Mediaboss Marketing

May 2, 2017 4:43 PM By Alex DeMetrick

BALTIMORE (WJZ) The National Security Agency is promising to cut back on the number of private emails its been reading and collecting.

Alex DeMetrick reports, its ending a controversial surveillance technique thats focused on U.S. citizens.

For nearly 10 years, the NSA has been prying into the private emails of citizens. Congress OKd it when it amended how foreign intelligence can be collected.

It authorized NSA to look into strictly personal e-mails between U.S. citizens, says Dr. Michael Greenberger, of the University of Maryland Center for Health and Homeland Security. They got the right simply because a foreign operative of foreign operation was mentioned.

That practice came to light when former NSA contractor Edward Snowden publicly revealed it.

So just whose email got read?

Anyone who used a targeted phrase or word, according to Greenberger.

Like ISIS, which many people might mention in passing, he says.

The NSA says it has now stopped the practice, focusing instead only on communications that are sent directly to or from a foreign target.

This now means the NSA will not be reading those emails, and if they collect those emails, theyll destroy them, Greenberger says.

Violating Americans privacy has proven so controversial, the NSA may have ended the email practice in order to win congressional re-authoritization of its other surveillance techniques.

The authority for the NSA to conduct surveillance operations expires at the end of the year, unless congress re-authorizes it.

Follow @CBSBaltimore on Twitter and like WJZ-TV | CBS Baltimore on Facebook

Alex DeMetrick has been a general assignment reporter with WJZ Eyewitness News since September 1984. Alex began his journalism career in California. Alex has received many awards from United Press International and The Associated Press. He...

Track Weather On The Go With Our App!

Your Podcast Network Play.it

CBS All Access

About Us

Ad Choices

EEO Reports

CBS Television Public File

CBS Radio Public File

Excerpt from:
NSA Plans To Cut Back On The Number Of Private Citizen Emails It Reads - CBS Baltimore / WJZ

For years, U.S. government surveillance of innocent Americans has been a topic of heated debate, especially for those in the tech community.

With Congress gearing up for a fight over the 2017 reauthorization of a surveillance authority that lets the NSA spy on innocent Americans without a warrantSection 702, enacted as part of the FISA Amendments Actthat debate is sure to rage on in the coming months.

So we sent a reporter to the RSA Conference in San Francisco, California in February to ask one simple question: What dont you want the NSA to know about you?

The answers spanned the spectrum, from emails, to phone calls, to web browsing records, to financial information, to information about individuals children, to nothing.

Some got philosophical. Everyone says, I have nothing to hide, and thats not the point, one attendee told us. The point is that I want to control what people know about me.

Others turned the question on its head, asking instead why the NSA is conducting surveillance on Americans. I dont think their charter is to spy on Americans, so why are they? one asked.

And some got blunt. One attendee said he already assumes the NSA knows a lot about him already. It scares me and offends me, he said.

If the warrantless spying on Americans scares and offends you, contact your representatives in Congress and tell them to pull the plug on Section 702 surveillance. And watch the video to see other RSA Conference attendees responses.

See the article here:
What Don't You Want the NSA to Know About You? | Electronic ... - EFF

FBI Director James Comey and National Security Agency Director Admiral Michael Rogers will testify again before lawmakers on Thursday about Russian interference in the 2016 presidential election, according to a congressional aide.

Thursdays House Permanent Select Committee on Intelligence hearing will be the first since March 20, when Comey testified that the FBI is investigating Russias tampering with the presidential election and possible collusion with associates of President Donald Trump. The hearing will also be the first since Representative Devin Nunes, chairman of the committee, recused himself from the Russia probe after the House Committee on Ethics said it was investigating accusations against him.

Related: Can James Comey untangle the Trump-Russia allegations?

Subscribe to Newsweek from $1 per week

The House Intelligence Committee, the Senate Select Committee on Intelligence and the FBI are each pursuing investigations into Russias election tampering. In January, the U.S. intelligence community published a declassified report detailing the Russian interference, and last October, the Department of Homeland Security and the Office of the Director of National Intelligence issued a statementconfirmingthe subject. Newsweek learned that Comey had tried to go public earlier about Russias tampering and proposed writing an op-ed on the topic prior to the October statement.

Comey took the unusual step of corroborating the existence of the ongoing investigationto the House Intelligence Committee. I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian governments efforts to interfere in the 2016 presidential election, Comey said on March 20. That includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government, and whether there was any coordination between the campaign and Russias efforts. Unlike the open March 20 hearing, the May 4 hearing will be closed.

FBI Director James Comey, left, and NSA Director Admiral Michael Rogers, right, testified on March 20 before the House Permanent Select Committee on Intelligence. They are scheduled to testify again before the committee on May 4. Joshua Roberts/REUTERS

The FBI investigation falls under its counterintelligence program, which aims to protect American secrets and foil foreign spies. Such investigations are among the most challenging, especially when politics are involved, Frank MontoyaJr., the bureaus former national counterintelligence executive, has told Newsweek. The investigation could take years and may result in intelligence gathering, not criminal charges, according to Montoya.

The House Intelligence Committee probe will look at whether Russia directed cyber efforts against the U.S., whether Russia colluded with people involved with U.S. political campaigns, whether the U.S. governments response to Russian efforts was adequate and what leaks took place related to intelligence.

