Showing posts sorted by relevance for query NSA. Sort by date Show all posts
Showing posts sorted by relevance for query NSA. Sort by date Show all posts

NSA Refused to Disclose Obama's Secret Cyber Security Directive

Posted by Avik Sarkar On 11/27/2012 12:33:00 am

NSA Refused to Disclose Obama's Secret Cyber Security Directive

The cyber security directive of United States President Barack Obama has been twisted a little as the National Security Agency (NSA) has refused to release details of a secret presidential directive document that would establish a broader set of standards that would guide federal agencies in confronting Cyber threats. Several experts are presuming that the cyber security directive could allow the military and intelligence agencies to operate on the networks of private companies, such as Google and Facebook. According to the last week report by Washington Post, cited several U.S. officials saying that Obama signed off on the secret cyber security order, believed to widely expand NSA’s spying authorities, in mid-October. “The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyber war and cyber terrorism,” the report states.  
The Electronic Privacy and Information Center (EPIC), filed a Freedom of Information Act (FOIA) request to make the document public because it said the measure could expand NSA’s Cyber security authority. “Transparency is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” said EPIC’s request.
EPIC said that NSA denied the request on Nov. 21 arguing that it doesn’t have to release the document because it is a confidential presidential communication and contains information that is classified “Secret” and “Top Secret” by the agency. NSA said disclosure of the order could “reasonably be expected to cause exceptionally grave damage to the national security.” The agency said EPIC could file an appeal with the NSA/Central Security Service denial and EPIC said it plans to do so. The privacy group said it is litigating similar FOIA requests with NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cyber security authority. The group called NSA a “black hole for public information about cyber security” in an official statement to Congress earlier this year. National Security Agency whistle blower William Binney said in Mid July that the U.S. government is secretly gathering information “about virtually every U.S. citizen in the country”, in “a very dangerous process” that violates Americans’ privacy.
Former President George W. Bush signed a presidential order in 2002 allowing the National Security Agency (NSA) to monitor without a warrant the international (and sometimes domestic) telephone calls and e-mail messages of hundreds or thousands of citizens and legal residents inside the United States. The program eventually came to include some purely internal controls -- but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court as the 4th Amendment to the Constitution and the foreign intelligence surveillance laws require.



-Source (GSN Magazine & Press TV)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Think Android: National Security Agency Disclosed Smartphone Strategy

Posted by Avik Sarkar On 3/06/2012 08:42:00 pm

Think Android: National Security Agency (NSA) Disclosed Smartphone Strategy
The National Security Agency has come up with a security design that currently depends on Google Android smartphones, though the NSA contends it doesn't want to be wedded to any particular smartphone operating system. But its current "Fishbowl" phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unique routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA's information assurance directorate, who spoke about the so-called "Fishbowl" project, which today focuses on voice use of smart phones.
"We wanted to use the commercial standards that are out there," said Margaret Salter, technical director in NSA's information assurance directorate. "We wanted plug and play — but that was hard." The NSA also wants interoperability in order not to be trapped in vendor ok-in, but this is turning out to be hard to achieve. Earlier in January 2012 NSA has released the first public release of the Security Enhanced (SE) Android Project, a program designed to find and plug security holes and risks in the Android flavor of Linux. SE Android is based on the NSA’s SELinux, first released in 2000.
The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, but found utter lack of interoperability across vendor products. Salter said NSA also was frustrated with the lack of interoperability in Unified Communications Systems (UCS) products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol (SIP) server for the present. NSA also switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security (TLS) with keys. This all means "the voice call is doubly encrypted," Salter said. "There's VoIP encryption and IPsec encryption."


-Source (IT World)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter & Yahoo Tightening Their Security to Prevent Eavesdropping of NSA

Posted by Avik Sarkar On 11/30/2013 03:33:00 am

Twitter & Yahoo Tightening Their Security to Prevent Eavesdropping of NSA & Other Govt Agencies 
Last month a untold and sensational story came to light, when the whistle blowers Edward Snowden unveiled one of the top secret program of NSA called called “Muscular” Former NSA contractor Snowden himself disclosed that the National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world in order to collect and snoop the private data of millions of internet users. NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video. Both Yahoo & Google said that they had never gave access to nay Govt agency to their data centers. Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.” Google’s chief legal officer, David Drummond said “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” 

