Articles about nsa

Safe Harbour v2.0 greenlights six bulk data collection excuses

The final text of the EU's patchwork replacement for the Safe Harbour agreement, “Privacy Shield”, has been sent to data protection authorities. Privacy campaigners aren’t impressed. Safe Harbour established a self-certification regime that allowed US companies to process EU citizens' personal data. But a European Court of …
Andrew Orlowski, 01 Mar 2016
Blackhat

Operation Blockbuster security biz: We'll get you, Sony hackers

A newly created cross-industry initiative aims to pool resources in order to bring down – or, at least, disrupt – the hackers behind the infamous attack against Sony Pictures back in 2014. The Lazarus Group, which may in reality consist of several associated groups of attackers or hacking crews, started around seven years …
John Leyden, 24 Feb 2016
lottery

Randomness is a lottery, so why not use a lottery for randomness?

A group of French cryptographers reckons public lotteries are the perfect seed for elliptic curve cryptography. The group from company CryptoExperts and boffins from the Laboratoire de Mathematiques de Versailles in the University of Paris-Saclay playfully calls the scheme the “Million Dollar Curve” (modest in a world where …

NSA data centre brings 300 million daily security scares to its Utah home

Utah is being hit with up to 300 million security incidents a day, the state's public safety commissioner says. He complains that the undefined "incidents", the bulk of which are likely automated scans, have skyrocketed since 2010 when the number of incidents peaked at 80,000 a day. Commissioner Keith Squires told local …
Darren Pauli, 23 Feb 2016

GCHQ intel used to develop Stuxnet, claims new documentary

The super worm known as Stuxnet was but a cog in an active US war program in which hundreds of thousands of network implants and backdoors in Iran networks were actively maintained to facilitate a devastating barrage of hacking attacks, a documentary claims. Zero Days, due to screen at the Berlin Film Festival today, claims …
Darren Pauli, 17 Feb 2016

Apple must help Feds unlock San Bernardino killer's iPhone – judge

Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California. US magistrate Sheri Pym says Cupertino has to find a way to supply software that prevents the phone from automatically annihilating its user data when too many password attempts have …
Darren Pauli, 17 Feb 2016
GCHQ Benhall doughnut aerial view

Brit spies can legally hack PCs and phones, say Brit spies' overseers

Blighty's spying nerve center GCHQ has a licence to hack computers and devices at will, a UK intelligence oversight court has ruled. The judgment was handed down on Friday after Privacy International and seven ISPs launched a legal challenge against the agency's hacking operations – operations that were laid bare by documents …
Iain Thomson, 12 Feb 2016
Money falling, image via Shutterstock

Insight Enterprises CEO: our EMEA ops are firing... no not staff

Managed and cloud services picked up some momentum for Insight Enterprises’ EMEA ops in 2015 but not at the pace to offset declines in the traditional hardware and software reselling lines. Locally, the firm reported a 13 per cent rise in year-on-year sales for calendar Q4 to $342m but in constant currency the decrease was …
Paul Kunert, 11 Feb 2016
Phone cables, photo via Shutterstock

No, HMG, bulk data surveillance is NOT inevitable

It is the topic that they don’t want us to discuss. When it came up in the Joint Committee on the Investigatory Powers Bill there was a desperate attempt to shoot the messenger, William Binney, as an alternative to the debating his message. The Joint Committee on which I served heard compelling evidence that collecting …

US Congress locks and loads three anti-encryption bullets

US Congress is preparing no fewer than three new bills over the ongoing encryption debate: one banning end-to-end encryption, one setting up a commission to review the issue, and a third to make sure that it is Congress that gets to decide what happens next. Leading member of the Senate Intelligence Committee Dianne Feinstein …
Kieren McCarthy, 10 Feb 2016

Let Europeans sue America for slurping their data – US Senate

European citizens will soon win the right to sue the US government for snatching their personal and private data. On Tuesday, the US Senate passed the Judicial Redress Act, which is a critical jigsaw piece for the new Privacy Shield agreement that governs the exchange of people's personal information over the Atlantic. The …
Kieren McCarthy, 10 Feb 2016
id4_white_house_648

Obama govt proposes 33% hike in cyber-security spending

The outgoing Obama administration has proposed increasing federal cyber-security spending by $5bn, or around a third, in the hope of reaching $19bn in 2017. Reuters reports that the Democrat president's proposals, due to be unveiled later on Tuesday, will earmark $3.1bn for technology modernisation at various federal agencies …
John Leyden, 09 Feb 2016
Merlin Data Center Interior

Private clouds kinda suck, you know?

