Articles about nsa

Human rights orgs take Five Eyes nations to court

Human rights organisations have today made the most direct legal challenge against the UK and USA's surveillance activities since they were first revealed in 2013. Despite the outcry against surveillance which followed the outpourings of rogue NSA sysadmin Edward Snowden, and a few successful legal challenges, the utility and …

Swiss vote for spy powers

Switzerland has decisively voted in new surveillance laws granting the country's law enforcement agencies powers closer to those in other western nations. The referendum vote passed with a 66.5 per cent majority on a low voter turnout, carried notably on the back of positive sentiment from the country's older voters. The laws …
Team Register, 27 Sep 2016
NSA

Report: NSA hushed up zero-day spyware tool losses for three years

Sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know. Multiple sources told Reuters last night that the investigation into the data dump released by a group calling …
Iain Thomson, 23 Sep 2016
NSA

Cisco plugs another 'Shadow Brokers' hole

Cisco's post-Shadow Brokers security review has uncovered an IKEv1 vulnerability that can leak memory contents of its (deprecated) PIX firewalls and various IOS environments. Don't delay the patch, because the investigation found the bug was exploited in “some Cisco customers”. It attributes the bug to “insufficient condition …
Picture by Orlok / Shutterstock

Encryption backdoors? It's an ongoing dialogue, say anti-terror bods

CloudFlare Internet Summit It's not every day you walk into a tech conference in San Francisco to find a propaganda video for the Islamic State playing on the screens. Two counterterrorism experts from Washington, DC, were opening the CloudFlare Internet Summit by talking about the use of social media by terrorist groups and what could be done to …
Kieren McCarthy, 15 Sep 2016
mAN SMILES INTO CAMERA, pHOTO BY sHUTTERSTOCK

US National Security Agency gets CREST smile

CREST, the UK-based certification and accreditation body for the infosec industry, has signed an agreement with the National Security Agency to take over its incident response accreditation programme. Supported by the Foreign and Commonwealth Office in the UK, which is seeking to promote the UK's professional cyber security …
Picture by Sunshine Press

Edward Snowden's 40 days in a Russian airport – by the woman who helped him escape

Interview Sarah Harrison, the British WikiLeaks journalist who successfully spirited Edward Snowden from Hong Kong to safe(ish) asylum in Russia, has told The Register how she did it – and what’s next for the NSA whistleblower, and for Julian Assange. She spoke to us a week before the Oliver Stone film Snowden is released*, although she …
Iain Thomson, 12 Sep 2016
Katherine Archuleta

Read the damning dossier on the security stupidity that let China ransack OPM's systems

The congressional investigation into the hacking of the US Office of Personnel Management has shown how a cascade of stupidity that allowed not one but two hackers access to critical government secrets. The 227-page report [PDF] details how two hacking teams, both thought to be state-sponsored groups from China, managed to …
Iain Thomson, 08 Sep 2016

Extra Bacon? Yes please, even though the Cisco bug of this name is bad for you

Tens of thousands of Cisco ASA firewalls are vulnerable to an authentication bypass exploit thought to have been cooked up by the United States National Security Agency (NSA). The "Extra Bacon" exploit was one of many found as part of an Equation Group cache leaked by a hacking outfit calling itself the Shadow Brokers. …
Darren Pauli, 05 Sep 2016

L0phtCrack's back! Crack hack app whacks Windows 10 trash hashes

Ancient famed Windows cracker L0phtCrack has been updated after seven years, with the release of the "fully revamped" version seven. The password cracker was first released 19 years ago gaining much popularity in hacker circles and leading Microsoft to change the way it handled password security at the time. No new versions …
Darren Pauli, 01 Sep 2016
Photo by a katz / Shutterstock.com

FBI Director wants 'adult conversation' about backdooring encryption

FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …
Iain Thomson, 31 Aug 2016
speaking_in_tech Greg Knieriemen podcast enterprise

Speaking in Tech: Fancy a 30 hour work week? Ask Amazon

Podcast speaking_in_tech Greg Knieriemen podcast enterprise This week Greg is in Japan while Ed drives the podcast along with Yadin Porter de Leon and his special guest, David Allen of “Getting Things Done”. This week the team talks extensively about the GTD methodology, VMworld, Uber and Amazon work hours. The details… (0:00) …
Team Register, 31 Aug 2016
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Angler's obituary: Super exploit kit was the work of Russia's Lurk group

Ruslan Stoyanov was right: what could be history's most advanced financially-driven malware was the progeny of some 50 jailed hackers known as the Lurk group. It is a finding that solves the mysterious demise of the world's most capable exploit kit and one of the biggest threats to end users on the internet. Kaspersky's head …
Darren Pauli, 31 Aug 2016