 But the matter of fact is that NSA has indeed sniffed the personal & private communication of million internet users of tech giants like Yahoo and Google. To get rid of this kind of privacy breach, now the tech giants who hold the personal record and credential of mass, are tightening and enhancing their existing security system. According to Marissa Mayer, CEO of Yahoo "We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it." Yahoo also says it will encrypt all information moving between its data centers by the end of the first quarter, and it will work on getting international partners to enable HTTPS encryption in Yahoo-branded Mail services.Yahoo says it will give users an option to encrypt all data flow to and from Yahoo. "Yahoo has never given access to our data centers to the NSA or to any other government agency ever. There is nothing more important to us than protecting our users’ privacy. To that end, we recently announced that we will make Yahoo Mail even more secure by introducing https (SSL - Secure Sockets Layer) encryption with a 2048-bit key across our network by January 8, 2014." added Marissa Mayer.

Not only Yahoo, but the social networking giant Twitter, who have registered users of almost 550 million with an active user of 250 million across the globe has also taken immediate steps after this breathtaking story of spying by NSA get the spot light. Twitter is implementing new security measures that should make it much more difficult for anyone to eavesdrop on communications between its servers and users. The entire security mechanism has been taken to tighten the data privacy of its users. According to a blog post of twitter the company has implemented "perfect forward secrecy" on its Web and mobile platforms, which made eavesdropping almost impossible. "As part of our continuing effort to keep our users’ information as secure as possible, we’re happy to announce that we recently enabled forward secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com. On top of the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property. If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic." -said the blog post.

While talking about Muscular program of NSA, we would also like to remind you that couple weeks ago we came to know about 'Royal Concierge' another secret program of GCHQ & NSA to spy foreign diplomats through hotel bookings uncovered by Edward Snowden.

-Source (CIO & PC World) 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA (National Security Agency) is Searching For Good Hackers

Posted by Avik Sarkar On 8/03/2011 05:31:00 pm

 
The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”
Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.
The NSA is among the keen suitors. The spy agency plays offence and defence in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

“Today it’s cyberwarriors that we’re looking for, not rocket scientists,” said Richard “Dickie” George, technical director of the NSA’s Information Assurance Directorate, the agency’s cyber-defense side.

“That’s the race that we’re in today. And we need the best and brightest to be ready to take on this cyberwarrior status,” he told Reuters in an interview.
The NSA is hiring about 1,500 people in the fiscal year, which ends Sept. 30, and another 1,500 next year, most of them cybersecurity experts. With a workforce of about 30,000, the Fort Meade-based NSA dwarfs other intelligence agencies, including the CIA.
It also engages in cyber-spying and other offensive operations, something it rarely, if ever, discusses publicly.
But at Defcon, the NSA and other “Feds” will be competing with corporations looking for hacking talent.
The NSA needs cybersecurity experts to harden networks, defend them with updates, do “penetration testing” to find security holes and watch for signs of cyberattacks.
The NSA is expanding its fold of hackers, but George said there is a shortage of those skills. “We are straining to hire the people that we need.”

It might seem to be an odd-couple fit — strait-laced government types with their rules and missions trying to recruit hackers who by definition want to defy authorities.
George said the NSA is an environment where the hacker mind-set fits with “a critical mass of people that are just like them.”
But what about culture rifts?
“When I walk down the hall there are people that I see every day and I never know what color their hair’s going to be,” George said. “And it’s a bonus if they’re wearing shoes. We’ve been in some sense a collection of geeks for a long, long time.”
The agency has long been known for its brilliant, but sometimes eccentric, mathematicians and linguists.
Jeff Moss, a hacker known as Dark Tangent, knows something about bridging the two worlds. He founded Defcon and the companion Black Hat conference for security professionals and is now a member of the Department of Homeland Security’s Advisory Council, which advises the government on cybersecurity.
“They need people with the hacker skill set, hacker mind-set. It’s not like you go to a hacker university and get blessed with a badge that says you’re a hacker. It’s a self-appointed label — you think like one or you don’t,” Moss told Reuters.

