Mediaboss Marketing

It began as routinely as any other passenger flight. At gate 15 of New York Citys JFK Airport, more than 200 men, women, and children stood in line as they waited to board a Boeing 747. They were on their way to Seoul, South Koreas capital city. But none would ever make it to their destination. About 14 hours after its departure, the plane was cruising at around 35,000 feet not far from the north of Japan when it was shot out of the sky.

The downing of Korean Airlines Flight 007 occurred on September 1, 1983, in what was one of the Cold Wars most shocking incidents. The plane had veered off course and for a short time entered Soviet airspace. At Dolinsk-Sokol military base, Soviet commanders dispatched two fighter jets and issued an order to destroy the intruder. The plane was hit once by an air-to-air missile and plummeted into the sea, killing all passengers and crew. President Ronald Reagan declared it a crime against humanity, marking the dawn of a volatile new chapter in relations between the United States and the Soviet Union. Soon, tensions would escalate to a level not seen since the Cuban missile crisis, which 20 years earlier had brought the world to the brink of nuclear war.

Sisters of a passenger on Korean Airlines Flight 007weep as a South Korean government spokesman announced that it was almost certain the jetliner had been shot down en route to Seoul on Sept. 2, 1983.

Photo: Kim Chon-Kil/AP

As the international confrontation between the two adversaries played out publicly, behind closed doors another problem which has never before been revealed was developing. The U.S. and one of its closest allies, Japan, were embroiled in a dispute involving secret surveillance. Soviet officials were flat-out denying they had any role in shooting down the jet. At a spy base on Japanese territory, however, communications had been intercepted proving the Soviet military was the perpetrator. The U.S. wanted to obtain copies of the tapes but had to first receive approval from the head of a shadowy Japanese surveillance organization known as the G2 Annex.

After some bureaucratic wrangling, the Japanese eventually signed off on the release and the highly sensitive recordings were sent to Washington. From there, the tapes were forwarded to New York City, where U.S. Ambassador Jeane Kirkpatrick brought them to the United Nations headquarters in Manhattan. On September 6 just five days after the Korean Airlines jet was shot down Kirkpatrick attended a meeting at the U.N. Security Council where she blasted the Soviet Union for telling lies, half lies and excuses about its involvement in the downing of the plane. She then proceeded to play the copy of the intercepted conversations, stating that the evidence was being presented in cooperation with the government of Japan.

The case Kirkpatrick put forward against the Soviets was irrefutable and damning. But Japans spying capabilities had now been exposed and the countrys officials were not pleased about it. The G2 Annex received new orders limiting its cooperation with the U.S., which affected the NSAs relationship with its Japanese counterparts for the better part of a decade, at least until the Cold War ended in the early 1990s.

The details about the Korean Airlines case are revealed in classified National Security Agency documents, obtained by The Intercept from the whistleblower Edward Snowden. The documents, published Monday in collaboration with Japanese news broadcaster NHK, reveal the complicated relationship the NSA has maintained with Japan over a period of more than six decades. Japan has allowed NSA to maintain at least three bases on its territory and contributed more than half a billion dollars to help finance the NSAs facilities and operations. In return, NSA has kitted out Japanese spies with powerful surveillance tools and shared intelligence with them. However, there is a duplicitous dimension to the partnership. While the NSA has maintained friendly ties with its Japanese counterparts and benefited from their financial generosity, at the same time it has secretly spied on Japanese officials and institutions.

The NSA declined to comment for this story.

View of the radioactive plume from the bomb dropped on Nagasaki, as seen from 9.6 kilometers away, in Koyagi-jima, Japan, on Aug. 9, 1945.

Photo: Hiromichi Matsuda/Nagasaki Atomic Bomb Museum/Getty Images

On August 14, 1945, Japan announced its unconditional surrender just days after U.S. Air Force planes dropped two atomic bombs on the cities of Nagasaki and Hiroshima, killing more than 100,000 people. The war was over, but as part of the peace agreement, Japan agreed to U.S. military occupation. American forces led by Gen. Douglas MacArthur drafted a new Japanese constitution and reformed the countrys parliamentary system. In April 1952, Japans sovereignty was restored, but the U.S. continued to maintain a major presence in the country and that is where the NSAs story begins.

According to the agencys documents, its relationship with Japan dates back to the 1950s. NSAs presence in the country was for many years managed out of a cover office in the Minato area of downtown Tokyo, within a U.S. military compound called the Hardy Barracks. From there, NSA maintained close relations with a Japanese surveillance agency that it refers to as Japans Directorate for Signals Intelligence, or SIGINT.

At first, the NSA appears to have kept a low profile in Japan, concealing details about its presence and operating undercover. But as its relationship with the country developed, that changed. By 2007, the agency had determined that cover operations are no longer required and it relocated its main office in Japan to a space within the U.S. Embassy in Tokyo. NSAs partnership with Japan continues to grow in importance, the agency noted in a classified October 2007 report, adding that it planned to take the country to the next level as an intelligence partner with the U.S.

