An unknown Malware led to loss of Rs 94 crores in Two days from a Pune-based Cosmos Bank






Hackers transferred over Rs 94 crores from a 112-year-old Pune-based Cosmos Co-operative Bank through a malware attack that was directed on the server of the bank and on its thousand's of debit cards.

The attack was carried out for over multiple days in which about Rs 78 crore was withdrawn from more than 12,000 ATM transactions in 28 countries. While another 2,800 transactions of amount Rs 2.5 crore were made from different cities in India.

As per the reports, Rs 13.9 crore was transferred to foreign banks through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.


“A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said.


According to the bank, their core banking system (CBS) was intact and the malware attacked the switch, which is responsible for payment gateways of Visa and Rupay debit cards, as all the credit cards which were used in the hack was of Rupay or Visa.


"The core banking system (CBS) of the bank receives debit card payment requests via 'switching system'. During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system," said the statement.

On August 11, the bank came to know about the suspicious transactions were taking place through their debit cards, and they immediately aborted all its credit card payment system in India as well as in foreign countries.

“None of the customers’ accounts were touched and it is the bank which has incurred the loss of this money,” the official said.

The Bank has said there is no need to panic as there have no fraudulent transactions from any of the customer's account.

The statement underscored: "As it is a malware attack on the Switch which is operative for the payment gateway of VISA/RuPay debit cards and not on the CBS of the bank, the customers' accounts and its balances are not at all affected."

A professional forensic investigation team has been called up to look into the matter, and they will submit their report in the next few days regarding the modus operandi of the attack and the exact amount involved therein.

Police Bodycams Can Be Hacked To Doctor Footage, Install Malware

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

Read more of this story at Slashdot.

DataBreachToday.com RSS Syndication: HHS OIG Finds Security Flaws in Maryland’s Medicaid System

Findings by Watchdog Agency Similar to Problems Previously Cited in Other States
Maryland's Medicaid system has "numerous significant" security weaknesses that need to be addressed, according to a federal watchdog agency. Earlier audits of other state Medicaid programs have yielded similar results

DataBreachToday.com RSS Syndication

Blog | Avast EN: Foreshadow casts more shade on Intel | Avast

Intel started 2018 with an unfortunate bang — the Spectre and Meltdown flaws inherent in the architecture of their chips was the main topic of conversation in the cybersecurity world. While damage control continues regarding those vulnerabilities, another flaw has been flagged. Intel refers to the new flaw as Level 1 Terminal Fault, or L1TF, but security researchers have dubbed it something more colorful — Foreshadow, and it is present in Intel Core processors and Xeon chips.



Blog | Avast EN

Google Patches Chrome Bug That Lets Attackers Steal Web Secrets Via Audio Or Video HTML Tags

An anonymous reader writes: "Google has patched a vulnerability in the Chrome browser that allows an attacker to retrieve sensitive information from other sites via audio or video HTML tags," reports Bleeping Computer. The attack breaks CORS -- Cross-Origin Resource Sharing, a browser security feature that prevents sites from loading resources from other websites -- and will attempt to load resources (some of which can reveal information about users) inside audio and video HTML tags. During tests, a researcher retrieved age and gender information from Facebook users, but another researcher says the bug can be also used to retrieve data from corporate backends or private APIs. Ron Masas, a security researcher with Imperva, first discovered and reported this issue to Google. The bug was fixed at the end of July with the release of Chrome v68.0.3440.75.

Read more of this story at Slashdot.

SEC Sends Subpoena To Tesla In Probe Over Musk’s Take-Private Tweets

The U.S. Securities and Exchange Commission sent Tesla a subpoena regarding Elon Musk's effort to take the company private, "indicating the regulatory scrutiny of his statements have reached a more serious stage," reports Bloomberg. Last week, Musk tweeted he was considering taking Tesla off the market and had "funding secured" for the deal. From the report: Musk exposed himself to legal risk by tweeting Aug. 7 that he had the funding for a buyout. Almost a week later, the chief executive officer said the basis for his statement was conversations with Saudi Arabia's Public Investment Fund, which first expressed interest in helping take the company private in early 2017. Tesla's board has since clarified that it hasn't received a formal proposal from Musk, who's also chairman, nor has it concluded whether going private would be advisable or feasible. Tesla may face potential regulatory challenges beyond the SEC investigation. The company probably will need approval of U.S. national security officials if Saudi Arabia finances the effort to take the company private, and President Donald Trump's administration has been stepping up scrutiny of foreign investment in American technology.

Read more of this story at Slashdot.

Ixia delivers visibility into all traffic in virtual workloads in private cloud environments

Keysight Technologies announced Cloud Sensor vTap, a new feature of CloudLens from Ixia, a Keysight Business. Cloud Sensor vTap enables organizations to manage their security risk in private and hybrid cloud environments, such as Microsoft Azure Stack, with visibility into East-West traffic without requiring access. The increase in cloud adoption has heightened the need for securing data, applications, and workloads that reside in any cloud-based environment. In fact, in a recent Ixia survey, Lack of … More

The post Ixia delivers visibility into all traffic in virtual workloads in private cloud environments appeared first on Help Net Security.

CSI launches open API platform to provide secure connections to data

Computer Services introduces CSIbridge, an open application programming interface (API) platform, to give banks the power to build custom technology integrations that maximize efficiency and enhance competitiveness. CSIbridge provides a platform that banks and third-party providers can use to access data for ancillary solutions. CSI customers can take advantage of the open API platform to customize and release new services through pre-built APIs into banking features. “Customers continue to expect more and more from their … More

The post CSI launches open API platform to provide secure connections to data appeared first on Help Net Security.

PTC launches cybersecurity collaboration initiative for more secure and resilient IoT deployments

Continuing its commitment to promoting shared responsibility for safe and secure IoT deployments, PTC has unveiled a Coordinated Vulnerability Disclosure (CVD) Program. The new program is designed to support the reporting and remediation of security vulnerabilities that could affect the environments in which PTC products operate, including industrial and safety-critical industries. The CVD Program is a component of PTC’s Shared Responsibility Model, which defines a framework for cybersecurity collaboration with customers, partners, and others within … More

The post PTC launches cybersecurity collaboration initiative for more secure and resilient IoT deployments appeared first on Help Net Security.

Lockpath partners with RapidRatings to increase third-party risk visibility

Lockpath announced a new partnership with RapidRatings. This partnership aims to further risk management technology by broadening its scope to provide third-party risk visibility that includes financial health analytics. The partnership will include a technology integration of RapidRatings’ Financial Health Rating within Lockpath’s Keylight Platform, a governance, integrated risk management and compliance (GRC) solution. This integration will benefit joint customers, who will be able to garner a view of the risk posed to them by … More

The post Lockpath partners with RapidRatings to increase third-party risk visibility appeared first on Help Net Security.

EZShield acquires IdentityForce

EZShield announced it has acquired IdentityForce. The acquisition expands EZShield’s identity protection ecosystem by nearly 50 percent, providing partners in every industry, businesses of all sizes, and consumers with secure capabilities and restoration services. The pervasiveness of cyber fraud incidents and data breaches is estimated to cost $6 trillion annually by 2021. “IdentityForce is a trusted, top-ranked leader in identity theft protection and their business is comprised of a highly customer-centric team of experts who … More

The post EZShield acquires IdentityForce appeared first on Help Net Security.

Investor Sues AT&T Over Two-Factor Security Flaws, $23 Million Cryptocurrency Theft

An anonymous reader quotes a report from Fast Company: Crypto investor Michael Terpin filed a $224 million lawsuit against AT&T in California federal court Wednesday alleging that the phone company's negligence let hackers steal nearly $24 million in cryptocurrency from him, Reuters reports. He's also seeking punitive damages. Terpin says hackers were twice able to convince AT&T to connect his phone number to a SIM card they controlled, routing his calls and messages to them and enabling them to defeat two-factor authentication protections on his accounts. In one case, he says hackers also took control of his Skype account and convinced one of this clients to send money to them rather than Terpin. The second hack came even after AT&T agreed to put an additional passcode on his account, when a fraudster visited an AT&T store in Connecticut and managed to hijack Terpin's account without providing the code or a "scannable ID" as AT&T requires, he says.

Read more of this story at Slashdot.

NSA invadiu redes criptografadas de companhia aérea russa, Al Jazeera e órgãos do Iraque

A AGÊNCIA NACIONAL DE SEGURANÇA (NSA) conseguiu decifrar com sucesso a criptografia de várias redes virtuais privadas de “alto potencial”, incluindo a da organização de mídia Al Jazeera, as organizações militares e os serviços de internet iraquianos e vários sistemas de reservas de companhias aéreas, segundo um documento da NSA de março de 2006.

Uma rede privada virtual, ou VPN, usa uma conexão criptografada para permitir que os usuários acessem a internet e se conectem a uma rede privada, como uma intranet corporativa. Isso permite que a equipe de uma organização acesse serviços internos, como servidores de compartilhamento de arquivos ou wikis particulares, sem precisarem estar fisicamente no escritório.

A capacidade da NSA de invadir VPNs confidenciais pertencentes a grandes organizações, ainda em 2006, levanta questões mais amplas quanto à segurança desse tipo de rede. Muitos consumidores pagam pelo acesso a VPNs para mascarar a origem de seu tráfego de internet dos sites que visitam, ocultar os hábitos de navegação de seus provedores de serviços de internet e proteger-se contra bisbilhoteiros em redes públicas de Wi-Fi.

O fato de a NSA ter espionado as comunicações da Al Jazeera foi relatado pela revista alemã Der Spiegel em 2013, mas essa reportagem não mencionou que a espionagem foi realizada por meio do comprometimento da VPN da Al Jazeera pela NSA. Durante o governo Bush, funcionários do alto escalão dos EUA criticaram a Al Jazeera, acusando a organização de notícias com sede no Catar de ter um viés antiamericano, inclusive por ter transmitido mensagens gravadas de Osama bin Laden.

“Ambos protocolos oferecem um zilhão de opções configuráveis, o que é uma fonte de muitas das vulnerabilidades.”

Na época, a Al Jazeera se defendeu contra essa crítica, insistindo que sua reportagem era objetiva. “Osama bin Laden, gostemos ou não, é parte crise atual”, disse o editor de notícias Ahmed Al Sheikh à BBC em 2001. “Se disséssemos que não daríamos a ele o tempo do ar, teríamos perdido nossa integridade e objetividade e nossa cobertura da história se tornaria desequilibrada.”

De acordo com o documento, contido no cache de materiais fornecido pelo delator da NSA Edward Snowden, a NSA também comprometeu VPNs usadas pelos sistemas de reservas aéreos da Iran Air, do “Sabre paraguaio”, da companhia aérea russa Aeroflot e do “Galileo russo”. O Sabre e o Galileo são sistemas de computadores centralizados e de operação privada que facilitam transações de viagens, como a reserva de passagens aéreas. Coletivamente, são usados por centenas de companhias aéreas em todo o mundo.

No Iraque, a NSA comprometeu as VPNs nos ministérios da defesa e do interior. O Ministério da Defesa havia sido estabelecido pelos EUA em 2004, depois que a repetição anterior foi dissolvida. A exploração contra as VPNs dos ministérios parece ter ocorrido mais ou menos na mesma época que uma campanha mais ampla “total para invadir as redes iraquianas”, descrita por um funcionário da NSA em 2005.

“Embora as VPNs apresentem desafios especiais para a coleta e o processamento de SIGINT (inteligência de sinais), recentemente, obtivemos um sucesso notável na exploração dessas comunicações”, escreveu o autor do documento, um artigo para o site interno de notícias da NSA, o SIDtoday. O autor acrescentou que o centro de análises de redes da NSA estava focando no “VPN SIGINT Development (SIGDev) havia mais de três anos, e o investimento está valendo a pena!” O artigo não diz qual tecnologia VPN nenhum dos alvos usava, nem fornece detalhes técnicos sobre como a NSA quebrou a criptografia neles.

Os detalhes técnicos que descrevem como a NSA explora as VPNs são um segredo bem guardado, de acordo com outro artigo do SIDtoday, de dezembro de 2006. “A exploração de VPNs faz uso de algumas das mais novas técnicas de última geração”, afirma o artigo, “e, por isso, os detalhes de exploração são mantidos com cuidado e geralmente não estão disponíveis para trabalhos de campo.” O autor descreveu uma ferramenta chamada VIVIDDREAM, que permite que analistas que descobrem novas VPNs testem se a NSA tem a capacidade de explorá-las, tudo sem revelar ao analista qualquer informação confidencial sobre como a exploração funciona.

Os documentos fornecidos às organizações de notícias por Snowden não listam de forma conclusiva quais tecnologias de VPN foram comprometidas pela NSA e quais não foram. No entanto, tem havido uma série de notícias sobre as capacidades de invasão de VPNs pela NSA com base nesses documentos, e os criptógrafos que os revisaram apresentaram algumas suposições fundamentadas.

Em 2014, o Intercept informou a respeito dos planos da NSA, datados de agosto de 2009, de usar um sistema automatizado chamado TURBINE para infectar secretamente milhões de computadores com malware. As revelações descreveram um pedaço de malware da NSA chamado HAMMERSTEIN, instalado em roteadores atravessados pelo tráfego de VPN. O malware conseguiu encaminhar o tráfego da VPN que usa o protocolo IPSec de volta à NSA para descriptografar. No entanto, os documentos não explicavam precisamente como ocorria a descriptografia.

Mais tarde naquele ano, o Der Spiegel publicou 17 documentos do arquivo de Snowden relacionados aos ataques da NSA contra VPNs, muitos deles fornecendo mais detalhes sobre o TURBINE, o HAMMERSTEIN e programas relacionados.

Existem muitos protocolos VPN diferentes em uso, alguns deles conhecidos por serem menos seguros do que outros, e cada um pode ser configurado de forma a torná-los mais ou menos seguros. Um protocolo de encapsulamento ponto-a-ponto “é antigo e inseguro, e têm muitas vulnerabilidades de segurança conhecidas desde sempre”, disse Nadia Heninger, pesquisadora de criptografia da Universidade da Pensilvânia, por e-mail. “Eu não ficaria nem um pouco chocada se elas estivessem sendo exploradas por aí.”

A NSA também parece ter, pelo menos em algumas situações, quebrado a segurança de outro protocolo VPN, o Internet Protocol Security, ou IPSec, de acordo com os documentos de Snowden publicados pelo Intercept e o Der Spiegel em 2014.

“Tanto para o TLS quanto para o IPSec, existem maneiras seguras e inseguras de configurar esses protocolos, de modo que eles não podem ser rotulados simplesmente como ‘seguros’ ou ‘inseguros’”, explicou Heninger. “Ambos protocolos oferecem um zilhão de opções configuráveis, o que é uma fonte de muitas das vulnerabilidades de nível de protocolo publicadas, e há conjuntos de cifras e opções de parâmetro para ambos  protocolos que são definitivamente conhecidos por serem criptograficamente vulneráveis.” Ainda assim, ela se disse “bastante confiante” de que existem maneiras de configurar o TLS e o IPSec que “devem resistir a todos os ataques conhecidos”.

Outra possibilidade é que a NSA tenha descoberto como quebrar a criptografia em VPNs sem sequer usar criptografia. “Também devo observar que vimos muitas credenciais codificadas e outras vulnerabilidades de software encontradas em várias implementações de VPN, o que permitiria vários ataques não-criptográficos aborrecidos, como a simples execução de um script em um host final para extrair credenciais de login ou outros dados conforme desejado. Esse é o tipo de coisa que a maioria das ferramentas dos Shadow Brokers estava realmente fazendo”, disse Heninger, referindo-se à coleção de feitos e ferramentas de hacking da NSA pós-Snowden publicada na internet em 2016 e 2017.

Em 2015, Heninger e uma equipe de 13 outros criptógrafos publicaram um artigo intitulado “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice” (Encaminhamento de sigilo imperfeito: como o Diffie-Hellman falha na prática), que revelou grandes fraquezas na segurança de vários dos protocolos mais populares da internet. O artigo descreveu um novo ataque chamado Logjam e concluiu que estava dentro dos recursos de um estado-nação usar esse ataque para comprometer 66% de todas as VPNs IPSec. “Uma leitura atenta dos vazamentos da NSA publicados mostra que os ataques da agência às VPNs são consistentes com a obtenção de tal quebra”, especularam os autores.

A NSA se recusou a comentar esta reportagem.

Foto da capa: Um funcionário do canal de notícias de língua árabe Al Jazeera, do Catar, passa pelo logotipo da Al Jazeera em Doha, no Catar, em 1º de novembro de 2006.

The post NSA invadiu redes criptografadas de companhia aérea russa, Al Jazeera e órgãos do Iraque appeared first on The Intercept.

The Next Flagship iPhone Will Support Apple Pencil and 512GB Flash Storage, Says Report

Next month, Apple is expected to unveil three new iPhones, each with differing specs/features. According to analyst firm Trendforce, the large 6.5-inch "flagship" model will support up to 512GB of onboard flash storage. Apple Pencil support will also be "offered as an option," although the company didn't specify which models will support the stylus. Apple Insider reports: The company expects that the the 6.1-inch LCD version will come with Face ID, Dual-SIM technology. The firm expects it to retail for between $699 and $749. The 5.8-inch OLED iPhone will be priced at $899 to $949. The 6.5-inch device will come in storage capacities up to 512GB, with one variant of the size potentially having dual-SIM support and expected to be "limited within $1,000 threshold as to encourage purchasing from consumers," according to Trendforce. Both the 5.8- and 6.5-inch OLED models are expected to have 4GB of RAM. The 6.1-inch LED devices will have 3GB of RAM, the same as the iPhone X. The analyst firm believes that all three models are expected to ship in September and October.

Read more of this story at Slashdot.

Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. 