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help

Posted by Avik Sarkar On 8/01/2012 02:10:00 am

NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help

A week ago DEFCON confirmed the presence of National Security Agency Director General Keith B. Alexander at DEFCON 20 in Las Vegas.  “I’ve spent 20 years trying to get someone from the NSA” to speak at Defcon, said Defcon founder Jeff Moss, who serves on the U.S. Homeland Security Advisory Council and is chief security officer for ICANN. Moss added “On the NSA’s 60th anniversary and our 20th anniversary this has all come together.” Here comes a double boom, Mr. Alexander not only attended the world's largest annual party but also greets Defcon the "world's best cybersecurity community" and asks for their help to secure cyberspace. Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said. Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."
Gen. Alexander congratulated the organizers of Defcon Kids, an event dedicated to teaching kids how to be white-hat hackers, and described the initiative as superb. He called 11-year-old Defcon Kids co-founder CyFi to the stage and said that training young people like her in cybersecurity is what the U.S. needs.
He encouraged hackers to get involved in the process. "We can sit on the sidelines and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them" of the best ways to go forward. "That's the real reason why I came here. To solicit your support," he said. "You have the talent. You have the expertise." The hacker community has built many of the tools that are needed to protect cyberspace and should continue to build even better ones, he said during his keynote at Defcon. He gave the example of Metasploit and other penetration testing tools. 
VOGH Reaction:-
On behalf of VOGH team I personally thanks Mr. Keith B. Alexander for his presence at DEFCON. I do believe that such approach will encourage young hackers, and will surely give them extra enthusiasm, by which in coming future we will get a better and much secured cyber space. 


-Source (PCW)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Cyber security has become one of the most sophisticated area of National security and defense, and in order to implement that Pentagon has increased their estimated expense on cyber security. And this deceleration has been made while publishing the budget late in last year. Now that implementation is getting executed as the Pentagon is moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. This confirmation has came from defense officials. The expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900, an American official said. Defense officials acknowledged that a formidable challenge in the growth of the command would be finding, training and holding onto such a large number of qualified people. The Pentagon “is constantly looking to recruit, train and retain world class cyberpersonnel,” a defense official said Sunday.
As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. Cyber Command’s connections to the NSA are also leading some officials to ask how much of the expansion will be focused domestically, especially considering the opening of the NSA’s new, $2 billion Utah Data Center, scheduled to go live later this year. An unnamed "senior defense official" said that the agency’s efforts would remain focused outside US networks, unless it were asked to assist "another agency with domestic authority, such as the FBI." There is significant overlap between Cyber Command and the NSA — until recently, some employees of the former had nsa.gov email addresses, for instance — and there is some doubt that the nascent offshoot of US Strategic Command will be able to achieve true independence under NSA Director Alexander.



-Source (NY Times, Washington Post)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

National Security Agency (NSA) Released Security Enhanced (SE) Android

Posted by Avik Sarkar On 1/17/2012 12:50:00 am


US National Security Agency (NSA) released the first public release of the Security Enhanced (SE) Android Project, a program designed to find and plug security holes and risks in the Android flavor of Linux. SE Android is based on the NSA’s SELinux, first released in 2000.
SEAndroid is the name of both a project to identify, and find solutions for, critical gaps in Android security and of a reference implementation of a security enhanced Android. The project is currently focusing its efforts on enabling SELinux functionality in the hope that it can limit the damage done by malicious apps, but hopes to widen its scope in the future.
SE Android was first publicly described at Linux Security Summit 2011. In essence, the NSA is attempting to bring the same access control and damage mitigation measures found in SELinux to the Android Open Source Project. In the Security Summit presentation, a number of known security vulnerabilities were demonstrated and tested against a version of Android running SE Android controls. All exploits failed unless specifically tailored to the particular system, and even in those cases the exploit’s effectiveness was much reduced.
SEAndroid is only available as source and is built by cloning the Android Open Source Project (AOSP) git repository, and then applying the SE Android modifications from the project’s git repository. Currently the project is builds on Fedora 16, and has built on Fedora 14 and 15. Instructions how to build for emulators and devices (specifically the Nexus S) and how to get started developing policies are available from the project’s wiki.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

China Was Responsible for RSA Hack & Military Related Intellectual Property Theft- Said NSA

Posted by Avik Sarkar On 3/29/2012 12:54:00 am

China Was Responsible for RSA Hack & Military Related Intellectual Property Theft- Said NSA

