CBS News: NSA warns of new cyberattacks by Russian military hackers

CBS News: NSA warns of new cyberattacks by Russian military hackers. “A notorious hacking team backed by the Russian government has been exploiting a serious flaw in commonly used email software, the National Security Agency (NSA) warned Thursday, issuing a rare advisory that publicly attributed attempts to utilize the software flaw to a nation-state actor.”

Wired: Inside the NSA’s Secret Tool for Mapping Your Social Network

Wired: Inside the NSA’s Secret Tool for Mapping Your Social Network. “IN THE SUMMER of 2013, I spent my days sifting through the most extensive archive of top-secret files that had ever reached the hands of an American journalist. In a spectacular act of transgression against the National Security Agency, where he worked as a contractor, Edward Snowden had transmitted tens of thousands of classified documents to me, the columnist Glenn Greenwald, and the documentary filmmaker Laura Poitras. One of those documents, the first to be made public in June 2013, revealed that the NSA was tracking billions of telephone calls made by Americans inside the US. The program became notorious, but its full story has not been told.”

Techdirt: NSA Blew $100 Million On Phone Records Over Five Years, Generated Exactly One Usable Lead

Techdirt: NSA Blew $100 Million On Phone Records Over Five Years, Generated Exactly One Usable Lead. “The telephone metadata program the NSA finally put out to pasture in 2019 was apparently well past its expiration date. Since the initial Snowden leak in 2013, critics have argued the program needed to die since it was obviously the sort of general warrant rummaging (only without the warrant!) the founding fathers headed off with the Fourth Amendment.”

Techdirt: FBI Asks Congress To Permanently Reauthorize The Phone Record Collection The NSA Voluntarily Shut Down

Techdirt: FBI Asks Congress To Permanently Reauthorize The Phone Record Collection The NSA Voluntarily Shut Down. “The NSA may not need the phone records collection but it appears the FBI thinks it does. The easiest way for Congress to codify the program’s shut down would be to let it expire at the end of this year. FBI Director Chris Wray is hoping to prevent a do-nothing Congress from doing nothing and letting the clock run out on the metadata collection.”

New York Times: I Work for N.S.A. We Cannot Afford to Lose the Digital Revolution.

New York Times: I Work for N.S.A. We Cannot Afford to Lose the Digital Revolution. . “The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges. If anything, we run the risk of thinking too conventionally about the future. The short period of time our nation has to prepare for the effects of this revolution is already upon us, and it could not come at a more perilous and complicated time for the National Security Agency, Central Intelligence Agency, National Geospatial-Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation and the other components of the intelligence community.”

CNET: Trump administration reportedly wants to extend NSA phone surveillance program

CNET: Trump administration reportedly wants to extend NSA phone surveillance program. “The Trump administration has reportedly asked Congress to permanently reauthorize all provisions of the USA Freedom Act, including a controversial National Security Agency program that collects and analyzes records on millions of Americans’ calls and texts in an attempt to thwart terrorists.”

TechCrunch: NSA says warrantless searches of Americans’ data rose in 2018

TechCrunch: NSA says warrantless searches of Americans’ data rose in 2018. “The intelligence community’s annual transparency report revealed a spike in the number of warrantless searches of Americans’ data in 2018. The data, published Tuesday by the Office of the Director of National Intelligence (ODNI), revealed a 28 percent rise in the number of targeted search terms used to query massive databases of collected Americans’ communications.”

CNET: NSA reportedly recommends retiring phone surveillance program

CNET: NSA reportedly recommends retiring phone surveillance program. “The National Security Agency has recommended the White House abandon a controversial program that collects and analyzes data on millions of Americans’ domestic calls and texts, The Wall Street Journal reported Wednesday.”

Engadget: US could soon end mass phone surveillance program exposed by Snowden

Engadget: US could soon end mass phone surveillance program exposed by Snowden. “The US government might put an end to the controversial NSA phone surveillance program Edward Snowden exposed by the end of 2019. Republican congressional national security adviser Luke Murry revealed during a Lawfare podcast that Congress might not renew the USA Freedom Act, which authorizes the agency’s call data bulk collection, when it expires later this year. He also said that the NSA hasn’t even been using the system for the past six months, putting into question the agency’s previous claim that data collection is vital to national security.”

CBR: The NSA to Release a Free Software Reverse Engineering Toolkit

CBR: The NSA to Release a Free Software Reverse Engineering Toolkit. “The US’s National Security Agency (NSA) is releasing a software reverse engineering tool for free public use in March, in an unusual step – although the tool had already been leaked by Wikileaks as part of its Vault 7 batch of CIA leaks.”

TechCrunch: Hackers are using leaked NSA hacking tools to quietly hijack thousands of computers

TechCrunch: Hackers are using leaked NSA hacking tools to quietly hijack thousands of computers . “More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable. First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the leaked tools to create an even bigger malicious proxy network.”

Ars Technica: Unpatched systems at big companies continue to fall to WannaMine worm

Ars Technica: Unpatched systems at big companies continue to fall to WannaMine worm. “In May of 2017, the WannaCry attack—a file-encrypting ransomware knock-off attributed by the US to North Korea—raised the urgency of patching vulnerabilities in the Windows operating system that had been exposed by a leak of National Security Agency exploits. WannaCry leveraged an exploit called EternalBlue, software that leveraged Windows’ Server Message Block (SMB) network file sharing protocol to move across networks, wreaking havoc as it spread quickly across affected networks.”

Techdirt: Inspector General Says NSA Still Hasn’t Implemented Its Post-Snowden Internal Security Measures

Techdirt: Inspector General Says NSA Still Hasn’t Implemented Its Post-Snowden Internal Security Measures. “The NSA was going to make sure no one could just walk out of work with thousands of sensitive documents. It laid out a plan to exercise greater control over access and fail safe procedures meant to keep free-spirited Snowdens in check. The NSA is the world’s most powerful surveillance agency. It is also a sizable bureaucracy. Over the past half-decade, the NSA has talked tough about tighter internal controls. But talk is cheap — at least labor-wise. Actual implementation takes dedication and commitment. The NSA just doesn’t have that in it, according to a recent Inspector General’s report.”

Engadget: NSA has yet to fix security holes that helped Snowden leaks

Engadget: NSA has yet to fix security holes that helped Snowden leaks. “Edward Snowden’s success in leaking NSA data was chalked up in part to the agency’s own security lapses, so you’d think that the agency would have tightened up its procedures in the past five years… right? Apparently not. The NSA Inspector General’s office has published an audit indicating that many of the Snowden-era digital security policies still haven’t been addressed, at least as of the end of March 2018. It hasn’t correctly implemented two-person access controls for data centers and similar rooms, doesn’t properly check job duties and has computer security plans that are either unfinished or inaccurate.”

New York Times: N.S.A. Purges Hundreds of Millions of Call and Text Records

New York Times: N.S.A. Purges Hundreds of Millions of Call and Text Records. “The National Security Agency has purged hundreds of millions of records logging phone calls and texts that it had gathered from American telecommunications companies since 2015, the agency has disclosed. It had realized that its database was contaminated with some files the agency had no authority to receive.”