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos


Security Impact Rating: Medium
CVE: CVE-2018-0415

Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client).

The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt


Security Impact Rating: Medium
CVE: CVE-2018-0412

Cisco Digital Network Architecture Center Command Injection Vulnerability

A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack.

The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-dna-injection


Security Impact Rating: Medium
CVE: CVE-2018-0427

Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos


Security Impact Rating: High
CVE: CVE-2018-0409

Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.

The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-res-xss


Security Impact Rating: Medium
CVE: CVE-2018-0367

Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system.

The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos


Security Impact Rating: High
CVE: CVE-2018-0410

Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system.

The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-cucdm-xss


Security Impact Rating: Medium
CVE: CVE-2018-0386

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.

The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation


Security Impact Rating: Medium
CVE: CVE-2018-0428

Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-asr-ptp-dos


Security Impact Rating: Medium
CVE: CVE-2018-0418

Cisco Email Security Appliance EXE File Scanning Bypass Vulnerability

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system.

The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-esa-file-bypass


Security Impact Rating: Medium
CVE: CVE-2018-0419

Valve Seems To Be Working On Tools To Get Windows Games Running On Linux

"Valve appears to be working on a set of 'compatibility tools,' called Steam Play, that would allow at least some Windows-based titles to run on Linux-based SteamOS systems," writes Kyle Orland from Ars Technica. From the report: Yesterday, Reddit users noticed that Steam's GUI files (as captured by SteamDB's Steam Tracker) include a hidden section with unused text related to the unannounced Steam Play system. According to that text, "Steam Play will automatically install compatibility tools that allow you to play games from your library that were built for other operating systems." Other unused text in the that GUI file suggests Steam Play will offer official compatibility with "supported tiles" while also letting users test compatibility for "games in your library that have not been verified with a supported compatibility tool." That latter use comes with a warning that "this may not work as expected, and can cause issues with your games, including crashes and breaking save games."

Read more of this story at Slashdot.

CVE-2018-0428

A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548.

CVE-2018-0418

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858.

CVE-2018-0427

A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263.

CVE-2018-0419

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786.

CVE-2018-0412

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.

CVE-2018-0386

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.

CVE-2018-0367

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367.

CVE-2018-0409

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.

CVE-2018-0410

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.

CVE-2018-0415

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472.

New Intel chip flaw “Foreshadow” attacks SGX technology to extract sensitive data

By Waqas

Security fraternity is still dealing with the adverse consequences and versatile range of threats caused by the Spectre and Meltdown vulnerabilities. But, to add to their misery, there is another possibly worst hardware flaw detected by security researchers in Intel chips. This flaw, dubbed as Foreshadow, can obtain information even from the most secured components […]

This is a post from HackRead.com Read the original post: New Intel chip flaw “Foreshadow” attacks SGX technology to extract sensitive data

Market Update: U.S. Stocks Fall on Trade, Emerging Market Tensions; Cryptocurrencies Recovers $20 Billion

Stocks and commodities faced brisk selloffs Wednesday, as lingering risks on the trade and emerging-market fronts dampened investors’ appetite for riskier assets. Meanwhile, cryptocurrencies staged a large relief rally led by bitcoin and Ethereum. Stocks Decline Wall Street’s major indexes finished well off session lows on Wednesday. The Dow Jones Industrial Average closed down 137.51 […]

The post Market Update: U.S. Stocks Fall on Trade, Emerging Market Tensions; Cryptocurrencies Recovers $20 Billion appeared first on Hacked: Hacking Finance.

Sheriff David Clarke’s Deputy Goes Down in a Night of Big Wins for Wisconsin Progressives

While a primary victory by ironworker Randy Bryce won headlines in Wisconsin, a lower-profile race signaled another significant victory for criminal justice reform strategists who have embraced electoral politics as a direct route to change.

In Milwaukee, former MLB security official Earnell Lucas won the Democratic nomination for sheriff, which almost guarantees he will win the general election in November. Lucas, a progressive with the backing of the Working Families Party, defeated Acting Sheriff Richard Schmidt, who had previously worked under Sheriff David Clarke, whose tenure was marked with mistreatment of Milwaukee residents. Schmidt was unable to overcome the association with Clarke, who is better known these days as a Fox News personality.

Schmidt’s loss came just a week after the movement dealt another controversial and high-profile law enforcement official a blow, unseating Bob McCulloch in St. Louis County. McCulloch’s anemic response to the killing of Mike Brown in Ferguson helped spark the Black Lives Matter movement.

Bryce, who captivated a national progressive audience with his working-class background and straight-talking campaign commercials, won the Democratic nomination for Congress in Wisconsin’s 1st Congressional District, defeating opponent Cathy Myers.

Bryce and Myers originally entered the race to challenge House Speaker Paul Ryan, but he announced that he would retire, and therefore vacated the seat. Bryce will face off with Republican Bryan Steil, a former aide to Ryan, in the fall.

In debates, the two Democratic candidates disagreed little on policy and focused on their biographical differences. “I … think we need more moms in Congress,” Myers said to applause during a July debate. She also noted that she’s a teacher, and that she’s “seen the fear” in her students eyes during an active shooter drill, emphasizing her support for gun control.

Bryce, on the other hand, focused on his working-class background. “The average member of Congress is a millionaire. They don’t know what it means to be a working person in Wisconsin. But I do. Because I am,” Bryce said at the same debate.

Throughout the campaign, Bryce portrayed himself as essentially an ordinary guy with ordinary issues. In early July, news broke of Bryan’s history of arrests, including for driving under the influence.

Bryce’s campaign made the historic decision of supporting his campaign’s union drive, becoming the first Democratic congressional campaign in America to become fully unionized. In an interview with The Intercept, Bryce said he would “absolutely” like to see congressional staff, many of whom are notoriously underpaid, also organize.

Also in Wisconsin, Tony Evers won the Democratic nomination for governor. Evers is the Wisconsin state superintendent, serving since 2009. Evers is running on public education, heavily taking aim at incumbent Republican Gov. Scott Walker’s record on schools.

In western Wisconsin, Jeff Smith, a rural populist, defeated Steve Boe, who was backed by much of the Democratic establishment, in a three-way primary for a state Senate seat. Smith, a longtime member of Citizen Action Western Wisconsin, campaigned on restoring local control on a number of issues, establishing a public option, and boosting environmental laws. He will face Republican Mel Pittman in the general election.

Top photo: Democratic congressional candidate Randy Bryce, right, celebrates with a supporter at an election night rally after being declared the winner in the Wisconsin Democratic primary on Aug. 14, 2018, in Racine.

The post Sheriff David Clarke’s Deputy Goes Down in a Night of Big Wins for Wisconsin Progressives appeared first on The Intercept.

Engineers Say They’ve Created Way To Detect Weapons Using Wi-Fi

An anonymous reader quotes a report from Gizmodo: The researchers, which include engineers from Rutgers University-New Brunswick, Indiana University-Purdue University Indianapolis (IUPUI), and Binghamton University, published a study this month detailing a method in which common wifi can be used to easily and efficiently identify weapons, bombs, and explosive chemicals in public spaces that don't typically have affordable screening options. The researchers' system uses channel state information (CSI) from run-of-the-mill wifi. It can first identify whether there are dangerous objects in baggage without having to physically rifle through it. It then determines what the material is and what the risk level is. The researchers tested the detection system using 15 different objects across three categories -- metal, liquid, and non-dangerous -- as well as with six bags and boxes across three categories -- backpack or handbag, cardboard box, and a thick plastic bag. The findings were pretty impressive. According to the researchers, their system is 99 percent accurate when it comes to identifying dangerous and non-dangerous objects. It is 97 percent accurate when determining whether the dangerous object is metal or liquid, the study says. When it comes to detecting suspicious objects in various bags, the system was over 95 percent accurate. The researchers state in the paper that their detection system only needs a wifi device with two to three antennas, and can run on existing networks.

Read more of this story at Slashdot.

Antes das denúncias de Snowden, este espião tentou mudar a NSA por dentro

CYD_logo02

Você conhece o tipo.

Homem de meia-idade, cansado do trabalho. Está na luta há anos e resmunga sobre como as coisas eram feitas dez vezes melhor no passado. De vez em quando, perde a paciência por nada com um colega de trabalho. É o rabugento do escritório. Está na hora de ir embora, e ele provavelmente percebe isso.

Geralmente, mal humorados dos ambientes de trabalho são ignorados ou demitidos, mas a Agência de Segurança Nacional dos EUA (National Security Agency, NSA) deu uma plataforma exclusiva a um dos seus. No meio deste ano, em um boletim interno, a NSA publicou uma série de artigos de Rahe Clancy, um espião desiludido com o que a agência havia se tornado e com o que ele estava fazendo lá. Não que Clancy não gostasse de espionar pessoas ou governos – ele apoiava as coletas da Signals Intelligence, ou SIGINT –, mas tinha a sensação de que a NSA havia se perdido.

Depois de 30 anos de carreira, escreveu: “Eu me vi transformado em um rabugento da SIGINT”. Em 2005, ele publicou seu artigo de estreia no boletim informativo SIDtoday, direcionado ao núcleo da diretoria de Signals Intelligence. Clancy escreveu que estava especialmente preocupado com o futuro de sua área de especialização, conhecida como “coleta”, através da qual a NSA intercepta e baixa uma variedade de transmissões, tanto terrestres quanto de satélites. “Eu estava convencido”, continuou ele, “de que a coleta era um campo de carreira moribundo e que a administração da NSA estava acelerando seu fim por negligência”. Clancy estava escrevendo para um público distinto: os milhares de espiões, hackers e analistas que trabalhavam para a NSA. Seus artigos para o SIDtoday, publicados em uma rede de computadores seguros, foram fornecidos ao Intercept pelo whistleblower Edward Snowden.

Clancy tinha uma teoria a respeito do que estava dando errado: a NSA estava sendo administrada como uma empresa, não como uma agência de espionagem. Essa gestão enfatizava gerentes, clientes, produtos e satisfação do cliente. Havia lacunas substanciais de pagamento e benefícios entre a liderança e a força de trabalho. E o jargão era enlouquecedor, uma tempestade diária de “paradigma”, “sinergia”, “empreendimento” e “formação de times”. Tudo o estava enlouquecendo – literalmente. Um dia, ele desmoronou e teve um grande desentendimento aos gritos com seus chefes no meio do escritório. Pensou em antecipar a aposentadoria, mas precisou ficar porque precisava de todos os benefícios.

“Não consigo ver como a administração de uma agência de inteligência criptológica pode se parecer mais do que superficialmente com a administração de uma corporação”, escreveu ele em sua última coluna. “Se tivéssemos um produto para vender e uma concorrência vendendo esse produto, eu adotaria o modelo corporativo para a NSA sem pestanejar. Mas nós não temos concorrência.”

Algo estranho aconteceu no seu caminho resmungão para a saída. A última coluna de Clancy foi publicada quando ele se aposentou, em 2006, e foi um sucesso inesperado. Intitulada “O último rabugento do SIGINT!”, brincou de maneira amargurada com o que ele definiu como “corporativês” que havia tomado conta da agência (“SINERGÍSTICO: isso não é de ‘Mary Poppins?’”). Em um artigo de acompanhamento, os editores do SIDtoday disseram que receberam uma “quantidade sem precedentes de feedback” e publicaram uma amostra disso. “Na mosca!”, escreveu um funcionário. “Muitos acham que é mais importante ‘ficar à frente’ do que fazer as coisas!” Outro espião comentou: “Maravilhoso e direto ao ponto. Muito é gasto em propaganda e bobagens sem sentido.” Um veterano de longa data acrescentou: “Eu sempre lembro com saudade da NSA a que me juntei em 1982… Se alguém souber para onde foi, por favor, me envie um mapa.”

Com seu último tiro, o rabugento se tornou um herói.

Vista aérea da construção da Agência de Segurança Nacional (NSA) e do Serviço de Segurança Central (CSS) em Fort Meade, Maryland.

Vista aérea da construção da Agência de Segurança Nacional (NSA) e do Serviço de Segurança Central (CSS) em Fort Meade, Maryland.

Foto: Brooks Kraft LLC/Corbis via Getty Images

Leitor inveterado e colecionador

No estilo dos tabloides, o SIDtoday tinha um elenco rotativo de colunistas retirados da força de trabalho da agência. Havia o “filósofo da SIGINT”, que escrevia sobre questões éticas de vigilância; havia uma coluna chamada “Pergunte a Zelda!”, uma espécie de consultório sentimental para espiões; e havia a “Sinal x Ruído”, que explorava as complexidades da coleta de dados. Clancy, como o rabugento da SIGINT, lançava um olhar crítico sobre o discurso interno na maior agência de espionagem do mundo. Ele era, com seu jeito mal-humorado, um antropólogo amador da cultura de vigilância moderna.

Aposentado, Clancy continua com suas rabugices, no sentido de se mostrar meio irritado quanto a falar com um repórter. Acabou discutindo, em uma troca de e-mails, sua crítica à agência, ainda que se atendo a generalidades. “Os vários juramentos que fiz para proteger informações classificadas e a constituição ainda são muito reais para mim”, disse ele ao Intercept. “Se isso me leva a ser ‘supercauteloso’, que seja.”

Minhas tentativas de contatar Clancy começaram há vários anos, quando consegui um endereço de e-mail e o número de telefone da mulher dele. Na primeira vez que falei com ela, em 2015, ela contou que a NSA disse ao marido para não falar comigo. Na vez seguinte, no início de julho, quando comecei a escrever esta reportagem, ela me deu o número de telefone dele. Deixei várias mensagens de voz ao longo muitos dias e enviei um e-mail à mulher dele novamente – sem resposta. No entanto, cerca de uma semana depois, Clancy me respondeu. “Peço desculpas por ignorar suas tentativas de se comunicar por tanto tempo”, escreveu ele. “Eu não estava ansioso para discutir qualquer um dos documentos vazados, nem para ter meu nome tornado público. Ainda não estou empolgado com isso!”

“Nunca fui muito bom com autoridade, especialmente do tipo militar.”

Eu tinha enviado algumas perguntas gerais, e ele respondeu a algumas delas. Contou que é um leitor ávido. Os gêneros de sua preferência incluem história alternativa, faroeste, romances de guerra, romances históricos, egiptologia e ficção científica, especificamente novelas espaciais. Ele tem mil livros em sua biblioteca em casa e 500 em sua coleção digital. Ele não se considera um escritor. “Eu escrevia para o trabalho e às vezes por diversão”, disse ele. “Se tenho algum talento nessa área, é por causa de professores dedicados e uma escola secundária muito pequena. Nunca havia mais do que cem alunos entre o 9º e o 12º ano.”

Alguns minutos no Google ajudaram a preencher as lacunas em relação a essa escola e outras partes da biografia de Clancy. Ele vem da América profunda. Nasceu em 1948, filho de um fazendeiro de Dakota do Norte, veterano da Segunda Guerra Mundial que serviu na campanha de Guadalcanal. Cresceu em uma pequena cidade, Buffalo, e depois de se formar na escola local, frequentou a Universidade de Dakota do Norte em Grand Forks. Depois de um ano, saiu para se alistar no Exército e aparentemente serviu na inteligência militar durante a Guerra do Vietnã. Mas isso durou apenas três anos. Em um de seus artigos, Clancy reconheceu que “nunca fui muito bom com autoridade, especialmente do tipo militar”. Depois de voltar para Dakota do Norte e se casar em 1974, assumiu um emprego civil na Inglaterra junto ao Departamento de Defesa. Foi o início de sua carreira na NSA, que está abaixo do Departamento de Defesa. Seus três filhos nasceram na Inglaterra e, em 1990, a família voltou para os EUA, estabelecendo-se em Maryland, não muito longe da sede da NSA em Fort Meade.

Como praticamente todo mundo na NSA, o trabalho de Clancy era sigiloso. No entanto, ele descreveu um pouco dele em um de seus artigos, referindo-se a “20 anos de experiência no FORNSAT e 10 anos de coleta de HF”. Sua referência ao FORNSAT indica a coleta de satélites, que envolve direcionar os fluxos de dados provenientes de satélites para receptores na Terra. Sua referência à “coleta HF” parece se referir a coleta de sinais de rádio de alta frequência (High Frequency), uma espinha dorsal tradicional da espionagem da NSA. Na fase final de sua carreira, Clancy serviu por 17 meses como oficial de coleta sênior no Centro de Operações de Segurança Nacional da NSA, onde esteve envolvido em reagir a eventos conforme eles aconteciam ao redor do mundo. Era um trabalho que ele adorava e apaziguava seu lado ranzinza.

“Dei suporte a operações militares afegãs, operações militares iraquianas, numerosas missões de pesquisa de combate e resgate (CSAR, Combat Search and Rescue), aeronaves abatidas, situações de reféns e uma miríade de outras tarefas”, escreveu ele no SIDtoday. “Ajudei a rastrear agentes da Al Qaeda, membros do Talibã, membros do antigo regime iraquiano e aviões e navios transportando armas de/para nações proscritas. Às vezes tudo de uma vez! Eu estava de serviço na noite em que invadimos o Iraque, e voltei para casa naquela noite acabado, mas com uma sensação de realização. Quando penso em toda a história a que pude assistir de camarote durante aquele episódio, chega a ser impressionante!”

Clancy viu outra coisa acontecer de camarote ao longo de sua carreira: ele viu a NSA criando metástases.