The director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Yesterday the Cyber Command commander & Director Mr. Alexander presented the testimony at Senate Hearing. He has also confirmed that not only RSA, but also large amounts of military-related intellectual property has also been stolen and yet again China was behind this attack. "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies," Alexander said, declining to go into details about other attacks. "There are some very public [attacks], though. The most recent one was the RSA exploits." The NSA director believes the US Government needs more real-time capabilities to work with the private sector to stop attacks. He explained how in one attack, the attackers were attempting to get 3GBs of data from a foreign defence contractor but the Department of Defence processes for communicating with that company were predominantly manual. He did not present any evidence for the China allegations and it is yet to be seen if there is any diplomatic fallout from his disclosures.
The attack was taken place in earlier March 2011, where hackers managed to gain access to the enterprise's servers and take sensitive data. The attackers manage to obtain data on SecurID, RSA's popular two factor authentication system. 
Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Message To NSA- They Are Not Targeting U.S. Power Grid

Posted by Avik Sarkar On 2/24/2012 10:33:00 pm

Anonymous Message To NSA- They Are Not Targeting U.S. Power Grid 
Few days ago Researchers at the Massachusetts Institute of Technology found vulnerability on  U.S. power grid cyber security system. Yesterday General Keith Alexander The head of the National Security Agency suspected that hackers from Anonymous are going to exploit the vulnerability & shutdown the entire U.S. Power Grid. Later Anonymous responded while releasing You Tube video where they have clearly stated that they are not going to hit US Power grid because thousands of people rely on electricity for everything they do; hospitals even need this electricity to save lives, and taking out the power grid would cause harm to the very people we (Anonymous) wish to protect. There is no valid reason for us to shut down the power grid, as far as we are aware. Any such predictions by the various government, security, and intelligence organizations are likely attempts to instill fear into those that don't understand this, and to discredit Anonymous as a whole.
 
Anonymous Message to the NSA:-
"Greetings NSA,
We are Anonymous.
Your statement regarding the potential future sabotage of power grids by Anonymous, disgusts us to the core, as it is clearly an attempt at fear mongering. The idea that Anonymous would shut down one of the most vital resources for it to operate, is ludicrous.
While security and intelligence organizations throughout the world attempt to depict Anonymous as a 'terrorist organization', many people understand that this same subset of Anonymous they speak of, is actually a movement for freedom. This appears to scare government organizations, to the point where they might do anything in an attempt to discredit Anonymous, and make people believe Anonymous exists solely to harm innocent people.
Are these claims and predictions an attempt to falsely accuse Anonymous of something that will happen in the future - maybe even being orchestrated by the same government organizations that are now already blaming Anonymous? Many people have warned about the sad state of the power grid infrastructure in the past, but why would we shut down our own computers and other communication tools?
Thousands of people rely on electricity for everything they do; hospitals even need this electricity to save lives, and taking out the power grid would cause harm to the very people we wish to protect.
There is no valid reason for us to shut down the power grid, as far as we are aware. Any such predictions by the various government, security, and intelligence organizations are likely attempts to instill fear into those that don't understand this, and to discredit Anonymous as a whole.
We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
For once don't expect us."



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Employing Scientific Principles For Cybersecurity Research

Posted by Avik Sarkar On 3/17/2012 11:14:00 pm

NSA Employing Scientific Principles For Cybersecurity Research

The National Security Agency (NSA) has stated a new mission to promote scientific research into computer security for use in the government. For this reason National Science Foundation called for papers for a June symposium on "moving target" research into dynamic defenses intended to constantly confuse intruders. 
Many information security professionals salivate over discovering a new attack shield, but not as many are interested or are skilled enough to apply the scientific method to their findings, said Tom Longstaff, technical director of the National Security Agency's systems behavior group. Longstaff. also said "I'm really keeping my fingers crossed that we can fill [a full day's worth of presentations],"
Data analysis is not just a problem for cyber academics. A September 2011 data collection foible at the CERN laboratory in Geneva nearly refuted Einstein's theory that nothing travels faster than the speed of light. CERN scientists reported they had identified a particle known as a neutrino that broke the light speed limit. But the journal Science last month largely debunked that discovery by finding an error in the experiment's setup: a faulty connection between a GPS unit and a computer.
Longstaff, who made his comments in a lecture at NSF's Arlington headquarters, said the physicists who mistakenly thought they had made a major breakthrough in reality performed a public service by clearly writing up and circulating their results so that others could refute them.
Cybersecurity peer reviewers are scarce, he said, because the United States has failed to train information security specialists to critically review their work. To address the science's limitations, Longstaff suggested the government fund textbooks and document the knowledge of cyber professionals who know how to practice the scientific approach. Additionally, cybersecurity students should be trained in the scientific method, said Longstaff, who also serves as chairman of Johns Hopkins University's computer science, information assurance and information systems engineering programs.


