The NSA Officially Has a Rogue Contractor Problem

NSA headquarters in Fort Meade, MD.

Brooks Kraft/Getty Images

The NSA is one of the world’s most notoriously secretive and powerful government agencies, guarding its powerful hacking tools and massive caches of collected data under layers of security clearances and world-class technical protections. But it turns out that three times in three years, that expensive security has been undone by one of its own contract employees simply carrying those secrets out the door.

In 2013, an NSA contractor named Edward Snowden walked out of the agency’s building in Oahu, Hawaii, carrying a USB drive full of thousands of top-secret documents. Last year, a 53-year-old Booz Allen contractor for the NSA named Hal Martin was arrested last year for taking 50 terabytes out of the agency over a period as long two decades. And Thursday, the Wall Street Journal reported that in 2015, a third contract employee of the NSA in as many years took home a trove of classified materials that included both software code and other information that the agency uses in its offensive hacking operations, as well as details of how it protects US systems from hacker adversaries.

That classified data, which wasn’t authorized to be removed from the perimeter of the facility where that contractor worked, was then stolen from the contractor’s home computer by Russian spies, who exploited the unnamed employee’s installation of antivirus software from Kaspersky, a Russian company. And while that revelation has raised yet another round of serious concerns and unanswered questions about Kremlin spying and the role of Kaspersky’s widely used commercial software, it also points to a more fundamental security problem for the NSA: The own-goals it has committed, as a series of its paid employees spill some of its most sensitive secrets—including its intensely guarded and dangerous hacking techniques.

While Kaspersky is one major—though possibly unintentional—culprit in this latest theft of secrets, the root cause of the breach is the deep negligence of the NSA employee who violated his security clearance by taking incredibly sensitive materials home, says Dave Aitel, a former NSA staffer who now runs the security firm Immunity Inc.

Article continues:

Why the NSA Makes Us More Vulnerable to Cyberattacks – By Bruce Schneier May 30, 2017

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims’ access to their computers until they pay a fee. Then there are the users who didn’t install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place. One could certainly condemn the Shadow Brokers, a group of hackers with links to Russia who stole and published the National Security Agency attack tools that included the exploit code used in the ransomware. But before all of this, there was the NSA, which found the vulnerability years ago and decided to exploit it rather than disclose it.

All software contains bugs or errors in the code. Some of these bugs have security implications, granting an attacker unauthorized access to or control of a computer. These vulnerabilities are rampant in the software we all use. A piece of software as large and complex as Microsoft Windows will contain hundreds of them, maybe more. These vulnerabilities have obvious criminal uses that can be neutralized if patched. Modern software is patched all the time—either on a fixed schedule, such as once a month with Microsoft, or whenever required, as with the Chrome browser.

When the U.S. government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country—and, for that matter, the world—from similar attacks by foreign governments and cybercriminals. It’s an either-or choice. As former U.S. Assistant Attorney General Jack Goldsmith has said, “Every offensive weapon is a (potential) chink in our defense—and vice versa.”

Article continues:

Yahoo ‘secretly monitored emails on behalf of the US government’ – Nicky Woolf Wednesday 5 October 2016 02.58 EDT

Company complied with a classified directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of NSA or FBI, say former employees

According to former employees, Yahoo CEO Marissa Mayer’s decision to obey the directive led to the departure of chief information security officer Alex Stamos.
According to former employees, Yahoo CEO Marissa Mayer’s decision to obey the directive led to the departure of chief information security officer Alex Stamos. Photograph: Julie Jacobson/AP

Yahoo last year secretly built a custom software program to search all of its customers’ incoming emails for specific information at the request of US intelligence officials, according to a report.

The company complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency (NSA) or FBI, two former employees and a third person who knew about the program told Reuters.

Some surveillance experts said this represents the first known case of a US internet company agreeing to a spy agency’s demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources.

Reuters was unable to determine what data Yahoo may have handed over, if any, and whether intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to the two former employees, Yahoo CEO Marissa Mayer’s decision to obey the directive troubled some senior executives and led to the June 2015 departure of the chief information security officer, Alex Stamos, who now heads security at Facebook.

Article continues:

Of Course Everyone’s Already Using the Leaked NSA Exploits – LILY HAY NEWMANw 08.24.16 1:19 PM

Last week, an anonymous group calling itself the Shadow Brokers leaked a bunch of National Security Agency hacking tools. Whoever they are, the Shadow Brokers say they still have more data to dump. But the preview has already unleashed some notable vulnerabilities, complete with tips for how to use them.

All of which means anyone—curious kids, petty criminals, trolls—can now start hacking like a spy. And it looks like they are.

Curious to learn if anyone was indeed trying to take advantage of the leak, Brendan Dolan-Gavitt—a security researcher at NYU—set up a honeypot. On August 18 he tossed out a digital lure that masqueraded as a system containing one of the vulnerabilities. For his experiment, Dolan-Gavitt used a Cisco security software bug from the leak that people have learned to fix with workarounds, but that doesn’t have a patch yet.

