Articles about nsa

In the three years since IETF said pervasive monitoring is an attack, what's changed?

Feature After three years of work on making the Internet more secure, the Internet Engineering Task Force (IETF) still faces bottlenecks: ordinary peoples' perception of risk, sysadmins worried about how to manage encrypted networks, and – more even than state snooping – an advertising-heavy 'net business model that relies on collecting …

US Director of National Intelligence legs it

Videos James Clapper, who as Director of National Intelligence was economical with the truth when it came to acknowledging US domestic surveillance activities subsequently revealed by NSA whistleblower Edward Snowden, has announced his resignation. Clapper isn't resigning over lies, but instead because it's traditional for heads like …
Iain Thomson, 17 Nov 2016
banksy_hmv_nipper_bazooka_648

Shhh! Shazam is always listening – even when it's been switched 'off'

A security researcher has discovered that when the Mac version of Shazam is switched off, it simply stops processing recorded data. The recording itself continues. The music identification service admits the behaviour but says it only keeps recording purely for technical reasons. Patrick Wardle, a former NSA staffer who heads …
John Leyden, 15 Nov 2016

Encrypted email sign-ups instantly double in wake of Trump victory

"ProtonMail follows the Swiss policy of neutrality. We do not take any position for or against Trump," the Swiss company's CEO stated on Monday, before revealing that new user sign-ups immediately doubled following Trump's election victory. ProtonMail has published figures showing that as soon as the election results rolled in …
Photo by Windover Way Photography / Shutterstock

Trump's torture support could mean the end of GCHQ-NSA relationship

Comment If comments made on the campaign trail by Donald Trump were sincere, then today's British government will need to do some serious soul-searching very soon. Trump, who was today announced as the president-elect of the United States of America, has been controversially outspoken while seeking to be nominated as the Republican …
Hillary Clinton, photo by Evan El-Amin via Shutterstock

Computer forensics defuses FBI's Clinton email 'bombshell'

Analysis Since igniting a political firestorm and triggering major changes in US presidential voting intentions by revealing some emails passing through Hillary Clinton's private email server had been found in an unrelated criminal investigation, the FBI has gone to ground. The US criminal investigation bureau has repeatedly refused to …
Duncan Campbell, 04 Nov 2016

Anti-ultrasound tech aims to foil the dog-whistle marketeers

Black Hat EU Marketeers are coming up with ways to invade our privacy in the interests of serving us ads in a way that goes far beyond the dire predictions of films such as Minority Report. Security researchers are already thinking about countermeasures. Cross-device tracking (XDT) technologies allow marketeers to track the user's visited …
John Leyden, 04 Nov 2016
The UK's sole F-35B in flight. Crown copyright

F-35 'sovereign data gateway' will stop US reading pilots' personal data? Yeah right

Lockheed Martin, designers of the super-expensive F-35 fighter jet, is working on a system claimed to reassure foreign customers that the US won't be able to read their pilots' personal data. According to Flight Global, Lockheed Martin is working on a sovereign data gateway (SDG) to reassure F-35 customers that the US won't be …
Gareth Corfield, 31 Oct 2016

Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China

The Shadow Brokers crew has dumped online a list of servers apparently compromised by NSA hackers. The list contains historic targets of the NSA-linked Equation Group. The date stamps suggest the systems were compromised around 2001 and 2003, and they appear to be used as bases from which US snoops could carry out surveillance …
John Leyden, 31 Oct 2016
James Clapper

'Non-state actors*' likely to blame for Dyn mega-attack – US intel chief

A senior US intelligence chief has said that "non-state actors" – bored kids or crooks* – are likely behind the high-profile attack on DNS provider Dyn last week. A massive DDoS attack against Dyn resulted in multiple high-profile websites – including Twitter, Amazon and Netflix – to be unavailable last Friday. US director of …
John Leyden, 26 Oct 2016
HP Enterprise Consulting Services managing principal Stephen Kho. Image: Darren Puali / The Register

Got Ancient exploit but nowhere to use it? Try the horrid GRX network

Ruxcon They've been warned for years, but scores of telcos are still making bone-headed configuration mistakes in their GPRS Global Roaming Exchange (GRX) networks, leaving mail and FTP servers vulnerable. The international phone routing system is used for passing and billing calls between providers, using encryption to funnel data …
Darren Pauli, 26 Oct 2016
You didn't say the magic word

Rogue sysadmins the target of Microsoft's new 'Shielded VM' security

Virtual machine security is suddenly a hot spot: VMware's building a new product for it and has added new bits to vSphere 6.5 to enhance it. And Microsoft thinks it has found a new way to secure VMs. Let's do Redmond first because its new “Shielded VMs” are one of the headline items in Windows Server and Hyper-V 2016. As …
Simon Sharwood, 21 Oct 2016

NSA, GCHQ and even Donald Trump are all after your data

Comment As production and usage of data keeps growing globally, it’s worth remembering that the US government wants access to your information and will use warrants, decryption or hacking to get to it. That’s not news and the US government has many tools in its box. Many had already heard of the Uniting and Strengthening America by …
Frank Jennings, 20 Oct 2016
Tape over mouth, image via Shutterstock

Yahoo! begs! US! spymaster! Clapper!: Spill! the! beans! on! secret! email! snooping!