-Source (NextGov)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Director of National Security Agency Will Join DEFCON 20 Hacking Conference

Posted by Avik Sarkar On 7/24/2012 01:36:00 am

Director of National Security Agency Will Join DEFCON 20 Hacking Conference

Great news for hackers and security professionals who will attend the most awaited & the world's largest annual hacking party "DEFCON 20" in Las Vegas next week will have a rare chance to rub shoulders with the head of the U.S. National Security Agency. The Defcon 20 official page is saying that the director of the spy agency, Mr. General Keith Alexander will speak at the Defcon conference, marking the highest-level visit to date by a U.S. government official to the colorful gathering. 
The founder of Defcon and renouned hacker Mr. Jeff Moss said who is known as the Dark Tangent said "We're going to show him the conference. He wants to wander around". Still, Moss said he expect there could be some controversy over Alexander's presence among the diverse hacker crowd that attends the conference. The NSA plays both offense and defense in the cyber wars. It conducts electronic eavesdropping on adversaries, in addition to protecting U.S. computer networks.
"I expect some people will say 'You are a sellout for having someone from the NSA speak" Mossed added.
He said he's spent a decade trying to get the head of the NSA to speak at Defcon, but he never imaged it would actually happen: "To me this is really validating of the whole culture."
Defcon offers a side conference for children, Defcon Kids, which Alexander will likely visit. It also trains hackers to pick locks and has an annual contest to measure who is best at persuading corporate workers to release sensitive data over the phone. Moss said he invited federal agents to the first Defcon conference, but that they politely declined. They showed up anyway, incognito. They kept coming, in bigger numbers, sometimes in uniform. "We created an environment where the feds felt they could come and it wasn't hostile," Moss said. "We could ask them questions and they wanted to ask the hackers about new techniques."


-Source (Huffington Post)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

British Spy Agency GCHQ Performed DDoS Attack Against Anonymous -Snowden Documents Transpired

Posted by Avik Sarkar On 2/10/2014 01:49:00 am

British Spy Agency GCHQ Performed DDoS Attack Against Hacktivist Anonymous & LulzSec -Snowden Documents Transpired
While excavating the past, it was always found that cyber criminals, large hacker collective groups were the culprits for engaging voluminous denial of service attack. But this widely transfusing story get a one eighty degree reverse turn, when the former NSA contractor Edward Snowden revealed another trade secret. Recently a lurid story get spot lighted, as the whistle blower Snowden unfold yet another breathtaking stealthy  documents taken from the National Security Agency. The clandestine documents taken the mask from the so called good guys, unveiling British spy agency GCHQ had launched a secret war against the infamous hacktivist collective Anonymous and a splinter group known as LulzSec several years ago. Many of you guessed right, this was happened when Anonymous were targeting various UK companies and government websites. The documents disclose that GCHQ carried out seemingly illegal DDoS attacks against the collective, flooding their chatrooms with so much traffic that they would become inaccessible – and all with the approval of the British government. The revelations come less than a year after several LulzSec activists were jailed by a British court for carrying out similar DDoS attacks against targets including the CIA, the UK’s Serious Organized Crime Agency (SOCA), News International, Sony and the Westboro Baptist Church, among others. 
This sensational issue was made public by NBC News deferentially with the help of none other than Edward Snowden. In their exclusive report headed 'War on Anonymous: British Spies Attacked Hackers,' NBC said -The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous. According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.
The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder -- and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms. 
The existence of JTRIG has never been previously disclosed publicly. The documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites. In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites. 
As soon as this story getting all the spot lights, immediately the GCHQ responded to this saying all their movements and operations were lawful“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.” -GCHQ said the press. To know more detail about this story, don't forget to stay tuned with VOGH



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Team Ghost Exposed Secrete Documents of DOD, NATO, NSA, Home Land Security & Many More

Posted by Avik Sarkar On 9/04/2011 03:01:00 pm


The team "Ghosts" uploaded a .Zip file containing files from Government, Military, DOD, NSA, Homeland security, NATO and many more organizations. The download itself contained 27 PDF Files, 13 Microsoft Word Files, 1 ppt File and a Text file.
The text file contains 130+ login details  for a website that had been infiltrated an hour beforehand.
www.Westdorset.org.uk

The download contained information such as forms, Top secret cover sheets and restricted and classified information about the organisation.