Within 24 hours Dolan-Gavitt saw someone trying to exploit the vulnerability, with a few attempts every day since. “I’m not surprised that someone tried to exploit it,” Dolan-Gavitt says. Even for someone with limited technical proficiency, vulnerable systems are relatively easy to find using services like Shodan, a search engine of Internet-connected systems. “People maybe read the blog post about how to use the particular tool that carries out the exploit, and then either scanned the Internet themselves or just looked for vulnerable systems on Shodan and started trying to exploit them that way,” Dolan-Gavitt says. He explains that his honeypot was intentionally very visible online and was set up with easily guessable default passwords so it would be easy to hack.

Article continues:

Former CIA head Michael Hayden on why he won’t endorse Trump or Clinton – Vice News Published on Aug 23, 2016

On August 15, General Michael Hayden, the former head of the CIA and NSA, said Donald Trump has “autocrat envy.” Hayden was one of 50 officials from past Republican administrations who signed a letter labeling Donald Trump a risk to America’s “national security and well-being.”

VICE News’ Michael Moynihan sat down with Hayden shortly after Donald Trump gave his first major policy speech about national security and counter-terrorism.

New Snowden documents prove the hacked NSA files are real – Paul Szoldra Aug 19, 2016

Edward SnowdenFormer US National Security Agency contractor Edward Snowden appears live by video during a student-organized world-affairs conference at the Upper Canada College private high school in Toronto on February 2, 2015.REUTERS/Mark Blinch

Newly released documents from former US National Security Agency contractor Edward Snowden confirm what many experts had already believed: The 234-megabyte archive of NSA hacker tools, exploits, and implants that leaked online earlier this week is real.

The key to confirming the leaked files, which was uploaded to various file-sharing sites earlier this week by a group called the “Shadow Brokers,” came in a top-secret agency manual published on Friday by Sam Biddle of The Intercept. It instructed NSA hackers on how to track their malicious software by using a 16-character string buried in the code.

The tracking string in the manual, ace02468bdf13579, also appears inside code for a software implant called “Second Date,” which was leaked as part of the archive posted earlier this week.

But that’s not the only piece of evidence that shows the leak was, in essence, a software “toolbox” for NSA hackers to target adversaries. Among other files in the archive are implants code-named Banana Glee, Jet Plow, and Zesty Leak, which were all documented in a top-secret 50-page catalog of NSA tools that was published in late 2013.

Article continues:

It Looks Like the NSA Just Got Hacked – AJ VICENSAUG. 16, 2016 4:02 PM

The hack involved some of the agency’s coolest toys.

Patrick Semansky/AP

Now it’s the National Security Agency’s turn.

The NSA, responsible for intercepting communications around the world, appears to be the latest victim of hacking, at least indirectly, according to multiple news reports. A group calling itself the Shadow Brokers released a series of files on Saturday that contained the code behind some powerful hacking tools developed by an NSA-linked group. Those tools have been used to carry out cyberattacks on other governments and private corporations across the world over the last 20 years, according to Forbes.

The Shadow Brokers released a series of files that included installation files anddescriptions of networks used for a number of different hacking tools that they claimed to have stolen from the Equation Group—the name security researchers gave to a group of hackers who deployed cyberweapons on behalf of the United States and other Western governments. This group was unmasked in early 2015 by Kapersky Labs, a Russian security research firm. The Equation Group is believed to have been affiliated with the NSA and other Western intelligence agencies, according to security researchers, and is perhaps the most wide-ranging and successful hacking group ever publicly discussed.

The NSA did not respond to requests for comment about the alleged hack.

By claiming to reveal the inner workings of the NSA, the hack is seen by some as the latest salvo between Russia and the United States, after US officials accused Russian hackers of breaking into files belonging to the Democratic National Committee and other Democratic groups and officials in an attempt to aid Republican presidential nominee Donald Trump.

The Shadow Brokers claimed they would release all the files in exchange for 1 million bitcoins (about $560 million) and posted a message in stilted English claiming to have stolen the files from the Equation Group. The message also slammed the “Elites” of the world and said the hack shows that those in control aren’t as powerful as they might think:

Article continues:

Snowden Designs a Device to Warn if Your iPhone’s Radios Are Snitching – ANDY GREENBERG 07.21.16. 9:01 AM

When Edward Snowden met with reporters in a Hong Kong hotel room to spill the NSA’s secrets, he famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras. So it’s fitting that three years later, he’s returned to that smartphone radio surveillance problem. Now Snowden’s attempting to build a solution that’s far more compact than a hotel mini-bar.

On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas. The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.

Article continues:

America’s Elite Hacking Force: CYBERWAR (Clip) – Vice News Published on Jul 14, 2016

In 2013, Edward Snowden leaked tens of thousands of classified documents, including information about a top secret NSA unit called TAO, or Tailored Access Operations. Ben Makuch speaks with a German national security reporter to learn more about this covert operation.