NewSat network breach 'most corrupted' Oz spooks had seen: report

Defunct Australian satellite company Newsat distinguished itself in a way never known to the public before the company went under: it was so badly hacked it had 'the most corrupted' network the nation's spy agency had encountered. The company's assets were sold off last year after it went into administration. Unnamed sources …
Darren Pauli, 29 Aug 2016

Baltimore cops: We flew high-res camera planes to film your every move

Analysis Police in Baltimore, US, have admitted hiring a third party to fly over the city, constantly recording events with high-resolution cameras. The admission comes after a Businessweek feature on the company, Persistent Surveillance Systems (PSS), led to a condemnation of the practice by the ACLU's privacy expert and media …
Kieren McCarthy, 25 Aug 2016
Image composite bazzier and valeo5 http://www.shutterstock.com/gallery-761863p1.html http://www.shutterstock.com/gallery-1393552p1.html

Equation Group exploit hits newer Cisco ASA, Juniper Netscreen

Hungary-based security consultancy SilentSignal has ported a public exploit to newer models of Cisco's Adaptive Security Appliance (ASA). The firm expanded the attack range of the ExtraBacon Cisco hack hole revealed as part of the Shadow Brokers cache of National Security Agency-linked exploits and tools. The exploit was …
Darren Pauli, 24 Aug 2016

'NSA' hack okshun woz writ by Inglish speeker trieing to hyde

The perpetrator behind the dumping of tools penned by the probably-the-NSA hacking squad called"Equation Group" appears to be a native English speaker, according to linguistic data researcher Shlomo Argamon. Earlier this month some 300 files were circulated online purporting to be stolen from the Equation Group, which is …
Darren Pauli, 23 Aug 2016

Software exploits overrated - it's the humans you need to be watching

Video Weak passwords and phishing offer far easier mechanisms for breaking into most organizations than exploiting software vulnerabilities. A study by US cybersecurity firm Praetorian based on 100 penetration tests and 450 real-world attacks discovered that stolen credentials offer the best way into enterprise networks. Software …
John Leyden, 22 Aug 2016

NSA's Cisco PIX exploit leaks

Cisco PIX firewalls can be made to cough up their VPN configurations and RSA private keys, allowing network eavesdroppers to decrypt secure connections. The NSA's Equation Group exploit code – leaked online this week – includes a tool called BENIGNCERTAIN that crafts and sends a special Internet Key Exchange (IKE) packet to …
Iain Thomson, 20 Aug 2016
NSA

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web

Documents from the Edward Snowden archive prove that the malware and exploits dumped on the public internet on Monday originated from the NSA. Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of …
Iain Thomson, 19 Aug 2016

UK's mass-surveillance draft law grants spies incredible powers for no real reason – review

IPBill An independent review into bulk surveillance powers in the forthcoming Investigatory Powers Bill has warned that there is no proven case to let British snoops hack the planet. The study group examined the UK government’s Operational Case for Bulk Powers [PDF], which provided the government’s reasons for needing the most …
Edward Snowden at Think. Image Darren Pauli / The Register

Snowden says Russia ‘probably responsible’ for NSA hack

NSA whistleblower Edward Snowden reckons Russia is the most likely suspect behind the leak of advanced hacking tools allegedly stolen from an elite NSA hacking unit. He postulates a complex motive for the leak involving gaining diplomatic leverage that wouldn’t look out of place in a modern retelling of a John le Carré novel. …
John Leyden, 18 Aug 2016
Smilin' Marv

Fortinet follows Cisco in confirming Shadow Broker vuln

Whatever the source and whoever the backers, evidence is mounting that the Shadow Brokers vuln-dump is real: Fortinet has followed Cisco in confirming its place on the list. Cisco's confirmation said the EPICBANANA and EXTRABACON vulns listed in the drop were real. It had fixed one in 2011, and the other, a new SNMP bug, is on …
Smilin' Marv

Cisco confirms two of the Shadow Brokers' 'NSA' vulns are real

It's looking increasingly likely that the hacking tools put up for auction by the Shadow Brokers group are real – after Cisco confirmed two exploits in the leaked archive are legit. The two exploits, listed in the archive directory as EPICBANANA and EXTRABACON, can be used to achieve remote code execution on Cisco firewall …
Iain Thomson, 17 Aug 2016
Sign outside the National Security Agency HQ

NSA blames it on the rain

The US National Security Agency (NSA) says that a long-running outage on its website earlier this week was caused by inclement weather. According to the US spy house, one of the data centers hosting the NSA.gov website fell victim to a storm, and was thus taken partially offline. The main page was available, but links to other …
Shaun Nichols, 17 Aug 2016
image by Filip Fuxa http://www.shutterstock.com/gallery-94501p1.html

