• German IT industry hopes to benefit from NSA leaks-inspired distrust of U.S. tech companies

    The German IT sector is hoping to benefit from trust lost in American technology firms in the aftermath of Edward Snowden’s leaks. The German government is looking to develop Internet security initiatives, with government departments vying with each other for a lead role. Both inside and outside the German government a proposal, known as “Schengen Routing,” is advanced which calls for data originated in Europe to be processed and stored within Europe. Critics warn that plans to create a European routing system could affect the openness of the Internet.

  • The “Mask": Kaspersky Lab discovers advanced global cyber-espionage operation

    Kaspersky Lab’s security researchers have announced the discovery of the Mask (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes the Mask special is the complexity of the toolset used by the attackers. This includes a sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions, and possibly versions for Android and iOS (iPad/iPhone). The primary targets are government institutions, diplomatic offices and embassies, energy, oil, and gas companies, research organizations and activists. Victims of this targeted attack have been found in thirty-one countries around the world.

  • Snowden’ leaks derailed important cybersecurity initiatives

    Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).

  • Rep. Rogers, House Intelligence chair: Russian intelligence may have helped Snowden

    Representative Mike Rogers (R-Michigan), chairman of the House Intelligence Committee, said that Russia may have helped the former NSA contractor Edward Snowden to reveal details of surveillance programs and escape U.S. authorities last year. Rogers said he could reveal evidence which would support his claims, but suggested Snowden “used methods beyond his technical capabilities” and had help with his travel arrangements. Rogers’s comments were backed by Michael McCaul (R-Texas), chairman of the House Committee on Homeland Security. Senator Diane Feinstein (D-California), chair of the Senate Intelligence Committee, asked whether he was aided by the Russians, said: “He may well have.”

  • Obama announces reforms of U.S. intelligence data collection practices

    President Barack Obama on Friday called for a “new approach” by the U.S. intelligence community to the collection of Americans’ phone metadata. The major changes in current practices involve storage of and access to bulk metadata; the presence of a public advocate during FISA court deliberations; new privacy protections for non-Americans; and new restrictions on spying on leaders of allied countries. Obama offered a robust defense of the U.S. intelligence services, saying that there was no evidence they had abused their power, and that many of their methods were necessary to protect Americans. “We will not apologize simply because our services may be more effective,” he said. The president pointedly noted that some countries that “have loudly criticized the NSA privately acknowledge that America has special responsibilities as the world’s only superpower . . . and that they themselves have relied on the information we obtain to protect their own people.”

  • NSA’s bulk collection programs’ contribution to thwarting terrorism minimal: study

    There are two questions about the NSA’s bulk information collection programs: are these programs legal? Are they effective? On the second questions, supporters of the programs say these surveillance measures are essential, and as proof they claim these programs helped thwart more than fifty potential terrorist attacks in more than twenty countries around the world. A new in-depth analysis shows, however, that these claims are overblown and even misleading. The study of 225 individuals recruited by al-Qaeda, or a like-minded group, or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal.

  • U.S. refuses a bilateral no-spy agreement with Germany

    The United States has refused to enter into a bilateral no-spy agreement with Germany, and has refused to rule out eavesdropping on calls of German political leaders in the immediate future, according to reports in the German press. It now appears that hopes in Germany that the United States would agree to a bilateral non-spying pact — similar to agreements between the United States and Britain, Canada, Australia, and New Zealand — have been dashed.

  • CIA sued over records surrounding the 1962 arrest of Nelson Mandela

    Ryan Shapiro, a Massachusetts Institute of Technology (MIT) Ph.D. candidate, filed a lawsuit yesterday (Tuesday) against the Central Intelligence Agency (CIA) over the spy agency’s failure to comply with his Freedom of Information Act (FOIA) request for records on the late Nelson Mandela. Shapiro wants to know why the CIA viewed Mandela as a threat to American security, and what actions the agency took to thwart Mandela’s efforts to advance racial justice and democracy in South Africa.