Beyond Tokyo, NSA has a presence today at several other facilities in Japan. The most important of these is located at a large U.S. airbase in Misawa, about 400 miles north of Tokyo. At what it calls its Misawa Security Operations Center, the agency carries out a mission under the code name LADYLOVE. Using about a dozen powerful antennas contained within large golf ball-like white domes, it vacuums up communications including phone calls, faxes, and internet data that are transmitted across satellites in the Asia-Pacific region.

Army Lt. Gen. Keith Alexander, former director of the National Security Agency, reviews his notes while testifying on Capitol Hill in Washington on May 1, 2007.

Photo: Haraz N. Ghanbari/AP

As of March 2009, Misawa was being used to monitor over 8,000 signals on 16 targeted satellites, one NSA document noted. At the same time, the agency was working on beefing up the spy hubs systems, so that it could meet a challenge set by then-Director Keith Alexander to collect it all meaning, to sweep up as many communications as possible. Misawas NSA employees responded to Alexanders call by developing technology to automatically scan and process more satellite signals. There are multitude of possibilities, one Misawa-based NSA engineer reported, predicting that the base would soon be one step closer to collecting it all.

Strategically, Japan is one of the NSAs most valuable partners. Because of its close proximity to major U.S. rivals like China and Russia, it has been used as a launching pad to spy on those countries. But NSAs operations in Japan are not limited to monitoring the communications of nearby adversaries. At Misawa, the NSA deployed programs called APPARITION and GHOSTHUNTER, which pinpoint the locations of people accessing the internet across the Middle East and North Africa. NSA documents detailing GHOSTHUNTERs deployment at the NSAs British base Menwith Hill state the program was used to facilitate lethal strikes, enabling a significant number of capture-kill operations against alleged terrorists. One November 2008 document noted that Misawa had proved particularly useful in tracking down terror suspects in Afghanistan and Pakistan, and was also being used in an effort to identify targets in Indonesia.

Over the past decade, the NSAs tactics have evolved dramatically and it has rolled out new and more controversial methods. By 2010, with the internet surging in popularity, the agency was continuing to focus on long-established spying tactics like eavesdropping on phone calls, but it was increasingly adopting more aggressive methods, such as hacking into its targets computers.

At Misawa, the NSA began integrating hacking operations into its repertoire of capabilities. One such method it deployed at the base is called a Quantum Insert attack, which involves monitoring the internet browsing habits of people targeted for surveillance, before covertly redirecting them to a malicious website or server that infects their computers with an implant. The implant then collects data from the infected computer and returns it to the NSA for analysis. If we can get the target to visit us in some sort of web browser, we can probably own them, an NSA employee claims in one document describing the hacking techniques. The only limitation is the how.

U.S. Marine Corps MV-22 Osprey aircraft sit on the tarmac at U.S. Marine Corps Air Station Futenma on Okinawa Island, Japan, on May 19, 2015.

Photo: Hitoshi Maeshiro/EPA/Redux

The Yokota Air Base, another U.S. military facility, sits at the foothills of Okutama mountains near the city of Fussa. The base is about a 90-minute drive west from central Tokyo and houses more than 3,400 personnel. According to the U.S. Air Force, Yokotas function is to enhance the U.S. deterrent posture and, if necessary, provide fighter and military airlift support for offensive air operations. But it also serves another, more secret, purpose.

NSA documents reveal that Yokota is home to what the agency calls its Engineering Support Facility, which supplies equipment used for surveillance operations across the world. In 2004, the agency opened a major new 32,000 square foot building at the site about half the size of a football field for the repair and manufacture of surveillance antennas it said would be used in places like Afghanistan, Korea, Thailand, the Balkans, Iraq, Central and South America, and Cyprus. The construction cost $6.6 million, which was paid almost entirely by the government of Japan, a July 2004 NSA report stated. Within the facility, Japan would finance the staff as well, the report noted, including seven designers, machinists, and other specialists, who were collectively receiving salaries worth $375,000.

About 1,200 miles southwest of Yokota is the NSAs most remote Japanese spying station, located on the island of Okinawa at a large U.S. Marine Corps base called Camp Hansen. It, too, has greatly benefited from a massive injection of Japanese money. In the early 2000s, NSA constructed a state-of-the-art surveillance facility on the island, paid for in full by Japan at a cost of some $500 million, according to the agencys documents. The site was carved out of a dense, hilly area called Landing Zone Ostrich that the Marines had previously used for jungle training. The facility, built to include an antenna field for its spying missions, was designed to be low profile, blending in with the landscape. It replaced a previous spy hub NSA had maintained on Okinawa that the islands Japanese residents had complained was unsightly. The role of the remote eavesdropping station is to collect high-frequency communications signals as part of a mission called STAKECLAIM. The NSA does not appear to have a large number of employees stationed on the island; instead, it remotely operates the Okinawa facility from a 24-hour collection operations center in Hawaii.