Sysadmin Blog Are enterprises really starting to act like service providers? If you ask vendors, social media and "thought influencers" hired to speak at conferences, the answer is yes. I'm not so sure. On the one hand, we're asked to believe that enterprises are almost universally adopting private and hybrid cloud solutions in order to …
Trevor Pott, 09 Feb 2016

Brit spies want rights to wiretap and snoop on US companies' servers

The US and UK authorities are holding secret negotiations that would allow British domestic spies to tap into servers in the Land of the FreeTM when investigating Her Majesty's citizens. A draft proposal, seen by the Washington Post, would allow MI5 to get access to data stored on overseas computers run by American firms, and …
Iain Thomson, 05 Feb 2016
Ethernet cable rises up like a snake (artist's impression). Image via shutterstock

While we weren't looking, the WAN changed

Sysadmin Blog: Wide Area Networking (WAN) solutions are not discussed enough in the tech press. We babble incessantly about consumer broadband, or some new top end fibre speed achieved in a lab, but this is merely a fraction of the story. There is a very real revolution in WAN connectivity that is occurring right now, today. It goes largely …
Trevor Pott, 05 Feb 2016

UC Berkeley profs blast secret IT monitoring kit on campus

Academics at the University of California Berkeley have protested after it emerged that management had put a secret data slurping device into the campus that was mapping and storing all network traffic. "The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus and has …
Iain Thomson, 05 Feb 2016
Sparta

Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal

European and US legislators have hammered out a last-minute deal to allow data flows across the Atlantic to continue without breaking the law. "For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations …
Iain Thomson, 02 Feb 2016

Microsoft vs US.gov, Internet of Stuff, etc: What's up with 2015's legal cloudy issues?

Last year, I highlighted five legal issues for cloud firms and consumers to watch out for in 2015. Here’s a quick recap of how those topics developed during the year. 1. Microsoft and the US government go back to court Microsoft is taking a stand against the ability of US law to reach into its Dublin data centres and, against …
Frank Jennings, 02 Feb 2016
networking plugs

Safe Harbor crunch time: Today's the day to hammer out privacy deal

US and EC (European Commission) officials have until the end of the day today to reach a new Safe Harbor agreement or risk a breakdown of transatlantic e-commerce. Despite furious efforts over three months and, for the past few weeks, daily meetings between officials, the two sides are still reportedly at loggerheads over two …
Kieren McCarthy, 01 Feb 2016
Israeli Heron drone

Israeli drones and jet signals slurped by UK and US SIGINT teams

The NSA and Britain’s GCHQ have access to the video feeds of Israel’s fleet of drones and aircraft, according to new documents. The spy agencies have intercepted data streams containing videos, pictures and GPS data from Israeli jets and drones since at least 2008, according to Snowden-supplied documents seen by The Intercept …
Iain Thomson, 29 Jan 2016

VirusTotal bashes bad BIOSes with forensic firmware fossicker

VirusTotal can now analyse firmware for known malware, prying inside almost-hard-coded code for hidden executables. The service allows users to search for low-level infections in embedded devices and BIOS which could represent the handiwork of sophisticated malware or well-resourced or dedicated attackers. Security engineer …
Darren Pauli, 29 Jan 2016
Rob Joyce

NSA’s top hacking boss explains how to protect your network from his attack squads

Usenix Enigma The United States National Security Agency (NSA) is a notoriously secretive organization, but the head of its elite Tailored Access Operations (TAO) hacking team has appeared at Usenix’s Enigma conference to tell the assembled security experts how to make his life difficult. Rob Joyce has spent over a quarter of a century at …
Iain Thomson, 28 Jan 2016

GitHub falls offline, devs worldwide declare today a snow day

Updated Popular and widely used source-code hosting service GitHub is, for the moment, no longer a widely used source-code hosting service. It has fallen offline. Since 1632 PT (0032 UTC, 1132 AEDT), the website has been down. Right now, the San Francisco-headquartered upstart reports: "We're investigating a significant network …
Chris Williams, 28 Jan 2016
Nick Weaver

Cops hate encryption but the NSA loves it when you use PGP

Usenix Enigma Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto. To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards. Agents and analysts don't …
Iain Thomson, 27 Jan 2016
Alex Stamos

Facebook CSO slams RSA Conf for repping 'the worst parts of the security industry'

Usenix Enigma Facebook's chief security officer Alex Stamos is not a man to mince words. Today, he delivered a stinging rebuke to the RSA Conference, due to be held in San Francisco next month. "In my opinion, RSA represents some of the worse parts of the security industry in its direction and it's not very helpful," he told attendees at …
Iain Thomson, 27 Jan 2016
Doomsday clock

Safe Harbor 2.0: US-Europe talks on privacy go down to the wire

United States and European Commission officials have promised they are doing everything possible to reach agreement over transatlantic data-sharing before a critical deadline at the end of this week. After the Safe Harbor agreement – put in place in 2000 – was struck down by Europe's highest court back in October due to NSA …
Kieren McCarthy, 25 Jan 2016

