Mediaboss Marketing

It appears the NSA hasn't learned much since Ed Snowden left with several thousands of its super-secret documents. Agency officials were quick to claim the leaks would cause untold amounts of damage, but behind the scenes, not much was being done to make sure it didn't happen again.

A Defense Department Inspector General's report obtained via FOIA lawsuit by the New York Times shows the NSA fell short of several security goals in the post-Snowden cleanup. For an agency that was so concerned about being irreparably breached, the NSA still seems primed for more leakage. Charlie Savage reports:

The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Departments inspector general completed in 2016. The report was classified at the time and made public in redacted form this week in response to a Freedom of Information Act lawsuit by The New York Times.

The agency also failed to meaningfully reduce the number of officials and contractors who were empowered to download and transfer data classified as top secret, as well as the number of privileged users, who have greater power to access the N.S.A.s most sensitive computer systems. And it did not fully implement software to monitor what those users were doing.

Let's not forget the NSA wants to be engaged in ensuring the cybersecurity of the nation. It's repeatedly asked for more power and a better seat in the CyberWar room. But it doesn't even take its OWN security seriously. The NSA told its oversight it was engaging in 40 "Secure the Net" initiatives, directly after the first Snowden leak. Two years later, it told Congress it had completed 34 of 40 STN initiatives. The term "completion" apparently has multiple definitions, depending on who's using the word. The IG sampled only seven of the initiatives and found four were mostly done and three were nowhere near completed. Extrapolating from the sampling, it's safe to assume the NSA's internal security efforts are only slightly more than half-baked.

The three the NSA failed to implement are of crucial importance, especially if it's looking to keep its in-house documents safe at home. From the report [PDF]:

NSA officials did not effectively implement three PRIVAC [Privileged Access]-related STN initiatives:

- fully implement technology to oversee privileged user activities;

- effectively reduce the number of privileged users; and

- effectively reduce the number of authorized DTAs [Data Transfer Agents].

First off, the NSA -- prior to the Snowden leaks -- had no idea how many users had privileged access. Post-Snowden, things hardly improved. Considering the tech capabilities of the agency, it's incredibly amusing to see how the NSA "tracked" privileged users.

NSA officials stated they used a manually kept spreadsheet, which they no longer had, to identify the initial number of privileged users.

Pretty much useless, considering this number the NSA couldn't verify (thanks to its missing spreadsheet) was supposed to be used to establish a baseline for the planned reduction in privileged users. Despite missing this key data, the NSA moved ahead, "arbitrarily revoking access" and asking users to reapply for privileged status. It then reported a reduction by citing the number of users it denied restoration of access privileges. It did not factor in any new users it granted privileged access to or tally up the number of accounts it never bothered to revoke.

As the fully-redacted chart presumably points out (according to the text above it), the NSA had a "continued and consistent increase in the number of privileged users once the [redacted] enrollment process began."

The NSA also claimed it had reduced the number of DTAs. And again, the NSA had no receipts.

Although repeatedly requested, NSA officials could not provide supporting documentation for the total number of DTAs before and after the purge or the actual number of users purged.

The NSA's objectively-terrible internal controls (again) ensured no number could be verified.

NSA did not know how many DTAs it had because the manually kept list was corrupted during the months leading up to the security breach.

The NSA handled these missing numbers the same way it had privileged users: it made up a new baseline, arbitrarily decided it could show a downtrend in DTAs, and delivered this as "proof" of another completed security initiative.

The report points out repeatedly the NSA's failure to provide documentation backing its STN claims -- either from before the initiatives took force or after they supposedly hag been completed. The IG's comments note the NSA's response to the report ignored its detailed description of multiple failures in order to spin this as a "win" for the agency.

Although the Director, Technology Directorate NSA/CSS Chief Information Officer, agreed, he did not address all the specifics of the recommendation. Therefore, we request that the director provide additional comments on the final report that identify specific actions NSA will take.

Here's how the NSA portrayed the report's findings:

While the Media Leak events that led to Secure the Net (STN) were both unforeseen and serious, we consider the extensive progress we made in a short time to be a "good news" story.

Sure, if you consider a half-done job securing NSA assets to be "good news," rather than just an ongoing series of security holes left halfway unplugged while agency officials testify before Congressional oversight in front of a "MISSION ACCOMPLISHED" banner backdrop.

See the article here:
Oversight Report Shows NSA Failed To Secure Its Systems Following The Snowden Leaks - Techdirt

The National Society of Accountants and their Scholarship Foundation announced this week that 30 students have been awarded this year's annual scholarships, receiving $37,950 in all.

This year's scholarships ranged from $500 - $3,000. Undergrad and graduate students were chosen based on their notable academics, leadership, activities on and off campus, career goals, and individual financial need.