  • Declassified documents strongly argue for keeping NSA programs secret

    On Saturday, James Clapper, the Director of National Intelligence, declassified a set of ten court documents which show that both the Bush and Obama administrations assert that that some of the more sensitive NSA surveillance programs should be kept secret. The administration declassified the documents following a court order related to two lawsuits filed the Electronic Frontier Foundation. The Bush and Obama administration strenuously reject the EFF’s charge that they were running a “dragnet surveillance.” Both administrations contend that the collection programs with explicit limits and minimization procedures which effectively protected the Constitutional rights of Americans.

  • Cold War to cyber war, here’s how weapon exports are controlled

    It was reported last week that the U.K. government is pushing for new restrictions on software — in particular, on tools that would prevent surveillance by the state. This was the focus of negotiations to incorporate cyber security technologies into the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Wassenaar was born of the Cold War in 1996. The idea was to inhibit the Soviets (and Chinese) by preventing the export of military equipment and the technology that could be used to make, maintain or defeat that equipment. The push to include cybersecurity in Wassenaar negotiations is unlikely to be effective but will reassure nervous politicians and officials.

  • James Bond drank too much to perform at the level depicted in books, movies

    A detailed examination of James Bond’s books shows that Bond’s weekly alcohol intake is over four times the recommended limit for an adult male, putting him at high risk of several alcohol related diseases, such as alcoholic liver disease, cirrhosis, impotence, and alcohol-induced tremor, and an early death. The medical team concluded that it would not be realistic to expect Bond to have the capacity to perform (in all aspects of life) at his high level of alcohol intake.

  • NSA planted sleeper malware in 50,000 computer networks

    The NSA has planted 50,000 sleeper malware packages – in effect, digital sleeper agents – in more than 50,000 computer networks around the world. The agents, controlled by the NSA’s Tailored Access Operations (TAO) unit, can be activated on command to harvest information of cause disruption. To plant the digital agents, the NSA employed methods typically used by Internet scammers and fraudsters.

  • Airport scanner vendor failed to disclose use of Chinese components

    Recently TSA cancelled a $60 million contract with Rapiscan Systems, a manufacturer of anatomically revealing airport security scanners, after Rapiscan was found to be using unapproved Chinese components in its scanners – and failing to disclose this fact to TSA. Rapiscan, in bidding on the contract, submitted a list of U.S.-made components used in the scanners to the agency, as required by law. After the company received an approval of that list – and the $60 million contract – it ordered the same components from a Chinese company — the Shanghai Advanced Non-Destructive Testing – instructing the Chinese company to label the Chinese-made components with the same part numbers as the originally approved, U.S.-made components, apparently in an effort to make it more difficult for TSA inspectors to notice the illegal switch. Members of the House Homeland Security Committee, charging that the use of Chinese components made the machines susceptible to sabotage, disruption, or spying, want to know whether TSA was aware of Rapiscan’s shenanigans.

  • U.S., U.K. intelligence worried about Snowden’s “insurance policy” cache

    Edward Snowden has so far released about 500 of the classified documents he secretly downloaded while working for an NSA contractor. Source familiar with the case say he had downloaded between 50,000 and 200,000 classified NSA and British government documents. Those close to him suggest that in addition to continuing a steady release of secret documents over the next two to three years, the potentially most damaging information he obtained, information which includes the names of thousands of intelligence agents and informers employed by the United States and its allies, is kept in a secret cache as an insurance policy against arrest or physical harm.

  • Surveillance programs prompt start-up entry into privacy protection market

    Revelations of the surveillance programs of the National Security Agency(NSA) and the U.K. Government Communications Headquarters(GCHQ) have sparked technical innovations, legal challenges, and pursuits of political reforms in the United States and Britain. While some established providers of secure e-mails have bowed out, new companies are moving in to offer consumers protection from prying.