Showing posts with label #NSA. Show all posts
Showing posts with label #NSA. Show all posts

Friday, February 23, 2024

Show "Who's Side You Are On" T-Shirt

The Electronic Frontier Foundation
 brought back their popular NSA Spying shirts for the first time since 2013, with an updated EFF logo and design. more

The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. EFF's mission is to ensure that technology supports freedom, justice, and innovation for all people of the world.

Sunday, January 14, 2024

AI is Helping US Spies Catch Chinese Hacking Ops

Artificial intelligence and machine learning technologies are helping the National Security Agency and other U.S. government agencies detect malicious Chinese cyber activity
, a top U.S. intelligence official said in remarks on Tuesday that indicate how U.S. security agencies are using the technology to improve computer defenses. 

Speaking Tuesday at the International Conference on Cyber Security at Fordham University, Rob Joyce, the director of the NSA Cybersecurity Directorate, said that AI is helping his agency detect Chinese operations targeting U.S. critical infrastructure that might evade traditional defensive measures. more

Sunday, November 12, 2023

NSA Unveils "Artificial Intelligence Security Center"

The National Security Agency is establishing a new “Artificial Intelligence Security Center” to help spur on the secure development and adoption of AI capabilities, and defend AI advancements from foreign adversaries.

NSA Director and Cyber Command chief Gen. Paul Nakasone broke the news during an event at the National Press Club on Thursday.

“The AI Security Center will become NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices guidelines, principles, evaluation methodology, and risk frameworks for AI security, with an end goal of promoting the secure development, integration, and adoption of AI capabilities within our national security systems and our defense industrial base,” Nakasone said...

The news about the center comes as the NSA also plans to establish a new “innovation pipeline” focused on China. more

Sunday, December 18, 2022

The National Cryptologic Museum is Open Again - Revamped - With New Spy Stuff

Vince Houghton (the new director of the National Security Agency's National Cryptologic Museum) and his team unveiled what they'd been working on during the COVID 19 pandemic: a complete overhaul of the aging, 1990s-era museum in Fort Meade, Md...

"These are artifacts that have never been on display before to the public at all," Houghton noted...

Until recently, historians believed many of the artifacts on display at the Cryptologic Museum were lost to history. For Houghton, unearthing old and unique pieces of cryptologic history has been an exceptionally satisfying part of his mission.

That's because the NSA maintains a large warehouse where employees have kept highly classified objects in the hopes that one day those stories could be told. Houghton compared the warehouse, where he and his colleagues spent hours before opening the museum, as "the end of Raiders of the Lost Ark," the 1981 Indiana Jones movie ending in a giant room full of treasure.

"It's floor to ceiling crates that are deteriorating, because they were sent back there in 1945," Houghton said. "To me it was like every day was Christmas, because I'm such a nerd about this stuff." more

Thursday, October 6, 2022

Former NSA Employee Arrested on Espionage-Related Charges

CO - A Colorado Springs man will make his initial appearance in federal court today on charges that he attempted to transmit classified National Defense Information (NDI) to a representative of a foreign government.

Jareh Sebastian Dalke, 30, was an employee of the National Security Agency (NSA) where he served as an Information Systems Security Designer from June 6, 2022, to July 1, 2022. 

According to the affidavit in support of the criminal complaint, between August and September 2022, Dalke used an encrypted email account to transmit excerpts of three classified documents he had obtained during his employment to an individual Dalke believed to be working for a foreign government. In actuality, that person was an undercover FBI agent. 

Dalke subsequently arranged to transfer additional classified information in his possession to the undercover FBI agent at a location in Denver, Colorado. The FBI arrested Dalke on Sept. 28, after Dalke arrived at the specified location. more

Tuesday, August 3, 2021

The NSA's Wireless Device Best Practices

Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks (e.g., conference or hotel Wi-Fi®) are secure. Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings.

This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. It describes how to identify potentially vulnerable connections and protect common wireless technologies, and lists steps users can take to help secure their devices and data. 

While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks. more

Saturday, August 15, 2020

Corporate Espionage in the News

RedCurl is its name.
Corporate espionage is its game.

Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.

Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...

There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.

"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more

----------

Three corporate espionage reasons why VW was not a good career choice...

