• Tag Archives NSA

  • NSA Reneges on Promise to Tell Congress How Many Innocent Americans it Spies On

    Posted on by Azrael 1 Comment

    Lawmakers should know how the laws they pass impact their constituents. That’s especially true when the law would reauthorize a vast Internet and telephone spying program that collects information about millions of law-abiding Americans.

    But that’s exactly what the Intelligence Community wants Congress to do when it considers reauthorizing a sweeping electronic surveillance authority under the expiring Section 702, as enacted by the FISA Amendments Act, before the end of the year.

    Intelligence officials have been promising Congress they would provide lawmakers with an estimate of the number of American communications that are collected under Section 702. That estimate is a critical piece of information for lawmakers to have as they consider whether and how to reauthorize and reform the warrantless Internet surveillance of millions of innocent Americans in the coming months.

    But during a hearing on Section 702 in front of the Senate Intelligence Committee yesterday, Director of National Intelligence Dan Coats, despite previous assurances, said he won’t be providing that estimate out of national security and, ironically, privacy concerns.

    He told lawmakers it is “infeasible to generate an exact, accurate, meaningful, and responsive methodology that can count how often a U.S. person’s communications may be incidentally collected under Section 702.” To do so would require diverting NSA analysts’ attention away from their current work to “conduct additional significant research” to determine whether the communications collected under Section 702 are American. “I would be asking trained NSA analysts to conduct intense identity verification research on potential U.S. persons who are not targets of an investigation,” he said. “From a privacy and civil liberties perspective, I find this unpalatable.”

    From a privacy and civil liberties perspective, we find it unpalatable that the Intelligence Community would ask Congress to reauthorize a controversial surveillance program without first following through on the promise—reiterated by Coats as recently as earlier this year—to provide some much needed information about how the program impacts Americans. To do so supposedly in the name of privacy concerns is even worse.

    It should go without saying: if the Intelligence Community is truly worried about the privacy and civil liberties of ordinary Americans, officials will take the looming Section 702 sunset as an opportunity to give lawmakers the information they need to have an informed and meaningful debate about how government spying programs impact Americans’ privacy.

    Privacy advocate Sen. Ron Wyden criticized DNI Coats for his backtracking, calling his reversal a “very, very damaging position to stake out.” He warned, “We’re going to battle it out in the course of this, because there are a lot of Americans that share our view that security and liberty are not mutually exclusive.”

    And that battle is already happening. With Congress’ debate over Section 702 reauthorization heating up, now is the time to tell your representatives in Congress to let this warrantless spying authority lapse.

    Source: NSA Reneges on Promise to Tell Congress How Many Innocent Americans it Spies On | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged

  • Culpability for this Ransomware Belongs to the NSA

    Posted on by Azrael 1 Comment

    Culpability for this Ransomware Belongs to the NSA

    In all the coverage of the recent ransomware attack shutting down computer systems around the world, one point has been buried and obscured. The focus has been on precisely who spread this horrid thing, what damage it has done, what to do once you have it, and how to prevent it.

    All fascinating questions. But an equally, if not more, important question is: who created this weapon of mass computer destruction? What was its origin? How did it get released in the first place?

    And here, the answer is as sure as it is alarming. The culpability belongs to the National Security Agency. That’s right. The government that claims to be protecting us against cybercrime both made the virus and failed to secure it from being stolen by malicious actors.



    ComputerWorld explains

    The tools, which security researchers suspect came from the NSA, include an exploit codenamed EternalBlue that makes hijacking older Windows systems easy. It specifically targets the Server Message Block (SMB) protocol in Windows, which is used for file-sharing purposes…. The developer of Wanna Decryptor appears to have added the suspected NSA hacking tools to the ransomware’s code, said Matthew Hickey, the director of security provider Hacker House, in an email.

    ArsTechnica explains:

    A highly virulent new strain of self-replicating ransomware shut down computers all over the world, in part by appropriating a National Security Agency exploit that was publicly released last month by the mysterious group calling itself Shadow Brokers…. Another cause for concern: wcry copies a weapons-grade exploit codenamed Eternalblue that the NSA used for years to remotely commandeer computers running Microsoft Windows. Eternalblue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April.

    The New York Times says:

    The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens…. The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N.S.A. or other intelligence agencies, but former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.)

    The furious president of Microsoft weighed in:

    Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States…. The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.

