NSA officials worried about the day its potent hacking tool would get loose. Then it did

The Washington Post reports: When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history. [Continue reading…]

Facebooktwittermail

Israel said to be source of secret intelligence Trump gave to Russians

The New York Times reports: The classified intelligence that President Trump disclosed in a meeting last week with Russian officials at the White House was provided by Israel, according to a current and a former American official familiar with how the United States obtained the information. The revelation adds a potential diplomatic complication to the episode.

Israel is one of the United States’ most important allies and a major intelligence collector in the Middle East. The revelation that Mr. Trump boasted about some of Israel’s most sensitive information to the Russians could damage the relationship between the two countries. It also raises the possibility that the information could be passed to Iran, Russia’s close ally and Israel’s main threat in the Middle East. [Continue reading…]

Facebooktwittermail

Trump violates intel partnership by revealing highly classified information to Russian foreign minister and ambassador

The Washington Post reports: President Trump revealed highly classified information to the Russian foreign minister and ambassador in a White House meeting last week, according to current and former U.S. officials, who said Trump’s disclosures jeopardized a critical source of intelligence on the Islamic State.

The information the president relayed had been provided by a U.S. partner through an intelligence-sharing arrangement considered so sensitive that details have been withheld from allies and tightly restricted even within the U.S. government, officials said.

The partner had not given the United States permission to share the material with Russia, and officials said Trump’s decision to do so endangers cooperation from an ally that has access to the inner workings of the Islamic State. After Trump’s meeting, senior White House officials took steps to contain the damage, placing calls to the CIA and the National Security Agency.

“This is code-word information,” said a U.S. official familiar with the matter, using terminology that refers to one of the highest classification levels used by American spy agencies. Trump “revealed more information to the Russian ambassador than we have shared with our own allies.” [Continue reading…]

Facebooktwittermail

How NSA secrets helped cybercriminals mount a worldwide attack

The Washington Post reports: Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by “ransomware” — software that encrypts the computer’s hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britain’s National Health Service and computers belonging to Russia’s Ministry for the Interior.

Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called “zero-day exploit” — a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the “Shadow Brokers,” a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Here’s what you need to know to understand what happened. [Continue reading…]

The Guardian reports: An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second.

“They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. [Continue reading…]

Facebooktwittermail

Fight brews over push to shield Americans in warrantless surveillance

The New York Times reports: Obscured by the furor over surveillance set off by the investigations into possible Trump campaign coordination with Russia during the election, a major debate over electronic spying that defies the usual partisan factions is quietly taking shape in Congress.

The debate centers on the National Security Agency’s incidental eavesdropping on Americans via its warrantless surveillance program, which spies on foreigners abroad whose communications pass through American phone and internet services. Its legal basis, the FISA Amendments Act, is set to expire at the end of 2017.

A bipartisan coalition of privacy-minded lawmakers has started to circulate draft legislation that would impose new limits on the government’s ability to use incidentally gathered information about Americans who are in contact with foreign targets.

Many of those lawmakers are veterans of a fight two years ago over the U.S.A. Freedom Act, a law that ended an N.S.A. program that gathered Americans’ calling logs in bulk. They won that fight against security hawks because the statute on which the program was based, part of the Patriot Act, was expiring and they were unwilling to extend it without ending the bulk collection.

The privacy advocates in Congress are using that same lesson this time around, hoping to leverage their colleagues’ concerns that the program will lapse if they fail to extend the law.

But the intelligence and law enforcement communities and their allies in Congress appear determined to extend the warrantless surveillance program law, Section 702 of the FISA Amendments Act, without changes. They are framing the debate as being about a program that is too important to be held hostage to any push for changes, lest gridlock kill it. [Continue reading…]

Facebooktwittermail

NSA halts collection of Americans’ emails about foreign targets

The New York Times reports: The National Security Agency said Friday that it had halted one of the most disputed practices of its warrantless surveillance program, ending a once-secret form of wiretapping that dates to the Bush administration’s post-Sept. 11 expansion of national security powers.

The agency is no longer collecting Americans’ emails and texts exchanged with people overseas that simply mention identifying terms — like email addresses — for foreigners whom the agency is spying on, but are neither to nor from those targets.

The decision is a major development in American surveillance policy. Privacy advocates have argued that the practice skirted or overstepped the Fourth Amendment.

The change is unrelated to the surveillance imbroglio over the investigations into Russia and the Trump campaign, according to officials familiar with the matter. Rather, it stemmed from a discovery that N.S.A. analysts had violated rules imposed by the Foreign Intelligence Surveillance Court barring any searching for Americans’ information in certain messages captured through such wiretapping. [Continue reading…]

Facebooktwittermail

Is there a Russian mole inside the NSA? The CIA? Both?

Kevin Poulsen writes: A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed an NSA operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during their election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.” [Continue reading…]

Facebooktwittermail

An operation to sabotage North Korea’s missile program

The New York Times reports: When a North Korean missile test went awry on Sunday, blowing up seconds after liftoff, there were immediate suspicions that a United States program to sabotage the test flights had struck again. The odds seem highly likely: Eighty-eight percent of the launches of the North’s most threatening missiles have self-destructed since the covert American program was accelerated three years ago.

But even inside the United States Cyber Command and the National Security Agency, where the operation is centered, it is nearly impossible to tell if any individual launch is the victim of a new, innovative approach to foil North Korean missiles with cyber and electronic strikes.

Bad welding, bad parts, bad engineering and bad luck can all play a role in such failures — as it did in the United States’ own missile program, particularly in its early days. And it would require a near impossible degree of forensic investigation to figure out an exact cause, given that the failed North Korean missiles tend to explode, disintegrate in midair and plunge in fragments into faraway seas.

But this much is clear, experts say: The existence of the American program, and whatever it has contributed to North Korea’s remarkable string of troubles, appears to have shaken Pyongyang and led to an internal spyhunt as well as innovative ways to defeat a wide array of enemy cyberstrikes. [Continue reading…]

The same New York Times reporters covered this program in a report published on March 4. Then and now, it’s hard to tell whether these are reports about the sabotage program or elements of the program itself.

Following the March report, Markus Schiller and Peter Hayes wrote:

The New York Times article hearkens back to the movie “Independence Day”, where the world is saved from the Alien invasion by simply planting a computer virus into the mothership’s main computer by somehow just sending it over with a standard laptop. This might work in movies, but not in reality.

Perhaps the more interesting story is who leaked to the New York Times the claims of the efficacy of cyber attacks on North Korea’s missiles and why now? We wonder if it is part of a policy battle in the course of the Trump Administration’s North Korea policy review, possibly designed to get President Trump’s attention. It might also be an intentional effort to conduct psychological warfare against the DPRK by creating paranoia and purges within the DPRK missile program. It might also be a way to impress allies and third parties that the United States has been doing more behind the scenes than patiently waiting for the DPRK threat to resolve itself and imposing ineffectual sanctions. We don’t know.

Facebooktwittermail

Your government’s hacking tools are not safe

Motherboard reports: Recent data breaches have made it startlingly clear hacking tools used by governments really are at risk of being exposed. The actual value of the information included in each of these dumps varies, and some may not be all that helpful in and of themselves, but they still highlight a key point: hackers or other third parties can obtain powerful tools of cyber espionage that are supposedly secure. And in most cases, the government does not appear to clean up the fallout, leaving the exploits open to be re-used by scammers, criminals, or anyone else—for any purpose.

It’s as if someone posted a skeleton key online for breaking into an unimaginable number of locks.

“What we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they’ve been clearly lost, and that is plain irresponsible and unacceptable,” Claudio Guarnieri, a technologist from Amnesty International, told Motherboard in an online chat. [Continue reading…]

Facebooktwittermail

Hackers release files indicating NSA monitored global bank transfers

Reuters reports: Hackers released documents and files on Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.

The NSA could not immediately be reached for comment.

