the Trickbot network sent out commands to infected devices to disconnect from the Trickbot servers. These servers controlled the infected machines, so this was a massive blow to the nefarious actors behind Trickbot’s operations. Furthermore, the Trickbot malware...
Read more...
In 2013, Edward Snowden released information on the U.S. Government regarding the mass surveillance and aggregation of data in America. Now, a U.S. Appellate Court has deemed the mass surveillance unconstitutional and thus illegal. As Reuters reported, “the U.S. Court of Appeals for the Ninth Circuit said the warrantless telephone dragnet that secretly collected millions of Americans’ telephone records violated the Foreign Intelligence Surveillance Act and may well have been unconstitutional.” This is a win for both Snowden and people and groups against government surveillance. After fleeing persecution and ending up in Russia, Snowden is still following the situation. Yesterday,...
Read more...
The U.S. Federal Bureau of Investigation (FBI) and National Security Administration (NSA) have joined forces to warn about a new threat of cyberattacks sourced from Russia. The two intelligence agencies have posted a complete technical analysis of what is be called Drovorub malware, which is targeting Linux-based systems. According to the FBI/NSA white paper, Drovorub was developed by the Russian General Staff Main Intelligence Directorate, better known as GRU. GRU has been responsible for numerous cyber espionage campaigns against the United States and its allies, and had a hand in attempting to influence the 2016 U.S. Presidential Election. In the past, we've seen GRU operating under the following...
Read more...
At this point in time it is no secret that the United States National Security Agency (NSA) is able to access citizen’s phone calls and text messages. But has the NSA’s various surveillance programs yielded any results? It was recently revealed that the USA Freedom Act of 2015 has cost taxpayers over $100 million USD but has only led to one noteworthy investigation. The USA Freedom Act of 2015 was originally passed to modify the controversial Patriot Act. One of the purposes of the act was to limit the amount of data that the NSA received from telecommunication companies like AT&T and Verizon. However, these telecommunication companies continued to share mass amounts of data,...
Read more...
Field of Dreams taught us, "If you build it, he will come," referring to a deceased baseball legend wandering out of a corn field in Iowa. When it comes to PC security, though, if you discover it ("it" being a vulnerability), the proof of concepts will come, and that is precisely what has happened with a "CurveBall" flaw the National Security Agency (NSA) recently discovered. I wrote about this earlier in the week, noting a report that Microsoft's Patch Tuesday update would plug up a cryptography security hole discovered by the NSA. Part of the reason it was notable (and still is) is because this is the first time the NSA has reported a major bug in Windows to Microsoft (you know, as opposed...
Read more...
The National Security Agency (NSA) has a program in place called Upstream that taps directly into the Internet backbone to search traffic. The agency has claimed in the past that the warrantless searches of email are allowed under Section 702 enacted as part of the FISA Amendments Act. The agency made changes in 2017 to stop collecting communications of U.S. persons who aren't in direct contact with a foreign intelligence target. However, a pair of House lawmakers are pushing for an amendment that would defund the massive data collection operation run by the NSA unless the government promises not to collect data on Americans. The bipartisan amendment is very short spanning just 15 lines. It would...
Read more...
When we think of the National Security Agency (NSA) and cybersecurity, we think of the intelligence agency’s grab bag of security exploits that it uses to enhance its own spying efforts. But one particular remote code execution exploit, which has been dubbed BlueKeep, has the NSA actually warning Windows users to patch their systems immediately. "This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," writes the NSA. "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against...
Read more...
Back in 2017, the National Security Agency (NSA) lost control of one of its hacking tools called EternalBlue. Since the hacking tool slipped into the world, it has been picked up by hackers in North Korea, Russia, and China, among other places. The tool has been used to allegedly create billions of dollars in damage around the world. Unfortunately, the hacking tool has now been deployed against cities and states in America as well. For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more....
Read more...
In somewhat of a surprise, the National Security Agency announced the release of Ghidra, a free and open source software reverse engineering toolkit, at the RSA security convention. Ghidra is what the NSA has been using for years, though it is not clear if the public release is the exact same version that it uses internally. So, why release something like this to the public? It is not to encourage black hat hacking. Instead, NSA director Rob Joyce said he hopes it will lead to better research in software security. He also assured attendees that there is nothing sinister going on, and specifically said Ghidra does not contain a backdoor. "There is no backdoor in Ghidra. This is the last community...
Read more...
Let's start with the good news. Cryptocurrency mining on GPUs has waned considerably, and the shortage of graphics cards that made it nearly impossible to score a mid-range or high-end GPU at or near MSRP is over (for the most part). Are you ready for the bad news? Be that as it may, cryptocurrency mining hacks are on the rise, and a leaked tool by the US National Security Agency (NSA) may be partially to blame. That's the takeaway from a new report by Cyber Threat Alliance (CTA), a cybersecurity association with some major names among its members, including Cisco, Juniper Networks, McAfee, Sophos, Symantec, and others. The tool in question is "EternalBlue," developed by the NSA and leaked last...
Read more...