Yahoo! has asked the US government to break its silence on the secret court order that forced the Purple Palace to scan its webmail users' messages for specific keywords. In a letter [PDF] to US Director of National Intelligence James Clapper, Yahoo! general counsel Ron Bell says that national security laws prevent the online …
Shaun Nichols, 20 Oct 2016

ShadowBrokers put US$6m price tag on new hoard of NSA hacks

A group thought linked to a Russian hacking outfit has moved to cash in on its cache of likely NSA exploit tooling, by offering it in exchange for 10,000 Bitcoins. The group known as "ShadowBrokers" wrote that they will release a password to a public encrypted cache of alleged NSA tools and exploits. It is the second cache …
Darren Pauli, 17 Oct 2016
Photo by JStone / Shutterstock

Hey! spies! Get! in! here! and! explain! this! Yahoo! email-scanning! 'kernel! module!'

Four dozen members of US Congress have signed a letter requesting a full briefing on the Yahoo! email scandal. In the letter, addressed to Attorney General Loretta Lynch and US director of national intelligence James Clapper, the bipartisan group of representatives asks that they be provided with more information on the …
Shaun Nichols, 14 Oct 2016
Hadoop

Cloudera tells bright Sparks: Go teach yourselves Hadoop

Cloudera, presumably sick of paying its staff to train spies and their ilk, has decided to launch online courses for those wanting to familiarise themselves with Hadoop and Spark. The Palo Alto-based business has long offered training courses, including to Blighty's surveillance agency GCHQ, whose recently open sourced graph …
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

Yahoo! spymasters! patent! biometric! online! ad! tracking! IRL!

Privacy sell-out Yahoo! has filed patents for roadside billboards outfitted with biometric spy cameras and microphones to collect data from passers-by. The NSA's bed warmer described a billboard that contained video and audio collection capabilities, and even retina scans and speech recognition to determine what viewers are …
Darren Pauli, 09 Oct 2016

Crypto needs more transparency, researchers warn

Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely. The boffins also demonstrated again that 1,024-bit primes can no longer be …

Verizon! 'wants! a! discount!'

Verizon is reportedly looking to knock as much as $1bn off the price it will pay for NSA mail-sorter Yahoo! A report from the New York Post cites unnamed sources in reporting that Verizon is seeking a reduction in the agreed acquisition price in the wake of the two latest scandals to hit the beleaguered Purple Palace. An …
Shaun Nichols, 06 Oct 2016
Phone Booth

ISP GMX attempts the nigh impossible: PGP for the masses

Internet service provide GMX claims to have overcome the notorious usability problems of PGP with the launch of a new email service that offers end-to-end encryption. The new email security works across all devices and platforms: including laptops, tablets, smartphones and web browsers, according to GMX, which says that the …
John Leyden, 06 Oct 2016
Man flexing for webcam

Mac malware lies in wait for YOU to start a vid sesh...

Mac malware could piggy-back on your legitimate webcam sessions - yep, the ones you've initiated - to locally record you without detection, a leading security researcher warns. Patrick Wardle, a former NSA staffer who heads up research at infosec biz Synack, outlined the vulnerability together with counter-measures he’s …
John Leyden, 06 Oct 2016

Whales permitting, Hawaiki sub cable to hit Sydney in August 2017

The Hawaiki Cable, which would create trans-Pacific competition for those shipping bits across the ocean to Australia and New Zealand, plans to get its Australian landing in place by August 2017. That information comes via its environmental impact statement, published in this PDF. In the document, the company says it will be …

Feds collar chap who allegedly sneaked home US hacking blueprints

An American who worked at the same intelligence contractor as NSA whistleblower Edward Snowden has been charged with the theft of classified documents. Harold Martin, 51, of Glen Burnie, Maryland, was arrested in late August after the FBI raided his house and storage shed, allegedly finding a number of top secret documents he …
Shaun Nichols, 05 Oct 2016
Yahoo

Yahoo! tries!, fails! to! shoot! down! email! backdoor! claim!