To download the secrete file uploaded by  Ghost click Here

Twitter Page of Team Ghost:- https://twitter.com/BlackHatGhosts
FB Page of Team Ghost:- http://www.facebook.com/TeamGhosts

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Is Suspecting That Anonymous Could Shutdown The Entire U.S. Power Grid

Posted by Avik Sarkar On 2/23/2012 07:01:00 pm

NSA Is Suspecting That Anonymous Could Shutdown The Entire U.S. Power Grid
Earlier we have covered that Researchers at the Massachusetts Institute of Technology told that U.S. power grid needs cyber security protection. Now the US Govt is suspecting that 'Hactivist' Anonymous may target this vulnerable point and shut down the entire U.S. power grid within the next two years. General Keith Alexander The head of the National Security Agency has warned- that the hacker collective group Anonymous may be able to bring about a limited national power outage through a cyber attack. In the meeting at White House has relayed his concerns. Though he has not publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyber attackers to disable or even damage computer networks. Still Anonymous has never indicated to perform cyber attack against US power grid, but in the last week they have called Operation Global Blackout, a plan to shut down the Internet on March 31. And the security experts are suspecting that while executing that attack Anon may target the US power grid.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Is Expanding Cyber-Security Program

Posted by Avik Sarkar On 8/22/2011 01:07:00 pm


The Pentagon is exploring whether to expand a pilot program that protects the networks of defense contractors to include other companies, and even those in industries that serve mainly civilians. But some private sector officials are not sure that the Defense Department should lead the effort.
Speaking at a conference in Baltimore this week, Deputy Defense Secretary William J. Lynn III said that the Defense Industrial Base (DIB) Cyber Pilot, which currently involves 20 large defense companies, is already showing signs of success. It relies on classified threat “signatures” or data that can help detect malicious code before it penetrates a network.
The signatures and other data that help detect threats are provided by the National Security Agency, which collects electronic data on foreign adversaries and operates under the auspices of the Pentagon. The signatures are loaded into devices run by the Internet service providers, including AT&T and Verizon, which provide Internet services to the companies.
The voluntary 90-day pilot, which the Pentagon said should be completed by early fall, has already shown that “it stops hundreds of signatures that we wouldn’t previously have seen,” Lynn said. “It appears to be cost-effective.”

The Pentagon has declined to give details to back up Lynn’s assertions. In an email earlier this week, Pentagon spokeswoman April Cunningham said: “We do not yet have enough information regarding the pilot to make any decisions about the success or effectiveness of the pilot.” She added: “We are not yet in a position to discuss specific metrics.”
She declined to say whether the Pentagon tested NSA’s signatures and other data against other models for effectiveness. “It is the long-standing policy of the Department of Defense not to discuss matters of operational security.”
Speaking at a conference run by the Defense Information Systems Agency, Lynn expressed significant concern “that over the past decade we’ve lost terabytes of data to foreign intruders, foreign intelligence services, to attacks on corporate networks of defense companies.” A great deal of it, he said, “concerns our most sensitive systems-- aircraft avionics, surveillance technologies, satellite communication systems, and network security protocols.”
As a result, he said, the Pentagon is considering expanding the pilot to more defense companies, and discussing with other agencies whether to “apply this same concept to other sectors, whether it’s the power sector, nuclear energy, the transportation sector or the financial sector.’’
But some officials in other industries questioned whether the Pentagon is the right leader for the effort. One concern involves privacy. NSA participation — even if tangential-- raises fears that the spy agency may at some point gain access to private citizens’ data. Defense officials have addressed that worry for now by saying that the government will not directly filter the network traffic or receive any of the captured malicious code.
Then there is the issue of who leads the initiative. The Department of Homeland Security, which is involved in the Pentagon’s cyber pilot program, is also working with other critical sectors on cyber security.
A financial services industry official, who was not authorized to speak publicly, said his industry would prefer “one point” of collaboration. That point, he said, likely would be DHS. “Let’s not have 10, 20, 30 different bilateral arrangements with each government agency and each sector,” he said. “That would result in a web of confusion.”
A telecom industry official, who also was not authorized to speak publicly, agreed: “What we would like is one consolidated government effort that we can hitch our wagons to.” 