Since the March 20 hearing, the House Intelligence Committee has faced a shake-up. On April 6, Nunes recused himself from the Russia probe after opponents alleged he had shared investigation information with the White House, leading to the ethics investigation. The charges are entirely false and politically motivated, and are being leveled just as the American people are beginning to learn the truth about the improper unmasking of the identities of U.S. citizens and other abuses of power, Nunes said in a statement. He added that he would seek to end the ethics investigation.

The House Intelligence Committee had first invited Comey and Rogers in April to appear on Tuesday. The committee also invited former CIA Director John Brennan, former Director of National Intelligence James Clapper and former Deputy Attorney General Sally Yates to testify. They are not scheduled to appear on Thursday, according to the congressional aide.

Comey is also scheduled to attendtwo upcoming Senate Committee on the Judiciary hearings. On Wednesday, he is scheduled to take part in a full committee hearing on oversight of the FBI. Then, on May 8, he will speak before the Subcommittee on Crime and Terrorism about Russias election tampering.

Visit link:
FBI Director James Comey, NSA Director Michael Rogers to Testify May 4 on Russia - Newsweek

Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.

However, there are still plenty of computers and networks online using outmoded software. This makes the released exploits a threat (especially those targeting XP users, as that version will never be patched). But not much of a threat to national security, despite the comments of anonymous former Intelligence Community members. It makes them a threat to personal security, as Chris Bing at CyberScoop points out:

One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR which is used to run malicious code on an already compromised box has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers.

John Matherly, the CEO of internet scanning-tool maker Shodan.io, said that upwards of 100,000 computers could be affected.

Rather surprisingly, data gathered by security researchers shows a majority of the infected computers are in the United States. This shows Microsoft's steady updating push still faces a sizable resistance right here at home. What it also shows is how fast exploits can be repurposed and redeployed once they're made public. The scans for DOUBLEPULSAR have turned up thousands of hits worldwide.

DOUBLEPULSAR is simply a backdoor, but an extremely handy one. Once installed, it makes targeted computers extremely receptive to further malware payloads.

The presence of DOUBLEPULSAR doesnt mean theyre infected by the NSA, it means there is a loading dock ready and waiting for whatever malware anyone wants to give it, Tentler said. The chances are none that all theses hosts [were hacked by] the NSA.

So, there's that small bit of comfort. It's not the NSA nosing around the innards of your Windows box, but a bunch of script kiddies playing with new toys adding them to the normal rolls of malware purveyors seeking to zombify your device and/or make off with whatever information is needed to open fraudulent credit card accounts or whatever.

The NSA certainly could have informed Microsoft of these exploits before it ended support for certain platforms, thus ensuring late- (or never-) adopters were slightly more protected from malware merchants and state agencies. But that's the Vulnerabilities Equity Process for you: no forewarning until a third party threatens to turn your computing weapons over to the general public.

Here is the original post:
Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit - Techdirt

Thank you

Your message has been sent.

There was an error emailing this page.

The U.S. National Security Agency is now suggesting government departments and businesses buy smartphones secured using virtualization, a technology it currently requires only on tablets and laptops

The change comes about with the arrival of the first virtualization-based smartphone security system on the U.S. Commercial Solutions for Classified list.

CSFC is a program developed by the NSA to help U.S. government agencies and the businesses that serve them to quickly build layered secure systems from approved components.

AnHTC A9 smartphone security-hardened by Cog Systemsusing its D4 virtualization platform is now on that list, alongside devices without virtualization from Samsung Electronics, LG Electronics, and BlackBerry.

In the modified A9, communications functions are secured by running them in separate virtual machines on the D4 virtualization platform.

It's the first smartphone on the CSFC list to use virtualization, which the NSA has only required on more powerful devices such as tablets and laptops until now.

"If virtualization technology was commonly available in the smartphone, we could leverage it for some solutions. To date, the devices that have been considered did not offer that technology," the NSA's technical guidance reads.

Cog Systems' position on the list isn't definitive yet: It's still seeking certification for the D4/A9 combination against the National Information Assurance Partnership's mobile platform and IPSec VPN Client protection profiles. Vendors typically have six months to obtain the certification in order to remain on the list. For now, D4's validation is ongoing at Gossamer Security Solutions' Common Criteria Testing Laboratory.

Vendors don't seek certification lightly, according to Carl Nerup, chief marketing officer at Cog Systems. "It's a very expensive process," he said, between US$500,000 and $700,000 for each new model.

Somehow, though, Cog Systems is eating the additional cost of certification: The price for its security-hardened A9 is the same as HTC's list price for an unmodified phone, said Nerup. "We have multiple groups within the U.S. Department of Defense that have procured the device," he added.

A commercial off-the-shelf (COTS) smartphone like the modified A9 isn't only of interest to government customers, though, Cog Systems CEO Dan Potts pointed out. "In the oil and gas industry, they want to buy COTS. They want it to be at a competitive price, but with a greater concern for security."

Once certification for the modified A9 is in the bag, Potts is looking forward to seeking certification for D4 virtualization on other smartphones. The first time around takes time because there is a lot of preparatory work to do, but much of that work will also apply to other smartphones. Potts expects certification of D4 on other hardware to go more quickly.

Eric Klein, director for mobile software and enterprise mobility at analyst firm VDC Research, has had his eye on Cog Systems since meeting the company at Mobile World Congress.

He sees the broadest opportunity for Cog Systems in the enterprise market -- and expects that its approach to endpoint security could even take some business away from enterprise mobility management vendors.

Peter Sayer covers European public policy, artificial intelligence, the blockchain, and other technology breaking news for the IDG News Service.

See the original post:
NSA suggests using virtualization to secure smartphones | PCWorld - PCWorld