Updated Almost 24 hours after refusing to deny allegations that it allowed US intelligence free rein on its email systems, Yahoo! has issued a carefully worded non-denial. "The article is misleading," the statement reads, referring to yesterday's Reuters report. "We narrowly interpret every government request for user data to minimize …
Iain Thomson, 05 Oct 2016

Google says it would have a two-word answer for Feds seeking Yahoo!-style email backdoor

Since word spread that Yahoo! backdoored its own email servers for US intelligence services, we've heard from rival webmail providers denying they have put in place similar arrangements. That Yahoo! has a cosy relationship with the Feds is not surprising, especially given what we know about PRISM and Section 702 of the Foreign …
Iain Thomson, 05 Oct 2016

Snoop! stooge! Yahoo! handed! all! your! email! to! Uncle! Sam! – and! any! passing! hacker!

Updated Internet has-been Yahoo! has stressed it broke no US laws when it apparently insecurely backdoored its email systems for the NSA or FBI. In 2015, the California-based biz hastily set up mechanisms that allowed American intelligence workers to scan all incoming Yahoo! Mail for particular strings of keywords, it is reported. It …
Shaun Nichols, 04 Oct 2016

Human rights orgs take Five Eyes nations to court

Human rights organisations have today made the most direct legal challenge against the UK and USA's surveillance activities since they were first revealed in 2013. Despite the outcry against surveillance which followed the outpourings of rogue NSA sysadmin Edward Snowden, and a few successful legal challenges, the utility and …

Swiss vote for spy powers

Switzerland has decisively voted in new surveillance laws granting the country's law enforcement agencies powers closer to those in other western nations. The referendum vote passed with a 66.5 per cent majority on a low voter turnout, carried notably on the back of positive sentiment from the country's older voters. The laws …
Team Register, 27 Sep 2016
NSA

Report: NSA hushed up zero-day spyware tool losses for three years

Sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know. Multiple sources told Reuters last night that the investigation into the data dump released by a group calling …
Iain Thomson, 23 Sep 2016
NSA

Cisco plugs another 'Shadow Brokers' hole

Cisco's post-Shadow Brokers security review has uncovered an IKEv1 vulnerability that can leak memory contents of its (deprecated) PIX firewalls and various IOS environments. Don't delay the patch, because the investigation found the bug was exploited in “some Cisco customers”. It attributes the bug to “insufficient condition …
Picture by Orlok / Shutterstock

Encryption backdoors? It's an ongoing dialogue, say anti-terror bods

CloudFlare Internet Summit It's not every day you walk into a tech conference in San Francisco to find a propaganda video for the Islamic State playing on the screens. Two counterterrorism experts from Washington, DC, were opening the CloudFlare Internet Summit by talking about the use of social media by terrorist groups and what could be done to …
Kieren McCarthy, 15 Sep 2016
mAN SMILES INTO CAMERA, pHOTO BY sHUTTERSTOCK

US National Security Agency gets CREST smile

CREST, the UK-based certification and accreditation body for the infosec industry, has signed an agreement with the National Security Agency to take over its incident response accreditation programme. Supported by the Foreign and Commonwealth Office in the UK, which is seeking to promote the UK's professional cyber security …
Picture by Sunshine Press

Edward Snowden's 40 days in a Russian airport – by the woman who helped him escape

Interview Sarah Harrison, the British WikiLeaks journalist who successfully spirited Edward Snowden from Hong Kong to safe(ish) asylum in Russia, has told The Register how she did it – and what’s next for the NSA whistleblower, and for Julian Assange. She spoke to us a week before the Oliver Stone film Snowden is released*, although she …
Iain Thomson, 12 Sep 2016
Katherine Archuleta

Read the damning dossier on the security stupidity that let China ransack OPM's systems

The congressional investigation into the hacking of the US Office of Personnel Management has shown how a cascade of stupidity that allowed not one but two hackers access to critical government secrets. The 227-page report [PDF] details how two hacking teams, both thought to be state-sponsored groups from China, managed to …
Iain Thomson, 08 Sep 2016

Extra Bacon? Yes please, even though the Cisco bug of this name is bad for you

Tens of thousands of Cisco ASA firewalls are vulnerable to an authentication bypass exploit thought to have been cooked up by the United States National Security Agency (NSA). The "Extra Bacon" exploit was one of many found as part of an Equation Group cache leaked by a hacking outfit calling itself the Shadow Brokers. …
Darren Pauli, 05 Sep 2016

L0phtCrack's back! Crack hack app whacks Windows 10 trash hashes

Ancient famed Windows cracker L0phtCrack has been updated after seven years, with the release of the "fully revamped" version seven. The password cracker was first released 19 years ago gaining much popularity in hacker circles and leading Microsoft to change the way it handled password security at the time. No new versions …
Darren Pauli, 01 Sep 2016
Photo by a katz / Shutterstock.com

FBI Director wants 'adult conversation' about backdooring encryption

FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …
Iain Thomson, 31 Aug 2016
speaking_in_tech Greg Knieriemen podcast enterprise

