WikiLeaks reveals that NSA has been spying on Pakistan’s mobile networks

The US National Security Agency (NSA) has been spying on Pakistan’s mobile networks, whistleblowing organisation WikiLeaks has tweeted. “Hundreds of NSA cyber weapons variants publicly released including code showing hacking of Pakistan mobile system,” @wikileaks tweeted.

According to a report in Express Tribune on Monday, the hacker group “Shadow Brokers” released a new cache of information detailing how the NSA accessed private and public networks in other countries. A researcher on Twitter who identifies himself as ‘x0rz’ decrypted the files and uploaded them on Github, a web-based repository and internet hosting service.

“The researcher confirmed that the archives include evidence of NSA operators’ access inside the GSM network of Mobilink – one of the Pakistan’s most popular mobile services provider,” the report noted. The hacker group had previously released data suggesting the US agency may have been monitoring hundreds of IP addresses in Pakistan. The encrypted files were being decrypted by security researchers around the world.

“Shadow Brokers” had initially wanted to auction its data cache in exchange for Bitcoin but as no buyer turned up, they released the data online. This is not the first time that reports have surfaced claiming that the US NSA is snooping on other countries. According to a Daily Mail report in 2014, WikiLeaks disclosed documents that suggested the Bharatiya Janata Party (BJP) was among six political parties from around the world the NSA was authorised to conduct surveillance on for gathering foreign intelligence. The authorisation was given by a secret American court, it said.

The leak was planned months ahead of Prime Minister Narendra Modi’s visit to the US, the report claimed. Another report in the Washington Post that also came in 2014 said the US has long had broad no-spying arrangements with four countries – Britain, Canada, Australia and New Zealand – in a group known collectively as the “Five Eyes”.

“But a classified 2010 legal certification – approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowden – lists 193 countries [including India], that would be of valid interest for US intelligence,” the Post said.

Publish date: April 12, 2017 11:45 am| Modified date: April 12, 2017 11:41 am

NSA fears talent drain as low morale and worries about Trump’s leadership take toll

  01 Mar 2017 , 19:21

The National Security Agency (NSA) risks a brain-drain of hackers and cyber spies due to a tumultuous reorganization and worries about the acrimonious relationship between the intelligence community and President Donald Trump, according to current and former NSA officials and cybersecurity industry sources. Half-a-dozen cybersecurity executives told Reuters they had witnessed a marked increase in the number of U.S. intelligence officers and government contractors seeking employment in the private sector since Trump took office on January 20.

One of the executives, who would speak only on condition of anonymity, said he was stunned by the caliber of the would-be recruits. They are coming from a variety of government intelligence and law enforcement agencies, multiple executives said, and their interest stems in part from concerns about the direction of U.S intelligence agencies under Trump.

Retaining and recruiting talented technical personnel has become a top national security priority in recent years as Russia, China, Iran and other nation states and criminal groups have sharpened their cyber offensive abilities. NSA and other intelligence agencies have long struggled to deter some of their best employees from leaving for higher-paying jobs in Silicon Valley and elsewhere. The problem is especially acute at NSA, current and former officials said, due to a reorganization known as NSA21 that began last year and aims to merge the agency’s electronic eavesdropping and domestic cyber-security operations.

The two-year overhaul includes expanding parts of NSA that deal with business management and human resources and putting them on par with research and engineering. The aim is to “ensure that we’re using all of our resources to maximum effect to accomplish our mission,” NSA Director Mike Rogers said. The changes include new management structures that have left some career employees uncertain about their missions and prospects. Former employees say the reorganization has failed to address widespread concerns that the agency is falling behind in exploiting private-sector technological breakthroughs.

A former top NSA official said he had been told by three current officials that budget problems meant there was too little money for promotions. That is especially important for younger employees, who sometimes need two jobs to make ends meet in the expensive Washington D.C. area, the official said. “Morale is as low as I’ve ever seen it,” said another former senior NSA official, who maintains close contact with current employees.

Asked about the risk of losing talent from NSA and other agencies, White House spokesman Michael Anton said Trump had sought to reassure the intelligence community by visiting the CIA headquarters on his first full day in office. Anton also pointed to the military spending increase in Trump’s budget proposal released on Monday.

It will likely take more than a visit to the CIA to patch up relations with the intelligence community, the current and former officials said. Trump has attacked findings from intelligence agencies that Russia hacked emails belonging to Democratic Party operatives during the 2016 presidential campaign to help him win, though he did eventually accept the findings. In January, Trump accused intelligence agencies of leaking false information and said it was reminiscent of tactics used in Nazi Germany.

How many?

The breadth of any exodus from the NSA and other intelligence agencies is difficult to quantify. The NSA has “seen a steady rise” in the attrition rate among its roughly 36,000 employees since 2009, and it now sits at a “little less than six percent,” according to an NSA spokesman. NSA director Michael Rogers said last year that the attrition rate was 3.3 percent in 2015, suggesting a sharp jump in departures since then.

Several senior NSA officials who have left or plan to leave, including deputy director Richard Ledgett and the head of cyber defence, Curtis Dukes, have said their departures were unrelated to Trump or the reorganization. Some turnover is normal with any new administration, government and industry officials noted, and a stronger economy has also improved pay and prospects in the private sector.

“During this time the economy has been recovering from the recession, unemployment rates have been falling and the demand for highly skilled technical talent has been increasing,” an NSA spokesman said, when asked to comment on the reports of employee departures. In a statement, Kathy Hutson, NSA’s chief of human resources, said the agency continues “to attract amazing talent necessary to conduct the security mission the nation needs.”

Controversial Boss

Some NSA veterans attribute the morale issues and staff departures to the leadership style of Rogers, who took over the spy agency in 2014 with the task of dousing an international furore caused by leaks from former contractor Edward Snowden. Concern about Rogers reached an apex last October, when former Defense Secretary Ash Carter and former Director of National Intelligence James Clapper recommended to then-President Barack Obama that Rogers be removed.

The NSA did not respond to a request for comment on the recommendation last fall that Rogers be replaced. Rogers is now expected to retain his job at NSA for at least another year, according to former officials. Rogers acknowledged concerns about potential morale problems last month, telling a congressional committee that Trump’s broadsides against the intelligence community could create “a situation where our workforce decides to walk.”

Trump’s criticism of the intelligence community has exacerbated the stress caused by the reorganization at the NSA, said Susan Hennessey, a former NSA lawyer now with Brookings Institution. The “tone coming from the White House makes an already difficult situation worse, by eroding the sense of common purpose and service,” she said. A wave of departures of career personnel, Hennessey added, “would represent an incalculable loss to national security.”

Reuters

Challenges to tackle Insider threat regains focus after the arrest of former NSA contractor

  07 Oct 2016 , 14:45

The arrest of a former National Security Agency contractor for allegedly stealing classified information represents the second known case since 2013 of a government contractor being publicly accused of removing secret data from the intelligence agency. The latest case comes as the NSA has worked to reform security after the Edward Snowden disclosures, especially with regard to insider threats.

Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was arrested by the FBI in August after federal prosecutors say he illegally removed highly classified information and stored the material in his home and car. A defence attorney said Martin did not intend to betray his country.

The arrest was not made public until Wednesday when the Justice Department unsealed a criminal complaint that accused Martin of having been in possession of top-secret information that could cause “exceptionally grave danger” to national security if disclosed.

It’s not yet clear when the documents were removed. But the fact that Snowden and Martin – both working for Booz Allen Hamilton as contractors for the NSA – were accused of leaving the NSA with highly classified documents raises questions about the effectiveness and adequacy of the intelligence agency’s internal security controls. The NSA, which put security upgrades into place following the Snowden disclosures, has declined to comment.

“One key thing we don’t have visibility into now is how he was caught because that would provide some insight into whether the reforms that were put in post-Snowden were effective or not or their relative efficacy,” said Rajesh De, who was the NSA’s general counsel when the Snowden story broke. Snowden’s 2013 theft of documents that were leaked to journalists revealed the NSA’s bulk collection of millions of Americans’ phone records.

Rep. Adam Schiff of California, the senior Democrat on the House Permanent Select Committee on Intelligence, said in a statement that “it is painfully clear that the intelligence community still has much to do to institutionalise reforms designed to protect (U.S. government secrets) from insider threats.”

White House spokesman Josh Earnest said the federal government has made important changes since Snowden’s disclosures. He said the government has reduced the number of people who need security clearances by 17 percent and has enhanced the quality of background checks. Martin’s arrest appears to illustrate the difficulty of guarding against an insider threat given that employees, by virtue of their clearance level and jobs, must be

Hillary Clinton vows to respond to foreign hacking against USA

#HACKING

Image Credit: Venture Beat

  29 Sep 2016 , 14:42

Hillary Clinton is vowing anew to respond to foreign hacking the same as any other attack against the United States. When she openly blamed Russia for recent U.S. cyber break-ins, Donald Trump wondered whether to blame overseas governments or overweight hackers working from home. “She’s saying Russia, Russia, Russia, but I don’t – maybe it was. I mean, it could be Russia, but it could also be China,” Trump said during this week’s presidential debate. “It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK?”