These students are the best and brightest candidates working to earn accounting degrees, stated NSA Scholarship Foundation president Sharon Cook. We are pleased to support them and look forward to having them join the accounting profession.

The NSA's Scholarship Foundation has now provided over $1 million to students pursuing an accounting career since its inception in 1969.

Below are the 2017 scholarship winners, listed alongside their current universities, NSA Affiliated Organization or scholarship, and scholarship value:

For more information on the NSA's Scholarship Foundation, head to organization's site here.

Sean McCabe is a senior editor with Accounting Today.

More here:
NSA Scholarship Foundation names 2017 recipients - Accounting Today

Circa News has been covering the alleged abuses of the intelligence community against Americans. They noted how the unmasking protocol for intercepts collected by the National Security Agency changed under the Obama administration, supposedly to better catch terrorists prepping for lone wolf attacks, could open Americans up to political espionage. Then, they wrote about how the FBI may have illegally shared spy data on Americans with unauthorized parties who did not have clearance to view such information. The Foreign Intelligence Surveillance Court (FISA) wrote a ten-page ruling listing hundreds of privacy violations committed by the FBI when gathering information during the tenure of then-FBI Director James Comey. Now, a former NSA contractor has filed a lawsuit against James Comey, allegedly a covering up the illegal methods that are being used to monitor Americans and violate their constitutional privacy rights. Once again, John Solomon and Sara Carter were on the case.

The contractor Dennis Montgomery reportedly took multiple hard drives containing 600 million classified documents to prove how the intelligence community is violating Americans privacy. He was granted immunity, but the FBI never followed through. The FBI has documentation of them taking possession of the hard drives. Montgomery alleges that over 20 million Americans identities were illegally unmasked:

A former U.S. intelligence contractor tells Circa he walked away with more than 600 million classified documents on 47 hard drives from the National Security Agency and the CIA, a haul potentially larger than Edward Snowden's now infamous breach.

And now he is suing former FBI Director James Comey and other government figures, alleging the bureau has covered up evidence he provided them showing widespread spying on Americans that violated civil liberties.

The suit, filed late Monday night [June 12] by Dennis Montgomery, was assigned to the same federal judge who has already ruled that some of the NSA's collection of data on Americans violates the U.S. Constitutions Fourth Amendment, setting up an intriguing legal proceeding in the nations capital this summer.

Montgomery says the evidence he gave to the FBI chronicle the warrantless collection of phone, financial and personal data and the unmasking of identities in spy data about millions of Americans, This domestic surveillance was all being done on computers supplied by the FBI," Montgomery told Circa in an interview. "So these supercomputers, which are FBI computers, the CIA is using them to do domestic surveillance."

[]

Montgomery alleges that more than 20 million American identities were illegally unmasked - credit reports, emails, phone conversations and Internet traffic, were some of the items the NSA and CIA collected.

He said he returned the hard drives to the FBI, a fact confirmed in government documents reviewed by Circa.

As Congress wallows in Russian collusion hysteria, maybe they should also put these under the microscope since a) its more grounded in reality; and b) there appears to be an actual paper trail.

Here is the original post:
ICMYI: Former NSA Contractor Sues James Comey, Alleges Cover Up Of Spy Activities On Over 20 Million Americans - Townhall

Columbus Ledger-Enquirer

Columbus State hosts NSA-sponsored cybersecurity camp Columbus Ledger-Enquirer Columbus State University kicked off a free weeklong cybersecurity summer camp Monday, with the help of a $28,000 grant from the National Security Administration. Professors Jianhua Yang and Sumanth Yenduri, both of the university's TSYS School of ...

Continued here:
Columbus State hosts NSA-sponsored cybersecurity camp - Columbus Ledger-Enquirer

The National Security Agency is amongst the most secretive of the US intelligence agencies. It employs genius-level coders and mathematicians in order to break codes, gather information on adversaries, and defend the country against digital threats.

Unsurprisingly, the NSA has always to preferred to work in the dark. But ever since the Snowden leaks in 2013, the organization has gradually increased its public presence. A few years ago, it opened a Twitter account (in fact, it was the first profile Edward Snowden followed when he joined in 2015).

And now, its opened a Github account, and has shared several interesting code repositories under the NSA Technology Transfer Program (TTP). So far, it lists 32 different projects, although some of these are coming soon. Many arent new, either, and have been available for some time. SELinux (Security-Enhanced Linux) for example, has been part of the Linux kernel for years.

Im not surprised the NSAs taken this move. For starters, theres a long and proud tradition of technologies making their way from defense and intelligence environments to the general public. The internet is a brilliant example of that. And engaging with techies via Github is a great way to sanitize its image, and potentially recruit talent.

You can check out the NSAs page here.

Continued here:
The NSA (yes, that NSA) has a Github account now - TNW