Tag Archive | NSA

NSA broadens funding for 4 universities to advance the science of cybersecurity

NSA broadens funding for 4 universities to advance the science of cybersecurity

The National Security Agency is expanding funding for several universities to continue scientific research into cyber security.

The intelligence agency awarded contracts to North Carolina State University, the University of Illinois Urbana-Champaign and Carnegie Mellon University in 2012 and recently announced that these three universities along with the University of Maryland would receive additional funding.

NSA’s initial 2012 funding to the three universities lasts through June 2014, reports Federal Computer Week. The most recent funding for all four universities will enable them to conduct unclassified research for one year, FCW said, adding the government then has the right to exercise two one-year option periods to continue research. Each university will receive $1 million to $2.5 million for the first year, for a total of about $8.2 million, said FCW, and results from each lablet will be published by the Science of Security Virtual Organization.

Basic research by these lablets, or small labs, will focus on five problem areas including scalability and composability, policy-governed secure collaboration, security metrics, resilient architectures, and understanding and accounting for human behavior.

The NSA, the private sector and other organizations have been pushing to develop a science of security, which is essentially a rigorous scientific foundation to help advance cybersecurity. In other words, scientific research is conducted on how security systems are designed, built, used and maintained so that security challenges can be better understood and addressed, versus an ad hoc or patchwork approach to identify and remove specific threats with limited scope.

Over the last three years, the NSA said it has funded almost 300 departments at universities to develop lablets and create a research community into the science of security.

For more:
– go to the NSA announcement

NIST drops random number generator under suspicion of NSA tampering

For those of you who don’t know, certain forms of analysis require the usage of random number generators. A basic example of this can be found in even in the most widespread of programs like Microsoft Excel.

The National Institute for Standards and Technology (NIST) has discovered weaknesses in a number generating algorithm, and it is essentially blaming the NSA for creating backdoors to these generators. Randomness is crucial for different types of analysis/modeling. If your numbers are not random, it will adversely affect your analysis. Accusations like these are not new, however. NIST will no longer be using the algorithm – the Dual Elliptic Curve Deterministic Random Bit Generator.

Another interesting tidbit from the article:

NIST advised in September against using the DUAL_EC_DRBG module, shortly after news reports based on leaks from Edward Snowden appeared to confirm earlier suggestions dating from the algorithm’s 2006 publication that the NSA inserted a backdoor into it.

 

NIST drops random number generator under suspicion of NSA tampering

Google to Obama: Leave Us Out of Your Spying Fight

Seems as though the tech giant is motivated by bad publicity. Has anyone forgotten that they were compliant in the spying?

The politics between the feds and the tech giants are fascinating.

Google to Obama: Leave Us Out of Your Spying Fight

Edward Snowden’s testimony to the European Parliament (PDF)

American intelligence defector Edward Snowden has sent a 12-page document to the European Parliament, in which he answers questions posed to him by several members. In the document he maintains that he has “no relationship” with China and Russia. In response to a question on whether he was approached by the Russian intelligence services, he responds “of course”, and continues: “Even the secret service of Andorra would have approached me, if they had had the chance: that’s their job. But I didn’t take any documents with me from Hong Kong, and while I’m sure they were disappointed, it doesn’t take long for an intelligence service to realize when they’re out of luck”.

Secondary Source.

Edward Snowden’s testimony to the European Parliament (PDF)

Report: UK spies intercept webcam pics, nudity

newstfionline:

By Raphael Satter, AP, Feb 27, 2014

LONDON (AP)—Britain’s signals intelligence division is stealing screenshots from hundreds of thousands of innocent Yahoo users’ webcam videos, according to the Guardian newspaper, which also reported that the years-long operation has swept up a huge haul of intimate photographs.

