Posts Tagged ‘NSA’
Friday, November 1, 2013 @ 05:11 PM gHale
Tor traffic increased by 350 percent over the third quarter, a new report said.
Although surging Tor usage may be attributable to anti-NSA surveillance activities, it is also possible the August and September surge in Tor activity also came from a new variant of the Mevade malware family, according to the Solutionary Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q3 2013.
Designed to use the Tor network to hide command and control servers, the developers end up deploying harder-to-detect malware.
Other findings include:
• Hacktivist campaigns continued to compromise and deface the websites of Israel- and European Union-based organizations.
• Phishing emails continued to be successful attack vectors, with attackers using them to launch APT campaigns.
• There has been an uptick in anomalous ICMP traffic outside the realm of normal activity based on the structure and frequency of packets.
The hacktivist campaigns OpUSA and OpIsraelReborn continued to compromise and deface Israel- and European Union-based organizations’ websites; the primary attack vectors consisted of spear phishing, Domain Name System (DNS) registry tampering, SQL injection, Cross-Site Scripting (XSS) and Distributed Denial of Service (DDoS) attacks, the report said.
Spear phishing attacks identified by SERT found users still fall victim to phishing attacks despite the existence of anti-phishing awareness programs within organizations. While tactics and techniques have evolved over the years, this specific attack vector has maintained a very high success rate.
The report found a noticeable increase in ICMP traffic targeting monitored devices in the U.S. and Europe. While ICMP is for diagnostic and control purposes and it occurs in normal traffic, SERT identified traffic that is outside the realm of normal activity based on the structure and frequency of the packets. One such payload shared commonalities with the worm Nachi.
For more details, click here to register to download the report.
Wednesday, October 2, 2013 @ 10:10 AM gHale
Seventeen Carnegie Mellon University (CMU) graduate students earned cyber security scholarships from the National Science Foundation, the Department of Homeland Security’s CyberCorps Scholarship for Service (SFS) Program and the Department of Defense’s Information Assurance Scholarship Program (IASP).
The SFS awards went to nine students in CMU’s Information Networking Institute (INI) and six students at CMU’s Heinz College. The IASP awards went to two INI students.
Both programs share a common goal and that is to increase and strengthen the amount of federal information assurance professionals that protect the nation’s critical infrastructures and national defense.
“As future federal employees, the SFS and IASP scholars delve into challenging engineering and information assurance coursework and engage in interdisciplinary cyber security research. In addition to the emphasis on the technologies and strategies related to cyber defense and cyber offense, CMU’s cyber security curricula explore risk management, economics and policy issues related to reducing vulnerability and securing our national information infrastructure,” said Dena Haritos Tsamitis, INI director and director of education, training and outreach for CyLab. She is also the principal investigator of the grants.
Increased global cyber attacks make the training and retention of cyber security experts a priority of the U.S. government. The National Security Agency (NSA) and the United States Cyber Command designated Carnegie Mellon as a National Center of Academic Excellence (CAE) in cyber operations for 2013-2018. The National Security Agency designated the university as a CAE in Information Assurance Education and a CAE in research.
More than 160 students in the SFS program have graduated from CMU in the past decade. One student in the IASP graduated from the INI in 2012.
Both programs provide full-tuition scholarships and stipends to scholars in exchange for working for the federal government after graduation.
Thursday, September 19, 2013 @ 05:09 PM gHale
After reports of hacking attempts, Brazilian oil giant Petrobras wants to keep itself on the winning security edge by increasing its spending on its IT infrastructure this year and for the following four years at least.
Maria das Graças Silva Foster, president of Petrobras, said at a public hearing in the Brazilian Senate the company will invest $1.8 billion (R$4 billion) in 2013 and $9.6 billion (R$21.2 billion) between 2013-2017 on information technology and telecommunications.
“This is a policy that is so important it has been personally approved by the board of directors,” said Graças Foster. “The management of our goods, people, information and the wealth we create is of crucial importance.”
During the joint hearing with the Parliamentary Commission for the Espionage Inquiry and the Economic Affairs and Foreign Relations committees in the Senate, she said the company constantly monitors and protects its information. One case in point she cited the quantity of emails that end up preemptively blocked.
“Between August 09 and September 09 we received 195.9 million emails,” she said. “Of these, 16.5 million arrived at their destination.”
Regarding press reports the U.S.’ National Security Agency (NSA) targeted Petrobras through espionage, the president said no violation of Petrobras systems had been recorded, but the presence of the company’s name in reports has created “discomfort.”
“Systems used by Petrobras are among the most advanced on the market,” she said, emphasizing “investment in information security should be set to follow technological developments.”
Graça Foster said Petrobras has an integrated data processing center, which has restricted access, and the company’s strategic information does not go through the Internet.