#Shadowbrokers hack could be Russia's DNC counter-threat to NSA

One of the most interesting hacks in recent memory is almost certain to be a compromise of infrastructure operated by an ultra-elite hacking group thought to be the United States' National Security Agency. The breach involves the public release of more than 300 files that showcase a host of exploits against companies including …
Darren Pauli, 17 Aug 2016

Shadow Broker hacking group auctions off claimed NSA online spy tools

A group calling itself the Shadow Brokers has started an online auction for top-of-the-range tools it claims were stolen from the Equation Group, a digital attack squad linked to the NSA. The Shadow Brokers posted up news of the auction saying (in broken English) that they had been monitoring the Equation Group's servers, had …
Iain Thomson, 15 Aug 2016

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

DEF CON While some fear the US government is hoarding a vast pool of zero-day security vulnerabilities, the reality is that it probably holds just a few dozen, according to a study by Columbia University. In a presentation at the DEF CON hacking conference in Las Vegas today, Jason Healey, senior research scholar in the university's …
Iain Thomson, 05 Aug 2016

Yahoo! is! not! killing! Messenger! today!, just! the! desktop! client!

Yahoo! is to kill off the desktop client for its once-popular instant messaging service Messenger today. The Purple Palace said, back in June, that today would be the day when the desktop client for Messenger would be switched off. At the time of writing (morning of 5 August) Yahoo! Messenger's desktop client was working just …
Gareth Corfield, 05 Aug 2016
Password

Cloud backup biz IDrive hits password reset button to head off crims exploiting lazy logins

Cloud-based backup outfit IDrive has reset an unspecified number of customer logins to thwart miscreants who are exploiting people's password laziness. Too many netizens each reuse the same passwords across many websites; if you hack one site, you can potentially get all the details you need to log into many other accounts on …
John Leyden, 03 Aug 2016

Snitches get stitches: Little Snitch bugs were a blessing for malware

DEF CON A vulnerability in popular OS X security tool Little Snitch potentially granted malicious applications extra powers, undermining the protection offered by the software. Little Snitch reports in real-time the network traffic entering and leaving your Apple computer, and can block unauthorized connections. It is a handy …
John Leyden, 03 Aug 2016
Image by Dr Flash http://www.shutterstock.com/gallery-182053p1.html

Fun fact of the day: Network routers are illegal in Japan

There's no doubt that the internet has caused massive shakeups in laws across the globe, but in Japan the law has an unusual kink: internet routers are technically illegal. Except they're not. Because under a very Japanese rule, the ability of electronic equipment to read a packet header both violates the law and "seems not …
Kieren McCarthy, 02 Aug 2016

Snowden's anti-snoop tool

NSA whistleblower Ed Snowden and hardware guru Andrew “Bunnie” Huang have designed a gizmo that wraps around your iPhone 6 and alerts you when the mobe unexpectedly leaks your location. Basically, if you put your smartphone into airplane mode – ie: maintain radio silence – to avoid being tracked, the gadget will kick off if …
Shaun Nichols, 21 Jul 2016
China will see you on the dark side of the moon

Maxthon web browser blabs about your PC all the way back to Beijing

A web browser developed by Chinese company Maxthon has allegedly been collecting telemetry about its users. Polish security consultancy Exatel warns [PDF] that Maxthon is phoning home information such as the computer's operating system and version number, the screen resolution, the CPU type and speed, the amount of memory …
John Leyden, 19 Jul 2016
A bottle of burned naphtalene

Oz boffins cook quantum computing out of mothballs

A Sydney University researcher has burned naphthalene to create a material that can hold quantum qubit information at room temperatures. While the world has both quantum storage and quantum gates, albeit at small scales, even performing a simple Boolean AND operation on qubits is best undertaken as close as you can get to 0 …

McCain: Come to my encryption hearing. Tim Cook: No, I'm good. McCain: I hate you, I hate you, I hate you

US Senator John McCain (R-AZ) has thrown a hissy fit over the refusal of Apple CEO Tim Cook to attend a Senate hearing on encryption. Opening the Committee on Armed Services' hearing on cybersecurity this morning, McCain went out of his way to note that Cook has declined the senator's invitation to give testimony alongside …
Kieren McCarthy, 15 Jul 2016
Dudley Do-Right Royal Canadian Mounted Police

Follow US please, say spies

Snarky Canuck spies have joined Twitter telling the world 'now it's your turn to follow us'. The Canadian Security Intelligence Service joined the flighty social media rabble better snoop engage with locals, agency director Michel Coulombe says. "Speaking publicly on the nature of our work isn’t always easy, but we want CSIS …
Darren Pauli, 14 Jul 2016
Man in helmet looks uncertain, holds up shield. Photo by Shutterstock

European Commission straps on Privacy Shield

The European Commission has this morning adopted the EU-US Privacy Shield agreement, which will enter into force as soon as all member states are notified of the adequacy decision (PDF). Privacy Shield, which has been adopted after months of negotiations, is an agreement between the EU and the US which ostensibly ensures that …