March 14th - Former VW employee says he was fired after questioning deletion of documents. more

June 16th - Former VW employee sought by U.S. arrested in Croatia... more 

August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more

----------

The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more

----------

Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more

----------

...and Corporate Espionage can also be entertaining...

How 'American Ronin' Explores Superhumans and Corporate Espionage
As the conflict between global corporations heats up, one man decides to strike back against the unseen forces that quietly rule the modern world, using an entirely unanticipated weapon — his own mind. That’s the idea at the center of American Ronin...The series is the first collaboration between writer Peter Milligan (Shade the Changing Man, Hellblazer, X-Force) and artist ACO (Midnighter, Nick Fury), with the two playing off each other’s strengths to create a story that’s part-corporate espionage, part-superhuman thriller and unlike anything else on the stands at the moment. more

Wednesday, August 5, 2020

NSA Tells Mobile Users Beware of Find-My-Phone

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

And don't forget to limit ad tracking. Advisory contains a host of recommendations.

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.” more

Monday, August 3, 2020

Block TikTok, or Microsoft to the Rescue

U.S. Secretary of State, Mike Pompeo, claimed that TikTok sends user data to China, exerting pressure on the video-sharing social networking service. Pompeo brought attention to the fact that if personal information flows across a Chinese server, it will eventually end up in the hands of the Chinese Communist Party which he calls an “Evil Empire”.

TikTok has denied U.S. allegations but a report by cyber experts at ProtonMail says otherwise. The report is more a warning as it states – “Beware, the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.” more

In other news...
Microsoft said Sunday it will continue talks to buy short-form video app, TikTok after its chief executive spoke with President Trump, following a weekend of uncertainty clouding the future of the Chinese-owned app. more

Connect the Dots...
When Microsoft bought Skype, Wired Magazine noted, "The Skype client itself is written almost as if it were a piece of malware, using complex obfuscation and anti-reverse engineering techniques, and it would be disquieting for Microsoft to release something that behaved in such a shady way; at the very least, the client would surely have to be rewritten to avoid the obfuscation and outright hostility to managed networks that Skype currently has... Ultimately, it's hard to see how the Skype purchase is worthwhile from a technology or user-access perspective. The technology isn't good enough and the users aren't lucrative enough or plentiful enough to justify it. more

Pure Conjecture Disguised as Analysis...
Microsoft already had Windows Live Messenger. Did it really need Skype? Skype you might recall was a predominately Estonian-based encrypted platform. It was giving governments fits worldwide. Then, in 2011, Microsoft bought it. Guess what happened.

TikTok, it appears, is also giving government fits. Who ya gonna call?

Wednesday, May 20, 2020

German Intelligence Gets Wiener Schnitzel'ed

In the world of online spying, great power lies with those who can get their hands on the data flowing through the world’s Internet infrastructure.

So the fact that Germany is home to one of the world’s biggest Internet exchange points—where data crosses between the networks that make up the Internet—has given a lot of power to the country’s equivalent of the U.S. National Security Agency.

The Bundesnachrichtendienst, or BND, gets to freely sift through all the foreign traffic passing through that exchange junction in search of nuggets that can be shared with overseas partners such as the NSA. But now that power is in jeopardy, thanks to a Tuesday ruling from Germany’s constitutional court...

“With its decision, the Federal Constitutional Court has clarified for the first time that the protection afforded by fundamental rights vis-à-vis German state authority is not restricted to the German territory,” the court said in a statement.

The German chapter of Reporters Without Borders, which brought the case in partnership with the Berlin-based Society for Civil Rights (GFF) and a few other journalists’ associations, is overjoyed. more

Wednesday, January 1, 2020

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.

Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.

It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more

Wednesday, January 9, 2019

Your Tax Dollars at Work - An NSA Freebee!

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.

The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software...

In total, the NSA has open-sourced 32 projects as part of its Technology Transfer Program (TTP) so far, and has most recently even opened an official GitHub account. more

Tuesday, June 5, 2018

136 Old NSA Security Posters

In the 1950s and 1960s, the NSA made a bunch of posters to remind its employees that security is the most important thing, and that they must work hard to protect the country’s most important secrets.

