Mediaboss Marketing

The industry, namely 3GPP, has a lot of work to do if its going to meet the December 2017 deadline to finalize the specifications for Non-Stand Alone (NSA) 5G New Radio (NR), but participants in a panel appearing at the Brooklyn 5G Summit seem to think its achievable.

A member of the audience, who is thoroughly involved in the 3GPP standards debates, cited challenges around the radio side and very specific items, saying hes concerned there are major problems to be solved before the end of the year and not enough time to address them. He asked the panel, which included representatives from AT&T, Deutsche Telekom, NTT DoCoMo, KT and Intel, if they share those concerns or think it will all magically sort itself out.

Theres always a concern, said Dave Wolter, assistant VP, Radio Technology & Architecture at AT&T. We share those concerns, we talk with our vendors, we talk with other service providers and the feeling right now, I think you saw that going into the last 3GPP meeting where we had, I think it was 22 companies sign onto the acceleration, the feeling is it can get done. At this point, Id leave it to my standardization colleagues to really address some of the specifics, but I think at this point I have to trust that theyre going to get there and well be doing the testing to ensure that it does, along the way, and well have to adjust as required, but Im cautiously optimistic.

Ken Stewart, senior fellow at Intel, said RAN 4, the radio performance group, to some extent is the victim of the other groups inside the 3GPP because they have to define in many ways the fundamental performance requirements that devices and base stations, to some extent, live up to. The workload on that group over the next 12 months will be extraordinary, Stewart said.

There may be ways to reduce the load, but my personal view is it will require all of the skill of all the delegates who have been in the group for many years to get the job done. It will be a very significant task, but with pragmatism, its just about achievable, he said, adding with a smile to the audience member who posed the question: I want to thank you right now for all the work youre going to be doing over the next 12 months.

Related: Controversial plan to accelerate 5G NR timeline gets OK in 3GPP

After months of debate, the 3GPP agreed last month to accelerate some elements in the 5G NR timeline, and for AT&T, that means it will be able to launch standards-based mobile 5G services starting as early as late 2018. That was announced last month by Andre Fuetsch, president, AT&T Labs and CTO, and when Fuetsch talks about delivering something in that kind of timeframe, we take that as a command to make it happen before 2018 is over, Wolter said during his keynote at the Summit on Thursday.

Related: AT&T moves needle on standards-based 5G to late 2018

A number of things have to be addressed and decided, including MIMO transmit schemes, for the industry to meet its goals for 5G.

Its a pretty aggressive list, so were all going to have to kind of buckle down as an industry and really work hard to make sure that we can get this done, but we think thats really going to pay off in much earlier equipment availability that is NR based, Wolter said.

AT&T is prioritizing the NSA version as opposed to the stand-alone (SA) version in part because weve got a lot of LTE out there, and there isnt going to be widespread 5G coverage for a while, he said.

Plus, in the U.S., there hasnt been new spectrum that has been allocated that the industry can use for 5G with the possible exception of 3.5 GHz. That CBRS band, however, has some rules that dont make it terribly attractive for a base 5G layer. The FCC is taking another look at some of those rules around the licensing structure, and that may change, he said. If that licensing structure changes, we may find that the 3.5 GHz band is a good band for us to be looking at, and it goes from 3.55 to 3.7 GHz.

In general for millimeter wave spectrum, AT&T will be relying heavily on 39 GHz spectrum since Verizon pretty much snapped up a lot of the 28 GHz and AT&T is making some key acquisitions for 39 GHz, but it still will probably be doing some things at 28 GHz.

Read more from the original source:
5G Summit panel optimistic about industry meeting December deadline for 5G NSA - FierceWireless

Ramping up their Congressional investigation into alleged Russian meddling in the 2016 election, lawmakers have invited directors of the FBI and National Security Agency to testify again, in addition to expressing a desire to hear from the Obama administrations top intelligence officials.