‘Corporativês’ divide a NSA

Quando Clancy começou, na década de 1970, a NSA se concentrava principalmente em interceptar os murmúrios pré-digitais de governos e exércitos estrangeiros. Era, certamente, uma organização secreta e envolvida em sua parcela de espionagem juridicamente duvidosa, mas não era o monstro hipercontroverso que veio a se tornar. O advento da internet na década de 1990 mudou o âmbito do trabalho da NSA. À medida que as comunicações mundiais se ampliavam para a esfera digital, a NSA estendia sua escuta para além dos satélites, linhas telefônicas e cabos telegráficos, incluindo a nova infraestrutura de comunicações online usada por governos, atores não estatais e pessoas comuns. Depois do 11 de setembro, a NSA assumiu novas tarefas e recursos em uma corrida enorme, envolvendo-se em vastas atividades de espionagem que, em muitos casos, mais uma vez provavelmente violaram a lei.

Em 2013, o ano mais recente para o qual existem estatísticas disponíveis, graças aos documentos vazados por Snowden, o orçamento da NSA foi de US$ 10,8 bilhões. A agência se tornou uma enorme burocracia e adotou as técnicas das grandes corporações, para desgosto de Clancy e outros. Você não precisa aceitar a palavra do rabugento em relação a isso. O arquivo de documentos vazados por Snowden inclui um grande número de arquivos que enaltecem uma abordagem de administração de empresas à gestão da NSA, usando um tipo de linguagem que quase parece uma paródia das comunicações corporativas. Por exemplo, um artigo do SID hoje foi intitulado “O scorecard do cliente”, e seu primeiro parágrafo é o seguinte:

“Uma das principais iniciativas da diretoria de relações com clientes (Customer Relationships Directorate, CRD) para 2004 é atualizar e melhorar os planos de suporte ao cliente (Customer Support Plans, CSPs) para cada cliente da diretoria de inteligência de sinais (Signals Intelligence Directorate, SID). O principal elemento necessário para melhorar os CSPs é o feedback do cliente. Para obter esse feedback, o CRD deu início um programa piloto denominado ‘scorecard do cliente’. Este scorecard (indicador de desempenho) será usado para determinar como a diretoria de inteligência de sinais está atendendo às necessidades de produtos e serviços de seus clientes.”

Intencionalmente ou não, a NSA estava envolvendo suas atividades de vida e morte no jargão corporativo, oferecendo a seus funcionários uma camada de isolamento semântico que os distanciava da natureza letal do que eles estavam fazendo. Afinal, seus “clientes” não são clientes no sentido usual do termo. Eles são serviços militares, agências de inteligência, a Casa Branca, o Departamento de Estado e outras partes do governo dos EUA. Os “produtos” da NSA são, da mesma forma, diferentes dos produtos da maioria das empresas. São relatórios de inteligência que incluem, por exemplo, vigilância eletrônica usada para localizar pessoas para assassinato por drones e para encontrar alvos em países estrangeiros para bombardear.

A NSA estava envolvendo suas atividades de vida e morte no jargão corporativo.

Outro documento do SIDtoday, intitulado “Fazendo o feedback do cliente funcionar para todos”, é um exercício alucinante de afunilar atividades letais através do liquidificador do blablablá corporativo. “Hoje”, afirma o documento, “nossa visão é fornecer as informações certas para o cliente certo, no momento certo – dentro de seu espaço de informações – completamente focado nos resultados de sucesso de nossos clientes”. E continua:

“Para esse fim, estamos adotando processos e tecnologia que disponibilizarão os resultados pretendidos das necessidades de informações do cliente, feedback dos clientes, comportamento e preferências observadas dos clientes, reclamações dos clientes e sua resolução em toda a empresa SIGINT com o toque de um botão. Estamos desenvolvendo os processos de negócios para esta tecnologia ao longo dos últimos 18 meses e agora estamos prontos para prototipar a tecnologia que nos levará a tendências e análises de feedback e comportamento dos clientes. Esperamos que isso resulte em relacionamentos individuais com os clientes aprimorados, beneficiando muitos clientes em todos os setores.”

Clancy ficava perplexo com esse tipo de linguagem.

“A atração do ‘jargão’ é muito forte”, escreveu ele em sua última coluna. “Ouvir alguém falar ‘corporativês’ fluentemente é como ouvir um como ouvir um bosquímano falando uma língua khoisan. É absolutamente fascinante, mas, exceto por parte do gestual, é totalmente incompreensível para pessoas de fora! Alguns meses atrás, eu estava em uma reunião que contou com a participação de seniores que não eram técnicos. Eram funcionários ou tipos de RH, e falavam ‘corporativês’. Um deles falou muito durante a reunião de uma hora, mas não faço ideia do que ele disse. Não sou uma pessoa burra (de verdade!), mas estava completamente por fora. Quero dizer, eu reconhecia as palavras: ‘alavancagem’, ‘paradigma’, ‘sinergia’, ‘sinergístico’, ‘empresa’, ‘empresa ampliada’, ‘formação de times’, ‘corporatividade’ etc., mas elas não se encaixavam de uma maneira que eu compreendesse.”

Em resposta à coluna de Clancy, os editores do SIDtoday publicaram nove comentários dos funcionários da NSA. O comentário final resumiu a reação geral. “Eu ri e chorei”, começou o comentário. “Tornou-se parte de mim. Mas, sério, Clancy acertou em cheio na minha cabeça. Nós gastamos muito tempo nesta agência falando sobre um produto exclusivo, como se fosse o maior limpador ou branqueador para lançar no mercado, que nos esquecemos de que, como uma agência do governo, não estamos em um negócio ‘com fins lucrativos’… Nosso trabalho, em primeiro lugar, é levar inteligência para as pessoas que precisam dela, ponto final. Palavras como ‘acionáveis’ ou slogans como ‘À frente com o SIGINT’ não significam nada.”

A NSA, contatada pelo Intercept, se recusou a comentar as acusações de que a agência havia se tornado corporativa demais.

Uma das fotos dos filhotes de Clancy na página do Facebook.

Uma das fotos dos filhotes de Clancy na página do Facebook.

Foto: Reprodução/Facebook

Vida depois da agência

Clancy ainda vive em Maryland e, em sua aposentadoria, trabalhou por um tempo como treinador de cães na PetSmart. Ele e a mulher criam Alaskan Klee Kais, uma versão menor dos huskies siberianos. “Em torno de duas ninhadas a cada ano pelo amor de nossos cães”, ele me escreveu. “Nossos cães são nossa família.” Ele tem uma página no Facebook onde publica fotos e vídeos de seus filhotes, que são realmente muito fofos. De vez em quando, ele os leva a passeios a um Starbucks local.

Alguns de seus posts no Facebook são exatamente o que você esperaria de um rabugento autodeclarado. No ano passado, ele publicou um gráfico que dizia: “O fato de a água-viva ter sobrevivido por 650 milhões de anos, apesar de não ter cérebro, dá esperança a muitas pessoas”. Também compartilhou um vídeo que começava com o seguinte aviso: “Ter frequentado a faculdade não torna você mais inteligente do que ninguém… bom senso não vem com um diploma.” Ele inclusive se parece um pouco com um rabugento – careca, barba grisalha comprida, alguns quilos a mais ao redor da cintura –, embora na maioria das fotos ostente um largo sorriso.

Sua saída da NSA tem a característica de ser silenciosamente triunfante. Em um dos meus e-mails, perguntei se ele tinha consciência de que seu artigo final do SIDtoday havia suscitado uma resposta tão forte e positiva dentro da agência. Ele não respondeu diretamente, embora tenha escrito: “Fui abordado por funcionários atuais que descobriram quem eu sou e só queriam apertar minha mão, então, sei que pelo menos algumas pessoas se lembram de mim”.

“Eu esperava encorajar as ‘abelhas operárias’ a falarem e se envolverem mais.”

Em seu jeito ranzinza, o rabugento do SIGINT era algum tipo de delator? Certamente não como Snowden ou Chelsea Manning. Eles levaram suas críticas ao público vazando grandes quantidades de documentos secretos, esperando que suas ações estimulassem uma maior consciência dos abusos secretos do governo. Clancy dificilmente era um rebelde do tipo. No ano passado, ele postou em sua página no Facebook um gráfico que dizia: “O presidente Trump está focado na ‘América primeiro’! Os democratas estão focados em parar Trump! Pense nisso.” Ele também deu cinco estrelas a um canal pró-Trump, One News Network, e compartilhou vários posts da Convenção dos Estados, que busca manter uma convenção constitucional que restringiria enormemente os poderes do governo federal.

Esses posts levantam algumas questões interessantes. Em sua nostalgia de devolver a NSA às suas raízes culturais, Clancy acha que o governo deveria recuar para suas atividades de espionagem pós-11 de setembro? Um dos aspectos mais controversos do trabalho da NSA é que, em seus esforços para aspirar as comunicações mundiais de estrangeiros, ele também obtém imensas quantidades de e-mails, textos e registros telefônicos dos cidadãos americanos – que chama de coleta “incidental”. Embora os conservadores tendam a apoiar a vigilância da NSA como uma questão antiterrorista, o escopo da espionagem da agência atraiu críticas profundas de, entre outros, legisladores libertários como o senador Rand Paul.

Perguntei a Clancy sobre isso.

“Minhas visões políticas pessoais não tiveram influência no desempenho do meu trabalho”, ele respondeu. “Sou politicamente conservador e acredito que a governança deve ser o mais próxima possível das pessoas. A privacidade deve ser protegida, assim como nossa capacidade de coleta de informações para proteger o país.”

Seus objetivos eram aparentemente modestos: ele procurava incitar mudanças silenciosas por dentro. “Escrevi esses artigos não apenas para expressar minhas preocupações (e frustração) pessoais sobre o estado da agência, mas para fazer com que as pessoas conversassem e pensassem”, ele me disse. “Eu esperava encorajar as ‘abelhas operárias’ a falarem e se envolverem mais. Fazer as ideias subirem, se possível.”

Pedi alguns detalhes sobre as reformas que ele queria estimular, mas ele se esquivou de explicar mais. De qualquer forma, ele não parece acreditar que sua dissidência ranzinza tenha atingido às pessoas que mais importam. Como observou em seu último e-mail para mim: “Se eu influenciasse os oficiais seniores da agência de alguma forma, ficaria agradavelmente surpreso.”

Documentos

Matérias por (e sobre) Rahe Clancy, o “rabugento da SIGINT”, para o SIDtoday:

Foto da capa: Rahe Clancy.

Tradução: Cássia Zanon

The post Antes das denúncias de Snowden, este espião tentou mudar a NSA por dentro appeared first on The Intercept.

Nunca o brasileiro confiou tão pouco na Presidência. Bolsonaro surfa nessa onda.

Está na pesquisa deste ano sobre o Índice de Confiança Social, do Ibope Inteligência: numa escala de 0 a 100, o nível de confiança da população brasileira na instituição “presidente da República” é de 13 pontos. É o pior desempenho em uma década e ocupa o último lugar da lista – uma pontuação ruim nunca vista para nenhuma instituição.

Em um cenário de tão baixa estima pela cadeira presidencial, o que importa quem a ocupa? Talvez isso explique, em parte, por que há perfis tão distintos na liderança das intenções de votos. A sondagem mais recente feita pela Paraná Pesquisas, divulgada hoje, aponta Jair Bolsonaro na liderança, com 23,9%, sem o ex-presidente Lula no páreo. Mariana Silva, Ciro Gomes e Geraldo Alckmin disputariam ir ao segundo turno. Considerando Lula na briga pela presidência, ele lidera com 30,8% das intenções de votos.

Tirando o Fla-Flu entre direita e esquerda que domina a cena nacional, a sensação é de “tanto faz”. Como indicou a pesquisa do Ibope, talvez o brasileiro considere que um presidente não tenha lá tanta influência em sua vida e considere todos “farinha do mesmo saco”. Aliás, essa expressão é muito ouvida nas conversas quando o tema é eleição, numa demonstração de descrédito e, sobretudo, de cansaço extremo. Não é à toa que os brancos e nulos ocupam o segundo lugar nas pesquisas: somam 23% no cenário com Lula e 14% no cenário sem Lula – brancos e nulos somaram cerca de 9,6% dos votos no 1º turno em 2014. Há um clima de que, independentemente de quem esteja no Palácio do Planalto, a vida não mudará para melhor. Então, por que não apostar em opções mais radicais?

Mais preocupante ainda é que as demais instituições não se salvam. Além da presidência da República, sistema eleitoral, governo federal, Congresso e partidos ocupam o topo da lista de confiança se posta de cabeça para baixo. Essas instituições que são a base de qualquer democracia não contam com o apreço daquele em nome do qual todo poder será exercido: sua excelência, o povo.

A confiança nas instituições vem despencando ano a ano. A do governo municipal caiu de 53 pontos em 2009, quando começou a pesquisa, para 34. A do governo federal despencou de 53 para 25 pontos, e o Ministério Público, que entrou na pesquisa apenas em 2016, tinha 54 pontos e está com 49. Organizações da sociedade civil, as ONGs, que há nove anos tinham 61 pontos de confiança, hoje contam com 50.

Segundo a pesquisa do Ibope, as igrejas ocupam segundo lugar no ranking, mas também caíram 10 pontos no conceito do brasileiro. Em 2009, tinham 76 e, hoje, estão 66 pontos. O poder judiciário caiu de 53 para 43, e as forças armadas, que ocupam comunidades cariocas desde março deste ano, detinham 71 pontos e somam hoje 62. Nem a família se safou de uma oscilação negativa. A confiança em familiares caiu de 85 para 82 pontos.

Apesar de também terem perdido pontos na avaliação da confiança, os bombeiros são vistos como heróis e estão na pole position do afeto nacional. Não é à toa que o candidato Cabo Daciolo, do Patriota, ex-PEN do folclórico Enéas Carneiro, chegou aos debates na Band. Daciolo ganhou fama em 2011, quando foi uma das lideranças da greve dos bombeiros no Rio. Ele chegou a ser preso por nove dias no presídio de Bangu.

Essa onda de ceticismo tem seu lado positivo. A sensação de que nada está a contento tem finalmente tirado muita gente da acomodação de uma maneira mais consistente e menos manipulada do que durante as jornadas de 2013 ou nas manifestações pró e contra o impeachment de Dilma Rousseff, em 2015 e 2016.

Na quarta-feira, dia 8 de agosto, saí do bairro de Vila Isabel, na zona norte, para o centro do Rio, e assisti a pelo menos quatro manifestações de rua. A emblemática Cinelândia, no centro do Rio, mais uma vez ferveu. Cada uma delas se ligava diretamente a uma instituição peso-pesado no cenário nacional e alvo da mais profunda desconfiança do brasileiro que se mostra “cabreiro” com todas. Vejamos.

O dia começou com uma audiência pública lotada no auditório do Ministério Público Federal para saber as quantas anda o projeto para o Cais do Valongo, maior porta de entrada de pessoas escravizadas nas Américas e por este motivo declarado patrimônio da humanidade pela Unesco, em 2017. O complexo de achados arqueológicos corre o risco de não ver o título homologado por conta de impasses na gestão que envolve as três esferas de governo – federal, estadual e municipal – e a organização não governamental, a Ação da Cidadania.

No mesmo dia, a cerca de 500 metros da sede do MPF, no Rio, um grupo grande de mulheres protestava nas escadarias do Theatro Municipal pela descriminalização do aborto. Caminhando menos de 100 metros, nas escadarias da Câmara Municipal, praticantes de umbanda e candomblé faziam discursos contra o racismo religioso, em função do julgamento no Supremo sobre a proibição do abate animal em seus rituais. Na mesma calçada, outro grupo protestava contra violência nas favelas.

Todos estão para além dos megafones e microfones que quase inviabilizaram a happy hour dos que resolveram esticar após o trabalho nos bares da Cinelândia. O barulho ensurdecedor começa a penetrar nas instâncias que podem mudar os rumos das decisões.

A mais estável, segundo o Ibope, parece ser a confiança nos amigos – ficou com 65 pontos (ano passado, era 66) Talvez porque os amigos são fruto de uma escolha consciente. Mas será que, em tempo de grupo de WhatsApp em eleição, até eles não estão ameaçados? Os números não escondem o anseio do brasileiro em ser dono da própria vida.

The post Nunca o brasileiro confiou tão pouco na Presidência. Bolsonaro surfa nessa onda. appeared first on The Intercept.

CoinShares Bitcoin ETN Adds USD, Markets Rally

Given the positive trend in the cryptocurrency market today, you might think that a bitcoin ETF somehow slipped through the cracks. While that isn’t the case just yet, you wouldn’t be too far off. CoinShares, a digital asset management firm domiciled in the Channel Island of Jersey, has announced a bitcoin exchange-traded note (ETN) product […]

The post CoinShares Bitcoin ETN Adds USD, Markets Rally appeared first on Hacked: Hacking Finance.

CVE-2018-10510

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.

CVE-2018-10512

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

From Mainframes to Connected Cars: How Software drives the Automotive Industry

Automakers must pay as much attention to the integrity and security of the software running modern vehicles as they pay to areas such as metallurgy, impact protection, seat belts, and materials science argues Gary Mcgraw, the Vice President of Security Technology at the firm Synopsis. Software is a relatively new human artifact that grows more...

Read the whole entry... »

Related Stories

Widespread Instagram Hack Locking Users Out of Their Accounts

Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to

Threat Analyst Insights: How to Avoid Drowning in a Sea of Cybersecurity News

Staying on top of the ever-evolving threat landscape can feel daunting for most security professionals. It seems as if there is a new threat actor, malware variant, or attack vector to stay ahead of almost every week, making it easy to feel overwhelmed in the sea of cyber news stories out there and lose sight of the research that involves what you truly care about.

As a junior threat intelligence analyst for Recorded Future’s Insikt Group, one of my responsibilities is to identify top trending cyber stories and determine which ones should be appropriately highlighted in our product with an Insikt Note. My colleagues and I then publish summaries for our customers accordingly.

Often, when I share the nature of my work with friends and acquaintances, I am asked questions like, “How do you sort through the noise?” and “What criteria are most important when prioritizing and crafting notes?”