Hiroshi Miyashita, a former Japanese government data protection official, told The Intercept that Japans funding of U.S. intelligence activities is withheld from public disclosure under a state secrecy law, which he criticized. Its our money Japanese taxpayers money, he said. We should know how much was spent for intelligence activities in Japan. Miyashita, now an associate professor at Chuo University in Tokyo, said it was his understanding that NSA operates in the country outside Japans legal jurisdiction due to an agreement that grants U.S. military facilities in Japan extraterritoriality. There is no oversight mechanism, Miyashita said. There is limited knowledge of activities within the bases.

Members of the U.S. Marine Corps test fire M110 rifles at Camp Hansen in Okinawa Prefecture on Jan. 12, 2011.

Photo: Kyodo/AP

As recently as 2013, the NSA claimed to maintain robust working relations with its Japanese counterparts. The agency has two surveillance partners in Japan: the Directorate for SIGINT, and the Japanese National Police Agency. Japan has collaborated closely with the NSA on monitoring the communications of neighboring countries, and it also appears to rely heavily on U.S.-provided intelligence about North Korean missile launches. As of February 2013, the NSA was increasingly collaborating with its Japanese counterparts on cybersecurity issues. And in September 2012, Japan began sharing information with the NSA that could be used to identify particular kinds of malicious software being used by hackers. This was the first time the country had shared this kind of data and the NSA viewed it as highly valuable, potentially leading to the prevention or detection of hacking attacks on critical U.S. corporate information systems.

In return, the NSA has provided Japanese spies with training, and it has also furnished them with some of its most powerful spying tools. An April 2013 document revealed that the NSA had provided the Japanese Directorate for SIGINT with an installation of XKEYSCORE, a mass surveillance system the NSA describes as its widest reaching for sweeping up data from computer networks, monitoring nearly everything a typical user does on the internet.

Igeta Daisuke, a Japanese lawyer who specializes in civil liberties cases, said that the XKEYSCORE revelation was very important for the country. The Japanese governments use of the system could violate Japans Constitution, which protects privacy rights, Daisuke told The Intercept. He added that Japan has a limited legal framework covering surveillance issues, largely because the scope of the governments spying has never before been disclosed, debated, or ruled upon by judges. Japanese citizens know almost nothing about Japanese government surveillance, said Daisuke. It is extremely secret.

The Japanese governments defense ministry, which oversees the countrys surveillance capabilitites, declined to comment.

The Bank of Japan building in Tokyo on July 14, 2006.

Photo: Kazuhiro Nogi/AFP/Getty Images

The NSA works with a diverse range of counterparts in countries across the world from the United Kingdom and Sweden to Saudi Arabia and Ethiopia. But the agencys partnership with Japan is one of its most complex and seems tainted by a degree of distrust, highlighted by the dramatic aftermath of the Korean Airlines incident in 1983.

In a November 2008 document, one of NSAs then most senior officials in Japan offered an insight into the relationship. He described the Japanese as very accomplished at conducting signals intelligence but lamented that they were excessively secretive. The countrys spies were still caught in a Cold War way of doing business, the official wrote. They treat SIGINT as a special-access program the most sensitive program they have. The result is that they are rather stove-piped, somewhat like NSA was 10-or-more years ago.

The NSA participates in a group called the SIGINT Seniors Pacific, which has included surveillance agencies from Australia, Canada, the United Kingdom, France, India, New Zealand, Thailand, South Korea, and Singapore. The group keeps tabs on security issues in the Asia-Pacific region issues of great interest to Japan, given its geographic location. Yet the country refused to join the meetings. Japan was the only nation who was actually offered membership but turned it down, wrote one NSA employee in a March 2007 document. At the time, Japan expressed concerns that unintended disclosure of its participation would be too high a risk and had other reasons as well.

Some of the difficulties have directly impacted the NSAs operations. According to the agencys documents, for many years Japan participated in a surveillance program called CROSSHAIR, which involved sharing intelligence gathered from high-frequency signals. However, in 2009, the country abruptly ceased its participation in the program.

Four years later, the issue was still causing NSA concern. Ahead of a February 2013 meeting the agency had scheduled with the deputy director of Japans Directorate for SIGINT, it prepared a briefing document that outlined the CROSSHAIR problem and warned of a potential landmine associated with the discussions. In the past, the partner has mistakenly perceived that NSA was trying to force [the Directorate for SIGINT] to use U.S. technical solutions in place of their own, the memo stated. When this occurred, the partner reacted in a strong, negative manner.

But while NSA employees may walk on eggshells with Japan during face-to-face meetings, they have taken a different approach on a covert level. An NSA document from May 2006 indicated that a division of the agency called Western Europe and Strategic Partnerships was spying on Japan in an effort to gather intelligence about its foreign policy and trade activities. Moreover, as of July 2010, the NSA had obtained domestic court orders enabling it to conduct surveillance on U.S. territory of Japanese officials and the Bank of Japan, which has offices in Washington, D.C., and New York City.

The NSAs covert eavesdropping operations give it an insight into the Japanese governments private negotiations and dealmaking. As was the case in late May 2007, during a secret meeting at the luxury Hotel Captain Cook in downtown Anchorage, Alaska.