Japanese chief TPP negotiator accused of taking $100,000 bribe

Japan's chief negotiator in the controversial Trans-Pacific Partnership (TPP) trade deal has been accused of taking bribes worth $100,000 from a construction company. Economy minister Akira Amari and his staff accepted 12 million yen ($101,000) in payments from an unnamed company from the Chiba province just outside Tokyo, …
Kieren McCarthy, 22 Jan 2016
Qualcomm

Qualcomm forms JV with Chinese province to design server chipsets

Qualcomm has struck a US$280 million joint venture with the government of China's Guizhou Province that will see the two organisations design server chips in China. Qualcomm took the wraps off an ARM-powered server CPU last October. On Sunday it advanced its plans by revealing “a strategic cooperation agreement and joint …
Simon Sharwood, 18 Jan 2016
Birthday Cake

Happy 30th birthday, IETF: The engineers who made the 'net happen

Special report Thirty years ago today, 16 January 1986, the Internet Engineering Task Force – IETF – was born at a meeting in San Diego. It was humble beginnings and the organization that is more responsible than any other for turning a research project into a viable global communications network boasted an initial attendance of just 21 …
Kieren McCarthy, 16 Jan 2016

Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Apple has flubbed attempts to patch flaws in OS X's anti-malware system Gatekeeper, leaving the defenses still easy to bypass. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, found a way to circumvent Gatekeeper last year. Gatekeeper is supposed to block dodgy …
John Leyden, 15 Jan 2016

Investor to AT&T – give us a peek at your NSA data dealings

An activist investor is pressing AT&T for more details about how it handles government data requests. Arjuna Capital said it will ask at the next shareholder meeting for investors to vote on a proposal [PDF] requiring AT&T to issue detailed reports of the company's policy on providing customer information to the NSA in light …
Shaun Nichols, 14 Jan 2016
Theresa May

UK Home Sec stumbles while trying to justify blanket cyber-snooping

IPB UK Home Secretary Theresa May was grilled on Wednesday during the last evidence session held by the Parliamentary committee scrutinizing fresh powers proposed for GCHQ. Crucially, she was unable to explain to the panel exactly why Blighty's intelligence services need the ability to intercept and retain millions of innocent …
GCHQ Benhall doughnut aerial view

We know this isn't about PRISM, Matt Warman MP. But do you?

IPB +Comment Former consumer technology editor at The Telegraph and current Conservative MP Matt Warman derailed an NSA whistleblower's attempt to deliver evidence on GCHQ spying, raising questions about the committee's competence to scrutinise the government's draft surveillance bill. The MP offered distracting and irrelevant counter- …
Sign outside the National Security Agency HQ

Future Snowden hunt starts with audit of NSA spooks' privileges

The National Security Agency (NSA) has decided it really needs to catch the next Edward Snowden before he turns whistleblower/traitor (strike one according to your political orientation). According to this memo (PDF) from Carol Gorman, an assistant inspector general in the Department of Defense's Readiness and Cyber Operations …
Shouting match

How hard can it be to kick terrorists off the web? Tech bosses, US govt bods thrash it out

Senior US government executives and Silicon Valley's tech captains are sitting down together in San Jose, California, on Friday to try and sort out a way to combat terrorism online. The meeting, will include Attorney General Loretta Lynch, FBI Director James Comey, National Intelligence Director James Clapper and National …
Iain Thomson, 08 Jan 2016
Home Secretary Theresa May introduces draft Investigatory Powers Bill to MPs. Pic credit: Parliament TV

ISPs: UK.gov should pay full costs of Snooper's Charter hardware

IPB The Internet Services Providers' Association (ISPA) today told a Parliamentary committee that the government should bear the full cost of extra infrastructure needed to support the snooping databases authorised by the Investigatory Powers Bill. The lobby group's response to the joint committee's call for evidence also claimed …
William Binney

GCHQ mass spying will 'cost lives in Britain,' warns ex-NSA tech chief

Plans by the UK's Conservative government to legitimize the mass surveillance of Brits won't work, and will cause lives to be lost to terrorism. That's the view of a former senior US National Security Agency (NSA) staffer, who will sound off on blanket snooping at a parliamentary hearing this afternoon (Wednesday). William …
Iain Thomson, 06 Jan 2016
America

NSA spying on US and Israeli politicians stirs Congress from Christmas slumbers

After two years of doing little about the mass surveillance revealed by Edward Snowden, the US Congress has sprung into action in less than two days – with investigations into the NSA spying on some the legislature's members. On Tuesday the Wall Street Journal reported that conversations between members of Congress and senior …
Iain Thomson, 31 Dec 2015
Joanna Rutkowska of Invisible Things Labs gives talk "Towards (reasonably) trustworthy x86 laptops" at ccc - still from youtube