Asking the Right Questions

Before working at Recorded Future, I taught elementary, middle, and high school students for three years right after graduating from college. As any young teacher will tell you, I quickly realized in my first year that it would take a lot more than neatly typed lesson plans and worksheets to help my students achieve the ambitious learning goals I wanted them to accomplish before the end of the school year.

Over time, I found that by focusing on the dialogue I had with students in the classroom, honing in on what they were curious or confused about, and then channeling what I learned from them into asking the right questions, I could guide my students into thinking concretely and clearly about the task or subject at hand.

The right questions hint at the answers before the answers become clear. They also help you stay focused while absorbing new information, providing a clear path to follow.

So, if you find yourself lost in a sea of cyber news, here are three distinct questions designed to help save you time and energy when evaluating each story you come across:

1. How does this impact me or my company?

Cybersecurity professionals constantly see articles referencing a new piece of malware, threat actor, or attack vector. Many tend to ask themselves some variation of the question, “What’s going on?” These may include, “Why should I care about this?” or, “Is my industry mentioned in this article?” or, “Why is my hair on fire?”

Of all such variations, the one I find helps me get the most out of a story is, “How does this impact me?”

Asking “how” instead of “what” helps you determine a realistic scenario, as opposed to the false ones that clickbait headlines so often suggest. Along the same lines, using the word “impact” forces one to think clearly about the consequences of an event and how near or far away you are from the bullseye of the story’s target. If you bear a question like this in mind while reading a new story or report, you can more easily distinguish the important stories from the less important ones and determine a course of action.

2. Who’s writing about this and why?

Not all sources are created equal. While mainstream news can be an excellent source for hearing about immediate happenings, reports from established security vendors provide greater depth and detailed analysis in both their paid and their freely available reports. Most importantly, security companies and researchers are much more likely to publish technical indicators along with their report that could be immediately actionable.

Additionally, individual security researchers are often eager to publish information ahead of others as a way of establishing their name in the field. No matter who published which findings first, it is ultimately those who provide truly actionable intelligence that end up proving to be the most helpful.

3. Can I do anything with this information today?

Threat intelligence isn’t intelligence unless it is actionable. At Recorded Future, that’s a saying we live by and a standard our customers have come to count on. If a story mentions an IP address, CVE, threat actor, malware, or virtually any term of interest, our customers know that they can take that term, plug it in to their Recorded Future web-based instance, browser extension, or integrated SIEM, and see everything we are picking up on it across over hundreds of thousands of sources. From three-month-old finished intelligence reports to today’s dark web mentions, we automate the manual aspects of threat research so that you can confidently say you took the best course of action with the resources you were given.

These are just some of the questions I use to help me remember what our customers need to see in our Insikt Notes. With these questions in mind, you may find it easier to navigate through today’s sea of cyber stories. Happy sailing!

You can start receiving more actionable threat intelligence from today’s top trending cyber stories, targeted industries, and more by subscribing to our free Cyber Daily newsletter.

Briana Manalo

Briana Manalo is a junior threat intelligence analyst for the Insikt Group at Recorded Future.

The post Threat Analyst Insights: How to Avoid Drowning in a Sea of Cybersecurity News appeared first on Recorded Future.

     

Vulnerability in Linux Kernel Affecting Cisco Products: October 2016

On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system.

Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
Security Impact Rating: Medium
CVE: CVE-2016-5195

Networking vendors patch ​against new cryptographic attack

Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, researchers have found. The attack Dennis Felsch, Martin Grothe and Jörg Schwenk from Ruhr-Universität Bochum, and Adam Czubak and Marcin Szymanek of the University of Opole are scheduled to demonstrate the new attack this week at the USENIX Security Symposium in Baltimore. In the meantime, they published a paper about their discovery. … More

The post Networking vendors patch ​against new cryptographic attack appeared first on Help Net Security.

Atmosphere 1.x / 2.x Cross Site Scripting

Async-IO.org Atmosphere suffers from a cross site scripting vulnerability. Versions affected include 2.4.0 through 2.4.28, 2.3.0 through 2.3.9, 2.2.0 through 2.2.12, 2.1.0 through 2.1.13, 2.0.0 through 2.0.11, and 1.0.0 through 1.0.20.

CVE-2018-8753

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.

CVE-2018-14722

An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).

CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.

CVE-2018-14779

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.

Donald Trump Isn’t Just Slashing the Refugee Quota, He’s Dismantling the Entire Resettlement System

It has been four years since Deborah Jane was attacked by a gang of men led by her abusive ex-husband. The men scalded the then-39-year-old mother of four with acid as punishment for speaking out about the domestic abuse suffered by many women in her rural Ugandan community. Maimed and fearing for her life, Jane fled to Nairobi, Kenya, where, after a lengthy process, she won a coveted spot on the list of refugees to be resettled in the United States. She arrived alone in Columbus, Ohio, in January 2016, and immediately applied to have her children — the youngest of whom was 4 years old — to join her in the U.S. A year later, around the same time Donald Trump assumed the presidency, her paperwork was approved. “We just needed the children to do interviews, medical — a few things, and then they’d be able to come,” Jane told The Intercept, “But since then, there has been only silence.”

Jane’s soft voice is weary. Now 43, she works as a home-care nurse by day and pulls overnight shifts at a local bakery while also attending business school, but her fight to reunite with her children has become a full-time job of its own. She has lobbied numerous times at the offices of both Ohio senators — Democrat Sherrod Brown and Republican Rob Portman — and has sought legal help from refugee advocacy groups and local churches, but feels no closer to an answer. “No one can tell me what the real problem is — only that their cases are not moving. I think the current administration just doesn’t want refugees like me to come here. I don’t know why,” she said. “But I don’t believe God wants me to be separated from my children forever. I will keep praying. I will never give up.”

“I think the current administration just doesn’t want refugees like me to come here. I don’t know why.”

The roadblocks Jane faces are part of what advocates describe as an apparently concerted effort by the Trump White House to systematically dismantle the nation’s refugee resettlement program. Some of this onslaught has been explicit: As the world’s already-unprecedented refugee population continues to climb, the Trump administration is considering slashing the annual refugee cap to 25,000 for the 2019 fiscal year, down from this year’s historic low of 45,000, the New York Times reported earlier this month. The administration last year suspended all refugee resettlement for 120 days and diverted resources and personnel away from refugee processing, further weakening an already-backlogged system. These disruptions have caused a cascade of delays and interagency confusion, while a lack of transparency leaves refugees and advocates alike at the mercy of an increasingly antagonistic system. Sources familiar with the program describe chaos amid shifting security protocols, with particular detriment to refugees from the Middle East and other Muslim-majority countries.

The president is expected to announce his recommended refugee quota in September, ahead of the October 1 start of the fiscal year. Regardless of what he decides, however, advocates report that the refugee quota is no longer a reliable indicator of actual refugee admissions. At the current pace, the administration is on track to settle about 20,000 refugees — out of a global population of roughly 25 million — by September 30, the end of the fiscal year. In 2017, the U.S. admitted only 33,000 refugees, marking the first time that the country resettled fewer refugees than the rest of the world. “In the past, refugee numbers fluctuated at times, but it was always understood to be temporary, with the goal to return to the normal numbers around 95,000,” said Adam Bates, policy counsel for the International Refugee Assistance Project, “but this is different. It seems as if the administration is trying to rewrite the status quo — a status quo that is very hostile to refugees, and immigrants in general.”

A refugee ceiling of 25,000 would be the lowest since the passage of the 1980 Refugee Act, and it would follow the hard-line approach to all types of immigration touted by White House adviser Stephen Miller. Last year, Miller pushed for even more aggressive cuts to the refugee resettlement program — suggesting a cap of 15,000 — but faced pushback from other administration officials, including former Secretary of State Rex Tillerson and former Acting Secretary of Homeland Security Elaine Duke. With Tillerson’s and Duke’s departures earlier this year, refugee advocates fear that Miller may prevail this time around. “We don’t get any insider information. We just hear what the government chooses to announce to the public, and then we have to adjust accordingly,” said Adam Clark, director of World Relief Durham, which has a State Department contract to resettle refugees. When Trump set a cap of 45,000 last year, Clark said, roughly 60,000 already-vetted refugees were left in limbo. “Since Trump took office, we’ve learned to prepare for the worst. More cuts would be tragic, but they wouldn’t surprise us.”


Demonstrators gather in solidarity against President Donald Trump's executive order temporarily banning immigrants from seven Muslim-majority countries from entering the U.S. and suspending the nation’s refugee program Monday, Jan. 30, 2017, outside City Hall in Cincinnati. In addition, earlier in the day Mayor John Cranley declared Cincinnati a "sanctuary city," meaning city will not enforce federal immigration laws against people who are here illegally, in keeping with current policy. (AP Photo/John Minchillo)

Demonstrators gather on Jan. 30, 2017, in solidarity against President Donald Trump’s executive order temporarily banning immigrants from seven Muslim-majority countries from entering the U.S. and suspending the nation’s refugee program, outside City Hall in Cincinnati.

Photo: John Minchillo/AP


Trump’s war on refugees started on the campaign trail, where he warned audiences to “lock their doors” to refugees, casting them as criminals and extremists, and he wasted no time in codifying this hostility upon reaching the White House. He imposed a 120-day moratorium on all refugee admissions with the same pen stroke he used to sign the now-infamous travel ban. “The current administration has politicized refugees in a way we’ve never seen, even after September 11,” said Bates. “The signals we’re getting from the White House now is that this is not a temporary response to any particular event. It seems to be a permanent, blanket stance that is anti-refugee.”

The 120-day ban on refugee admissions expired last October, but the resettlement system has struggled to recover. The administration has burdened the program with new “extreme vetting” measures and additional procedures, drastically slowing a sprawling interagency process that already takes an average of two years to complete. The FBI is one of the agencies that runs background checks on refugees, and as the Daily Beast recently reported, its turnover for those cases has dropped from hundreds a week to the single digits. Approximately 100 officers from the Refugee Affairs Division of U.S. Citizenship and Immigration Services, known as USCIS, are now handling domestic asylum cases, according to an agency official. As a result, there are fewer personnel available to process refugee cases abroad. Other sources close to the issue estimate that the backlog of applications includes over 200,000 refugees abroad who are awaiting interviews by U.S. officials, with about only 30 refugee officers available to conduct these assessments worldwide. As a result, applicant interviews — a prerequisite to resettlement — have been suspended or delayed, often causing medical clearances and other elements of their applications to expire.

It is likely that the refugee program will have to be rebuilt if a future U.S. administration moves toward welcoming more refugees.

The government does not publicize the precise timing or locations of circuit rides — the trips USCIS officials make abroad to conduct interviews and decide on applications — citing security concerns. USCIS spokesperson Michael Bars told The Intercept that while “USCIS is committed to adjudicating all petitions fairly, efficiently, and effectively on a case-by-case basis,” the government began in early 2017 to reassign some refugee officers to the Asylum Division. “Ultimately, this diversion of resources compromises the ability for officers to conduct interviews abroad for individuals legitimately seeking refugee status.”

The result has been the reduction of the overall refugee flow to a bare trickle. “The pipeline has dried up,” said Clark of World Relief. “When there aren’t enough people abroad to interview and process the cases, there is no way to keep the stream of vetted refugees coming.” In the past year, Clark said, his Durham office has seen only about one-third of its usual number of cases. “In 10 years of this work, I’ve seen numbers fluctuate somewhat, but the changes under the Trump administration have been by far the most drastic,” he said. “This feels like a different kind of change.”

The drastic decrease in refugee admissions has led to the weakening of decades-old systems that help refugees transition to life in their new home, making it likely that the program will have to be rebuilt if a future U.S. administration moves toward welcoming more refugees. Many refugee centers have shut down, while many others have been forced to cut staff, said Clark. “What made matters worse was, at the beginning of the fiscal year 2016, when [President Barack Obama] was pushing to take more refugees, many of us were told to beef up our staff in order to be able to accept 85,000 to 100,000. Then, after the inauguration of Donald Trump, the number was slashed to 45,000. Several hundred staff members lost their jobs.”

The institutional slow-down is just one element of Trump’s multipronged overhaul of the system. A closer look at refugee arrival data suggests the administration is also driving the program toward specific ethnic and demographic trends. Last month, the Refugee Council USA, an umbrella organization of resettlement programs contracted to work with the State Department, issued a damning report card on the administration’s performance in the first 10 months of the fiscal year. The report highlighted the disparity in nations of origin: As of July, the U.S. had settled fewer than a third of the number of Middle Eastern refugees expected, and barely half of those expected from Africa. In contrast, the country has welcomed roughly 75 percent of expected East Asian refugees, and all but fulfilled its projected number for Europeans.

“We’re getting fewer Afghans, no Syrians — the pattern seems clear.”

The Middle East, which hosts some of the world’s largest refugee populations, has been particularly neglected in terms of circuit rides, according to recent media reports that indicate that refugee processing in the region has essentially been halted. Indeed, as of July 31, the U.S. had admitted only 221 refugees from the Middle East, according to State Department data. Bars, the USCIS spokesperson, declined to comment on these allegations, but said the agency works with the State Department to determine the routes for those interviews. (The State Department did not respond to The Intercept’s request for comment.) On the ground, resettlement workers are noticing the difference. “We’ve definitely seen a shift in the nationalities of our clients since Trump,” said Clark. “We’re getting fewer Afghans, no Syrians — the pattern seems clear.”

Sirine Shebaya, senior staff attorney at the national civil rights and legal organization Muslim Advocates, said the religious makeup of the incoming refugee pool is striking as well. “Despite the fact that over half of the world’s refugees come from three Muslim-majority countries — Syria, Somalia, and Afghanistan — admissions of Muslim-identifying refugees fell by 94 percent between January and November 2017,” she said. As of May, only about 2,000 Muslim refugees had been admitted this fiscal year, down from 38,900 in fiscal year 2016. Syria, Iraq, and Somalia are no longer among the top five countries of origin for refugees, reversing a trend that had taken shape in recent years. Shebaya blames a combination of burdensome vetting measures, Trump’s myriad bans, and an overall anti-Muslim sentiment for the reversal. “It seems that the government is intent on making it as difficult as possible for Muslims to come to the United States, whether as refugees or immigrants.”

Advocates are concerned “that the administration may use the shortfall in resettlements as an argument for lowering the ceiling,” Bates said. “It’s a strategic as well as moral failure to cut refugee resettlement at any time, but especially as we’re facing the worst crisis since World War II.” As it is, fewer than 1 percent of the worldwide refugee population can expect to be resettled, and Bates is worried that Trump’s race to the bottom will set a hostile example for other host countries. “Since Trump took office, we’ve seen many other nations start resettling fewer refugees, too. It’s a desperate time. And what happens next is really anyone’s guess.”

Top photo: Man Sing Sutam, a 48-year-old refugee from Bhutan, practices writing in English during a U.S. citizenship class in Columbus, Ohio, on Feb. 23, 2018. Columbus has the largest Bhutanese population in the United States.

The post Donald Trump Isn’t Just Slashing the Refugee Quota, He’s Dismantling the Entire Resettlement System appeared first on The Intercept.

328 NSA Documents Reveal “Vast Network” of Iranian Agents, Details of a Key Intelligence Coup, and A Fervor for Voice Matching Technology

It began not by tapping enemy insurgents’ phones or capturing their emails, but by following the money.

When the National Security Agency discovered that Iran may have been buying computer chips from the United States, routing them through a U.S. ally, and potentially supplying them to detonate bombs against U.S. forces in Iraq and Afghanistan, it credited so-called economic intelligence with the find.

And the solution was not a death blow delivered by the military, but rather a new regulation on the export of certain technologies via the Commerce Department, which the spy agency said would end up “saving American and coalition lives.”

The unusual strategy of tracing monetary flows to stop explosions is one of many significant disclosures contained in a batch of 328 internal NSA documents provided by whistleblower Edward Snowden and released by The Intercept today after research and redaction.

Also included in the material, which originates from SIDtoday, the newsletter of the agency’s core Signals Intelligence Directorate, is the untold story of how intelligence related to Al Qaeda leader Abu Musab al-Zarqawi was finally acquired; an assessment that a “vast … network of Iranian agents”  operated in Iraq and influenced its government; a major push to hone the agency’s voice identification technology; details on how NSA staff deployed abroad viewed, and sometimes stereotyped, their host countries; and grumbling about having to comply with public-records laws.

Those stories and others are detailed in the highlights below; the NSA declined to answer questions about them. Also with this SIDtoday release, drawing on the same set of documents, Peter Maass profiles the NSA’s “SIGINT Curmudgeon,” Rahe Clancy, who wrote a beloved set of articles for SIDtoday, trying to instigate change from within the agency and riling up his fellow spies against its corporatization. Alleen Brown and Miriam Pensack, meanwhile, detail instances in which the NSA has spied on environmental disputes and around issues like climate change, overfishing, and water scarcity. And Micah Lee reveals that the NSA infiltrated virtual private computer networks used by various airlines, the Al Jazeera news network, and the Iraqi government.

RAWAH, IRAQ - NOVEMBER 23:  In this handout provided by the USMC and released on November 27, 2006, U.S. Army Gen. George W. Casey, Jr., commander for Multi-National Forces-Iraq, speaks with U.S. Army Maj. Sean Bastian, commanding officer of a military transition team, during a Thanksgiving Day visit November 23, 2006 at Combat Outpost Rawah in Iraq's Al Anbar Province. Military transition teams are groups of U.S. service members who mentor Iraqi soldiers to eventually relieve Coalition Forces of security operations in Iraq. Casey complimented the Marines on the good work they've done in the region, and urged them to continue that work. Marines from the Camp Lejeune, North Carolina-based 2nd Light Armored Reconnaissance Battalion arrived in Iraq three months ago and provides security to this region of the Al Anbar Province.  (Photo by Lance Cpl. Nathaniel Sapp/USMC via Getty Images)

U.S. Army Gen. George W. Casey, Jr., commander for Multi-National Force-Iraq, speaks with U.S. Army Maj. Sean Bastian, commanding officer of a military transition team, during a Thanksgiving Day visit Nov. 23, 2006, at Combat Outpost Rawah in Iraq’s Al Anbar province.

