Archive | NSA

Dumbo – How the NSA can destroy digital evidence

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Wikileaks: Dumbo »


Court case to bring light to »Five Eyes« intelligence cooperation?

“We hope to find out the current scope and nature of the Five Eyes intelligence sharing agreement – and how much has changed since the 1955 version,” Privacy International legal officer Scarlet Kim tells WIRED. “We’d also like to know the US rules and regulations governing this exchange of information – what safeguards and oversight, if any, exist with respect to these activities?”

Wired: The US government is being sued for info on the secretive Five Eyes intelligence group »


Bruce Schneier on NSA and WannaCry

People inside the NSA are quick to discount these studies, saying that the data don’t reflect their reality. They claim that there are entire classes of vulnerabilities the NSA uses that are not known in the research world, making rediscovery less likely. This may be true, but the evidence we have from the Shadow Brokers is that the vulnerabilities that the NSA keeps secret aren’t consistently different from those that researchers discover. And given the alarming ease with which both the NSA and CIA are having their attack tools stolen, rediscovery isn’t limited to independent security research.

Bruce Schneier in Foreign Affairs: Why the NSA Makes Us More Vulnerable to Cyberattacks »


WannaCry: NSA knew about the dangers

It appears the NSA finally engaged in the Vulnerabilities Equity Process — not when it discovered the vulnerability, but rather when it became apparent the agency wouldn’t be able to prevent it from being released to the public. (…)

Officials called it “fishing with dynamite.” The exploit gave the NSA access to so much on compromised computers, the agency obviously couldn’t bear the thought of voluntarily giving up such a useful hacking tool. But when it was first deployed, some inside the agency felt the vulnerability might be too powerful to be left undisclosed.

Techdirt: NSA Was Concerned About Power Of Windows Exploit Long Before It Was Leaked »


WannaCry: NSA is unforgivable and beyond irresponsible

It’s clear that in weaponizing a vulnerability instead of responsibly disclosing it (so hospitals and transportation infrastructure can be protected), the NSA made a critical error in judgment that put millions of people at risk. However, one would think that after learning 10 months ago that their entire cyberweapon arsenal had been stolen and was now out “in the wild”, the NSA would have immediately taken action and responsibly disclosed the vulnerabilities so systems around the world could be patched.

Unfortunately, there is no indication that they did so. If we read carefully the statement from Microsoft today, it appears the NSA deliberately withheld the information that would have allowed critical civilian infrastructure like hospitals to be protected. In our view, this is unforgivable and beyond irresponsible.

Proton Mail blog: Important lessons from the first NSA-powered ransomware cyberattack »


Microsoft on NSA and the WannaCrypt exploits

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Microsoft: The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack »


NSA, what have you done?

The ransomware spread so quickly because it was delivered by a special digital code developed by the NSA to move from one unpatched computer to another, security experts said. They warned that the malware now could move from large networks to individual users.

Washington Post: Malware, described in leaked NSA documents, cripples computers worldwide »


• The Intercept: Leaked NSA malware is helping hijack computers around the world »
• PC World: Microsoft blames U.S. stockpiled vulnerability after WannaCry ransomware attack »
• The Duran: Worried about ‘WannaCry’? You should have listened to Julian Assange »
• Falkvinge: Current wave of ransomware not written by ordinary criminals, but by the NSA »
• Reuters: Global cyber attack fuels concern about U.S. vulnerability disclosures »

• Ars Technica: How I accidentally stopped a global Wanna Decryptor ransomware attack »
• Ars Technica: Wanna Decryptor ransomware worm may have North Korea’s fingerprints on it »
• Wired: The WannaCry Ransomware Has a Link to Suspected North Korean Hackers »
• Proton Mail: Important lessons from the first NSA-powered ransomware cyberattack »


The NSA SWIFT hack

Reuters: Hacker documents show NSA tools for breaching global money transfer system »

Documents and computer files released by hackers provide a blueprint for how the U.S. National Security Agency likely used weaknesses in commercially available software to gain access to the global system for transferring money between banks, a review of the data showed.

On Friday, a group calling itself the Shadow Brokers released documents and files indicating NSA had accessed the SWIFT money-transfer system through service providers in the Middle East and Latin America. That release was the latest in a series of disclosures by the group in recent months.

Told you so.

Below, video from the hearings on NSA and mass surveillance in the European Parliament, 24 September 2013 – where Europol and many others try to steer clear of the SWIFT issue. (Some translation problems during a few minutes in the video, but it soon gets better.)

Youtube »