“The company’s knowledge is held at the data processing center. Critical information is stored in an encrypted closed system. Access to the center is controlled with biometrics, weighing and monitoring with cameras” she said. Despite working with partner companies and suppliers, only Petrobras holds all the information, only allowing the company to read them, she said. Additionally, Petrobras has contracts that provide for confidentiality.
Strict security procedures included requiring scientists and functionaries to avoid transferring the most critical data, such as seismic studies of the company’s oil reserves, through the Internet.
Monday, September 16, 2013 @ 02:09 PM gHale
The National Security Agency (NSA) influenced the National Institute of Standards and Technology (NIST) to adopt a tainted encryption standard.
That standard, made by the NSA, included a weakness known only to the NSA. That standards in question is the NIST Special Publication 800-90, according to a report in The New York Times.
Adopted by NIST in 2006, NSA cryptographic experts authored the standard, which includes four Deterministic Random Bit Generators with one called Dual_EC_DRBG that should create random numbers to seed encryption keys but, as it turns out, the random numbers it produces have a small bias.
Expert cryptographer Bruce Schneier, and his colleagues Dan Shumow and Niels Ferguson who, in 2007, published research detailing the flaw and theorized it was a deliberate back door. Schneier remained puzzled as to why the NSA was so insistent about including this generator in the standard.
“It makes no sense as a trap door: It’s public, and rather obvious. It makes no sense from an engineering perspective: It’s too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy,” he said, and recommended that nobody use it.
The standard ended up not only adopted by NIST, but by the International Organization for Standardization and Canada’s Communications Security Establishment, as well, according to the Times report.
NIST said it “would not deliberately weaken a cryptographic standard” and that they would continue their mission “to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.”
“NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA,” they said.
Finally, in a gesture of good will and in the hopes to regain some of the trust they have lost from the security community, they reopened the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C so the public can peruse and comment on the standard for a second time.
“If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible,” they said.
Thursday, September 5, 2013 @ 05:09 PM gHale
In a move to cultivate more U.S. cyber professionals in the fast moving global security environment, the National Security Agency’s (NSA) National Centers of Academic Excellence (CAE) in Cyber Operations Program added four new schools.
NSA selected the following schools to receive the CAE-Cyber Operations designation for the 2013-2014 academic year:
• Air Force Institute of Technology in Ohio
• Auburn University, Alabama
• Carnegie Mellon University, Pennsylvania
• Mississippi State University
The program, which now has eight schools, complements more than 100 existing centers of academic excellence (CAEs) in research and information assurance education — jointly overseen by NSA and the Department of Homeland Security.
An outgrowth of the President’s National Initiative for Cybersecurity Education, the program identifies institutions that have a deeply technical, interdisciplinary curriculum centered on fields such as computer science and electrical engineering. The agency has long worked with schools to improve education in science, technology, engineering, and mathematics.
In addition, the program offers some participants opportunities to apply their learning or enhance their teaching in summer seminars at NSA. Participating students and faculty members do not engage in actual U.S. government intelligence activities.
Steven LaFountain, an NSA technical leader, said legal and ethical issues in cyber security are a required and critical part of the effort.
“In the application process and in all of its work with selected schools, NSA emphasizes the importance of integrity and compliance,” he said. “Cyber skills are increasingly important in national defense, but it’s even more important to operate as responsible citizens in the use of such skills.”
Topics covered are routinely taught in colleges and universities, but this initiative seamlessly integrates the material to help students better understand how they could someday help to defend the nation. Summer seminar participants must undergo background checks and obtain temporary, top-secret security clearances.
The schools chosen in 2012, the program’s first year, were Dakota State University, South Dakota; the Naval Postgraduate School, California; Northeastern University, Massachusetts; and the University of Tulsa, Oklahoma. Like the agency’s other CAEs, those in the cyber operations program are evaluated annually. Designations are for five years and schools across the country can compete to join each year.
Retired Lt. Gen. Ronald L. Burgess Jr., a former director of the U.S. Defense Intelligence Agency, now serves as Auburn University’s Senior Counsel for National Security Programs, Cyber Programs, and Military Affairs. The CAE-Cyber Operations project has real merit, he said.
“Auburn has devoted significant resources and interdisciplinary rigor across campus to expand new cyber initiatives and extensive collaboration with external organizations,” he said. “We are extremely pleased that NSA has recognized our efforts by selecting Auburn University” for the program. “It is important to the nation — and we want to be a part of the strategic way ahead and feel we can contribute to this national need.”
Details about NSA’s Centers of Academic Excellence are available online.
Wednesday, July 31, 2013 @ 04:07 PM gHale
By Gregory Hale
Know all the facts before rushing to a decision or judgment, said General Keith Alexander.