Photo: Lance Cpl. Nathaniel Sapp/USMC via Getty Images

In Iraq, a “Vast and Disperse Network of Iranian Agents”

The NSA caught Iran smuggling American microprocessors that may have been used to bomb U.S. troops in Iraq, according to a May 2006 SIDtoday article. To import the chips, Iran set up front companies in the United Arab Emirates, an agency staffer wrote; the front companies then sent the microprocessors to customers in Iran and Syria.

The chips had both civilian and military capabilities and “have been used or are capable of being used” in the improvised explosive devices used extensively against U.S. forces in Iraq, the report concluded. Intelligence on the chip smuggling came not from intercepted military or diplomatic communications, as is typical at the agency, but rather through “economic reporting.”

Earlier the same year, an NSA representative who was embedded with U.S. Special Operations Command stated in a top-secret SIDtoday report that analysts had discovered “a vast and disperse network of Iranian agents in Iraq serving the Iranian Ministry of Intelligence or the Islamic Revolutionary Guards Corps.”

In Kuwait, different NSA units deployed a satellite interception system to hear conversations between Iranian agents, according to SIDtoday. This produced new intelligence reports that “have focused on Iran’s (and specifically Iran’s external paramilitary and intelligence forces’) activities in Iraq and the influence they wield on important figures in the new Iraqi Government.”

SIDtoday’s 2006 reporting on Iran’s involvement in Iraq buttressed comments by Gen. George W. Casey Jr., the top American military commander in Iraq, who told reporters in June that year that the military was “quite confident that the Iranians, through their covert special operations forces, are providing weapons, I.E.D. technology and training to Shia extremist groups in Iraq.” By 2017, the New York Times would say that Iran dominated Iraq: Iran-sponsored militias dominated in Iraq’s south, and cabinet politicians who resisted Iran lost their jobs, while U.S. efforts in Iraq primarily focused on chasing the Islamic State in the country’s north.

U.S. Army soldiers make radio contact after arriving by helicopter at night at an undisclosed location south of Baghdad, Iraq where they believed a top leader of the insurgency and close associated of Abu Musab al-Zarqawi was hiding, Sunday, June 5, 2005. Although the insurgent leader was not found, Americans and soldiers from the Iraqi Intervention Force detained 15 people. (AP Photo/Jacob Silberberg)

U.S. Army soldiers make radio contact after arriving by helicopter at night at an undisclosed location south of Baghdad, where they believed a top leader of the insurgency and close associated of Abu Musab al-Zarqawi was hiding, June 5, 2005.

Photo: Jacob Silberberg/AP

How Key Al-Zarqawi Intelligence Was Obtained

In Iraq, at a strategic level, the U.S. was concerned about Iran; at the ground level, its top priority in 2006 was finding the Jordanian Ahmad Fadil al-Khalayleh, better known as Abu Musab al-Zarqawi — the most wanted terrorist in the country. Al-Zarqawi was the leader of the insurgent group Al Qaeda in Iraq and a fugitive from a Jordanian death sentence. The reward for information resulting in his capture or death reached $25 million.

Zarqawi was brutal to Iraqis as well as Americans. According to Joby Warrick, author of the Pulitzer Prize-winning book “Black Flags: The Rise of ISIS,” “The Jordanian also would seek to strike fear into Americans and other Westerners in Iraq with a series of kidnappings and videotaped beheadings. The first victim, Pennsylvania businessman Nicholas Berg, was butchered on camera by a hooded Islamist that CIA officers later confirmed was Zarqawi himself.”

NSA specialists were able to figure out the location of the internet cafe in Baghdad where the courier was about to access an email account.  An important message from al-Zawahiri to al-Zarqawi, “outlining al-Qaeda’s strategic vision for Iraq,” was obtained.

A major breakthrough had come in 2005, when NSA analysts intercepted, via a courier in Iraq, emails that were intended for al-Zarqawi from Al Qaeda No. 2 Ayman al-Zawahiri in Pakistan. In partnership with U.S. forces, NSA specialists in geospatial intelligence and counterterrorism were able to figure out the location of the internet cafe in Baghdad where the courier was about to access an email account. The courier and a “traveling partner” were caught, and an important message from al-Zawahiri to al-Zarqawi, “outlining al-Qaeda’s strategic vision for Iraq,” was obtained. The 15-page document was made public by the Office of the Director of National Intelligence in 2005, but the circumstances under which it was obtained appear to have not been previously reported. (Warrick’s book said “the CIA’s acquisition of the letter was a closely-guarded secret” and stated only that “the surveillance net” around al-Zarqawi “had snagged a singular piece of correspondence.”)

By early 2006, SIDtoday continued to report on how signals intelligence successes helped capture lesser-known figures. But the primary target remained at large and continued to issue propaganda videos. An intelligence analyst described the intensity of an assignment to a task force in Mosul, Iraq: “We worked for 14 to 18 hours a day, pouring over traffic and piecing together data to find threats or information that would help us locate and go get bad guys. You would feel every minute of those days, but you’d wake up one morning and it would be August.” 

Back at NSA headquarters, new mathematical analysis tools supplemented old-school language expertise in the process of reviewing audio recordings of al-Zarqawi posted on the open web, confirming his voice.

At last, on June 7, 2006, the “primary PC,” which stands for “precious cargo,” was found and dealt a death blow. In SIDtoday, an analyst from the NSA Cryptologic Services Group described the work of the Special Operations Task Force leading up to the targeted bomb strike that killed al-Zarqawi and others, reportedly in a two-story house near Baqubah, northeast of Baghdad, saying that a combination of signals intelligence, imagery intelligence, human intelligence, and “detainee reporting” uncovered the identity and location of al-Zarqawi’s “personal religious advisor,” Sheikh ‘Abd-al-Rahman, who was followed to al-Zarqawi’s hiding place and perished with him.

In this television image from Arab satellite station Al-Jazeera, Osama bin Laden, right, listens as his top deputy Ayman al-Zawahri speaks at an undisclosed location, in this image made from undated video tape broadcast by the station Monday April 15, 2002. Al-Jazeera editor-in-chief Ibrahim Hilal said the excerpts were from an hour-long video, complete with narration and graphics, delivered by hand to the station's Doha, Qatar offices a week ago. At bottom right is the station's logo. (AP Photo/Al-Jazeera/APTN)

In this television image from Arab satellite station Al Jazeera, Osama bin Laden, right, listens as his top deputy Ayman al-Zawahiri speaks at an undisclosed location, in this image made from undated video tape broadcast by the station, April 15, 2002.

Photo: Al-Jazeera/APTN/AP

Fervor for Voice Matching Technology

By the end of 2006, the NSA had come to believe that audio fingerprinting as performed against al-Zarqawi could be used as a simple fix for a host of complex problems, from freeing hostages to curbing nuclear weapons proliferation, according to a series of SIDtoday articles.

Despite repeated setbacks, the NSA remained enthusiastic about voice matching technology, which identifies people by the sound of their voice. The agency had help: According to SIDtoday, voice matching techniques were developed by the Massachusetts Institute of Technology Lincoln Laboratory on the back of efforts to confirm the authenticity of broadcasts by Al Qaeda leaders Osama bin Laden and Ayman al-Zawahiri.

A February 2006 SIDtoday article described some of the difficulties inherent in voice matching, noting that Al Qaeda second-in-command al-Zawahiri displayed more “tonal diversity” than usual following a botched drone strike against him. (The attack killed at least 18 in the Pakistani village of Damadola but missed al-Zawahiri, reportedly due to faulty intelligence on his location.)

“During the 30 Jan message — lasting about three minutes — the terrorist never quite settled down, probably rattled by the attempt on his life and the vehement content,” the article stated. Despite al-Zawahiri’s shaky voice, “mathematical voice matching produced a perfect score of 99% upon comparison with previous soundfiles on this speaker from the same source.”

Six weeks later, another article described how two of five transmissions by al-Zawahiri in a nine-month span failed to yield a high-confidence voice match with previous transmissions. This was solved with new technology from MIT, which “allows optimal combination of vocal-tract models from contentious intercepts,” according to SIDtoday. The lesson to NSA: “Careful modeling” is “critical” for making voice identification actually work — and particularly important once voice matching is applied on a “large scale” to identify those “bent on terrorist activities against U.S. forces or the local populace.”

The same article goes on to describe a hand-held device, close to going into production, which would provide field access to MIT’s “mathematical engine” and voice matching estimates in “hostile environments.”

A May 2006 article describes another voice recognition stumble, when an October 2003 audio recording of bin Laden could not identify the Al Qaeda chief’s voice because it “proved to be of too low quality.” The file was later “enhanced” using software from a “local vendor … to yield a perfect match.” Still, there were successes, credited to the MIT software, with which “voice matching has become simplicity itself.” For example, an April 2006 recording of bin Laden was successfully matched against a January 2005 recording of bin Laden and against multiple other recordings.

The May SIDtoday article included references to screenshots of the MIT software’s “Speaker Comparison Algorithm” interface. Though those screenshots were not included in the SIDtoday articles as provided by Snowden, two images from an article on Lincoln Laboratory’s webpage — which were removed during the course of reporting this article — refer to a similarly named interface:  

Untitled-1000-1534170687

Screenshots of MIT Lincoln Lab’s VOCALinc tool, which was “sponsored by the Department of Defense” and developed “utilizing U.S. government operational data.”

Screenshots: MIT Lincoln Lab

The MIT voice identification software was so important to the NSA that the agency approved a four-hour course on it based on MIT documentation and added the class to the National Cryptologic School syllabus, according to a July 2006 SIDtoday article.

The code, or an MIT-updated version of it, appears to have still been in use nearly eight years later. According to publicly available documentation from 2014, MIT Lincoln Lab’s VOCALinc tool was “already in use by several entities,” including “intelligence missions concerning national security” in areas such as terrorism. The document also references the development of “unseen devices such as body microphones and multirecording systems.” (Lincoln Lab did not provide responses to questions in the weeks leading up to publication of this article, although a spokesperson indicated he would try to get a response from a staffer “if sponsors allow him to discuss these topics.”)

Perhaps the clearest example of the enthusiasm for audio fingerprinting at the NSA in 2006 comes from an article written in March by the agency’s “Technical Director, Operational Technologies,” Adolf Cusmariu.

In the article — titled “Nuclear Sleuthing — Can SIGINT Help?” — Cusmariu took the idea at the base of the NSA’s voice matching technology to a new level of optimism.

What if, Cusmariu asked, the NSA scanned intercepted phone calls for the distinct sound generated by centrifuges used in uranium enrichment facilities? Could this help identify hidden nuclear weapons facilities in “rogue states like Iran and North Korea?”

What if, Cusmariu asked, the NSA scanned intercepted phone calls for the distinct sound generated by centrifuges used in uranium enrichment facilities?

There were several problems with the idea. First, there was the issue of background noise — the sound of the centrifuges inevitably mixing with other audio sources — “making unequivocal fingerprinting problematic.” Then, there was the fact that “the person making the call would have to be located inside, or at least near, the centrifuge compound for the acoustical signature to be audible.”

“Yes, a needle in a haystack!” Cusmariu admitted, but nonetheless, “algorithms have been developed … looking for just such signatures.” Unfortunately, “no convincing evidence has been found so far.”

Public records show that, in the months following these articles, Cusmariu filed for patents on “identifying duplicate voice recording” and “comparing voice signals that reduces false alarms.” Both were granted and describe methods similar to those discussed in SIDtoday, but with different applications.

To be sure, there was reason for some level of optimism about voice recognition technology. A brief — and top secret — SIDtoday article from May 2006 suggested that voice identification helped free the Briton Norman Kember and two Canadian fellow peace activists, who were held hostage in Baghdad. The successful operation was widely reported at the time, but the fact that voice ID helped identify the hostage-takers was not made public.

The CIA and the NSA staff of the Special Collection Service site in Baghdad worked together to find the kidnappers for several nights leading up to March 23, 2006, the article disclosed. On the final night, British and American spies, working side by side “to eliminate incorrect targets through voice identification,” were able to isolate “the specific terrorist believed to be holding the hostages.” The article does not, however, state whether the match was made by a computer, human, or combination of the two.

Eventually, the NSA played a pivotal role in developing voice matching technology, as described in Ava Kofman’s exposé earlier this year in The Intercept.

 “Dragon Team” Helped NSA Thwart Cordless Phones Used by Insurgents

Although it lacked the technical glamour of voice matching, the NSA saw its effort against high-powered cordless phones as critical to protecting U.S. troops on the ground. Early on in the Afghanistan and Iraq wars, the simple, rugged devices, also known as HPCPs, were in common use by insurgents, including as a means of triggering improvised explosive devices, or IEDs. SIDtoday articles from 2003 complained that these handsets, which could communicate with other handsets that were also within a 50-mile range of the radio base station, created an “intelligence gap,” and were such a problem that the NSA hosted a “Worldwide HPCP Conference” to understand, and design attacks against, this technology.

Less than three years later, the NSA had made significant progress. A SIDtoday article from May 2006 said a “dragon team” of NSA researchers developed a tool called “FIRESTORM” that supported a denial-of-service attack capability against cordless phone networks. FIRESTORM could prevent IED attacks and support an ability to “ping” a specific device, “forcing the targeted HPCP to emit an RF signal that can be geolocated by any asset in the area.” The dragon team had been “eagerly working with potential users to move this capability out of the development lab and into the fight.”

sugar-grove-1-1534195038

Sugar Grove station in West Virginia.

Screenshot: Google Map

How NSA Staff Viewed the Rest of the World

The NSA needed staff paying attention to issues, like HPCPs, that resonated only once you were outside the bubble of Washington, D.C., and Fort Meade, Maryland — or which could only be addressed effectively from another country. To do so, it needed to convince them of the benefits of relocation. The perennial “SID Around the World” series within SIDtoday described daily life on assignment to global NSA locations, often in glowing terms. With a substantial portion of agency postings in remote locations, where big satellite dishes can dominate empty landscapes, or in offices on military bases, or in the underground bunkers below them, the idea was to make working abroad for the NSA sound fun. But in just its third year, the series seemed to fall back on lazy stereotypes and imperious complaining.

The series seemed to fall back on lazy stereotypes and imperious complaining.

A lucky staffer in Bangkok, an “adventurous woman,” is most enthusiastic about the cost of living there. “You can hire a maid for less than $100 a month or $1200 per year as a single person,” she wrote. “Most domestic services include: cooking, cleaning, washing, ironing, and babysitting children and/or pets. Tell me where you find that kind of help so cheaply? And the Thai domestic help are kind and trustworthy; therefore, no need to worry about your valuables.” You can live like a queen.

In 2006, to one staffer, the Japanese “fascination with technology” was notable; they carried cellphones equipped with two-way video conferencing and web browsing, and drove cars equipped with GPS. 

Yet “[d]espite having one of the oldest cultures in the world, the Japanese seem very innocent and naive.” Really?

It seems there were some ugly Americans on assignment.

Traffic was bad, or the roads are narrow, in EnglandJapan, and Turkey, too.

In Turkey, the cuisine was “world-class,” although lacking variety: “Probably 90 percent of Turkish restaurants offer no more than 4 or 5 traditional Turkish dishes.”

Indeed, culinary attractions, a staple of the series, seemed sparse. In fact, NSA staffers were introducing America’s Fourth of July fare and Italian dishes to the villagers of rural Yorkshire, where they tasted English boiled beef and potatoes with a “wilted sprig of parsley” on top. No really, “it is actually very good and certainly doesn’t deserve the bad reviews that it has been getting.”

But the shopping! In Ankara, the fruit was so fresh, the price was so cheap, and there were, again, “world-class” handicrafts. In Thailand, there were many “wonders for a single woman to enjoy,” like gorgeous silk fabrics, gems, and jewelry.

Meanwhile, back in the U.S., one of the best parts of a Utah posting was the dusty road trip on I-15 to California. And from the Sugar Grove station in West Virginia, the nearest shopping was 40 miles away, in another state, over snow, black ice, and curvy roads in the winter. Nothing was said about the cuisine. Getting to work at the underground NSA site required driving to the top of a mountain from the U.S. Naval Information Operations Command center at Sugar Grove, a naval base in landlocked West Virginia. There were occasional bear sightings. Since its 2006 appearance in SIDtoday, the naval base has been decommissioned and sold, but the underground NSA facility continues to operate with its secret mission.

Through its sister publication Field of Vision, The Intercept covered Sugar Grove with a film and story last year. As Sam Biddle reported at the time, “antennas at the NSA listening post, codenamed TIMBERLINE, were built to capture Soviet satellite messages as they bounced off the moon, imbuing a pristine stretch of Appalachia with a sort of cosmic gravity.” The former base is scheduled to reopen in October as a substance abuse treatment center.

The most enthusiastic appraisal of daily signals intelligence life was contributed by a GCHQ staffer assigned to the NSA Fort Meade headquarters from the United Kingdom. The temporary Marylander loved the food (“crab cakes!! Maryland crab soup!”), the climate, the roads, the local countryside, and the cheap gas. They and their wife were delighted by football and baseball games, and even by deer nibbling on flower beds. The Britons also enjoyed the friendly neighbors and, in a turnaround, were the hosts for the Fourth of July barbecue, leading “several spirited renderings of the Star-Spangled Banner.” 