House Intelligence Committee Chairman Rep. Mike Conaway has invited FBI Director James Comey and National Security Advisor Adm. Mike Rogers to appear at a closed hearing on May 2.

Former CIA Director John Brennan, Director of National Intelligence James Clapper and former Deputy Attorney General Sally Yates have been requested to provide public testimony after May 2.

Last month, during the House Committees first public hearing, Mr. Comey confirmed his agency has been investigating alleged Russian interference in the 2016 election.

Last October, in the heat of the presidential election, the Obama administration formally accused the Kremlin of stealing and disclosing emails from the Democratic National Committee. At the time, Mr. Clapper issued a statement detailing how leaked DNC emails were intended to interfere with the U.S. election process.

Both the Kremlin and the Trump administration insist there is no evidence of Trump-Russia collusion.

Ms. Yates, while serving as at the acting attorney general at the start of the year, battled with the White House over the legality of Mr. Trumps executive order banning certain immigrants and refugees. She questioned the legitimacy of the executive order and Mr. Trump fired her.

See the rest here:
FBI, NSA call for further testimony on Trump-Russia investigation - Washington Times

Reports that the National Security Agency infiltrated bank servers through a Swift service bureau highlight a recurring concern for financial institutions about the unintended consequences of U.S. government snooping.

The leaks that came out late last week from a hacking collective called Shadow Brokers indicate that the NSA exploited vulnerabilities in Microsoft Windows systems to break into servers at EastNets, a Dubai company that provides outsourced Swift connectivity to 260 financial institutions and corporations.

From there, Shadow Brokers documents suggest, the NSA was able to access computers used by some Middle Eastern bank members of Swift, the Society for Worldwide Interbank Financial Telecommunication. The NSAs goal, according to The New York Times, was to track money movements and thereby gain insight into potential terrorist groups or government officials.

The most immediate danger for U.S. banks (and any Windows user, for that matter) that the weaknesses in Microsoft code still exist, rendering every internet-connected computer running Windows open to hacking has passed. Microsoft said patches for all the vulnerabilities were issued more than a month ago, so any company that is up to date on Windows patching is safe from these.

But the U.S. governments insistence on using so-called back doors to access financial and customer information remains a concern. The same tools the NSA uses to prop open doors to such information could be used by cybercriminals and nation-states with more sinister motives. And it also raises privacy issues for companies and consumers that dont want the government watching their every move.

Governments are constantly going after different networks for espionage and national security purposes, said John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center, an industry trade group. Thats a reality we recognize.

The NSA headquarters in Fort Meade, Maryland. A financial industry cybersecurity trade group is "asking for clarification" from the agency about undisclosed software vulnerabilities it may be exploiting.The FS-ISAC, whose more than 7,000 financial services members share information with each other about cyberthreats, does not have an official position on whether the NSA should be using back doors for this type of monitoring, but Carlson noted the instabilities this kind of activity causes.

We would want the government to disclose zero days a type of vulnerability in software "so those can be fixed and mitigated, he said. Theres been dialogue in the past about governments buying up zero days so they can use them for espionage and national security purposes; that puts information at risk.

Asked if the FS-ISAC was talking to the NSA about this, Carlson said: Were asking for clarification. We havent gotten answers. (The spy agency did not respond to an email from American Banker requesting comment.)

Concerns about back doors came up last year when the FBI wanted Apple to give it a key to unlock all iPhones, ostensibly for the sole purpose of viewing the San Bernardino shooters calls. Apple refused, and the government found another way to unlock the phone.

It also arose in the financial industry two years ago when a startup software company called Symphony balked at providing regulators with a back door to the instant messages of its Wall Street clients. (They worked out an agreement through which a copy of all messages is kept by a third party.)

Traces of spyware

Shadow Brokers leaked a spreadsheet on Friday that indicates the NSA was able to access and infect with its spyware computers run by several bank clients of EastNets, including Qatar First Investment Bank, Tadhamon International Islamic Bank and Noor Islamic Bank.

Later the same day, EastNets issued a statement denying it had been hacked.