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

In a statement to Reuters, Microsoft, maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen. [Continue reading…]

Facebooktwittermail

British spies were first to spot Trump team’s links with Russia

The Guardian reports: Britain’s spy agencies played a crucial role in alerting their counterparts in Washington to contacts between members of Donald Trump’s campaign team and Russian intelligence operatives, the Guardian has been told.

GCHQ first became aware in late 2015 of suspicious “interactions” between figures connected to Trump and known or suspected Russian agents, a source close to UK intelligence said. This intelligence was passed to the US as part of a routine exchange of information, they added.

Over the next six months, until summer 2016, a number of western agencies shared further information on contacts between Trump’s inner circle and Russians, sources said.

The European countries that passed on electronic intelligence – known as sigint – included Germany, Estonia and Poland. Australia, a member of the “Five Eyes” spying alliance that also includes the US, UK, Canada and New Zealand, also relayed material, one source said.

Another source suggested the Dutch and the French spy agency, the General Directorate for External Security or DGSE, were contributors.

It is understood that GCHQ was at no point carrying out a targeted operation against Trump or his team or proactively seeking information. The alleged conversations were picked up by chance as part of routine surveillance of Russian intelligence assets. Over several months, different agencies targeting the same people began to see a pattern of connections that were flagged to intelligence officials in the US. [Continue reading…]

Facebooktwittermail

U.S. intelligence intercepted communications between Syrian military and chemical experts

CNN reports: The US military and intelligence community has intercepted communications featuring Syrian military and chemical experts talking about preparations for the sarin attack in Idlib last week, a senior US official tells CNN.

The intercepts were part of an immediate review of all intelligence in the hours after the attack to confirm responsibility for the use of chemical weapons in an attack in northwestern Syria, which killed at least 70 people. US officials have said that there is “no doubt” that Syrian President Bashar al-Assad is responsible for the attack.

The US did not know prior to the attack it was going to happen, the official emphasized. The US scoops up such a large volume of communications intercepts in areas like Syria and Iraq, the material often is not processed unless there is a particular event that requires analysts to go back and look for supporting intelligence material.

So far there are no intelligence intercepts that have been found directly confirming that Russian military or intelligence officials communicated about the attack. The official said the likelihood is the Russians are more careful in their communications to avoid being intercepted. [Continue reading…]

Facebooktwittermail

Classified docs contradict Nunes surveillance claims, GOP and Dem sources say

CNN reports: After a review of the same intelligence reports brought to light by House Intelligence Chairman Devin Nunes, both Republican and Democratic lawmakers and aides have so far found no evidence that Obama administration officials did anything unusual or illegal, multiple sources in both parties tell CNN.

Their private assessment contradicts President Donald Trump’s allegations that former Obama national security adviser Susan Rice broke the law by requesting the “unmasking” of US individuals’ identities. Trump had claimed the matter was a “massive story.”

However, over the last week, several members and staff of the House and Senate intelligence committees have reviewed intelligence reports related to those requests at NSA headquarters in Fort Meade, Maryland.

One congressional intelligence source described the requests made by Rice as “normal and appropriate” for officials who serve in that role to the president.

And another source said there’s “absolutely” no smoking gun in the reports, urging the White House to declassify them to make clear there was nothing alarming in the documents. [Continue reading…]

Facebooktwittermail

FBI and NSA grilling proves there is no ‘Deep State’

Michael Weiss writes: Not four months into 2017, and the director of America’s domestic intelligence agency let it be known that he is overseeing an investigation into whether the sitting U.S. president or his surrogates may have “coordinated” with the Russian government for the purpose of swaying an American election.

“As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed,” James Comey said, revealing that he is taking seriously the possibility that Donald Trump, his political advisers, or both have aided and abetted a hostile foreign power.

This doesn’t mean a brief encounter or 12 with Russian Ambassador Sergey Kislyak. It doesn’t mean a trip to Moscow to slam U.S. foreign policy and anti-Russia sanctions. And it doesn’t even mean working on behalf of pro-Putin political leaders in Europe. It means knowingly colluding with agents of the Russian government in order to spy on their behalf, to help them steal the correspondence of other Americans, or to feed them classified U.S. secrets. Former MI6 operative Christopher Steele suggested that all of the above were distinct possibilities in his dossier, which Comey believed was worth including in classified briefings of President Obama and then-President-elect Donald Trump.