Delegates from more than 70 countries listen to proceedings during the International Whaling Commission meeting in Anchorage, Alaska, on May 29, 2007.

Photo: Michael Conti/AFP/Getty Images

The 59thannual gathering of the International Whaling Commission was being held in the hotel and Japan was lobbying to end a moratorium preventing countries from hunting whales for commercial purposes. U.S. officials supported maintaining the moratorium and called in the NSA to help spy on Japans representatives ahead of a crucial vote. The agency worked with its New Zealand counterparts to conduct the surveillance. New Zealand had the target access, and collected and provided insightful SIGINT that laid out the lobbying efforts of the Japanese and the response of countries whose votes were so coveted, noted an NSA document from July 2007, which outlined the operation.

One morning into the four-day gathering, at 7 a.m., an NSA employee arrived in a taxi at the agencys Alaska Mission Operations Center, a 20-minute drive from the hotel. She collected printed copies of the intelligence that had been gathered from the Japanese communications. She then returned to the hotel with the information stored in a locked bag, and brought it to a private conference room in the hotel. There, the material was shared with two U.S. delegates from the Department of Commerce, two officials from the State Department, two representatives from New Zealand, and one from Australia. The officials read the material in silence, pointing and nodding while they studied it.

The 77-member commission voted at the meeting to allow aboriginal whaling for indigenous people in the U.S., Russia, and Greenland. Japan put forward a proposal that it should be permitted to hunt minke whales for similar reasons, claiming that doing so has been part of its culture for thousands of years. But it failed in its efforts; at the end of proceedings in Anchorage, the moratorium stood and Japan was not granted any special exemptions.

Japans representatives were furious and threatened to quit the commission altogether. This hypocrisy leads us to seriously question the nature by which Japan will continue participating in this forum, complained Joji Morishita, Japans deputy whaling commissioner. As far as NSA was concerned, however, it was a job well done. Whatever intelligence the agency had gathered during the meetings the specifics of which are not revealed in the document it had apparently helped sway the vote and scupper Japans plans. Was the outcome worth the effort? The Australian, New Zealand, and American delegates would all say yes, noted one agency employee who was involved in the covert mission. I believe the whales would concur.

Documents published with this article:

Top photo: US Secretary of Defense Leon Panetta delivers a speech after arriving at the Yokota airforce base in Tokyo on October 24, 2011.

Read more:
Japan Made Secret Deals With the NSA That Expanded Global ... - The Intercept

It was August 2004 in New York City and President George W. Bush was in town, attending the Republican National Convention at Madison Square Garden. Thousands of protesters were out in the streets in the sweltering summer heat, carrying placards emblazoned with slogans like Push Bush Out The Door and The War on Terror is A Lie. As the demonstrations rumbled on outside, the National Security Agency was getting to work on an unusual operation.

The agency, which mostly focuses on vacuuming up communications and monitoring events in foreign countries, had been drafted in to provide surveillance support to other federal agencies. A month earlier, in late July 2004, the NSA had served a similar role using its vast electronic spying apparatus to bolster security at the Democratic National Convention in Boston. Thats according to a classified NSA document, published Monday by The Intercept, which offers a rare glimpse into the little-known circumstances surrounding the agencys domestically focused missions.

Department of Homeland Security Secretary Tom Ridge speaks at a press conference in New York City, on Aug. 25, 2004. Ridge was in New York surveying security preparations for the 2004 Republican National Convention in Manhattan.

Photo: Chris Hondros/Getty Images

The NSA became involved after then-Homeland Security Secretary Thomas Ridge and Attorney General John Ashcroft declared the conventions to be National Special Security Events. This designation came into existence following a secret directive issued in May 1998 by then-President Bill Clinton. The directive ensured that major gatherings of national or international significance would receive special federal resources to boost security, with the goal of preventing terrorist attacks and criminal acts, the classified NSA document explains. Between September 1998 and February 2008, there were 28 events approved for this extra level of protection, U.S. Department of Transportation records show. These included aside from Republican and Democratic conventions Super Bowls, presidential inaugurations, State of the Union addresses, and the Winter Olympics in Salt Lake City. It is not known whether NSA provided support to all of these events, but previous reporting and a document published by The Intercept have revealed that NSA was involved in carrying out surveillance at the Salt Lake City Olympics, where it worked with the FBI in a fusion cell known as the Olympics Intelligence Center.

The targets of NSAs surveillance during the 2004 conventions and whether they were foreigners, Americans, or both are not disclosed in the agencys documents, which were obtained by The Intercept from the whistleblower Edward Snowden. The documents do specify, however, that six employees from the agencys Signals Intelligence Directorate were deployed to New York City and Boston for the events, and that their role was to provide SIGINT [signals intelligence] support to the FBI, the Department of Homeland Security and other national agencies. NSA staff were equipped with computers that linked them back to the agencys headquarters in Fort Meade, Maryland. And if they gathered any intelligence they believed concerned a threat, they could get it declassified so that it could be shared with federal, state, and local officials on site who did not have security clearances.