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chinese Hackers Breached Telvent's Corporate Network & Gained Control of US Power Grid

Posted by Avik Sarkar On 9/30/2012 03:12:00 am

Chinese Hackers Breached Telvent's Corporate Network & Gained Control of US Power Grid

Telvent - the maker of power-grid control systems and smart meters and whose software and services remotely administers and monitor large sections of the US energy industry has began warning its customers about a sophisticated hacker attack originated from China. Telvent, a division of Schneider Electric, has admitted hackers breached its corporate network, implanted malicious software and lifted sensitive project files. The raid spanned Telvent systems in the US, Canada and Spain, according to a letter sent to the company's customers this month. Criminals can now study the documents for vulnerabilities in the systems, and potentially devise attacks to sabotage nations' electricity distribution networks. It looks like the hackers managed to get past the company firewall and security systems. In letters sent to customers last week, Telvent Canada said the attack happened on September the 10th.
The attackers installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies. The company said it was disconnecting the usual data links between clients and affected portions of its internal networks. Meanwhile it is looking for virus or malware files. Telvent has cut data links between at-risk portions of its internal network and clients' systems as a precaution while it probes the breach. Police have been called in to investigate the attack. 
In a report The Register said -Dale Peterson, founder and chief of industrial control security specialist Digital Bond, spelled out the kinds of information present in the lifted documents. "Some project files contain the 'recipe' for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off," He told press. "If you're going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it [onto a company's control system], and they're not running what they think they're running." 

While talking about US power grid, we would like to remind you that, earlier researcher have warned about several security holes in power which could even allow an attacker to shutdown the entire system. Soon after  this story made public, National Security Agency (NSA) suspected that hacktivist Anonymous may target the Entire U.S. Power Grid. What ever such massacre did not happen, and Anon said they are not interested to hit power industry. 

 Chinese Hackers Behind Some Biggest Cyber Espionage:- 
Couple of months ago we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSAAlso in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 

The above phenomena are clearly indicating that hackers from China was directly linked and responsible for all those biggest cyber espionage. Still it is not clear that whether these cyber criminals are supported by the Govt. or not!!









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chinese Hackers Eavesdropping European Diplomats Before G20 Summit

Posted by Avik Sarkar On 12/13/2013 01:23:00 am

Researchers At FireEye Found -Chinese Hackers Snitching  Europeans Before G20 Summit 
Story of cyber espionage by Chinese hackers used to remain one of most highest pick of breakneck. Yet again another breathtaking issue of  eavesdropping by Chinese hackers get spot light, when  California-based renounced computer security firm FireEye Inc have figured out that a group of Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis. From the detailed analysis we came to know that the hackers have infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as "US_military_options_in_Syria," which sells virus fighting technology to companies. Whenever the targeted recipients opened those documents, they loaded malicious code on to their personal computers. Researchers of FireEye said that they were able to monitor the "inner workings" of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems for about a week in the late August. But suddenly they lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia
Though the company has declined in open press to identify the nations whose ministries were hacked, although it said they were all members of the European Union. But FireEye informed the FBI about the whole issue in details. FireEye also confirmed that the hackers where from China, but they did not find evidence which may link those hackers to the Chinese government. Not surprisingly and obviously like earlier the Chinese government has distanced itself from any claim that it might have hacked foreign governments for data. FireEye also successfully monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain. The researchers had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group "Ke3chang," after the name of one of the files it uses in one of its pieces of malicious software"The theme of the attacks was U.S. military intervention in Syria," said FireEye researcher Nart Villeneuv. 
On reaction Chinese Foreign Ministry spokesman Hong Lei said- "U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible," 
While talking in this story of Chinese eavesdropping, I also want to dig some points from decent parts where we all became very habituated of seeing Europe & U.S. countries blaming China for engaging cyber attacks; and China also do the same for accusing U.S. like vice versa. I am reviving your memories of last few years where If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile websites and organization of U.S. including New York TimesTwitterNBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power Grid. Also in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of CommerceSatellite System of U.SNortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor MitsubishiJapan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.  

Before I conclude, I request you to closely look at the above mentioned stories, you will find China majorly responsible for eavesdropping & security breach. On the same side China also been effected by the same way. So in conclusion, we cant put a full stop in this chain of cyber attacks, hackingeavesdropping, as it comes from both end. So this exciting episode will be continued like it does. If you want to stay updated then don't forget to stay tuned with VOGH



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search