Thanks to a Freedom of Information Act request by the transparency site Government Attic, we can now see these quaint, sometimes hilarious, but also menacing, posters.

Here are all the 136 posters the NSA released. We’ve chosen a few that we thought were the best ones. Some of them are cutesy, some are kind of lame, others are dark and dystopian, and others are straight up incredible. more

Don't it just give you, "The locking pneumonia and floppy-copy flue."

Sunday, June 11, 2017

NSA’s Leaked Bugging Devices - Reverse Engineered

Radio hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

The NSA’s Advanced Network Technology catalogue was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target’s computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer’s contents.

But the catalogue also lists a number of mysterious computer-implantable devices called “retro reflectors” that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images. more

Wednesday, June 7, 2017

Yellow Printer Dots Nail Spy Agency Leaker

‘Colour printers spy on you’: Barely visible yellow dots lead to arrest of Reality Winner, alleged NSA leaker.

According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots – small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed. 

“Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document,” Graham wrote. more

Long term readers of the Security Scrapbook already knew about this.
From 10 years ago... Is Your Printer Spying on You? Good!

Thursday, February 16, 2017

Spy Radio History - The Rhode & Schwarz ESM500A

This receiver was used by the top government surveillance agencies worldwide during the 1990's (CIA, NSA, GCHQ, BND, etc.) Some countries may still be using it today.

Depending upon the installed options, it would have set the purchaser back from $25,000 to $40,000 USD.

ESM series receivers are highly prized by premium receiver collectors, radio museums, and amateur radio / TSCM enthusiasts. It is is considered to be one of the best communications receivers ever made.

More photos and a chance to own it, here.

Friday, October 21, 2016

DIY NSA ...at home, in your spare time!

Harold Thomas Martin is alleged to have spent more than 20 years collecting data from multiple government agencies, federal prosecutors said.

My conception photo of his home office.
Court documents say 50 terabytes of data had been seized but it is not clear how much of this was classified...

Mr Martin was employed with Booz Allen Hamilton, the same consulting firm that employed Edward Snowden, who gave documents to journalists exposing NSA surveillance practices...

If the case succeeds, it raises serious questions about NSA security, says Alan Woodward, a computer security expert from Surrey University.

"The only extraordinary thing about this story is the volume of data stolen," he said.

"If someone was taking the data out of the NSA over a very long period of time, regardless of motive, it does raise a few questions about how they were able to do that: if someone is removing data habitually you'd expect that to be spotted." more

Wednesday, September 21, 2016

Talk to Real Secret Agents on New 'Call a Spy' Hotline

If you ever wanted to chat to a spy, now's your chance – a group of German artists have set up the "Call a Spy" hotline.

Ariel Fischer from the art group "Peng!" told Sputnik Deutschland that they can set up the hotline anywhere with a stable internet connection. It looks like an ordinary telephone, but is connected to the "Call a Spy" server.

The server contains a database of spy's numbers, and randomly selects one to connect the caller with. Calls are routed through a private network that masks the original source of the call.


Fischer said that despite the secrecy of intelligence work, the majority of the numbers were freely available on the internet, and come from a range of different countries.  more

Friday, August 19, 2016

Privacy Guidebook for Eavesdropping on Americans Draws Flack

A privacy update to 1982 Defense Department rules for conducting surveillance on Americans contains a loophole...

that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.

"DOD Manual 5240.01: Procedures Governing the Conduct of DOD Intelligence Activities" was last issued when all email addresses could fit in a Parent Teacher Association-sized directory. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet...

It remains to be seen, or unseen, how U.S. spies are following the new data-handling guidelines in practice when scanning networks. 

On Wednesday, Defense officials declined to comment on internet cable-tapping. more

Monday, August 1, 2016

Who Might Have Copies of Everyone's "Deleted" Emails?

The National Security Agency (NSA) has “all” of Hillary Clinton’s deleted emails and the FBI could gain access to them if they so desired, William Binney, a former highly placed NSA official, declared in a radio interview broadcast on Sunday.

Speaking as an analyst, Binney raised the possibility that the hack of the Democratic National Committee’s server was done not by Russia but by a disgruntled U.S. intelligence worker concerned about Clinton’s compromise of national security secrets via her personal email use.

Binney was an architect of the NSA’s surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency. more