Informing the Public at the NSA: “A Dirty Job, But Someone’s Got To Do It”

It wasn’t just people in other countries who seemed foreign to some NSA staff; voluntarily providing information to the American public provoked some strange and not entirely welcome sensations as well. James Risen and Eric Lichtblau of the New York Times reported in December 2005 that the NSA had been secretly authorized to spy on U.S. communications without a warrant. The Pulitzer Prize Board, in awarding the U.S.’s highest journalism honor, credited the pair with inspiring “a national debate on the boundary line between fighting terrorism and protecting civil liberty.”

Fulfilling public information requests is a “disruption to … day-to-day operations.”

This debate, in turn, seems to have inspired a surge in Freedom of Information Act requests directed at the NSA. The requests, in which journalists and other citizens try and pry information from the notoriously secretive agency, spiked to more than 1,600 in the first half of 2006, from 800 in the course of an entire normal year, a member of the Intelligence Security Issues division disclosed in SIDtoday. The staffer did not mention Risen (now at The Intercept) or Lichtblau, but did cite “the agency appearing so frequently in the news” as the cause of the increase.

In SIDtoday, the Intelligence Security Issues staffer portrayed the NSA’s response to handling FOIA requests in terms typically reserved for a trip to the dentist for a root canal, describing his department’s work as “a dirty job, but someone’s got to do it,” and promising to make fulfilling FOIA requests “as painless as possible,” even though fulfilling the requests is a “disruption to … day-to-day operations.” One wonders what adjectives the Intelligence Security Issues division deployed seven years later to explicate the process, when the Snowden revelations prompted an 888 percent rise in FOIA requests to the agency.  

NEW YORK - SEPTEMBER 01:  In this photo illustration, the Skype internet phone program is seen September 1, 2009 in New York City. EBay announced it will sell most of its Skype online phone service to a group of investors for $1.9 billion, a deal that values Skype at $2.75 billion.  (Photo Illustration by Mario Tama/Getty Images)

The Skype internet phone program is seen on Sept. 1, 2009, in New York City.

Photo: Mario Tama/Getty Images

NSA Decided It Was Legal To Spy on Some U.S. Phone Numbers

Sometimes, if a law became inconvenient, the NSA could do more than grumble; it could change its interpretation of the rule. For most people, the arrival of online phone call services like Skype and Vonage was a boon; it allowed them to dodge long-distance calling fees and to take their number with them anywhere around the world. The NSA, however, realized in 2006 that it had a big problem with such convenience: Online calling services might allow targets to acquire phone numbers with U.S. area codes and thus become off-limits to the agency, which is not supposed to conduct domestic spying.

“A target may be physically located in Iraq but have a US or UK phone number,” an NSA staffer grappling with the issue wrote in SIDtoday. NSA had previously interpreted a federal legal document, United States Signals Intelligence Directive 18, as barring the targeting of U.S. numbers, and built safeguards into various online systems, causing U.S. numbers to be “minimized upon presentation … and restricted from contact chaining,” a process in which a network of connected people is mapped, according to SIDtoday. In response to the rise of internet calling, the NSA developed techniques “for identifying the foreign status” of phone numbers, and the agency’s Office of General Counsel ruled that U.S. phone numbers affiliated with online calling services could be classified as foreign and targeted for surveillance if the number was “identified on foreign links” and was associated with an online calling service such as Vonage.

WASHINGTON - MARCH 31:  U.S. President George W. Bush (C) holds a copy of a presidential commision's report on pre-war intelligence on weapons of mass destruction while flanked by Judge Laurence Silberman (R) and former Democratic Sen. Charles Robb (L) of Virginia, co-chairmen of the commission during a press conference March 31, 2005 in Washington, DC. Among other issues, the report indicated that U.S. intelligence agencies were wrong in most prewar assessments about weapons of mass destruction in Iraq.  (Photo by Mark Wilson/Getty Images)

U.S. President George W. Bush holds a copy of a presidential commission’s report on pre-war intelligence on weapons of mass destruction while flanked by Judge Laurence Silberman and former Democratic Sen. Charles Robb of Virginia, co-chairs of the commission, during a press conference on March 31, 2005, in Washington, D.C.

Photo: Mark Wilson/Getty Images

Back to Basics: NSA Staff Instructed on Better Analyzing and Sharing Information

Whatever its success collecting and exploiting signals intelligence, the NSA was concerned its staff might not be communicating or disseminating this intelligence properly. “Write Right,” SIDtoday’s monthly column on authoring effective reports, brought to its 2006 edition a new focus on how to effectively route information to other intelligence agencies and federal entities, a process referred to officially (and dully) within NSA as “information sharing.”

The new attention to broad intelligence dissemination may have been a response to the scathing report of the so-called WMD Commission in March 2005, which stated, among other things:

The Intelligence Community’s performance in assessing Iraq’s pre-war weapons of mass destruction programs was a major intelligence failure. The failure was not merely that the Intelligence Community’s assessments were wrong. There were also serious shortcomings in the way these assessments were made and communicated to policymakers.

A maxim on intelligence from Colin Powell, the former chair of the Joint Chiefs of Staff, is quoted twice in SIDtoday’s 2006 “Write Right” columns, once in May and again in December: “Tell me what you know, tell me what you don’t know, tell me what you think; always distinguish which is which.” Columns previously devoted to spell-checking or capitalization began giving advice on adding context (“collateral”) and analysis (“comment”) — and on how to provide analysis without editorializing. Warnings about the use of web research as “collateral” sources included a prohibition on citing Wikipedia.

With information sharing as the new norm, the “Write Right” author (and guest authors) repeated the need to understand and follow changing policies and to make sure that a report is releasable to the intended recipients. This guidance included what could or could not be discussed on the agency’s collaborative discussion forum, called “Enlighten.” No chit-chat: “The ENLIGHTEN system is an aid to professionals in doing their jobs,” according to the forum’s primer, which is quoted in an October 2006 “Write Right.” “All information posted on ENLIGHTEN must pertain to Agency-related (official) business. UNDER NO CIRCUMSTANCES IS ENLIGHTEN AUTHORIZED FOR DISSEMINATING PERSONAL OR NON-OFFICIAL INFORMATION.”

Customers queue outside the Apple Store in London for the launch of the iPhone 3G on July 11, 2008. O2, Apple's network partner for the handset, said Apple stores were having "technical issues" connecting to 02's online systems. AFP PHOTO/Leon Neal        (Photo credit should read LEON NEAL/AFP/Getty Images)

Customers queue outside the Apple Store in London for the launch of the iPhone 3G on July 11, 2008.

Photo: Leon Neal/AFP/Getty Images

The NSA Goes After Newer (3G!) Phones and “Social Networks”

Rapid change was buffeting not just NSA’s information-sharing practices but some of the core communications systems the agency surveilled as well, and in early 2006 the agency held multiple internal events to explain newly developed techniques to evolve its intelligence collection in parallel with these systems.

One SIDtoday article announced a “brown bag session” about exploiting video from third-generation, or 3G, cellphones, including “basic instructions on how best to search, analyze and use camera cell phone video data.” 3G mobile data networks first became commercially available in Japan in 2001, in South Korea and the United States in 2002, and in the United Kingdom in 2003. By 2008, the United States and Europe alone had over 127 million 3G users.

Another article announced an “open house” hosted by the “Social Network Analysis Workcenter” to show off “ASSIMILATOR,” a new web-based tool for analyzing the social networks of surveillance targets. In this case, “social network” refers to the list of people a target communicates with based on signals intelligence from a variety of sources, not social networking services.

Top photo: A U.S. soldier at a press conference in Baghdad takes down an older photo in order to display the latest image purporting to show the body of Abu Musab al-Zarqawi, an Al Qaeda-linked militant who led a bloody campaign of suicide bombings, kidnappings, and hostage beheadings in Iraq.

The post 328 NSA Documents Reveal “Vast Network” of Iranian Agents, Details of a Key Intelligence Coup, and A Fervor for Voice Matching Technology appeared first on The Intercept.

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365. Microsoft Office 365 is an all-in-solution for users

Before Snowden, an NSA Spy Tried to Incite Change From the Inside. He Called Himself the “Curmudgeon” of Signals Intelligence.

You know the type.

Middle-aged, male, tired of his job. He’s been around for ages and moans about how things were done 10 times better back in the day. Every so often, he snaps pointlessly at a co-worker. He’s the office curmudgeon. It’s time for him to go, and he probably realizes it.

Workplace grouches are usually ignored or fired, but the National Security Agency gave a unique platform to one of its own. In the mid-aughts, in an internal newsletter, the NSA published a series of articles by Rahe Clancy, an eavesdropper disillusioned with what the agency had become and what he was doing there. It’s not that Clancy disliked spying on people or governments — he supported the collection of signals intelligence, or SIGINT — but he felt that the NSA had lost its way.

After 30 years on the job, he wrote, “I found myself turning into a SIGINT Curmudgeon.” In 2005, he published his coming-out article for the newsletter, SIDtoday, which was targeted at the agency’s core Signals Intelligence Directorate. Clancy wrote that he was particularly worried about the future of his area of expertise, known as “collection,” through which the NSA intercepts and downloads a variety of transmissions, both earthbound and from satellites. “I was convinced,” he continued, “that collection was a dying career field and that NSA management was hastening its demise through neglect.” Clancy was writing for a distinctive audience — the thousands of eavesdroppers, hackers, and analysts who worked for the NSA. His articles for SIDtoday, posted on a secure computer network, were provided to The Intercept by whistleblower Edward Snowden.

Clancy had a theory about what was going wrong: The NSA was being run like a corporation, not a spy agency. It emphasized managers, clients, products, and customer satisfaction. There were substantial pay-and-perk gaps between leadership and the workforce. And the lingo was maddening, a daily hailstorm of “paradigm,” “synergy,” “enterprise,” and “teaming.” It was all driving him nuts — literally. One day, he broke down and had a loud disagreement with his bosses in the middle of the office. He considered early retirement, but had to stick it out because he needed his full benefits.

“I fail to see how running a Cryptologic Intelligence Agency bears more than a superficial resemblance to running a corporation,” he wrote in his final column. “If we had a product to sell, and competition selling that product, I would gladly embrace the corporate model for NSA. But we don’t have competition.”

A strange thing happened on his grumbling way out the door. Clancy’s final column, published as he retired in 2006, was an unexpected hit. Titled “The SIGINT Curmudgeon’s Last Shot!,” it made bitter fun of what he defined as the “Corp-speak” that had overtaken the agency (“SYNERGISTIC: Isn’t that from ‘Mary Poppins’?”). In a follow-up article, the editors of SIDtoday said they received an “unprecedented amount of feedback” and published a sampling of it. “Spot on!” a staffer wrote. “Too many think it’s more important to ‘get ahead’ than get things done!” Another eavesdropper remarked, “Wonderful and to the point. Too much is spent on hype and pointless nonsense.” A longtime veteran added, “I have often mourned the NSA that I joined in 1982. … If anyone knows where it went, please send me a map.”

With his last shot, the curmudgeon became a hero.

An aerial view of The National Security Agency and Central Security Service (NSA CSS) building in Fort Meade, Maryland. (Photo by Brooks Kraft LLC/Corbis via Getty Images)

An aerial view of the National Security Agency and Central Security Service (NSA CSS) building in Fort Meade, Md.

Photo: Brooks Kraft LLC/Corbis via Getty Images

A Bookworm and a Collector

In the style of tabloids, SIDtoday had a rotating cast of columnists drawn from the agency’s workforce. There was the “SIGINT Philosopher” who wrote about ethical issues of surveillance; there was a column called “Ask Zelda!” that was akin to “Dear Abby” for spies; and there was “Signal v. Noise,” which explored the intricacies of data collection. Clancy, as the “SIGINT Curmudgeon,” cast a critical eye on the internal discourse at the world’s largest eavesdropping agency. He was, in his cranky way, an amateur anthropologist of modern surveillance culture.

In retirement, Clancy continues his curmudgeonly ways, in the sense of being a bit grumpy about talking with a reporter. He eventually came around to discussing, in an exchange of emails, his critique of the agency, though he kept to generalities. “The numerous oaths I have taken to protect classified information and the Constitution are still very much real to me,” he told The Intercept. “If that leads to me being ‘overcautious,’ so be it.”

My attempts to contact Clancy began several years ago, when I was able to get an email address and phone number for his wife. The first time I spoke with her, in 2015, she said the NSA told her husband not to talk with me. The next time I spoke with her, in early July as I began writing this article, she gave me his phone number. I left several voicemails over several days and emailed his wife again; there was no response. However, about a week later, Clancy emailed me. “Apologies for ignoring your attempts to communicate for so long,” he wrote. “I was not anxious to discuss any of the leaked documents nor was I eager to have my name made public. I’m still not thrilled about it!”

“I’ve never been very good with authority, especially the military type.”

I had sent a few general questions, and he answered some of them. He said he’s an avid reader — the genres he likes include alternative history, westerns, war novels, historical novels, Egyptology, and sci-fi, specifically space opera. He has 1,000 books in his home library and 500 in his digital collection. He does not consider himself a writer. “I wrote for work and sometimes for fun,” he said. “If I have any talent in that arena it’s because of dedicated teachers and a very small high school. There were never more than 100 students in grades 9-12.”

A few minutes on Google helped fill in the blanks about that high school and other parts of Clancy’s biography. He comes from salt-of-the-earth America. He was born in 1948, and his father was a North Dakota farmer and World War II veteran who served in the Guadalcanal campaign. He was raised in a small town, Buffalo, and after graduating from the local high school, he attended the University of North Dakota in Grand Forks. He left after a year to enlist in the Army and apparently served in military intelligence during the Vietnam War. But he lasted only three years — he acknowledged in one of his articles that “I’ve never been very good with authority, especially the military type.” After returning to North Dakota and getting married in 1974, he took a civilian job in England with the Department of Defense; this was the start of his career at the NSA, which is under the aegis of the DOD. His three children were born in England, and in 1990 they moved back to the U.S., settling in Maryland, not far from the NSA’s headquarters in Fort Meade.

Like pretty much everyone else at the NSA, Clancy’s work was classified. He described a bit of it in one of his articles, however, referencing “20 years of FORNSAT experience and 10 years of HF collection.” His reference to FORNSAT indicates satellite collection, which involves targeting the streams of data coming from satellites down to receivers on earth. His reference to “HF collection” seems to mean the collection of “High Frequency” radio signals, a traditional backbone of the NSA’s eavesdropping. In the last stretch of his career, Clancy served for 17 months as a senior collection officer at the NSA’s National Security Operation’s Center, where he was involved in responding to events as they happened across the globe. It was a job he loved, and it softened his curmudgeonly edges.

“I supported Afghan military operations, Iraqi military operations, numerous CSAR (Combat Search and Rescue) missions, downed aircraft, hostage situations, and a myriad of other tasks,” he wrote in SIDtoday. “I helped track Al Qaeda operatives, Taliban members, members of the former Iraqi regime, and aircraft and ships carrying weapons to/from proscribed nations. Sometimes all at once! I was on duty the night we went into Iraq and I went home that night feeling wrung-out, but with a feeling of accomplishment. When I think back on all of the history to which I had a ringside seat during that tour, it’s almost overwhelming!”

Clancy had a different kind of ringside seat throughout his career: He saw the NSA metastasize.

“Corp-speak” Divides the NSA

When Clancy started in the 1970s, the NSA focused primarily on intercepting the pre-digital murmurings of foreign governments and armies. It was, for sure, a secretive organization and engaged in its share of legally dubious spying, but it wasn’t the hyper-controversial behemoth it later became. The advent of the web in the 1990s changed the scope of the NSA’s work. As the world’s communications broadened to the digital sphere, the NSA widened its eavesdropping beyond satellites, phone lines, and telegraph cables to include the new infrastructure for online communications used by governments, non-state actors, and regular people. After 9/11, the NSA took on new duties and resources in a huge rush, engaging in vast eavesdropping activities that, in many cases, again likely violated the law.

By 2013, the most recent year for which statistics are available, thanks to documents leaked by Snowden, the NSA’s budget was $10.8 billion. It had become a massive bureaucracy and adopted the techniques of large corporations, to the chagrin of Clancy and others. You don’t have to take the curmudgeon’s word for it. The archive of documents leaked by Snowden includes a large number of files that extoll a business school approach to managing the NSA, using a type of language that almost seems to parody corporate communications. For instance, one SIDtoday article was titled “The Customer Scorecard,” and here’s its first paragraph:

One of the key initiatives for the Customer Relationships Directorate for 2004 is to update and improve the customer Support Plans (CSPs) for each customer of the Signals Intelligence Directorate (SID). The main element required in making the CSPs better is feedback from the customer. To obtain this feedback, the CRD began a pilot program called the ‘customer scorecard’. This scorecard will be used to determine how the Signals Intelligence Directorate is meeting its customers’ product and service needs.

Intentionally or not, the NSA was draping its life-and-death activities in corporate jargon, offering its staff a layer of semantic insulation that distanced them from the lethal nature of what they were doing. After all, their “customers” are not customers in the usual sense of the term. They are military services, intelligence agencies, the White House, State Department, and other parts of the U.S. government. The “products” of the NSA are, similarly, unlike the products most companies make. They are intelligence reports that include, for instance, electronic surveillance used to locate people for drone assassination and find targets in foreign countries to bomb.

The NSA was draping its life-and-death activities in corporate jargon.

Another SIDtoday document, titled “Making Customer Feedback Work for Everyone,” is a mind-bending exercise in funneling lethal activities through the blender of corporate pablum. “Today,” the document states, “our vision is providing the right information to the right customer at the right time — within their information space — completely focused on our customers’ successful outcomes.” It continues:

Toward that end, we are embracing processes and technology that will make available the intended outcomes of customer Information Needs, customer feedback, observed customer behavior and preferences, outright customer complaints and their resolution across the SIGINT enterprise at the touch of a button. We have been developing the business processes for this technology for the past 18 months and are now ready to prototype the technology that will lead us to trending and analysis of customer feedback and behavior. We expect this to result in improved one-to-one customer relationships that benefit many customers across the board.