That is the essential idea behind the PRISM program, the National Security Agency’s controversial intelligence gathering program. That tool was a vital part in thwarting 54 terrorist attacks worldwide, Alexander said during his keynote address at the Black Hat security conference in Las Vegas Wednesday. Of those 54 potential attacks, 13 were in the U.S., 25 in Europe, 11 in Asia and five in Africa.
The program and the NSA came to light after NSA contractor Edward Snowden leaked information warning the extent of mass data collection was far greater than the public knew and included what he characterized as dangerous and criminal activities.
“I believe what has happened; the damage to our country is significant and irreversible,” Alexander said.
Alexander came off defending what the NSA is all about and what it is trying to do in defending the country. Alexander said U.S. companies are not providing far reaching access to customer data, and only 35 NSA analysts have authorization to search phone metadata and emails. He also talked about the intense oversight involved from the three branches of government so as not to obstruct civil liberties.
Alexander talked about two programs, one is Section 215 Authority, which is a program designed to identify the communications of persons suspected to be associated with terrorist organizations communicating with individuals inside the U.S.
The other program was Section 702 Authority, which is for foreign intelligence purposes and applies only to communications of foreign persons located abroad and requires valid documentation for foreign intelligence purposes such as counterterrorism.
“Under 702, the U.S. does not unilaterally obtain information from the servers of U.S. companies,” Alexander said. “Industry is compelled to comply with this program.”
The genesis of the two programs was the result of terrorist incidents from the World Trade Center Attack in 1993 to the 9/11 attacks to the Boston Marathon attack this past spring.
“The intelligence community according to the 911 commission failed to connect the dots. We didn’t know because we didn’t have the tools and capabilities that showed (the attackers) were actually in California,” Alexander said.
“Virtually all democracies have lawful intercept programs,” he said. The goal of the programs is to collect information, but not a huge depth of information, Alexander said. In Section 215, the NSA will collect date and time of call; calling number; called number; duration of call, and origin of metadata. The NSA does not collect content of calls; no voice; no SMS, no names; addresses, and no credit cards.
In one case these programs helped disrupt a terrorist plot to bomb the New York City subway system, Alexander said.
Time was of the essence in this case. The attacker was in California and started driving across the country. “We intercepted this in early September 6 or 7 and the targeted attack date was by the 14th of September. The FBI had to put the pieces together quickly.”
We gave the email address to the FBI and they took that email address and determined a phone number that connected to New York City and they found that number also connected to other terrorist groups.
“This would have been the biggest terrorist attack since 9/11 on U.S. soil,” he said. “The initial tip came from the PRISM 702 data. We were able to stop the attack,” Alexander said.
As a part of the foreign intelligence program, the NSA intercepted an email from a terrorist in Pakistan. “By using 702 (the foreign intelligence program), we intercepted some communications and was able to get a phone number that was a potential terrorist.
Is what the NSA doing perfect? No, but Alexander said he wants to reach out and try to see how to improve upon intelligence gathering.
“Put the facts on the table. The nation needs to know we are going to do the right thing. If we make a mistake we will hold our selves accountable.”
Monday, May 13, 2013 @ 11:05 AM gHale
A group of senior senators across both aisles proposed a new law last week to combat computer espionage and the theft of valuable commercial data from U.S. companies.
The four senators — Democrats Carl Levin and Jay Rockefeller and Republicans John McCain and Tom Coburn — joined to launch the Deter Cyber Theft Act.
The proposed law aims to combat the theft of intellectual property from U.S. companies, which spend billions in research and development only to end up targeted by foreign firms and countries that illegally access their data and use it to compete against them.
General Keith Alexander, head of the U.S. National Security Agency and commander of the U.S. Cyber Command, called the growing problem the “greatest transfer of wealth in history.”
China stands accused of being the biggest culprit in theft attempts against U.S. companies. American lawmakers have said U.S. companies suffered estimated losses in 2012 of more than $300 billion due to trade-secret theft, much of it due to Chinese cyber espionage.
Levin, chairman of the Armed Services Committee, said the new law would help protect American businesses and innovation.
“We need to call out those who are responsible for cyber theft and empower the president to hit the thieves where it hurts most — in their wallets, by blocking imports of products or from companies that benefit from this theft,” Levin said.
McCain, a powerful voice in the Senate on armed services and foreign affairs issues, said the bill would give President Barack Obama authority to target those who try to benefit from cyber crime.
A divided U.S. Congress has not approved much legislation in recent years, given a string of partisan fiscal battles.
But with lawmakers on both sides of the aisle acknowledging cyber security is a rising concern, this bipartisan measure could draw plenty of interest.