Protesters are arrested at Union Square after attempting to march without a permit on the second day of the Republican National Convention, in New York City, on Aug. 31, 2004.

Photo: Paula Bronstein/Getty Images

The Republican convention at Madison Square Garden took place over four days between August 30 and September 2. During some of the large-scale protests on the streets outside, the New York Police Department arrested more than 1,800 activists, bystanders, journalists, and lawyers. In 2012, after a lengthy court battle, federal Judge Richard J. Sullivan ruled that the arrests were illegal. Sullivan noted in his judgment that the NYPD had been responding to a threat derived from intelligence sources namely, that demonstrators aimed to shut down the City of New York and the R.N.C. through continuous unlawful behavior.

Patrick Toomey, a staff attorney with the ACLUs National Security Project, said there needed to be transparency on whether NSA had eavesdropped on any communications about the demonstrations. If NSA surveillance was used directly or indirectly to monitor protesters or domestic political activities, as opposed to detecting foreign threats, that would be a matter of serious concern, Toomey told The Intercept. The public should know more about the nature of any NSA surveillance, whether it swept up the private communications of Americans, and whether law enforcement relied on that information to monitor people exercising their First Amendment rights.

The NSA declined to comment for this story. The Department of Homeland Security and New York Police Department had not responded to requests for comment at time of publication. A spokeswoman for the FBI said she could not comment because she had no knowledge of the 2004 operation.

Top photo: A group carrying what was described as 1,000 coffins representing the U.S. dead in Iraq marches past Madison Square Garden during the anti-Bush march organized by United for Peace and Justice in New York, on Aug. 29, 2004, on the eve of the Republican National Convention.

The rest is here:
NSA Kept Watch Over Democratic and Republican Conventions, Snowden Documents Reveal - The Intercept

Three years after the 9/11 attacks, a frustrated NSA employee complained that Osama bin Laden was alive and well, and yet the surveillance agency still had no automated way to search the Arabic language PDFs it had intercepted.

This is just one of many complaints and observations included in SIDtoday, the internal newsletter of the NSAs signals intelligence division. The Intercept today is publishing 251 articles from the newsletter, covering the second half of 2004 and the beginning of 2005. The newsletters were part of a large collection of NSA documents provided to The Intercept by Edward Snowden.

This latest batch of posts includes candid employee comments about over-classification, descriptions of tensions in the NSA-CIA relationship, and an interns enthusiastic appraisal of a stint in Pakistan.

Most revealing perhaps are insights into how NSA has operated domestically. The Intercept is publishing two stories on this topic, including one about NSA cooperation with law enforcement during American political conventions, and in a throwback to the movie Bladerunner, another article describes a spy balloon used over the United States.

Finally, The Intercept, in cooperation with the Japanese broadcaster NHK, is revealing the history of U.S. surveillance cooperation with Japan. Starting with the American occupation of Japan after World War II and reaching a standoff after the Soviet shoot-down of a South Korean aircraft, the long and sometimes tense relationship reveals how even close U.S. allies can find themselves targeted by the NSA.

The NSAs Follow-the-Money Branch (the actual name of the division) brings together experts from across a spectrum of disciplines and organizations. The division in 2004created a North Korea CRASH Team, short for Combined Rapid Analysis and Synthesis Hit, after the State Department issued a requirement for a new emphasis on regime finance and an increased emphasis on North Koreas financing of its nuclear proliferation. In response, the CRASH Team looked at North Korean transactions that went through foreign banks. In particular, the team targeted leadership finance, i.e. Kim Jong Il, the North Korean leader who died in 2011, and traced sales of precious metals allegedly owned by him, weapons shipments, and relationships among regime leaders.

The 6throck drill on Korea brought together NSA and officials from the U.K., Canada, Australia, and New Zealand to rehearse the scenarios involving civilian evacuations in Seoul and Pyongyang during a hypothetical Korean War. Participants planned a response to a North Korean attack and held a brainstorming session about signals intelligence operations in a hypothetical newly unified Korea. In the discussions, critical gaps were found in communications with trusted Five Eyes countries, which did not have access to the computer networks for the Korea Theater of Operations. Twenty-two other nations committed to defending South Korea are not included in intelligence sharing either.So NSA will be working through some of these problems, with the goal of exercising the resulting solutions sometime in early 2005.

Czech youngsters stand atop an overturned truck as the Soviet-led invasion by the Warsaw Pact armies crushes the so-called Prague Spring reform in former Czechoslovakia, in Prague on Aug. 21, 1968.

Photo: Libor Hajsky/AFP/Getty Images

Back in the late 1960s, Charlie Meals, the deputy director of SID, worked in the Soviet weather shop. The only way the U.S. could track weather in the Soviet Union was by listening to Soviet communications. The Soviets knew the U.S. was listening and so it encrypted the locations of weather reports. U.S. Strategic Air Command needed to have weather reports in case bombers ever had to fly into Soviet air space, and the weather reporting could also be an indicator of impending military action. For example, before the 1968 invasion of Czechoslovakia, the Soviets started including Czech weather reports in military broadcasts. (The intricacies of collecting weather data as intelligence is also described in this article by Jeffrey Richelson of National Security Archive.) The weather effort had at least 250 people at NSA and people at bases around the world. This desk was still in operation in 2004.