Clancy was mystified by language of this sort.

“The lure of the ‘lingo’ is very strong,” he wrote in his last column. “To listen to someone speak ‘Corp-speak’ fluently is like listening to a Bushman speaking a Khoisan ‘click’ language. It’s absolutely fascinating, but, except for some of the hand waving, it’s totally incomprehensible to outsiders! A few months ago I was in a meeting that was attended by a couple of seniors who were not technical people. They were staff or HR types and they spoke ‘Corp-speak.’ One of them did a lot of talking during the hour meeting, but I have no idea what he said. I’m not a stupid person (really!) but I was clueless. I mean, I recognized the words: ‘Leverage,’ ‘paradigm,’ ‘synergy,’ ‘synergistic,’ ‘enterprise,’ ‘extended enterprise,’ ‘teaming,’ ‘corporateness,’ etc., but they didn’t fit together in a way that I understood.”

In response to Clancy’s column, the editors of SIDtoday published nine comments from NSA staffers. The final comment summed up the general reaction. “I laughed and cried,” the comment began. “It became a part of me. But seriously, Clancy hit the nail on the head for me. We spend so much time in this agency talking about unique product, as if it’s the greatest cleanser or whitener to hit the market, that we forget that as a government agency we are not in a ‘for profit’ business. … Our job, first and foremost, is to get intelligence out to the people who need it, period. Words such as ‘actionable’ or slogans like ‘Ahead with SIGINT that counts’ don’t really mean anything.”

The NSA, contacted by The Intercept, declined to comment on the accusations that the agency had become too corporate.

puppy-resize-1534173463

One of the photos of Clancy’s puppies on his Facebook page.

Photo: Facebook

Life After the Agency

Clancy still lives in Maryland and, in his retirement, worked for a while as a dog trainer at PetSmart. He and his wife raise Alaskan klee kais, a smaller version of Siberian huskies. “About two litters each year for the love of our dogs,” he wrote me. “Our dogs are our family.” He has a Facebook page where he posts pictures and videos of their puppies, which are indeed very cute. He occasionally takes them on outings to a local Starbucks.

Some of his Facebook posts are exactly what you’d expect from a self-described curmudgeon. Last year, he posted a graphic that said, “The fact that Jellyfish have survived for 650 million years despite not having brains gives hope to many people.” He also shared a video that began with this notice: “Just because you went to college doesn’t make you smarter than anyone else. … Common sense doesn’t come with a degree.” He even looks a bit like a curmudgeon — bald head, long, gray beard, a few extra pounds at his girth — though in most pictures, he has a broad smile.

His parting with the NSA has the hallmarks of being quietly triumphant. I asked, in one of my emails, whether he was aware that his final SIDtoday article had elicited such a strong and positive response inside the agency. He didn’t reply directly, though he wrote, “I have been approached by current employees who found out who I am and just wanted to shake my hand, so I know that at least some people remember me.”

“I had hoped to encourage the ‘worker bees’ to become more vocal and involved.”

In his grouchy way, was the SIGINT Curmudgeon a whistleblower of some sort? Certainly not in the way of Snowden or Chelsea Manning — they took their critiques to the public by leaking vast amounts of classified documents, hoping that their actions would spur greater awareness of secret government abuses. Clancy was hardly a rebel of that type. Last year, he posted onto his Facebook page a graphic that said, “President Trump is focused on ‘America First’! Democrats are focused on stopping Trump! Think about that.” He also gave a five-star review to a pro-Trump outlet, One America News Network, and shared several posts from the Convention of States, which seeks to hold a constitutional convention that would greatly restrict the powers of the federal government.

These posts raise some interesting questions. In his nostalgia for returning the NSA to its cultural roots, does Clancy think the government should throttle back its post-9/11 spying activity? One of the most controversial aspects of the NSA’s work is that, in its efforts to vacuum up the worldwide communications of foreigners, it also acquires immense quantities of American citizens’ emails, texts, and phone records — what it calls “incidental” collection. Although conservatives tend to support NSA surveillance as an anti-terrorism matter, the scope of the agency’s spying has attracted deep criticism from, among others, libertarian lawmakers like Sen. Rand Paul.

I asked Clancy about this.

“My personal political views had no bearing on my job performance,” he replied. “I am politically conservative and believe governance should be as close to the people as possible. Privacy must be protected but so must our intelligence gathering capability to protect the country.”

His aims were apparently modest: He sought to incite quiet changes from the inside. “I wrote these articles not only to voice my personal concerns (and frustration) about the state of the Agency but to get people talking and thinking,” he told me. “I had hoped to encourage the ‘worker bees’ to become more vocal and involved. Get ideas rolling uphill if possible.”

I asked for a bit of detail about the reforms he wanted to encourage, but he shied away from explaining more. In any event, he doesn’t appear to believe that his curmudgeonly dissent reached the people who matter the most. As he noted in one of his emails to me, “If I influenced Agency seniors in any way, I would be pleasantly surprised.”

Documents

Articles by (and about) Rahe Clancy, the “SIGINT Curmudgeon,” for SIDtoday:

Top photo: Rahe Clancy.

The post Before Snowden, an NSA Spy Tried to Incite Change From the Inside. He Called Himself the “Curmudgeon” of Signals Intelligence. appeared first on The Intercept.

The NSA’s Role in a Climate-Changed World: Spying on Nonprofits, Fishing Boats, and the North Pole

In the northernmost place in the United States, Point Barrow, Alaska, a National Security Agency collection site has allowed analysts to observe Russia’s military buildup 24/7, as melting Arctic ice opens a new conflict zone. The NSA has also monitored a dispute between India and Pakistan over access to the Indus River system, which is fed by glaciers high in the Himalayas, now shrinking. And as fisheries are facing increasing pressure from seas whose currents and temperatures have already been altered significantly by climate change, the NSA has listened in on phone conversations and monitored the movement of fishing boats engaged in potentially illegal practices that threaten dwindling stocks.

Previously unreleased documents leaked by former NSA contractor Edward Snowden show how the agency has gathered intelligence meant to support U.S. interests related to environmental disasters, conflicts, and resources. In the coming years, greenhouse gas pollution caused by the burning of fossil fuels will increase the frequency of ecological crises and conflicts over natural resources. The documents provide a window into the role the United States’s most sprawling international surveillance agency will play in an altered world.

The documents show that although the NSA’s interest in environmental issues is limited, it’s wide-reaching and has grown over the years. Unsurprisingly, the agency is driven not by an imperative to avoid climate-induced ecological crises, but by a need to respond to such crises as they threaten U.S. political and economic interests or explode into violent clashes.

According to the documents, the NSA targets its surveillance at disputes over natural resources, from the dwindling fisheries of the South China Sea to the newly opened shipping channels of the Arctic. It also plays a role in monitoring natural disasters, including by gathering intelligence after an earthquake and tsunami struck Japan in 2011. Documents previously reported on show the agency routinely surveils climate talks, giving U.S. negotiators an edge as they avoid committing to the dramatic emissions reductions necessary to avoid the most dire potential effects of climate change. Intelligence is shared not only with diplomats and emergency responders but also with officials from agencies like the Environmental Protection Agency and the Interior Department.

The NSA’s eco-spying coincided with repeated findings within the intelligence community that environmental concerns had national security implications. The military has long recognized climate change as a major threat, and over the years, the Defense Department has framed it as a “threat multiplier,” enflaming conflicts by adding to the mix issues like drought, loss of access to drinking water or irrigation, rising sea levels, migration and die-offs of wild game, wildfires, catastrophic storms, and the human displacement that comes with all such issues. A previously published NSA document, dated May 14, 2007, quoted then-Under Secretary of Defense for Intelligence James Clapper at an internal NSA conference saying, “Increasingly, the environment is becoming an adversary for us. And I believe that the capabilities and assets of the Intelligence Community are going to be brought to bear increasingly in assessing the environment as an adversary.”

The U.S. intelligence community’s Worldwide Threat Assessment, released in February 2018, dedicates a section to the issue of climate change. “The impacts of the long-term trends toward a warming climate, more air pollution, biodiversity loss, and water scarcity are likely to fuel economic and social discontent—and possibly upheaval—through 2018,” the assessment said.

But under President Donald Trump, security officials have sometimes avoided talking about climate change. Neither the Defense Department’s 2018 defense strategy nor the president’s national security strategy highlight the issue as a security threat. Nonetheless, Trump’s military, intelligence, and border agencies are responding to issues whose links to climate change may not be outwardly apparent — from the war in Syria, which has been linked to an earlier drought; to the hurricanes that ravaged Houston and Puerto Rico; to emigration from Central America, where a prolonged period without rain in recent years made agriculture in the region’s Dry Corridor extremely difficult. The documents hint at, but do not fully capture, the potentially vast role of the surveillance state in a climate-changed world.

The NSA declined to comment.

AT SEA - MAY 27:  (CHINA OUT, SOUTH KOREA OUT) A Chinese Maritime Police Bureau ship uses water canon to harass a Vietnamese fisheries surveillance force vessel near the disputed Paracel Islands on May 27, 2014 in At Sea. Dozens of Vietnamese and Chinese vessels square off near the disputed Paracel Islands in the South China Sea.  (Photo by The Asahi Shimbun via Getty Images)

A Chinese Maritime Police Bureau ship uses water canons to harass a Vietnamese Fisheries Surveillance Force vessel near the disputed Paracel Islands on May 27, 2014, while at sea.

Photo: The Asahi Shimbun via Getty Images

Monitoring the Movements of Chinese Fishing Vessels

One particularly vexing environmental challenge for the NSA was the tracking of Chinese commercial fishing boats, which routinely became electronic phantoms, believed to be hundreds or thousands of miles from where they actually were. This was due to a combination of strange errors occurring at hemispheric boundaries in addition to an intricate system of intentional misinformation adopted by the Chinese, according to a 2012 article in SIDtoday, the internal news site of the NSA’s Signals Intelligence Directorate. The boats “are often involved in [Exclusive Economic Zone] incursions and illegal fishing activities,” the document stated.

Indeed, in the South China Sea, a fight over fishing has become a proxy for a broader power struggle among the nations located along its banks. China has laid claim to a wide swath of the sea. Waters it claims as its own overlap with maritime territories claimed by other nations under the U.N.’s system of exclusive economic zones, or EEZs. The territorial conflicts are often framed as being about oil, but perhaps just as important is the sea life that represents a key part of several nations’ economies and diets.

The fisheries of the South China Sea are declining — and are on the brink of collapse, according to scientists. Stocks have shrunk by 70 to 90 percent since the 1950s, largely due to overfishing. This has further incentivized nations that surround the sea to go to battle over the disputed territories. Regulating fishing has become impossible, since accepting another nation’s fishing laws would be accepting its jurisdiction over the territory. Fishermen who can no longer access areas dominated by the Chinese, in nations like the Philippines — a U.S. ally — have increasingly turned to illegal fishing methods. And occasionally, disputes over fishing have exploded into military standoffs.

“As maritime resources are stressed by increased fishing pressures, disputes over fishing rights and violations of EEZ are a growing concern and are increasingly becoming flash points for international incidents,” the SIDtoday article, dated June 27, 2012, said. “Monitoring of the locations and activities of foreign fishing fleets is an important mission of the United States Coast Guard, many of our Second Party partners, as well as being an item of concern for the US State Department.”

Most large maritime vessels use what’s known as the automatic identification system, which lets other ships in the area know where and who they are. “Naturally, it wasn’t surprising to hear our customers’ concerns when a large number of Chinese fishing vessels were observed broadcasting their position 1,000 miles from where they actually were,” the article stated. “Not only did this pose a threat to the safety of navigation for ships operating in proximity to these fishing vessels, it also complicated the monitoring of the EEZ for the United States and our Second Party partners. A combined effort between NSA Colorado and Second Party partners surged on this problem.”

One of the problem’s causes seemed to be accidental — the Chinese boats’ coordinates “would appear to ‘bounce or reflect’ off the equator and the international dateline as the ships continued east or south,” the article said.

So, for example, a boat located on the Pacific coast of South America would appear to be in northern India. Alerted to the problem, China corrected it in 2011, according to the document.

A second problem “was not an error but an intentional ‘misuse’ of the AIS messaging protocol to produce a different (home-grown) coordinate system,” the document said. At least 18 Chinese ships were found to be using an alternative definition of the latitude and longitude system, which threw off their coordinates for everyone else using the standard system. The result: While the Chinese knew where their ships were, neighboring boats did not. “The underlying reason for why the PRC has opted to use this alternate coordinate system for some of their fishing vessels is still unknown,” the article said.

Eavesdropping on Phone Calls to Stop a Stateless Fishing Boat

The NSA has also been involved in policing banned fishing practices used by stateless ships. High seas drift-net fishing involves attaching buoys to the top of a miles-long net that descends into the depths of the ocean. The net is sometimes attached to a ship, but other times is left to float, passively collecting any marine life that comes by, including fish or whales that are not of any commercial interest to the fishermen. The net works by entangling the gills of fish in its fine mesh. The nets are often made of nylon and put in place at night, so that they become invisible to sea life.

Another SIDtoday article, written by a technical director at NSA Hawaii and dated October 16, 2012, indicates the NSA works with the U.S. Coast Guard in chasing down fishing boats that use the destructive fishing method. In September 2011, the Coast Guard caught a large fishing vessel using drift nets 2,600 miles south of Kodiak, Alaska, but the boat’s partner vessel escaped. Seven months later, the NSA picked up a signal from a satellite phone associated with the boat. “It was time to take action,” the document stated.

“An NSA Hawaii linguist listened in on the fishing vessel’s communications for any signs that the crew would resist a boarding operation by the Coast Guard,” the article said. A packet of intel related to the chase was provided by Hawaii analysts to the Coast Guard’s Maritime Intelligence Fusion Center twice a week.

Finally, on July 27, 2012, 700 nautical miles east of Yokosuka, Japan, the Coast Guard boarded the fishing vessel. “The vessel’s crew consisted of 26 Chinese and one Taiwanese, and the vessel claimed to be Indonesian flagged, but after contacting Indonesia the vessel was determined to be stateless,” the document said.

It continued, “While on board the Da Cheng, the boarding team discovered 10 NM of driftnet, 500 kilograms of shark fins, over five tons of shark carcasses, and 30 tons of tuna.” The vessel was turned over to the Chinese Bureau of Fisheries for further investigation.


Laborers walk on a bridge in the backdrop of the 450 MW Baglihar hydro electric project built on the river Chenab, in Chanderkot, about 154 kilometers (96 miles) north of Jammu, India, Friday, Oct. 10, 2008. The construction of the dam, built on the river Chenab, began in 2000 despite protests from Pakistan who fears it will cut crucial water supplies downstream to its key farming region of Punjab. Indian Prime Minister Manmohan Singh inaugurated the dam Friday. (AP Photo/Channi Anand)

Laborers walk on a bridge in the backdrop of the 450 MW Baglihar hydroelectric project built on the  Chenab River, in Chanderkot, about 154 kilometers, or 96 miles, north of Jammu, India, Oct. 10, 2008.

Photo: Channi Anand/AP

During a Dam Dispute in India and Pakistan, the NSA Was Watching

It’s not just oceans and seas that the NSA keeps an eye on for aquatic disputes. One of South Asia’s most important sources of water is the Indus River system, which is fed by glacial water high in the Himalayas. One recent study projected that at least a third of Asia’s mountain glaciers will melt away by the end of the century, potentially destabilizing water sources. Changing monsoon patterns will exacerbate the situation.

Access to water has long been a point of tension between India and Pakistan, and disputes are perennial over access to the tributaries, which were divided between the two nations under the Indus Waters Treaty. In the mid-2000s, India’s Baglihar Dam project was a key point of contention. Pakistan claimed it could deprive the nation of water that should be designated for its agricultural sector, which in some areas of the country relies almost exclusively on the Indus system.

The NSA spied on nongovernmental entities in order to access intel on water conflicts.

The NSA was listening in.

A SIDtoday article published March 22, 2006, on World Water Day, noted, “NSA reporting has followed the ongoing tensions surrounding the India-Pakistan Indus Water Treaty and construction of Baglihar Dam, providing our customers with unique information as they monitor this volatile region.”

In fact, the agency had its eye on a number of riparian disputes and predicted a future of increasing water scarcity and conflict. “As competition for water grows among the Nile Basin countries in Africa, analysts continue to report on contentious water extraction projects that could potentially lead to conflict in this area,” wrote the author, an NSA liaison on “economics and global issues.”

The document indicates that the NSA spied on an array of both governmental and nongovernmental entities in order to access intel on water conflicts, stating, “NSA’s broad access to government officials, multilateral organizations, and NGOs has yielded unique perspectives on water availability for internally-displaced persons (IDPs) in Sudan, flooding in Afghanistan, and contaminated water sources in Baghdad.”

And this “broad access” predicted a future where such collection could be increasingly important. “While the world’s population tripled in the 20th century, the use of water resources has grown six-fold. At this rate, more than 2.7 billion people will face severe water shortages by the year 2025 and another 2.5 billion will live in areas where it will be difficult to find sufficient fresh water,” the document said. Signals intelligence “has provided critical insight on issues ranging from inter-state water disputes and food security, to economics and technology sharing, health infrastructure, and natural disasters.”

2827393 04/13/2016 Barneo expedition drift ice camp in the Arctic. Valeriy Melnikov/Sputnik via AP

Barneo expedition drift ice camp in the Arctic, on April 13, 2016.