Don't doubt it, Privacy Shield is going to be challenged in court

Analysis The European Union's attempts to make data transfers to the United States compliant with privacy laws are an opaque exercise, so much is obvious, but will they work? It's clear that it is necessary to retain the Transatlantic data trade – in economic terms, but also as a means of preventing the Balkanization of the internet. …

Pokemon Go oh no no no, we're not reading your email, says gamemaker

Final update This was a developing story: read through to the updates for the full scoop. Smash-hit mobile game Pokemon Go's catchphrase is "you gotta catch 'em all" – gotta catch all your Google accounts, it seems. As spotted today by IT architect Adam Reeve, the ultra-popular monster-catching vitamin-D-injecting exercise-encouraging …
Shaun Nichols, 11 Jul 2016
stack of newspapers with a pair of ethernet cables next to them

EU votes for Privacy Shield

The EU-US Privacy Shield agreement has been agreed by representatives of the EU's Member States. Privacy Shield was constructed as a replacement for the Safe Harbor agreement which covered the transfer of EU citizens' data to the US. Safe Harbor collapsed following legal action spurred by the Snowden revelations, which …
Man shouting the news from a rolled up newspaper

US constitution vs PRISM

An appeals court in the US will hear whether a criminal defendant had his constitutional rights violated by the NSA's PRISM programme later today. Mohamed Mohamud, a naturalised Somali-American, was convicted in 2013 of taking part in the 2010 Portland car bomb plot. His lawyers have argued Mohamud was entrapped as he would …
High-tech startup-rich neighbourhood Herzliya Pituach, Israel. Pic by InnaFelker, editorial use only via Shutterstock

Israeli tech firms make their exits, stage rich

Israeli hi-tech companies rang the tills with exits adding up to $3.3bn in the first half of 2016. A total of 45 hi-tech firms completed exit deals that averaged $74m, according to a study by IVC Research Center and law firm Meitar Liquornik. Increased difficulties in raising capital, particularly in the United States and …
John Leyden, 06 Jul 2016

Encryption, wiretaps and the Feds: THE TRUTH

Figures published this month suggest fewer Americans are using encryption to secure their communications – but if you look into the detail, the opposite is probably closer to reality. The latest Wiretap Report from the US courts system – which counts up the number of requests from investigators to spy on people's chatter in …
Shaun Nichols, 30 Jun 2016

FBI's iPhone paid-for hack should be barred, say ex-govt officials

The FBI's purchase of a hack to get into the San Bernardino shooter's iPhone should not have been allowed. That's according to a new paper from two former US government cybersecurity officials, Ari Schwartz and Rob Knake. In their paper [PDF] they dig into the current vulnerability equities process (VEP), disclosed in 2014, …
Kieren McCarthy, 17 Jun 2016
Sign outside the National Security Agency HQ

US plans intervention in EU vs Facebook case caused by NSA snooping

The US government has asked the Irish High Court to hear its information in the case between a privacy activist and Facebook. Austrian activist and lawyer, Max Schrems, brought his complaint against the social network after the revelations of the NSA's PRISM surveillance program, which he, alongside Digital Rights Ireland, …

Post-Safe Harbor: Adobe fined for shipping personal info to the US 'without any legal basis'

A German regulator has fined three companies for failing to change the way they share people's personal information following the invalidation of the Safe Harbor agreement last year. The Hamburg Data Commissioner fined Adobe €8,000 ($9,084), Pepsi subsidiary Punica €9,000 ($10,220) and Unilever €11,000 ($12,491) because they …
Kieren McCarthy, 07 Jun 2016
Parabolic mic

On her microphone's secret service: How spies, anyone can grab crypto keys from the air

Discerning secret crypto keys in computers and gadgets by spying on how they function isn't new, although the techniques used are often considered impractical. A new paper demonstrates this surveillance can be pretty easy – well, easier than you might imagine – to pull off, even over the air from a few metres away. We all …
Iain Thomson, 04 Jun 2016

'UnaPhone' promises Android privacy by binning Google Play

A custom Android phone is being pitched to security and privacy pundits promising to deliver by goring Google services, preventing app installation, and deploying end-to-end encryption. The US$540(£374, A$745) UnaPhone sports a custom Android Marshmallow operating system that has been stripped of "invasive" Google services to …
Darren Pauli, 03 Jun 2016

Is a $14,000 phone really the price of privacy?

A US$14,000 (£9,706, or A$19,352) Android phone has been launched pitching 'military-grade encryption' at privacy-conscious executives. Little information can be found on the Solarin handset's specific security chops other than it will use "chip-to-chip 256-bit AES encryption" for phone calls. That technology is built by …
Darren Pauli, 02 Jun 2016