FBI field office staff made little use of signals intelligence and many didnt know how to access the information for themselves on the Intelligence Communitys Intelink system, according to an NSA intern, describing assignments at the bureau. The FBI field offices had little or no Sensitive Compartmented Information Facility space, which made it difficult to share the higher levels of intelligence between the agencies. The intern had higher regard for FBI headquarters. With data from the NSA, FBI analysts can now immediately tell if an individual in the U.S. has any foreign terrorism-related contacts.

A rebel is blessed during a Voodoo ceremony of the Gonaives Resistance Front, during a march in Gonaives, Haiti, on Feb. 13, 2004.

Photo: Walter Astrada/AP

The NSA tracked High Value Targets in Haiti following the 2004 coup, according to an article classified Top Secret. An NSA staffer reports that a task force on HVTs traveled to the central highlands of Haiti where they met with rebel leaders. During this trip they had collected several telephone numbers of these leaders and their associates, the staffer wrote. Soon thereafter, the NSA began to see multi-page reports of conversations between one important rebel leader and his wife which provided insight into his negotiating position and plans for control of the central highlands. Those private conversations proved useful. I received several emails from people who were incredulous that a conversation between an HVT target and his girlfriend was of any importance, the staffer went on. The truth is that a lot of SIGINT leavings that never make it into normal SIGINT reporting are actually valuable intelligence items for tactical warfighters.

NSA interns see the sights, even in Pakistan. An intelligence analysis intern working in SIDs Pakistan branch was deployed to assignments in Islamabad and Lahore. At the embassy, the intern focused on signals intelligence related to the non-tribal Settled Areas and coordinated communications among NSA, CIA and the local counterpart i.e. Pakistani partners, in tracking and targeting terrorists. The Settled Areas Office along with their local counterparts was responsible for the arrests of more than 600 alleged terrorists from September 11, 2001to 2004. Outside of working hours, the blonde American attracted a constant stream of stares and curious looks as she ventured out to tourist sites. Station Islamabad, which has been fictionalized in Homeland and Zero Dark Thirty, was to this staffer one of the most exciting, challenging, and fast-paced locations to work in the world.

Q: What do SIGINT and mad cows have in common?

A: Both are of critical interest to the U.S. Department of Agriculture

SIGINT isnt just for intelligence or military agencies. NSAs two-person Washington Liaison Office responds to signals intelligence requests from Departments of Agriculture, Health and Human Services, Interior, Transportation, the Environmental Protection Agency, Export-Import Bank, Federal Aviation Administration, Federal Communications Commission, Federal Reserve System, and National Aeronautics and Space Administration. With such a wide range of subject matter and competing priorities, the liaison officers have to balance topics from bovine spongiform encephalopathy to space launch vehicle capabilities; from narcotics interdiction techniques to wine labeling regulations; from toxin delivery technologies to secure communications options, and much, much more.

A protestor holding a portrait of Osama bin Laden shouts Allahu Akbar during a protest in front of Baiturrahman mosque, Banda Aceh, Indonesia, on Oct. 10, 2001.

Photo: AFP/Getty Images

Imagine if the NSA missed warning signs of an attack for no other reason than it couldnt search Arabic words in PDF format. If you were looking for Osama bin Laden, wrote an NSA employee in SIDtoday, and you had entered every Arabic word known to mankind in every possible encoding and Osama were doing nothing more than using PDF and writing in Arabic, youd never get a hit. Quite reassuring, isnt it?

Near the end of 2004, SIDtoday began publishing a technical advice column written by an experienced Digital Network Intelligence analyst under the pseudonym Raul. One articledescribes a gaping intelligence hole that NSA had at the time, three years after the 9/11 attacks. Though analysts at NSA understood exactly how foreign-language PDFs were encoded, they lacked the technology to untangle them in real-time in order to search them for keywords.

Apparently, this article hit a few nerves. Rauls subsequent column responded to a flood of complaints he had received. In the subsequent column, he outlined requirements for a hypothetical solution to the foreign-language PDF problem, and concluded with a bit of snark: Bin Laden is still safe and we, to the best of my knowledge, still have no reasonable solution to the PDF problem.

For some sensitive missions, NSA personnel need cover identities while working in the field. An article from October 2004 describes how agents go about making NSA personnel look like they actually work for an entity other than NSA. The Special Operational Support office is responsible for NSAs cover and sensitive personnel support programs. In addition to ensuring that cover operations comply with Department of Defense regulations, SOS provides logistics, transportation, personnel and medical support. The office also provides undercover operatives with DoD Common Access Cards (CAC), travel documents, state drivers licenses, credit cards, post office boxes, social security cards, pocket litter and telecommunications.