The newspaper said GCHQ has been scooping up the sensitive images by intercepting video chats such as the kind offered by Yahoo Messenger, an effort codenamed OPTIC NERVE. It’s not clear how many Yahoo users were spied on in this way. The Guardian said that in one six-month period in 2008, GCHQ intercepted the video communications of 1.8 million users, but it’s possible that the program, which the Guardian says was still active in 2012, has either grown or shrunk in scope since then.

If the program expanded, millions more could have had their video communications intercepted. Yahoo Messenger had 75 million users worldwide in late 2011, according to an estimate by digital analytics company comScore, although numbers have fallen steadily since then.

The Guardian said the documents were provided by former U.S. intelligence worker Edward Snowden, who remains in Russia after having sought temporary asylum there.

If confirmed, the newspaper’s report would represent “a whole new level of violation of our users’ privacy,” Yahoo Inc. said in a written statement. The Sunnyvale, California-based company said it was unaware of such snooping and would never condone it, calling on governments across the world to reform their surveillance practices.

Like the NSA’s collection of millions of innocent people’s phone, email, and credit card data, the webcam surveillance program was carried out in bulk, creating a massive database where the communications of hundreds of thousands of people could later be scanned by analysts for clues or patterns.

However, unlike the phone database, OPTIC NERVE also automatically downloaded the content of video communications—taking a screenshot from the video feed every five minutes, the Guardian said. One snippet of a leaked document published to the Guardian’s website appears to show that GCHQ hoped to eventually “collect images at a faster rate,” or perhaps even download all the webcam videos in their entirety.

Even at one screenshot every five minutes, material published to the Guardian’s website appeared to show U.K. analysts being deluged with X-rated footage.

“It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person,” another snippet of an intelligence document published said. It went on to say that an informal study had found that between 3 and 11 percent of all the images carried “undesirable nudity.”

The Guardian said that OPTIC NERVE was intended at least in part to identify targets using automatic facial recognition software as they stared into their computer’s webcams. But the stockpiling of sexually explicit images of ordinary people had uncomfortable echoes of George Orwell’s “Nineteen Eighty-Four,” where the authorities—operating under the aegis of “Big Brother”—fit homes with cameras to monitor the intimate details of people’s personal lives.

“At least Big Brother had the decency to install his own cameras,” British media lawyer David Banksy said in a message posted to Twitter after the revelations broke. “We’ve had to buy them ourselves.”

The collection of nude photographs also raises questions about potential for blackmail. America’s National Security Agency has already acknowledged that some analysts have been caught trawling databases for inappropriate material on partners or love interests. Other leaked documents have revealed how U.S. and British intelligence discussed leaking embarrassing material online to blacken the reputations of their targets.

GCHQ refused to answer a series of questions about OPTIC NERVE, instead returning the same boilerplate answer it has given to reporters for months.

“It is a longstanding policy that we do not comment on intelligence matters,” the agency said, insisting all its work was legal, necessary, proportionate, and subject to rigorous oversight.

Woman Wearing Google Glass Says She Was Attacked In San Francisco Bar – CBS San Francisco

It should come as no surprise that we are starting to see some public pressure against those who choose to wear Google Glasses in public. On a more subtle level, no one likes to be openly recorded, especially by some random tech geek. On a broader scale, privacy concerns, especially in light of recent revelations about NSA’s spy program, PRISM, are particularly vexing coming from a fellow citizen. This could develop a number of ways; one potential result could be that private establishments request that their patrons not use these given the nature of their clientele (as this article would suggest). These could also end up like smart phones, where the lack of owning one might serve as an inconvenience to those who do not have one.

There is also the possibility of law enforcement and other state operatives incorporating them as a tool, depending on reasonable expectations of privacy…

Woman Wearing Google Glass Says She Was Attacked In San Francisco Bar – CBS San Francisco

Striking Back: Germany Considers Counterespionage Against US – SPIEGEL ONLINE

Striking Back: Germany Considers Counterespionage Against US – SPIEGEL ONLINE

%d bloggers like this: