The NSA’s hackers have a problem. Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach.
The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations. It’s potentially the fourth large-scale incident at the NSA to be revealed in the last five years. Now, sources with direct knowledge of TAO’s security procedures in the recent past tell just how porous some of the defenses were to keep workers from stealing sensitive information.Read more
Russian hackers stole documents detailing how US agencies defend their networks against cyberattacks, how they breach foreign networks and the computer code they use to do so.
The stolen files were identified through Kaspersky security software used by an NSA contractor that had taken classified material from the NSA and saved it on his computer. The theft, discovered last spring, occurred in 2015 and those familiar with the incident told that having this information could help inform Russian officials how to protect their networks against the NSA and possibly how to break into US networks.Read more
The U.S. National Security Agency conducted targeted surveillance over the past year against 106,000 foreigners suspected of being involved in terrorism and other crimes, using powers granted in a controversial section of law that’s set to expire at the end of this year.
The number of foreigners targeted under Section 702 of the Foreign Intelligence Surveillance Act rose from 94,000 in fiscal year 2015, according to U.S. intelligence officials, who asked not to be identified discussing the information. The program lets agencies collect the content of emails and other communications from suspected foreign criminals operating outside the U.S.Read more
An international group of cryptography experts has forced the US NSA to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close US allies.
In interviews and emails, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques - those least likely to be vulnerable to hacks - to address the concerns.Read more
Before services like Spotify and Netflix proliferated, people who wanted to listen to music or watch movies online, on demand, had few legal options. Instead, they would download copies of pirated media using file-sharing technology.
In early 2004, close to 8 million people in the U.S. alone were estimated to have downloaded music through so-called peer-to-peer apps like LimeWire, eDonkey, Kazaa, and BitTorrent. While it’s difficult to measure exactly how much of the world’s internet traffic consists of people swapping files, at the time some estimates said it was approaching 40 percent.Read more
The ShadowBrokers have promised the release of NSA exploit UNITEDRAKE which remotely targets Windows machines to subscribers. This week, the threat group posted an update to the Monthly Dump service, which will now include two cache dumps every four weeks for subscribers.
The changes have been made potentially as a means to drum up extra interest for cyberattackers, government groups, or vendors which have chosen to subscribe to the service to gain access to the stolen exploits and malware samples. The September dump includes a manual for UNITEDRAKE, modular malware which remotely targets Microsoft Windows machines.Read more
Russian-speaking cyberespionage group APT28, also known as Sofacy, is believed to be behind a series of attacks last month against travelers staying in hotels in Europe and the Middle East. APT28 notably used the NSA hacking tool EternalBlue as part of its scheme to steal credentials from business travelers, according to a report released Friday by security firm FireEye.
One of the goals of the attack is to trick guests to download a malicious document masquerading as a hotel reservation form that, if opened and macros are enabled, installs a dropper file that ultimately downloads malware called Gamefish.Read more
The NSA — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page.
The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlue that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide. The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started opening itself to the world.Read more
Brace yourselves for a possible 'second wave' of massive global cyber attack, as SMB was not the only network protocol whose zero-day exploits created by NSA were exposed in the Shadow Brokers dump last month.
Although Microsoft released patches for SMB flaws for supported versions in March and unsupported versions immediately after the outbreak of the WannaCry ransomware, the company ignored to patch other three NSA hacking tools, dubbed "EnglishmanDentist," "EsteemAudit," and "ExplodingCan." It has been almost two weeks since WannaCry ransomware began to spread, which infected nearly 300,000 computers in more than 150 countries.Read more
If the NSA's leaked hacking tools had a Voltron, it would be EternalRocks. On Sunday, researchers confirmed new malware, named EternalRocks, that uses seven exploits first discovered by the National Security Agency and leaked in April by the Shadow Brokers group. Experts described the malware as a "doomsday" worm that could strike suddenly.
Earlier this month, the WannaCry ransomware plagued hospitals, schools and offices around the world and spread to more than 300,000 computers. It uses two NSA exploits that were leaked by the Shadow Brokers, EternalBlue and DoublePulsar.Read more