The NSA, it turns out, likes to stay on top of the latest scientific developments. Writing at the end of 2004, an NSA cryptanalyst described her experience working as an intern, and using her cryptography skills, on looking for information about genetic sequencing in the signals intelligence collected by the NSA. The ultimate goals of this project are to gain general knowledge about genetic engineering research activity by foreign entities, she wrote, and to identify laboratories and/or individuals who may be involved in nefarious use of genetic research.

Chairman Thomas Kean speaks during a news conference to release the 9/11 Commissions report in Washington on July 22, 2004.

Photo: Mark Wilson/Getty Images

Even though the 9/11 Commission report harshly criticized intelligence agencies failures to share information, the NSA touted its contribution to the July 22, 2004, report. It goes without saying that NSA Cooperation was absolutely vital to this effort, an article in SIDtoday says. SID staff aided in the declassification of material, turned over documents, and patiently explained the intricacies of their work. SID workers also scrubbed references to the NSA from the final report, rewording sections to avoid indications that certain pieces of intelligence derived from SIGINT. You should all feel proud, writes the posts author.

Yet the report itself points to specific SIGINT that could have led to the discovery of the attackers conspiracy that remained unshared due to agencies fear of disclosing intelligence to inappropriate channels and a culture of secrecy in which agencies feeling they own the information they gathered at taxpayer expense.

A prior SIDtoday article touted the agencys extraordinary level of cooperation and provision of large volumes of SIGINT assessment reporting on terrorism, strategic business plans, and a wide range of other topics.

Cooperation between the NSA and CIA runs deep, but it hasnt always been smooth. An August 6 post, CIAs Directorates . . . Understanding More About Them, talks about turf wars due to real or perceived mission overlap, particularly within the CIAs technical division. Yet the Special Collection Service (SCS), which surveils foreign communications from U.S. embassies, is seen as a positive example of joint CIA-NSA work. SIDtoday cites the achievements of that highly classified organization, which came under scrutiny in 2013 for reports that its Berlin office had been intercepting Chancellor Angela Merkels mobile phone data. The August 18 post, SCS and Executive Protection details the interception of Philippine police communications about a bomb that had been placed on President Clintons motorcade route, which the police were trying to defuse without informing the Americans. SCS passed this information to the Secret Service, who re-routed the cars.

The NSA-CIA relationship was also the subject of two SIDtoday articles in 2003.

Even the NSA acknowledges that it classifies too much. In an article, Do We Overclassify? Are We Sharing Enough Information? a senior SID leader echoes language from the 9/11 Commission report, specifically citing the need to go from a climate of need to know to one of need to share. This interview shares the reports concern that intelligence agencies err on the side of over-classification: If we continue to insist on classifying information which has already become known to our adversaries or for which disclosure would cause little or no harm to national security, we risk losing control over the really sensitive stuff. Tellingly, though, he fears that Congress itself will act to force the NSA to disclose more information.

Post-9/11, the NSA has expanded its cooperation with law enforcement agencies, including the U.S. Marshals Service. In February 2004, SID formalized a relationship with the Marshals and its Electronic Surveillance Unit, which functions like an intelligence operations team, as it both monitors fugitives and provides support and threat assessments to other agencies. The U.S. Marshals Service represents an ideal client for the NSA given its interest in stay(ing) out of the public limelight and courthouses.

Top photo: North Korean soldiers carry a portrait of late leader Kim Jong Il during a military parade to mark 100 years since the birth of the countrys founder Kim Il Sung in Pyongyang on April 15, 2012.

Read the rest here:
Why Soviet Weather Was Secret, a Critical Gap in Korea, and Other NSA Newsletter Tales - The Intercept

By Ms. Smith, Network World | Apr 24, 2017 7:50 AM PT

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Your message has been sent.

There was an error emailing this page.

The number of Windows computers infected with NSA backdoor malware continues to rise sinceShadow Brokers leaked the hacking tools on April 14.

Two different sets of researchers scanning for the DoublePulsar implant saw a significant bump in the number of infected Windows PCs over the weekend.

For example, Dan Tentler, CEO of the Phobos Group, suggested that Monday would not be a good day for many people, as his newest scan showed about 25 percent of all vulnerable and publicly exposed SMB machines are infected.

On Sunday, Tentler had scanned 1.17 million hosts and found 33,468 to be infected.

The infection rate had been holding steady at 2.85percentbefore it climbed to 2.91 percent and then 2.95 percent. Tentler explained:

It is important to note that DoublePulsar is like a stealthy malware downloader; infected devices are open for more exploitation, as it can be used to download other malware.

The presence of DoublePulsar doesnt mean theyre infected by the NSA. It means there is a loading dock ready and waiting for whatever malware anyone wants to give it, Tentler told CyberScoop. The chances are none that all these hosts [were hacked by] the NSA. It is effectively trivial to go compromise all these hosts with the flick of a wrist.

Elsewhere, using the detection script developed by Luke Jennings of Countercept, security firm Below0Day tweeted that it had detected 30,626 DoublePulsar implants on April 18. Of those, 11,078 were in the U.S. A few days later, Below0Day had detected an additional 25,960 implants.