Photo: Valeriy Melnikov/Sputnik via AP

In the Arctic, a 24/7 Watch on the Russians

In response to climate change, the NSA has increased its northernmost surveillance, an internal document indicates. This past winter, ice cover in the Arctic was the second lowest it’s ever been, after the year before. Sea ice in the summers has shrunk by about 40 percent since the 1980s, and what’s left is much thinner. A 2018 study led by researchers with the federal National Oceanic and Atmospheric Administration shows that it would be nearly impossible for temperatures in the Arctic to rise as high as they have without the impact of greenhouse gases.

The result is that new shipping lanes have opened up at the top of the globe. Areas once impassible have become accessible for the transport of goods, movement of military vessels, and exploration of fossil fuels. A 2009 assessment indicated that the Arctic potentially contains 13 percent of the undiscovered oil left in the world, and 30 percent of the remaining natural gas. In response, Russia has built up its military presence dramatically.

Ice melt in the Arctic and increasing competition for hydrocarbons and minerals has forced the U.S. to make the Arctic a higher priority, an NSA technical director at the Alaska Mission Operations Center acknowledged in a SIDtoday article dated November 29, 2011.

For the NSA, Russia’s plans for two new Arctic army brigades and new icebreaker boats were of particular concern. “These plans, along with an increasing Chinese presence and expressed interest in the Arctic, pose a significant intelligence challenge to the United States, Canada, and the other Arctic countries,” the document said.

The NSA “maintains a 24/7 watch over Russian military air activity in the Arctic,” the document added. Using various collection techniques, including intercepts of shortwave radio and foreign satellite transmissions, the NSA monitored for Russian bombers and watched for Russian resupply flights to its Barneo ice station, near the North Pole.

The NSA’s Arctic operation was centered at the time at the Alaska Missions Operations Center on Joint Base Elmendorf-Richardson in Anchorage, but the agency also had a “remote intercept facility” at Point Barrow, Alaska.

The facility, housed at the Air Force’s Long Range Radar Site, included an antenna array, an FRD-13 Pusher — a massive circular antenna, nicknamed an “elephant cage,” used to intercept radio communications — and a Sensitive Compartmented Information Facility, containing collection equipment. Two personnel were stationed at all times at Point Barrow.

“The facility at Barrow is moving into the future of NSA operations,” the document said, noting that there would soon be upgrades to the Barrow facility, including a wideband radio collection system known as “GLAIVE.”

“The AMOC is uniquely positioned to continue to be a vital part of NSA’s efforts against the emerging Arctic Intelligence problem,” it said.

BEIJING, CHINA - JANUARY 16:  (CHINA OUT) People visit the Tiananmen Square which is shrouded with heavy smog on January 16, 2014 in Beijing, China. Beijing Municipal Government issued a yellow smog alert this morning.  (Photo by VCG/VCG via Getty Images)

People visit Tiananmen Square, which is shrouded with heavy smog, on Jan. 16, 2014, in Beijing.

Photo: VCG via Getty Images

Climate Change a Growing Priority for the NSA

Previously unreleased documents indicate that climate change increasingly became a topic of interest in the mid-2000s and early 2010s. Climate change is mentioned repeatedly in reports describing the NSA’s priority issues. A secret NSA report describing geopolitical trends for 2011 to 2016, for example, ranked climate change as No. 31 out of 34 priorities (No. 1 was “global energy security”).

To bring analysts up to date on this increasingly urgent issue, the NSA offered various learning opportunities. For example, in advance of the U.N.’s Cancún, Mexico, climate talks in 2010, approximately 50 analysts attended an entire “Climate Change Day,” according to SIDtoday. And in the summer of 2006, the agency held a seminar on the causes and effects of climate change titled “Fire and Ice.” A description says, “Climate change (most likely as a result of global warming) is expected to accelerate at an unprecedented rate over the coming decades and has already been linked to drought and related famine, shifts in precipitation, and the loss of fresh water resources. Extreme weather patterns are a growing threat.” It adds, “Alternative viewpoints will also be addressed.”

More than a decade later, the intelligence community appears less concerned about the validity of alternative viewpoints. The intelligence community’s publicly released 2018 Worldwide Threat Assessment notes, “The past 115 years have been the warmest period in the history of modern civilization, and the past few years have been the warmest years on record. Extreme weather events in a warmer world have the potential for greater impacts and can compound with other drivers to raise the risk of humanitarian disasters, conflict, water and food shortages, population migration, labor shortfalls, price shocks, and power outages. Research has not identified indicators of tipping points in climate-linked earth systems, suggesting a possibility of abrupt climate change.”

It underlines that bad air pollution may drive protests in China, India, and Iran. Water scarcity will drive conflicts related to the construction of dams and will complicate agreements around the use of river water. And accelerating biodiversity loss caused by pollution, warming, unsustainable fishing, and acidifying oceans “will jeopardize vital ecosystems that support critical human systems.”

Top photo: Fishing boats set sail from a harbor to catch fish in the South China Sea on Aug. 16, 2017, in Sanya, Hainan Province, China.

The post The NSA’s Role in a Climate-Changed World: Spying on Nonprofits, Fishing Boats, and the North Pole appeared first on The Intercept.

NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other “High Potential” Targets

The National Security Agency successfully broke the encryption on a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document.

A virtual private network, or VPN, uses an encrypted connection to enable users to go over the internet and connect to a private network, such as a corporate intranet. This allows an organization’s staff to access internal services like file-sharing servers or private wikis without having to physically be in the office.

The NSA’s ability to crack into sensitive VPNs belonging to large organizations, all the way back in 2006, raises broader questions about the security of such networks. Many consumers pay for access to VPNs in order to mask the origin of their internet traffic from the sites they visit, hide their surfing habits from their internet service providers, and to protect against eavesdroppers on public Wi-Fi networks.

The fact that the NSA spied on Al Jazeera’s communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA’s compromise of Al Jazeera’s VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

“Both protocols offer a zillion configurable options, which is a source of a lot of the vulnerabilities.”

At the time, Al Jazeera defended itself against this criticism, insisting that its reporting was objective. “Osama bin Laden, like it or not, is a party to this present crisis,” news editor Ahmed Al Sheikh told the BBC in 2001. “If we said that we were not going to allow him the air time, then we would have lost our integrity and objectivity and our coverage of the story would have become unbalanced.”

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, “Paraguayan SABRE,” Russian airline Aeroflot, and “Russian Galileo.” Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world.

In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries’ VPNs appears to have occurred at roughly the same time as a broader “all-out campaign to penetrate Iraqi networks,” described by an NSA staffer in 2005.

“Although VPNs pose special challenges for SIGINT (signals intelligence) collection and processing, we’ve recently had notable success in exploiting these communications,” wrote the author of the document, an article for the internal NSA news site SIDtoday. The author added that the NSA’s Network Analysis Center had been focusing on “VPN SIGINT Development (SIGDev) for over three years now, and the investment is paying off!” The article does not say what VPN technology any of the targets used, nor does it give any technical details on how the NSA broke the encryption on them.

The technical details that describe how the NSA exploits VPNs are a closely-guarded secret, according to another SIDtoday article, from December 2006. “Exploiting VPNs makes use of some of the newest state-of-the-art techniques,” the article stated, “and because of this, the exploitation details are held closely and generally not available to field sites.” The author went on to describe a tool called VIVIDDREAM that lets analysts who discover new VPNs test whether the NSA has the capability to exploit it, all without revealing to the analyst any sensitive information about how the exploit works.

Documents provided to news organizations by Snowden do not conclusively list which VPN technologies have been compromised by the NSA and which have not. However, there have been a number of news reports about the NSA’s VPN hacking capabilities based on these documents, and cryptographers who have reviewed them have come up with some educated guesses.

In 2014, The Intercept reported on the NSA’s plans, dated August 2009, to use an automated system called TURBINE to covertly infect millions of computers with malware. The revelations described a piece of NSA malware called HAMMERSTEIN, installed on routers that VPN traffic traverses. The malware was able to forward VPN traffic that uses the IPSec protocol back to the NSA to decrypt. However, the documents did not explain precisely how the decryption occurred.

Later that year, Der Spiegel published 17 documents from the Snowden archive related to the NSA’s attacks against VPNs, many of them providing more details about TURBINE, HAMMERSTEIN, and related programs.

There are many different VPN protocols in use, some of them known to be less secure than others, and each can be configured in ways to make them more or less secure. One, Point-to-Point Tunneling Protocol, “is old and insecure and there are a bunch of known security vulnerabilities since forever,” Nadia Heninger, cryptography researcher at the University of Pennsylvania, told me in an email. “I would not at all be shocked if these were being exploited in the wild.”

The NSA also appears to have, at least in some situations, broken the security of another VPN protocol, Internet Protocol Security, or IPSec, according to the Snowden documents published by The Intercept and Der Spiegel in 2014.

“For both TLS and IPsec, there are both secure and insecure ways of configuring these protocols, so they can’t really be labeled as blanket ‘secure’ or ‘insecure,’” Heninger explained. “Both protocols offer a zillion configurable options, which is a source of a lot of the published protocol-level vulnerabilities, and there are cipher suites and parameter choices for both protocols that are definitely known to be cryptographically vulnerable.” Still, she was “pretty confident” that there are ways to configure TLS and IPsec that “should resist all known attacks.”

Another possibility is that the NSA figured out how to break the encryption on VPNs without even using cryptography. “I should also note that we’ve seen a lot of hardcoded credentials and other software vulnerabilities get found in various VPN implementations, which would enable a bunch of boring noncryptographic attacks like just running a script on an end host to exfiltrate login credentials or other data as desired. This is the kind of thing that most of the Shadow Brokers tools were actually doing,” Heninger said, referring to the cache of post-Snowden NSA exploits and hacking tools that were published on the internet in 2016 and 2017.

In 2015, Heninger and a team of 13 other cryptographers published a paper, titled “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” that revealed major weaknesses in the security of several of the internet’s most popular protocols. Their paper described a new attack called Logjam and concluded that it was within the resources of a nation-state to use this attack to compromise 66 percent of all IPSec VPNs. “A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” the authors speculated.

The NSA declined to comment for this story.

Top photo: A Qatari employee of Al Jazeera Arabic language TV news channel walks past the logo of Al Jazeera in Doha, Qatar in Nov. 1, 2006.

The post NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other “High Potential” Targets appeared first on The Intercept.

Coinbase Chief Brian Armstrong on Bitcoin Bubbles and Corrections

It’s not often that you have two blockchain pioneers like Coinbase CEO Brian Armstrong and Ethereum Co-Founder Joseph Lubin address the market in the same week. But in recent days, the stars aligned, with Armstrong and Lubin both meeting with Bloomberg for separate interviews. While each of them has their own take on the state […]

The post Coinbase Chief Brian Armstrong on Bitcoin Bubbles and Corrections appeared first on Hacked: Hacking Finance.

Hundreds of Instagram accounts were hijacked in a coordinated attack

Hundreds of Instagram accounts were hijacked in what appears to be the result of a coordinated attack, all the accounts share common signs of compromise.

Alleged attackers have hijacked Instagram accounts and modified personal information making impossible to restore the accounts.

The number of Instagram accounts that was hacked has increased since the beginning of August, all the victims were logged out of their accounts, their personal and contact information were deleted, personal email address was changed.

The attackers changed victims’ email addresses with one associated to a Russian domain (.ru).

The media outlet Mashable first reported the spike in the account takeover.

“Like half a dozen other hacking victims who spoke with Mashable, her profile photo had been changed, as had all the contact information linked to the account, which was now linked to an email with a .ru Russian domain.reported Mashable.

“Megan and Krista’s experiences are not isolated cases. They are two of hundreds of Instagram users who have reported similar attacks since the beginning of the month.”

More than 5,000 tweets from 899 accounts were mentioning Instagram hacks in the last seven days, many users have been desperately tweeting at Instagram’s Twitter account requesting support.

Numerous reports of hacks were reported on Reddit, and Mashable reported a Google Trends search that shows a spike in searches for “Instagram hacked” on Aug. 8, and again on Aug. 11.

Instagram accounts hacked

Instagram hacked accounts have had their profile photos changed with Disney- or Pixar-themed film images.

“A number of Instagram users have taken to social media to report a mysterious hack in which their profile photos are replaced by random stills from films.” reported the BBC.

It’s not clear how hackers have hacked the Instagram accounts, there are some cases in which owner s of the accounts explained that they were using two-factor authentication (2FA).

“The extra security measure didn’t protect Chris Woznicki, who was using two-factor authentication at the time his account was hacked 10 days ago. Woznicki says Instagram sent him security emails notifying him the email address on his account had been changed (once again, to a .ru address) and 2FA had been disabled. But by the time he saw the messages, it was too late and he had already lost access to his account, which had 660 followers. Others have reported similar occurrences. “continues Mashable.

Instagram confirmed it is aware of the problems that some users are facing, below an excerpt from an Instagram security advisory:

“We are aware that some people are having difficulty accessing their Instagram accounts. As we investigate this issue, we wanted to share the below guidance to help keep your account secure:

  • If you received an email from us notifying you of a change in your email address, and you did not initiate this change – please click the link marked ‘revert this change’ in the email, and then change your password.
  • We advise you pick a strong password. Use a combination of at least six numbers, letters and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.
  • You can also use the steps outlined on this page to restore your account. Please use a new, secure email address to restore your account.
  • Finally, revoke access to any suspicious third-party apps and turn on two-factor authentication for additional security. Our current two-factor authentication allows people to secure their account via text, and we’re working on additional two-factor functionality with more to share soon.”

It isn’t the first time that Instagram faces such kind of problems, in September 2017 6 million celebrities Instagram High-Profiles data were offered for sale on DoxaGram website.

For more information, users can visit the Instagram Help Centre that includes instructions to restore a compromised account.

Pierluigi Paganini

(Security Affairs – Instagram accounts, hacking)

The post Hundreds of Instagram accounts were hijacked in a coordinated attack appeared first on Security Affairs.

Security Affairs: Hundreds of Instagram accounts were hijacked in a coordinated attack

Hundreds of Instagram accounts were hijacked in what appears to be the result of a coordinated attack, all the accounts share common signs of compromise.

Alleged attackers have hijacked Instagram accounts and modified personal information making impossible to restore the accounts.

The number of Instagram accounts that was hacked has increased since the beginning of August, all the victims were logged out of their accounts, their personal and contact information were deleted, personal email address was changed.

The attackers changed victims’ email addresses with one associated to a Russian domain (.ru).

The media outlet Mashable first reported the spike in the account takeover.

“Like half a dozen other hacking victims who spoke with Mashable, her profile photo had been changed, as had all the contact information linked to the account, which was now linked to an email with a .ru Russian domain.reported Mashable.

“Megan and Krista’s experiences are not isolated cases. They are two of hundreds of Instagram users who have reported similar attacks since the beginning of the month.”

More than 5,000 tweets from 899 accounts were mentioning Instagram hacks in the last seven days, many users have been desperately tweeting at Instagram’s Twitter account requesting support.

Numerous reports of hacks were reported on Reddit, and Mashable reported a Google Trends search that shows a spike in searches for “Instagram hacked” on Aug. 8, and again on Aug. 11.

Instagram accounts hacked

Instagram hacked accounts have had their profile photos changed with Disney- or Pixar-themed film images.

“A number of Instagram users have taken to social media to report a mysterious hack in which their profile photos are replaced by random stills from films.” reported the BBC.

It’s not clear how hackers have hacked the Instagram accounts, there are some cases in which owner s of the accounts explained that they were using two-factor authentication (2FA).

“The extra security measure didn’t protect Chris Woznicki, who was using two-factor authentication at the time his account was hacked 10 days ago. Woznicki says Instagram sent him security emails notifying him the email address on his account had been changed (once again, to a .ru address) and 2FA had been disabled. But by the time he saw the messages, it was too late and he had already lost access to his account, which had 660 followers. Others have reported similar occurrences. “continues Mashable.

Instagram confirmed it is aware of the problems that some users are facing, below an excerpt from an Instagram security advisory:

“We are aware that some people are having difficulty accessing their Instagram accounts. As we investigate this issue, we wanted to share the below guidance to help keep your account secure:

  • If you received an email from us notifying you of a change in your email address, and you did not initiate this change – please click the link marked ‘revert this change’ in the email, and then change your password.
  • We advise you pick a strong password. Use a combination of at least six numbers, letters and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.
  • You can also use the steps outlined on this page to restore your account. Please use a new, secure email address to restore your account.
  • Finally, revoke access to any suspicious third-party apps and turn on two-factor authentication for additional security. Our current two-factor authentication allows people to secure their account via text, and we’re working on additional two-factor functionality with more to share soon.”

It isn’t the first time that Instagram faces such kind of problems, in September 2017 6 million celebrities Instagram High-Profiles data were offered for sale on DoxaGram website.

For more information, users can visit the Instagram Help Centre that includes instructions to restore a compromised account.

Pierluigi Paganini

(Security Affairs – Instagram accounts, hacking)

The post Hundreds of Instagram accounts were hijacked in a coordinated attack appeared first on Security Affairs.



Security Affairs

IDG Contributor Network: How to make cybersecurity incidents hurt less

You take time with your staff to regularly review what they should do in a fire (where are the exits? Don’t use the elevator. Where is the muster point? Is the fire department called automatically, or will someone have to call when they are safely out of the building? Who is responsible for doing a count and making sure everyone is accounted for?). You should be doing the same for your cybersecurity. That is where tabletop exercises come in.

The value of tabletop exercises

Tabletop exercises are an essential part of any overarching security strategy. Security needs to be looked at holistically, not as individual disparate areas or functions but as a series of functions that come together under one overarching umbrella. Security exercises like tabletop exercises are a useful way to gauge how effective a company’s current security strategy currently is and help them determine how they can achieve their short-term, medium-term, and long-term security goals.

To read this article in full, please click here