    Cyberscoop interviewed several experts:

    “In my view, there isn’t a policy problem, it’s an operational problem,” [former White House National Security Council cyber staffer Rob] Knake, now with the Council on Foreign Relations, told CyberScoop. “NSA should not have lost those tools. No way for policymakers to account for that problem other than to move quickly to get info on the vulnerabilities out, which they apparently did. Loss of the tools is an operational problem. The response was appropriate and timely.”

    This is obviously terrible for the United States in terms of international relations. It is the equivalent of having built a weapon of mass destruction and inadvertently failing to secure it from access by criminals. Yes, the people who use such weapons are bad actors, but the bureaucracy that made the weapon and allowed its release in the first place bears primary responsibility.

    And while the NSA’s responsibility is certainly being downplayed in the American mainstream media – NPR reported it but quietly and inauspiciously – you can bet it is all the talk in the 100 countries that are affected.

    Yes, it would be very sweet if users around the world were forgiving and understanding. Everyone makes mistakes. Sadly, that is not the case. The NSA developed this virus to use against network systems of enemy countries and failed to secure it. The head of Microsoft is correct that this really is an outrage, and cries out for a fix.

    Had a private company been responsible, its stock would now sit at nearly zero and the feds would be all over it for responsibility for cybercrime. Probably there would be jail time.

    What will be the fallout from the NSA screw up? Watch for it: surely a bigger budget.


    Jeffrey A. Tucker

    Jeffrey Tucker is Director of Content for the Foundation for Economic Education. He is also Chief Liberty Officer and founder of Liberty.me, Distinguished Honorary Member of Mises Brazil, research fellow at the Acton Institute, policy adviser of the Heartland Institute, founder of the CryptoCurrency Conference, member of the editorial board of the Molinari Review, an advisor to the blockchain application builder Factom, and author of five books. He has written 150 introductions to books and many thousands of articles appearing in the scholarly and popular press.

    This article was originally published on FEE.org. Read the original article.


    📂This entry was posted in Computer Arcana News and Politics 📎and tagged

  • Vault 7 Confirms, You’re Right to Be Paranoid

    Posted on by Azrael 1 Comment

    Vault 7 Confirms, You’re Right to Be Paranoid

    On March 7, the transparency/disclosure activists at Wikileaks began releasing a series of documents titled “Vault 7.” According to the New York Times, Vault 7 consists of “thousands of pages describing sophisticated software tools and techniques used by the [US Central Intelligence Agency] to break into smartphones, computers and even Internet-connected televisions.”

    Stranger Than Fiction

    If the documents are authentic — and WikiLeaks has a sterling reputation when it comes to document authenticity — every paranoid thriller you’ve ever watched or read was too timid in describing a hypothetical Surveillance State. Even the telescreens and random audio bugs of George Orwell’s 1984 don’t come close to the reality of the CIA’s surveillance operations.

    In theory, the CIA doesn’t spy on Americans in America. In fact, digital traffic pays no heed to national borders, and the tools and tactics described have almost certainly been made available to, or independently developed by, other US surveillance agencies, not to mention foreign governments and non-government actors.

    Bottom line: You should accept the possibility that for the last several years anything you’ve done on, or in the presence of, a device that can connect to the Internet was observed, monitored, and archived as accessible data.

    Paranoid? Yes. But the paranoia is justified.

    Even if “they”  — the CIA, the NSA, the FBI, some random group of credit card thieves or voyeurs or whatever — aren’t out to get you in particular, they consider your personal privacy a technical obstacle to overcome, not a value to respect.

    All the Skeletons

    If you’ve got nothing to hide you’ve got nothing to fear? Everyone has something to hide. Somewhere, sometime, you’ve said or done something you regret or wouldn’t want the world to know. And you probably said or did it within a few feet of your smartphone, your laptop, or your Internet-connected television. Maybe nobody was listening or watching. Or maybe someone was. The only plausible conclusion from the Vault 7 disclosures is that you should assume the latter.

    Vault 7 confirms that as a State entity, the CIA answers to philosopher Anthony de Jasay’s description of the State as such. Just as a firm acts to maximize profits, the State and its arms act to maximize their own discretionary power. Even if it doesn’t do some particular thing, it requires the option, the ability to do that thing. It seeks omnipotence.

    The abuses of our privacy implied by the WikiLeaks dump aren’t an aberration. They’re the norm. They’re what government does.

    Reprinted from Libertarian Institute.


    Thomas Knapp

    Thomas L. Knapp, aka KN@PPSTER, is Director and Senior News Analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism and publisher of Rational Review News Digest. He lives and works in north central Florida.

    This article was originally published on FEE.org. Read the original article.


    📂This entry was posted in News and Politics 📎and tagged