Just in Time for Trump, the NSA Loosens Its Privacy Rules:
AS THE PRIVACY and civil liberty community braces for Donald Trump’s impending control of US intelligence agencies like the NSA, critics have called on the Obama administration to rein in those spying powers before a man with a reputation for vindictive grudges takes charge. Now, just in time for President-elect Trump to inherit the most powerful spying machine in the world, Obama’s Justice Department has signed off on new rules to let the NSA share more of its unfiltered intelligence with its fellow agencies—including those with a domestic law enforcement agenda.
Source: Wired
Congress Celebrates the Snowden Movie by Slamming Snowden:
Three years after Edward Snowden walked out of the NSA with a trove of its secrets and flew to Hong Kong, the House Permanent Select Committee on Intelligence has released the first glimpse of its investigation into the fallout. And how convenient that it arrived 24 hours before the opening weekend of Snowden, the Hollywood film directed by Oliver Stone that portrays the young whistleblower as a full-blown hero. “Edward Snowden is no hero – he’s a traitor who willfully betrayed his colleagues and his country,” committee chair Devin Nunes wrote in a statement accompanying the three-page report.
Source: Wired
How the NSA willfully exposes Americans to danger:
The leaked materials probably came from the “Equation Group,” the mysterious NSA-linked hacking team that has previously been found behind cutting-edge computer malware. The trove contains various hacks, exploits, and even a few “zero-day” vulnerabilities in widely-used firewall software. […]
Cisco Systems, whose firewall was a direct target of some of the leaked tools, told Ars Technica they are scrambling to patch the vulnerability. As Marcy Wheeler writes, the “NSA has been exploiting vulnerabilities in America’s top firewall companies for years.”
And that brings me to the basic problem with the NSA and national security. Cisco is a U.S. company whose security products are used by millions of U.S. businesses and individuals. The largest manufacturer of networking equipment in the world, it probably built your router or cable modem. So when it comes to security holes in their products, a pretty literal interpretation of “protecting national security” might be to tell the company about them immediately so that they can patch the holes.
Source: theweek.com
The NSA Hack Shows Why the U.S. Government Shouldn’t Stockpile Software Vulnerabilities
Earlier this week, top secret code written by one of the NSA’s most clandestine branches was released on the internet. Among other things, it contains a cache of technologically sophisticated hacking tools. The content is from 2013, and various experts, including former NSA staff, have confirmed that it looks to be genuine. Much of this advanced technology uses existing vulnerabilities—security flaws in software and hardware—to attack systems, break through firewalls, and gain access to private networks. In this case, the tools target routers made by both U.S. and Chinese companies, including Cisco and Fortinet.
Critics have long alleged that the U.S. government stockpiles too many vulnerabilities. Various branches of the government have responded with claims that they disclose 91 percent of vulns they find, and that their alleged stockpile of zero-days (previously unknown vulnerabilities, so the vendor has had “zero-days” to fix them) is exaggerated. But this release by the “Shadow Brokers” has proven that the NSA does have at least a few vulnerabilities that it has kept to itself.
Leaked National Security Agency hacking tools are exposing how even the technology designed to safeguard our computer networks can put users at risk — and how poor security practices like clinging to old equipment can make things worse.
The trove, which mysteriously appeared online last weekend, is full of hacking tools that can break through systems that businesses and even government agencies use to secure their digital infrastructure. In some cases, the tools can be used to attack equipment that is still being used, but so outdated that the companies that made them don’t plan to release fixes.
Source: Washington Post
A cache of powerful hacking tools used by the National Security Agency have leaked online in what could be the biggest blow to the agency since 2013, when Edward Snowden came forward with documents that exposed the scope of its surveillance capabilities.
The leak raises new questions about how the NSA uses its offensive hacking ability and whether its approach ultimately leaves everyday users, not just the agency’s targets, at risk.
Source: Washington Post
Hackers Claim to Auction Data They Stole From NSA-Linked Spies:
The NSA’s elite teams of hackers have for years made it their mission to silently compromise computer systems around the globe. Now one group of anonymous hackers claims to have executed a counter-hack with none of the same discretion: They’ve brazenly announced the theft of a collection of files they say belonged to an NSA-linked spy group. And they’re auctioning those files off to the highest bidder.
On Monday an anonymous group calling itself the Shadow Brokers posted a page to Tumblr claiming to have breached computer systems used by the Equation Group, a team of highly sophisticated cyberspies that the security firm Kaspersky found last year was hacking targets around the world and has been tied to the NSA based in part on evidence from the leaks of Edward Snowden. The Shadow Brokers released a sample of the stolen data, as well as another encrypted file whose decryption key they’re offering for sale in a bitcoin auction.
“How much you pay for enemies cyber weapons?” reads a message on the site.
Source: Wired
Apple Lambasts the FBI for Not Asking the NSA to Help Hack That iPhone:
Why hasn’t the FBI sought assistance from the National Security Agency—which employs some of the nation’s top hackers—to crack into the iPhone? Apple has touched on that question lightly in other briefs filed in the case, but today it focused on it more extensively in its latest brief submitted to the court.
“The government does not deny that there may be other agencies in the government that could assist it in unlocking the phone and accessing its data; rather, it claims, without support, that it has no obligation to consult other agencies,” Apple wrote, noting that FBI Director James Comey danced around the question of NSA assistance when asked about it during a recent congressional hearing.
And if the FBI can’t on its own break into iPhones without NSA help, it should invest in developing that capability, Apple says, instead of seeking unconstitutional ways to force tech companies to assist it.
Source: Wired
NSA merging anti-hacker team that fixes security holes with one that uses them:
Merging the two departments goes against the recommendation of some computer security experts, technology executives and the Obama administration’s surveillance reform commission, all of which have argued that those two missions are inherently contradictory and need to be further separated.
The NSA could decide not tell a tech company to patch a security flaw, they argue, if it knows it could be used to hack into a targeted machine. This could leave consumers at risk.