recentpopularlog in


« earlier   
Cyber Force Fights Training Shortfalls: NSA, IONs, & RIOT « Breaking Defense - Defense industry news, analysis and commentary
three critical specialties on a team:

1) tool developers, who write the customized code — often exquisitely tailored to the specific target — required for cyber warfare;
2) exploitation analysts, who look at the intelligence on a target network and figure out how best to attack it; and
3) Interactive On-Net (ION) operators, who probe hostile, friendly, and neutral networks for weak points.

Pentagon’s created a Cyber Excepted Service that frees them from many of the usual civil service constraints and provides an ever-growing array of incentives, including greater pay for higher skill
cybercom  nsa  cybersecurity  military  disa 
4 days ago by bwiese
Unprecedented and Unlawful: The NSA’s “Upstream” Surveillance | Just Security
The FISA Amendments Act of 2008 (FAA) — the statute the government uses to engage in warrantless surveillance of Americans’ international
Überwachung  NSA 
10 days ago by longfried
I keep reading reports that had warned the White House that Jamal Khashoggi was in danger, an…
NSA  from twitter_favs
10 days ago by andriak
как там шпионов недавно назвали?: mi3ch
Самый смешной эпизод: офицер военной разведки РФ носил с собой квитанцию такси от штаба ГРУ до Шереметьево F, чтобы потом вернуть деньги в бухгалтерии

И снова у двоих офицеров номера паспортов различаются на одну последнюю цифру. Да и выданы в один день.
russian  nsa  security  army  funny  government  fail 
17 days ago by some_hren
Linux developers threaten to pull “kill switch” – LULZ
Several users on 4chan’s technology board speculate that Theo is targeted first because he famously resisted an Intel backdoor.

There is a book, “SJWs Always Lie: Taking Down the Thought Police,” and everyone here needs to read it.
nsa  conspiracy  linux 
28 days ago by foliovision
Karel Donk's Blog » I’m very disappointed in Linus Torvalds
Using that CoC, they now appear to go after individuals in the Linux development community who pose a problem to their plans of weakening and p0wning the code. For example, one of the first people they went after using the CoC is Theodore Ts’o who resisted an Intel backdoor in Linux in the past. The “diversity”, “women-in-tech” and CoC crap is simply being used as a political attack vector to get their way.
imperialism  corruption  linux  nsa 
28 days ago by foliovision
Telegram vs NSA/GCHQ/5E: sporaw
Кстати, совсем забыл (тема - 2015 год). Человек тут один стал троллить на тему новости про "российскую сертификацию SIM-карт" и я, объясняя причину, заодно соединил с другим. NSA/GCHQ ломало Gemalto для получения доступа ко всем выпускаемым SIM-картам. Соответственно, они без проблем могут делать любые клоны любых SIM-карт в мире. А как следствие, они могут запросить подключение девайса, получить SMS на клон (вы ее не увидите, т.к. насколько я помню, и звонок и SMS приходят на последнюю активную симку в сети), и получить доступ к вашему Telegram. Даже не надо очередную операцию по взлому Павла и его команды делать (хотя для NSA, очевидно, это элементарно).

Такие дела.

И да, Gemalto, подлецы, отрицали очевидный факт.

P.S. Кстати, по идее, можно и клона не делать даже, но тогда надо "эфир" слушать и им манипулировать. Что, в общем-то, сложнее и привязка к месту физическому.
gsm  megafon  mobile  security  crypto  fail  nsa  telegram 
5 weeks ago by some_hren
How Spies Stole the Keys to the Encryption Castle
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”
gsm  megafon  privacy  mobile  security  fail  nsa 
5 weeks ago by some_hren
The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
Disconnecting Maersk’s entire global network took the company’s IT staff more than two panicky hours. By the end of that process, every employee had been ordered to turn off their computer and leave it at their desk. The digital phones at every cubicle, too, had been rendered useless in the emergency network shutdown.

On a normal day, these servers push out routine updates—bug fixes, security patches, new features—to a piece of accounting software called M.E.Doc, which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used by nearly anyone who files taxes or does business in the country

In the spring of 2017, unbeknownst to anyone at Linkos Group, Russian military hackers hijacked the company’s update servers to allow them a hidden back door into the thousands of PCs around the country and the world that have M.E.Doc installed. Then, in June 2017, the saboteurs used that back door to release a piece of malware called ­NotPetya, their most vicious cyberweapon yet.

But EternalBlue and Mimikatz together nonetheless made a virulent combination. “You can infect computers that aren’t patched, and then you can grab the passwords from those computers to infect other computers that are patched,” Delpy says.
cybersecurity  history  wired  worm  notpetya  virus  russia  ukraine  taxes  eternalblue  nsa  supplychain 
7 weeks ago by bwiese
NSA Leaker 'Reality Winner' Gets More Than 5 Years in Prison
A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison.
Reality Winner, a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, initially faced 10 years in prison and a $250,000 fine.
However, in the U.S. District Court in Augusta, Georgia on Thursday, Winner agreed to a plea agreement that called for five years and three months in prison with three years of supervision after release.
gov2.0  politics  whistleblower  NSA  crime  russia  hack  election 
8 weeks ago by rgl7194

Copy this bookmark:

to read