Trustworthy x86 laptops? There is a way, says system-level security ace

32c3 Security concerns around Intel's x86 processors – such as the company's decision to force the secretive Management Engine microcontroller onto its silicon – have raised fundamental questions about trust in personal computers, whatever architectures they may be based upon. Youtube Video The founder of Invisible Things Labs, …
Hateful Eight

The Infamous Eight: 2015's memes, themes and big pieces

Year in review So, was US Central Command (CENTCOM) hacked, were a LOT of Polish Airlines aircraft cyber breached, and did China block imports of products from Apple and others? The answer in all three cases was a simple “no”. So what of the multiple cloud outages, and Uber’s ongoing global legislative and driver woes? In a 140-character- …
Gavin Clarke, 30 Dec 2015

Upset Microsoft stashes hard drive encryption keys in OneDrive cloud?

Water cooler El Reg, some friends of mine have been showing me blog posts about Microsoft keeping secret copies of all our encryption keys. What's going on? Since Windows 8, Microsoft has built drive encryption into its operating system, so none of this should really be a shock. And this encryption feature shouldn't be confused with …
Chris Williams, 30 Dec 2015
Crypto fingers

Law enforcement versus Silicon Valley's idle problem children

Year in review Tensions have been building for a while on the back of revelations from NSA contractor turned whistleblower Edward Snowden but 2015 marked the outbreak of full-on hostilities between tech firms in Silicon Valley and Western governments. Law enforcement and politicians on both sides of the Atlantic lined up to repeatedly …
John Leyden, 29 Dec 2015
you_fail_extended_648

Juniper's VPN security hole is proof that govt backdoors are bonkers

Juniper's security nightmare gets worse and worse as experts comb the ScreenOS firmware in its old NetScreen firewalls. Just before the weekend, the networking biz admitted there had been "unauthorized" changes to its software, allowing hackers to commandeer equipment and decrypt VPN traffic. In response, Rapid7 reverse …
Iain Thomson, 23 Dec 2015

Cisco probes self for Juniper-style backdoors, silently mouths: 'We're doing this for yooou'

In the wake of the Juniper firewall backdoor scandal, Cisco is reviewing its source code to make sure there are no similar nasty surprises lurking within. "Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive …
Iain Thomson, 22 Dec 2015

How to log into any backdoored Juniper firewall – hard-coded password published

The access-all-areas backdoor password hidden in some Juniper Networks' Netscreen firewalls has been published. Last week it was revealed that some builds of the devices' ScreenOS firmware suffer from two severe security weaknesses: one allows devices to be commandeered over SSH and Telnet, and the other allows encrypted VPN …
Iain Thomson, 21 Dec 2015

Former security officials and BlackBerry CEO pile in on encryption debate

The rolling debate over encryption has been joined by BlackBerry's CEO and a range of former national security officials. Following a recent political pushback, and a Republican debate that appeared to again ask for backdoors to be introduced into encryption products, the experts have stepped in to argue for a more realistic …
Kieren McCarthy, 18 Dec 2015

Canadian live route map highlights vulnerabilities to NSA spying efforts

Researchers at the University of Toronto have created a mapping tool that shows how internet data moves around and how the NSA can use just a few surveillance sites to scoop up online traffic. IXmaps is a visual, interactive database of traffic routes, and uses real data to help Canadians get a sense of what happens when they …
Kieren McCarthy, 17 Dec 2015

Let's shut down the internet: Republicans vacate their mind bowels

Ever since Senator Ted Stevens famously referred to the internet as a "series of tubes" in 2006, we have became sadly accustomed to the fact that legislators have little or no understanding of how the internet actually works. Despite the determined efforts of many internet policy wonks in the past decade, that dangerous level …
Kieren McCarthy, 16 Dec 2015
Kindle Big Brother

Big Brother is born. And we find out 15 years too late to stop him

Exclusive The "Big Brother" comprehensive national database system feared by many MPs has been built behind their backs over the last decade, and even has a name for its most intrusive component: a central London national phone and internet tapping centre called PRESTON. PRESTON, which collects about four million intercepted phone calls …
Duncan Campbell, 16 Dec 2015

Spanish village mounts Playmobil extravaganza

PICS We're delighted to report that the first Playmobil expo in the Spanish village of Tivissa turned out to be a bit of a blinder. We were alerted to last weekend's miniature celebration - forming part of the IV Fira De Natal (Fourth Xmas Festival) - by expat reader Neil Tragham (and yes, that's his real name). Poster for the …
Lester Haines, 11 Dec 2015