Reports of an alleged hacker-compromised EastNets Service Bureau network are totally false and unfounded, the company said in its press release. The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities.

The firm said its Swift service runs on a separate secure network that cannot be accessed over public networks.

The photos shown on Twitter, claiming compromised information, are about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013, EastNets stated. It said it can confirm that no customer data was compromised in any way.

EastNets continues to guarantee the complete safety and security of its customers' data with the highest levels of protection from its SWIFT certified Service bureau," Hazem Mulhim, CEO and founder of EastNets, said in the statement.

The hacking tools that Shadow Brokers said the NSA used to monitor the Middle Eastern banks also appear to be outdated. The group pointed to seven vulnerabilities in Microsoft Windows software that were used to break into servers.

In a blog post early Saturday, Microsoft said those vulnerabilities had all been patched more than a month earlier. (Deviating from its normal practice, Microsoft did not disclose who found the vulnerabilities. This has led to speculation about possible collusion between the NSA and Microsoft.)

Microsoft declined to comment further. EastNets could not line up an executive by deadline.

In a statement provided midday eastern time Monday, Swift said it has "no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.

Persistent vigilance

For now, the industry is watching this case closely.

Were still trying to understand the impact to the financial sector, said Carlson at the FS-ISAC.

We think the potential impact of the disclosures to this sector is relatively low but warrants attention," Carlson said. "Well be playing close attention to this.

Bankers, he said, should keep their systems up to date in the meantime.

Its very important to make sure all their systems are patched and that third-party providers patch their systems as well, Carlson said. There may be patches individual firms have not executed.

He also stressed the importance of having layered defense and redundant systems.

The biggest buzzword would be persistent vigilance, Carlson said. You have to be constantly vigilant about these kinds of threats. Adversaries will be looking to exploit any vulnerability out there and its up to firms to be constantly on guard, educating users on best way to defend the organization. Its part and parcel of our digital economy.

Penny Crosman is Editor at Large at American Banker.

Go here to see the original:
Alleged NSA hack of Swift service bureau revives 'back door' debate - Information Management

Foreign Policy (blog)

Trove of Stolen NSA Data Is 'Devastating' Loss for Intelligence Community Foreign Policy (blog) On Friday, the mysterious group known as the Shadow Brokers released a large number of sophisticated, refined capabilities most likely developed by some of the NSA's top hackers the Tailored Access Operations group, known as TAO. Those capabilities ... What you need to know about that latest NSA data dumpRecode Hacker Documents Show NSA Tools for Breaching Global Money Transfer SystemFortune What Windows users should know about the latest bugs revealed by NSA leakersWashington Post New York Times -TechNet Blogs - Microsoft -PCWorld -Medium all 398 news articles »

Read the rest here:
Trove of Stolen NSA Data Is 'Devastating' Loss for Intelligence Community - Foreign Policy (blog)

A new factsheet by the NSA and FBI has laid bare ludicrous contradictions in how US intelligence agencies choose to interpret a law designed to prevent spying on American citizens, but which they use to achieve exactly that end.

The document even claims that it is surveilling US citizens for their own protection while at the same time claiming that it is not doing so.

The obvious and painful contradictions within the 10-page document [PDF] are testament to the very reason why the factsheet had to be prepared in the first place: Congress is threatening not to renew the legislation due to the intelligence agencies' willful misrepresentation of the law to perform the very activities it was designed to prevent.

FISA the Foreign Intelligence Surveillance Act was enacted in 1978 and authorizes US intelligence agencies to carry out electronic surveillance of foreign persons outside the US. It specifically prohibited surveillance of US citizens and foreign persons within US borders.

But in 2008, the FISA Amendments Act (FAA) was passed to recognize the modern realities of internet communications: that foreign intelligence targets were using networks based in the United States to communicate. The law gave the intelligence agencies the right to demand that US companies hand over their communications in the search for foreign intelligence.