On Sunday, Below0Day wrote:

On the afternoon of April 21st, we initiated another masscan to get a new list of hosts with open 445 port. This time around we identified 5,190,506 hosts with port 445 open. We then ran Countercepts detect script and identified 56,586 hosts with DOUBLEPULSAR SMB implant.

The U.S. was still the most infected country, but 14,091 DoublePulsar implants were detected this time. That's up 3,013 from a few short days ago.

It was widely reported on Friday that thousands of Windows machines were infected with DoublePulsar. As it does now, the exact number of affected Windows boxes varied, depending upon which security researcher's numbers you trusted.

Microsoft, which issued patches to mitigate most of the exploits, expressed doubts about the accuracy of the number of real-world infections. However, Microsoft did tell Ars Technica on Friday that people should know that there's growing consensus that from 30,000 to 107,000 Windows machines may be infected by DoublePulsar. Once hijacked, those computers may be open to other attacks.

John Matherly, the creator of Shodan, added detection for DoublePulsar last week.

Matherly told CyberScoop that Shodan had indexed over 2 million IPs running a public SMB service on port 445 that are vulnerable to DoublePulsar. Last Friday, Matherly said more than 100,000 devices could be impacted, with 45,000 confirmed to be infected thus far.

Tiago Henriques, CEO of BinaryEdge, also said the number of devices infected with DoublePulsar is still climbing. The total number of infections on Monday morning, according to BinaryEdge, has increased 76,697 since the Friday. The company showed the total number of infections per day:

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Sponsored Links

Go here to read the rest:
More Windows PCs infected with NSA backdoor DoublePulsar - Network World

In its second year, the free cybersecurity day camp will host about 20 students on the Mount Vernon Campus from June 19 to June 30.

Updated: April 24, 2017 at 11:48 a.m.

A National Security Agency grant will fund a free camp for middle school girls on campus this summer.

The free GenCyber cybersecurity day camp will host about 20 students on the Mount Vernon Campus from June 19 to June 30. Shelly Heller, a professor of engineering and applied science who is overseeing the camp, said the event will stimulate the campers interest in computer science at a young age and encourage more women to pursue careers in computer science.

The NSA is providing a $100,000 grant to fund the camp this year, $20,000 more than a year ago. Heller said the new increased funding will help create an online camp with lessons and activities that the students will be able to access nightly with their parents.

The virtual camp will include an activity and review of that days topic, which will range from networking to forensics.

This will strengthen what the campers learned during the day, but it will teach the parents, Heller said. The parents will learn alongside them and learn good internet practices themselves.

Heller said the camp was designed a year ago with the intention of exposing young women to science, technology, engineering and math fields while advertising safe online practices like creating secure passwords. Heller applied for the NSA grant again this year and decided to include a proposal for the virtual camp.

Two middle school STEM teachers and two GW computer science students will teach the students and help with daily activities like scavenger hunts, case studies and question and answer sessions. The camp will also take students on field trips to the National Cryptologic Museum and the Spy Museum in downtown D.C.

Heller said having two college student counselors will allow the campers to learn about potential majors and career opportunities in computer science through a relationship with a near peer, someone close to the students but a bit older in age.

It is one thing for me to tell a junior high kid, boy or girl, that this is a career for them, but I am so far away from them, she said. These near peers have much more relevance to high school and junior high kids.

Students in the local area can apply for the camp online and need to answer open-ended questions about why they care about computer science or cybersecurity. The camp runs for two weeks from 9 a.m. to 4 p.m. daily, with aftercare provided from 8 a.m. to 5 p.m.

Heller, who has been at GW since 1985, said much of her work has involved recruiting and retaining women in the STEM fields, an effort that inspired her to start thecamp last year. She said to increase the number of female professors in STEM, students must be introduced to the fields at a young age to build confidence and interest in the subject.

Ive worked with students and you need to raise the womens interest early and you need to give them the confidence that this is an interesting opportunity and they can do it, Heller said.

Women are consistently underrepresented in computer science and STEM fields. A recent study by the National Science Boards Science found just 10.7 percent of electrical or computer hardware engineers are women, and only 17.9 percent of bachelors degrees earned in the computer science field are by women.

GW has been working to increase the numbers of women in STEM undergraduate and graduate programs. Out of the 15 computer science professors at GW, six are women.

Vernecia Griffin, an instructional technology teacher and academic support team leader at Jeffers Hill Elementary School in Columbia, Md., will be one of the camps instructors. She said the camp will bring in female professionals in the field, helping attendees learn about potential careers within the cybersecurity field and giving them a bit of insight into their job title and education path.

They also discuss the challenges they may encounter, being a female in a male-dominated field, Griffin said.

This post was updated to reflect the following correction: The Hatchet incorrectly reported that Shelly Heller is the associate provost for academic affairs at the Mount Vernon Campus. She no longer holds this title. We regret this error.

This article appeared in the April 24, 2017 issue of the Hatchet.

Go here to see the original:
NSA grant funds free GW cybersecurity camp for middle school girls - GW Hatchet (subscription)