Speaking in Tech: Fancy a 30 hour work week? Ask Amazon

Podcast speaking_in_tech Greg Knieriemen podcast enterprise This week Greg is in Japan while Ed drives the podcast along with Yadin Porter de Leon and his special guest, David Allen of “Getting Things Done”. This week the team talks extensively about the GTD methodology, VMworld, Uber and Amazon work hours. The details… (0:00) …
Team Register, 31 Aug 2016
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Angler's obituary: Super exploit kit was the work of Russia's Lurk group

Ruslan Stoyanov was right: what could be history's most advanced financially-driven malware was the progeny of some 50 jailed hackers known as the Lurk group. It is a finding that solves the mysterious demise of the world's most capable exploit kit and one of the biggest threats to end users on the internet. Kaspersky's head …
Darren Pauli, 31 Aug 2016

NewSat network breach 'most corrupted' Oz spooks had seen: report

Defunct Australian satellite company Newsat distinguished itself in a way never known to the public before the company went under: it was so badly hacked it had 'the most corrupted' network the nation's spy agency had encountered. The company's assets were sold off last year after it went into administration. Unnamed sources …
Darren Pauli, 29 Aug 2016

Baltimore cops: We flew high-res camera planes to film your every move

Analysis Police in Baltimore, US, have admitted hiring a third party to fly over the city, constantly recording events with high-resolution cameras. The admission comes after a Businessweek feature on the company, Persistent Surveillance Systems (PSS), led to a condemnation of the practice by the ACLU's privacy expert and media …
Kieren McCarthy, 25 Aug 2016
Image composite bazzier and valeo5 http://www.shutterstock.com/gallery-761863p1.html http://www.shutterstock.com/gallery-1393552p1.html

Equation Group exploit hits newer Cisco ASA, Juniper Netscreen

Hungary-based security consultancy SilentSignal has ported a public exploit to newer models of Cisco's Adaptive Security Appliance (ASA). The firm expanded the attack range of the ExtraBacon Cisco hack hole revealed as part of the Shadow Brokers cache of National Security Agency-linked exploits and tools. The exploit was …
Darren Pauli, 24 Aug 2016

'NSA' hack okshun woz writ by Inglish speeker trieing to hyde

The perpetrator behind the dumping of tools penned by the probably-the-NSA hacking squad called"Equation Group" appears to be a native English speaker, according to linguistic data researcher Shlomo Argamon. Earlier this month some 300 files were circulated online purporting to be stolen from the Equation Group, which is …
Darren Pauli, 23 Aug 2016

Software exploits overrated - it's the humans you need to be watching

Video Weak passwords and phishing offer far easier mechanisms for breaking into most organizations than exploiting software vulnerabilities. A study by US cybersecurity firm Praetorian based on 100 penetration tests and 450 real-world attacks discovered that stolen credentials offer the best way into enterprise networks. Software …
John Leyden, 22 Aug 2016

NSA's Cisco PIX exploit leaks

Cisco PIX firewalls can be made to cough up their VPN configurations and RSA private keys, allowing network eavesdroppers to decrypt secure connections. The NSA's Equation Group exploit code – leaked online this week – includes a tool called BENIGNCERTAIN that crafts and sends a special Internet Key Exchange (IKE) packet to …
Iain Thomson, 20 Aug 2016
NSA

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web

Documents from the Edward Snowden archive prove that the malware and exploits dumped on the public internet on Monday originated from the NSA. Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of …
Iain Thomson, 19 Aug 2016

UK's mass-surveillance draft law grants spies incredible powers for no real reason – review

IPBill An independent review into bulk surveillance powers in the forthcoming Investigatory Powers Bill has warned that there is no proven case to let British snoops hack the planet. The study group examined the UK government’s Operational Case for Bulk Powers [PDF], which provided the government’s reasons for needing the most …
Edward Snowden at Think. Image Darren Pauli / The Register

Snowden says Russia ‘probably responsible’ for NSA hack

NSA whistleblower Edward Snowden reckons Russia is the most likely suspect behind the leak of advanced hacking tools allegedly stolen from an elite NSA hacking unit. He postulates a complex motive for the leak involving gaining diplomatic leverage that wouldn’t look out of place in a modern retelling of a John le Carré novel. …
John Leyden, 18 Aug 2016
Smilin' Marv

Fortinet follows Cisco in confirming Shadow Broker vuln

Whatever the source and whoever the backers, evidence is mounting that the Shadow Brokers vuln-dump is real: Fortinet has followed Cisco in confirming its place on the list. Cisco's confirmation said the EPICBANANA and EXTRABACON vulns listed in the drop were real. It had fixed one in 2011, and the other, a new SNMP bug, is on …