A senior Democratic aide described cyber security as a “huge priority” for Senate Majority Leader Harry Reid.
The proposed act would require the Director of National Intelligence to compile an annual report that includes a list of nations that engage in economic or industrial espionage in cyberspace against U.S. firms or individuals. It would include a priority watch list of the worst offenders.
Monday, April 29, 2013 @ 04:04 PM gHale
A policy through which federal departments offered prosecutorial immunity to companies that helped the U.S. military monitor Internet traffic on private networks of defense contractors expanded by Executive Order to include other critical infrastructure industries, according to the Electronic Privacy Information Center (EPIC).
EPIC said the pilot-version of the program run with the Departments of Justice (DoJ), Defense (DoD), and Homeland Security (DHS) came to light in June 2011 after The Washington Post published a report detailing the implementation of a new program by National Security Administration that let them monitor traffic flowing from some defense contractors through certain Internet service providers. At the time, The Washington Post quoted Deputy Defense Secretary William J. Lynn III saying the program was to help thwart attacks against defense firms and the government hoped to expand the program moving forward.
The documents obtained in the a Freedom of Information Act (FOIA) request, EPIC said, reveal the DoD advised private industry organizations on the ways in which they circumvent federal wiretap laws in order to aid the DoD and DHS in their surveillance of private Internet networks belonging to defense contractors.
EPIC, digital rights group the Electronic Frontier Foundation, and others fear the program’s expansion would apply to the broad swath of organizations that potentially fall under the vague category of critical infrastructure.
The government has not yet named the program, but EPIC said the NSA has partnered with AT&T, Verizon, and CenturyLink in order to keep tabs on the Internet traffic flowing into and out of some 15 defense contractors, including Lockheed Martin, CSC, SAIC, and Northrop Grumman.
For its part, the NSA said it is not directly monitoring these networks, but is rather filtering their traffic in order to detect the presence of suspicious packets based on a number of malicious code signatures the agency has developed.
EPIC issued a FOIA request in July 2011 requesting the following information: “All contracts and communications with Lockheed Martin, CSC, SAIC, Northrop Grumman, or any other defense contractors regarding the new NSA pilot program; All contracts and communications with AT&T, Verizon, and CenturyLink or any other ISPs regarding the new NSA pilot program; All analyses, legal memoranda, and related records regarding the new NSA pilot program; Any memoranda of understanding between NSA and DHS or any other government agencies or corporations regarding the new NSA pilot program; Any Privacy Impact Assessment performed as part of the development of the new NSA pilot program.”
The government failed to provide any of this information. So, EPIC filed a FOIA lawsuit on March 1, 2012 and eventually gained access to thousands of pages of previously unreleased documents, which they have posted on their website.
Thursday, March 14, 2013 @ 06:03 PM gHale
In a move to protect the U.S. against major computer attacks from abroad, the Pentagon’s Cyber Command will create 13 offensive teams by the fall of 2015, National Security Agency (NSA) Director Gen. Keith Alexander said Tuesday.
The new teams are just one part of an effort to protect the country from destructive attacks over the Internet that could harm Wall Street or knock out electric power, for instance, the general told Congress.
Alexander warned budget cuts will undermine the effort to build up these forces even as foreign threats to the nation’s critical computer systems intensify. And he urged Congress to pass legislation to enable the private sector to share computer threat data with the government without fear of lawsuites.
As he moves into his eighth year as director of the NSA and his third year as head of the fledgling Cyber Command, Alexander told the Senate Armed Services Committee the strategic-threat picture is getting more fierce.
“We’ve seen the attacks on Wall Street over the last six months grow significantly,” he said, noting there were more than 160 disruptive attacks on banks in that period.
Describing the Shamoon attack on Saudi Arabia’s national oil company, he said: “Last summer, in August, we saw a destructive attack on Saudi Aramco, where the data on over 30,000 systems were destroyed. And if you look at industry, especially the anti-virus community and others, they believe it’s going to grow more in 2013. And there’s a lot that we need to do to prepare for this.”
The U.S. intelligence community indicated the assaults on the banks and Saudi Aramco were the work of Iran in retaliation for U.S. financial sanctions imposed to deter Iran from pursuing a nuclear weapons program.
Alexander said the 13 teams would defend against destructive attacks. “ I would like to be clear that this team … is an offensive team,” he said.
Twenty-seven other teams would support commands such as the Pacific Command and the Central Command as they plan offensive cyber capabilities. Separate teams would focus on protecting the Defense Department’s computer networks. He said the first third of the forces, which officials have said will total several thousand civilians and uniformed personnel, will be in place by September and the second third a year later.
Some teams are already in place, Alexander said, to focus on “the most serious threats,” which he did not identify.