US Intelligence officials have determined that phones and services provided by Huawei, a Chinese smartphone manufacturer in China, and Chinese telecom ZTE pose a security risk to Americans, and that consumers should avoid both companies altogether. The determination was made known by half a dozen US intelligence chiefs, each of which told the Senate Intelligence Committee on Tuesday that Americans should steer clear of both companies. Among the six top intelligence chiefs were the heads of the Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), along with the director of national intelligence. At first, they all indicated a lack of trust...
Read more...
A team of researchers from Positive Technologies have dug into the innards of Intel Management Engine (ME) 11 and have found a way to turn the feature off. If you aren't familiar with ME, it's a separate processor that is tucked away inside Intel CPUs that allows companies to manage the computers on their networks. Essentially, it allows the IT team to get into your machine to fix issues or apply updates among other things. The catch is that ME 11 is essentially a backdoor leaving some concerned about potential security exploits and privacy concerns. That fact has left many people who use Intel CPUs and have no need for that feature unhappy that a potential backdoor is in their system. This is...
Read more...
WikiLeaks, the non-profit organization that publishes secret information provided by anonymous sources, released details about a tool that was used by the United States Central Intelligence Agency (CIA) to ensure that other government intelligence agencies were sharing the biometric information they collected. That includes the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Department of Homeland Security (DHS). That's right, the CIA has (or had) a tool to spy on the government's spy agencies. The tool is called ExpressLane and it would be installed and run under the cover of upgrading the biometric software by intelligence officials who visit liaison sites. ExpressLane...
Read more...
Geopolitical borders have softened in various ways thanks to the prevalence of the Internet. An email sent by an American could cross multiple international borders before being received by another American. A recent study by the Century Foundation revealed that the National Security Agency (NSA) reportedly utilizes various “traffic shaping” techniques to survey and store American communications. Internet traffic does not travel along the shortest route, but instead favors the fastest, least congested, or least expensive course. Data from various countries is backed up in data centers around the world. Sharon Goldberg of the Century Foundation noted, “An email sent from San Jose to New York may...
Read more...
Have the most recent Microsoft exploits been keeping you up at night? Microsoft recently remarked that almost all of the exploits have already been patched, while the remaining ones can not reproduced on supported platforms. On Friday, a hacking group referred to as the “Shadow Brokers” revealed a number of programs that could potentially be used to attack different versions of Windows operating systems. Microsoft maintains that the vast majority of these exploits have already been patched. “ETERNALCHAMPION”, a SMBv1 exploit, was patched by Windows updates CVE-2017-0146 & CVE-2017-0147. EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan” have not been reproduced on supported platforms....
Read more...
What do you collect? Rare stamps? Falcons fans’ tears? How about classified national defense documents? Former National Security Agency (NSA) contractor Harold Thomas Martin III was recently indicted by a federal grand jury on the charge that he purposely collected classified information regarding national defense. He faces twenty criminal accounts, each punishable by up to 10 years in prison. Rod J. Rosenstein, the United States attorney for Maryland, remarked, “The indictment alleges that for as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government by stealing documents containing highly classified information.”Martin spent over twenty years hoarding...
Read more...
President Obama appears to be making the most out of his last few days in office. The Obama administration has just issued Executive Order 12333. The order will make it easier for the various intelligence agencies to access and share personal information about American citizens and people currently located in the United States. Executive Order 12333 allows intelligence agencies, specifically the NSA, to “disseminate information to other appropriate IC (Intelligence Communities) elements for purposes of allowing the recipient element to determine whether the information is relevant to its responsibilities and can be retained by it.” The intelligence agencies can request information concerning...
Read more...
"Yahoo" is a positive word, but in relation to the internet giant, it's starting to feel like it could describe some of the company's key management. Yahoo has been dealing with some troubling issues, but most of those issues were self-created, such as failing to disclose a security breach which took place years ago, and building a custom tool for the U.S. government - and the NSA in particular - to scan user emails. Now, it's being reported that Yahoo's tool is in effect a sophisticated "hacking tool", although it's supposedly not that much different from Yahoo's preexisting tools used to seek out malware, child pornography, and spam. "Tool" might be the wrong word, though, as some experts...
Read more...
It's come to light that a former contractor for the National Security Agency (NSA) was arrested back in August by the Federal Bureau of Investigation (FBI). The agency suspects the contractor might have stolen and disclosed classified computer code developed by the NSA to hack into networks of governments around the world. And no, his name is not Edward Snowden, though he comes from the same consulting firm (Booz Allen Hamilton). The former contractor's name is Harold T. Martin III, a 51-year-old out of Glen Burnie, Maryland. He had already left the NSA and was working as a contractor for the Defense Department at the time of his arrest on August 27. According to The New York Times, some two...
Read more...
Security firm Cellebrite made headlines earlier this year when its services were employed by the FBI to help break into the phone of the San Bernardino shooter. Cellebrite recently invited a bunch of UK press to an event to show off what it's capable of.Equipped with an outdated smartphone, BBC reporter Rory Cellan-Jones went off for a half an hour, password-protected the device, and took pictures -- basically using the phone normally. You can see where this is going. Despite the password, Cellebrite plugged the phone into a bulky tablet, and after a few taps, the phone's security was disabled. From that point on, the phone was completely accessible, so any photos that the journalist would...
Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits up for auction, it took only a couple of days before we found out that there was some real threat...
Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back it up a wee bit, as Cisco has today confirmed that one of the exploits contained within that collection...
Read more...