These are the unanswered questions about how the U.S. government should defend itself after an attack in the internet age: Whether to fire back, how to fire back, and at whom? The Obama administration is still writing its rulebook. A lingering challenge involves identifying whose hands were on the keyboard: Foreign hacker spies, cyber criminals, disgruntled insiders or bored teenagers? Skilled hackers can cover their tracks, use software tools traceable to others and feign their location across borders or continents.

On Wednesday, Rep. John Conyers, D-Mich., said during a congressional hearing that it was “now the clear consensus of the intelligence community that the Russian government was behind the hack of the Democratic National Committee and not, as some suggested, somebody sitting on their bed that weighs 400 pounds.”

The White House has not officially declared Russia responsible and it’s unclear whether or when it might, since blaming Russia – with whom the U.S. is locked in a bitter dispute over fighting in Syria – would probably require plans for a response.

Clinton has raised eyebrows among some cybersecurity experts with her hawkish language on the campaign trail about retaliating with political, economic or even military means. Her aggressive policy proposal is especially notable since the State Department, which she led during President Barack Obama’s first term, traditionally has a vested interest in avoiding overt conflict since it might complicate diplomatic efforts.

“We’re going to have to make it clear that we don’t want to use the kinds of tools that we have. We don’t want to engage in a different kind of warfare. But we will defend the citizens of this country,” Clinton said during the presidential debate, when asked how she would respond to cyberattacks. For the first time, cybersecurity led the national security portion of the presidential debate, demonstrating its political stakes and the fact that the next president will shape 21st century cyberwarfare policies, setting rules about how the U.S. responds to foreign hackers.

Trump has not released an official position on cybersecurity. Clinton tackles the issue in one-and-a-half pages of her 288-page campaign book. At the debate Trump mentioned “the cyber” without detailing specifics. “We should be better than anybody else, and perhaps we’re not,” Trump said. “The security aspect of cyber is very, very tough. And maybe it’s hardly doable.”

The high-profile discussion came amid a presidential race that has been punctuated by hacks that cybersecurity firms, Democrats and the Clinton campaign have pinned on Russia, as well as multiple security breaches and data leaks. The White House is grappling over how to respond to hacking that some lawmakers have said is attempting to undermine voter confidence in the election.

“We’re in the process now, really the very early stages of developing those norms by virtue of the types of attacks we’re seeing,” said Matt Olsen, a former general counsel for the National Security Agency. Olsen said responding is a challenge: “How do you know who’s responsible for the attack (and) to what extent are the cyber actors even susceptible to the normal responses like economic or diplomatic pressure?”

Clinton’s cyber security stance tracks with work she started while at the State Department. Even back in 2010, she said countries or individuals who hack “should face consequences and international condemnation” and that “an attack on one nation’s networks can be an attack on all.” In the State Department, she created the Office of the Coordinator for Cyber Issues to deal with global diplomacy and cyber rules. “There was no other office in the world like mine when it was created five years ago,” said Christopher Painter, who’s served as the office’s coordinator since its inception. “Now we have 25 counterparts around the world and more on the way. That really indicates something that was a huge priority in foreign policy.”

But Clinton is hardly a technology expert herself, once struggling with how to operate a fax machine or connect a new iPad to Wi-Fi. And her cybersecurity record at the State Department is spotty. The FBI said there was no evidence her private email server in her home’s basement was hacked, but agents concluded that it was possible that hackers broke into her personal email account. At the end of her term as secretary, Clinton left behind an agency with one of the lowest scores in government for its compliance with a federal information security law.

Many of the most noteworthy cyberattacks – and the administration’s policy for dealing with them – occurred after Clinton left the State Department. The Obama administration has in recent years adopted a “name and shame” policy for state-sponsored hackers. It criminally charged five Chinese military officials with stealing secrets from nuclear power and solar companies and Iranian hackers with attacks on financial institutions and a small New York dam. In 2014, the U.S. publicly accused North Korea of hacking Sony Pictures and placed sanctions on the already isolated nation.

Associated Press