In an effort to ensure that those searches were restricted to non-US citizens however, the FAA which was re-authorized in 2012 and now needs to be re-authorized again before the end of 2017 included various procedures, and checks and balances.

Somewhat inevitably however, those procedures which remain almost entirely secret and the check and balances which have been shown to be ineffective at best have been slowly undermined by the intelligence agencies to the extent that the FBI now routinely uses personally identifiable information of US citizens, such as an email or phone number, to search a huge database of gathered information if it suspects them of a crime carried out in the US.

That reality is the diametric opposite of what the law was intended to do hence the ludicrous contradictions between what the intelligence agencies say the law authorizes and the everyday realities that they argue must be retained.

The first eight pages of the 10-page document are largely accurate, giving a rundown of the law, its history and intentions, and the procedures and checks introduced. In fact, it is a useful and largely objective rundown of the issue.

On page four, the document gives some examples of where use of Section 702 have proven effective: gathering insights into the minds of high-level Middle Eastern government ministers; checking up on sanctions; identifying both terrorists and terrorist sympathizers and alerting other governments to them.

Of the five examples given (of course it's impossible to know how many real-world examples there are), only one covers an arrest on US soil: the case of Najibullah Zazi who was tracked after he sent an email to an al-Qaeda operative in Pakistan asking for help in making bombs. Zazi planned to bomb the subway in New York City but was arrested in 2009 before he had the opportunity to do so. He pled guilty in 2010 and was sentenced to life in prison in 2012. (It is worth noting, however, that Zazi was already under surveillance from US intelligence agencies thanks to his visits to Pakistan, so it's unclear what role the Section 702 data really played.)

The document carefully words some sections covering concern over how the law was being interpreted. As a result of Edward Snowden's revelations, lawmakers and civil society groups started asking precise questions and that resulted in the intelligence agencies releasing limited information about the process it goes through to obtain the rights to spy on people. The document paints the provision of that information as the intelligence agencies' "commitment to furthering the principles of transparency," when nothing could be further from the truth.

It also tries to paint a report by the Privacy and Civil Liberties Oversight Board (PCLOB) into US spying in positive terms. The independent board, the document claims, largely exonerated the intelligence agencies and "made a number of recommendations" that have "been implemented in full or in part by the government."

In reality, the board's report was a damning indictment of the agencies' effort to reinterpret the law to be able to spy on just about anyone. The recommendations that have been implemented "in part" cover the most important improvements, in particular the publication of the procedures that the agencies use in reaching determinations. These critical documents remain entirely secret.

The PCLOB also paid a high price for standing up to the NSA and FBI: they had their authority cut out from under them, the budget was slashed, and all but one of its five board members have either resigned or have not had their terms renewed. It is a shell of an organization that doesn't even answer its phone or emails.

It is on pages nine and 10 that the real issues appear however where it addresses "702 issues that are likely to arise in the re-authorization discussion."

These are:

Despite the law specifically noting that US citizens and people within US borders cannot be spied on through Section 702, in reality the intelligence agencies do exactly that.

The explanation is that this information is "incidental" and is hoovered up as the NSA and others are gathering intelligence on others. The intelligence agencies claim that it affects very few US citizens and so Congress has persistently asked what that number is: how many US citizens are included in the 702 database?

The US House Judiciary Committee first asked that question a year ago April 2016. There is still no answer.

This latest document notes: "The IC (intelligence community) and DoJ (Department of Justice) have met with staff members of both the House and Senate Intelligence and Judiciary Committees, the PCLOB, and advocacy groups to explain the obstacles that hinder the government's ability to count with any accuracy or to even provide a reliable estimate of the number of incidental US person communications collected through Section 702."

It says that the agencies are "working to produce a relevant metric" to inform discussions.

This is a transparent attempt to prevent a figure on the number of US citizens in the database from being revealed, because it would almost certainly undermine the core contention of the intelligence agencies: that their procedures prevent the unnecessary gathering of information on US citizens.

See the article here:
We're spying on you for your own protection, says NSA, FBI - The Register