We also learned that Comey began taking these allegations seriously in late July 2016. That was around the time WikiLeaks started publishing Democratic National Committee emails hacked by Russian cyberoperatives and Trump formally became the nominee of a Republican Party, which purposefully watered down its security commitments to Ukraine, almost certainly on orders from then-Trump campaign chairman Paul Manafort.

I’m old enough to remember when the GOP thought putting any faith in Vladimir Putin was the height of geopolitical naivete. Now the GOP seems to have decided to represent Putin pro bono, while expressing more frustration with The New York Times’ sourcing than with the single most successful Russian infiltration of the U.S. political system since before, during, or after the Cold War. [Continue reading…]

Facebooktwittermail

Intelligence chairman: Justice report shows no evidence for Trump’s claims of wiretapping during campaign

The Washington Post reports: The Republican chairman and ranking Democrat on the House Intelligence Committee said Sunday that new documents provided to Congress by the Justice Department provided no proof to support President Trump’s claim that his predecessor had ordered wiretaps of Trump Tower.

“Was there a physical wiretap of Trump Tower? No, but there never was, and the information we got on Friday continues to lead us in that direction,” Rep. Devin Nunes (R-Calif.), the chairman, said on “Fox News Sunday.”

He added, “There was no FISA warrant that I’m aware of to tap Trump Tower” — a reference to the Foreign Intelligence Surveillance Act, a federal law that governs the issuance of search warrants in U.S. intelligence gathering. [Continue reading…]

Reuters reports: Allegations from the United States that British spy agency GCHQ snooped on Donald Trump during his election campaign are “arrant nonsense”, the deputy head of the U.S. National Security Agency (NSA) said in an interview on Saturday.

President Trump has stood by unproven claims that the Obama administration tapped his phones during the 2016 White House race. On Thursday his spokesman cited a media report that Britain’s GCHQ was behind the surveillance.

Richard Ledgett, deputy director of the NSA, told BBC News the idea that Britain had a hand in spying on Trump was “just crazy”. [Continue reading…]

Facebooktwittermail

Trump’s source: A greedy former judge citing an intel conspiracy theorist

The New York Times reports: Andrew Napolitano was a Superior Court judge in New Jersey until, frustrated by the constraints of his salary, he left the bench for more lucrative pastures: talk radio, a syndicated small-claims court TV series (“Power of Attorney”) and, eventually, Fox News, where he rose to become the network’s senior legal analyst.

It was in that basic-cable capacity this week that Mr. Napolitano managed to set off a cascading scandal, which by Friday had sparked a trans-Atlantic tiff between Britain and the United States while plunging President Trump’s close relationship with Fox News into new, murkier territory.

It was new ground for Mr. Napolitano, 66, who prefers being addressed as “The Judge” and once insisted that Fox News install bookshelves and wood-paneling in his newsroom office, the better to resemble a judge’s chambers.

But Mr. Napolitano’s unlikely leap into global politics can be explained by his friendship with Mr. Trump, whom he met with this year to discuss potential Supreme Court nominees. Mr. Napolitano also has a taste for conspiracy theories, which led him to Larry C. Johnson, a former intelligence officer best known for spreading a hoax about Michelle Obama. [Continue reading…]

Today, Johnson writes:

I spoke three months ago with a source that, if the source’s name was revealed, would be known and recognized as a reliable source of information. Based on that contact I reached out to friends in the intel community and asked them about the possibility that a back channel was used to get the Brits to collect on Trump associates. My sources said, “absolutely.”

There’s a mighty chasm between saying something’s possible and asserting that it happened. The very same source, if asked whether he had any evidence that such a back channel had indeed reached out to GCHQ, would have most likely followed his “absolutely,” with, “none whatsoever.”

Facebooktwittermail