Mediaboss Marketing

In 2013, Edward Snowden revealed the NSA collects personal data on every American, as well as many more people worldwide. The shockwave of the revelations still ripples today.

The NSA is the U.S. National Security Agency. Although it ostensibly works to protect U.S. citizens and interests, the NSA monitors every American and the people of many allied countriesall with the backing of the U.S. government and large portions of Congress.

But its not only the NSA spying on its own people. Its counterparts at the CIA (Central Intelligence Agency) are also spying on and hacking targets of interest.

Here are eight ways the NSA is still spying on you, right now, according to documents leaked by Edward Snowden and further investigation by the press.

In 2018, the NSA acquired data from over 600 million phone calls and text messages. It proceeded to delete many of them, citing technical irregularities but didnt specify how many were expunged from servers. The USA FREEDOM Act, passed in 2015, puts the onus on telecommunication providers to hold on to phone records, after which they can be requested by the NSA rather than the spy agency keeping tabs on them directly.

This has meant that the overall extent of phone records collected by the NSA has gone downbut its hard to take their word at face value. After all, it wouldnt be the first time that the NSA has straight up lied about its surveillance policies.

Facebook, Google, Apple, and six other leading online services have all gone on record as having given their customers data to the NSA, as legally required by the PRISM program. Data shared includes emails, messages, and documents.

When the NSA finds a security hole in a popular consumer device, it does not fix the security hole, but instead exploits it. The NSAs hacking unit, Tailored Access Operations, has developed a whole range of hacking exploits. These enable the NSA to break into consumer electronics devices and IT systems as it sees fit.

The NSA has made the job of hacking security devices easier for itself by coercing many manufacturers to build vulnerabilities into products. The NSA supposedly created new guidelines surrounding this practice after the Snowden revelations but refuses to say what those guidelines are.

If that isnt enough, the NSA is known to intercept shipments of computers and phones to put backdoors on them. The backdoor circumvents security measures of the device, allowing the NSA to spy on the end user.

When you move around town, cell phone towers can calculate your exact position. Though the NSA claims it no longer collects this bulk data itself, cell phone providers are still required to do so, and they, in turn, must surrender those records to the NSA when ordered by a court.

By far the worst aspect of this unwieldy power is that you dont even have to be the subject of an inquiry yourself. The data of millions can be handed over, without notice, because you had even the most tangential connection to a person under surveillance.

The internet connects different continents via undersea fiber optic cables that carry staggering amounts of data. In some places, the NSA has deals with local intelligence agencies to tap into these cables; in others, it does so on its own. The NSA even uses submarines to attach snooping bugs to wires deep beneath in the ocean.

In Brazil, Germany, and other countries, the NSA has broken into the internal networks of major telecommunications providers, intercepting the data they gather and weakening the security of their systems. It collects every email and phone call it can.

Through agreements and hacking, the NSA can access credit card networks, payment gateways, and wire-transfer facilities around the world. This monetary surveillance allows the NSA to follow every cent of your money and know where it comes from and what you spend it on.

Another revelation in the Snowden documents was that the NSA asks senior officials in the White House, State Department, and Pentagon to share personal information they have on foreign leaders.

The leaked memo revealed that over 200 confidential phone numbers were handed over to the NSA, which proceeded to tap their conversations. The NSA didnt spare countries friendly to the U.S. either, with German leader Angela Merkel also one of the ones targeted.

Cookies, or small packets of data that relay location history and used to serve you with targeted ads, have also been collected by the NSA. The spy agency has honed in on them to identify users around the world as prime hacking targets.

While NSA surveillance extends across the globe, there is still a lot you can do to safeguard your internet privacy. Check out this list of top privacy tips and always be conscious of what youre sharing, with whom youre sharing, and how you share it.

Johnny 5 is the founding editor of the blog and writes about pressing technology issues. From important cat privacy stories to governments and corporations that overstep their boundaries, Johnny covers it all.

Clap for this post. Or share your thoughts!

Read more:
10 Ways the NSA Is Spying on You Right Now | ExpressVPN Blog

DateLocationTournament NameDirectorMar 20-21HanfordSt. Patty's Day CloverfestStan HansenMar 27-28Sparks, NVNSA's Nevada KickoffStan HansenMar 27-28HanfordHanford No FoolinStan HansenApr 3MercedCenCal Easter 1-Day Sanctioned FriendlyStan HansenApr 10-11FresnoFresno Softball FrenzyStan HansenApr 17-18Las Vegas, NVLas Vegas Spring MayhemStan HansenApr 17-18TulareYoung at Heart TournamentStan HansenApr 17-18MantecaManteca's Spring Flowers-CANCELLEDStan HansenApr 24-25TurlockTurlock Spring ClassicStan HansenApr 24-25BakersfieldBakersfield Fastpitch FeverStan HansenMay 1-2SalinasThe Return to SalinasStan HansenMay 1-2FresnoFresno May MayhemStan HansenMay 1-2MantecaThe Manteca 12 ClassicStan HansenMay 8-9Albany, ORMother's Day in OregonStan HansenMay 8-9ClovisClovis Mother's Day ClassicStan HansenMay 15-16Yuba CitySchool's Out in Yuba CityStan HansenMay 15-16LancasterThe Battle for LancasterStan HansenMay 15-16MercedNSA's 10 Classic [Dudley Sports Scholarship Event]Stan HansenMay 15-16TurlockForget School FinalsStan HansenMay 22-23TulareTulare Summer RoundupStan HansenMay 22-23San DiegoSan Diego's Beach BattleStan HansenMay 29-30HanfordOut of School BlowoutStan HansenMay 29-30TorranceSoCal Memorial Day TournamentStan HansenMay 29-30Elk GroveElk Grove's Summer KickoffStan HansenMay 29-30SonoraMemorial ClassicLani ConklinJun 5-6LodiNSA League All-Star TournamentStan HansenJun 5-6Bend, ORBend's Summer ClashStan HansenJun 5-6Kingman, AZThe Kingman Heat WaveStan HansenJun 5-6ModestoZoom into JuneStan HansenJun 5-6ClovisClovis Blazin' BasesStan HansenJun 5-6CarmichaelSchool's OutStan HansenJun 11-13Mesquite, NVMesquite's Friday Night Lights (Night Play)Stan HansenJun 12-13Sparks, NVNevada Summer ShootoutStan HansenJun 12-13PalmdalePalmdale SlugfestStan HansenJun 12-13Albany, ORAlbany's Sliding into SummerStan HansenJun 12-13MercedMerced Fastpitch ChallengeStan HansenJun 12-13Pismo BeachRide the WaveLynn StuartJun 19-20Pendleton, ORTri-State Father's Day ChallengeStan HansenJun 19-20BakersfieldSweat it out in BakersfieldStan HansenJun 19-20TurlockFather's Day ClassicStan HansenJun 26-27PalmdaleNSA Southern California State ChampionshipStan HansenJun 26-27TracyTouch 'Em All in TracyStan HansenJun 26-27BarstowBarstow's Summer HeatwaveStan HansenJun 26-27ReddingNorCal State Warm-UpStan HansenJul 2-4ModestoNSA Northern California State ChampionshipStan HansenJul 3-4Arroyo GrandeFire CrackerLynn StuartJul 10-11FresnoGet Ready for SummerStan HansenJul 10-11SonoraMountain BlastLani ConklinJul 10-11Albany, ORThe Mid-Summer ClassicStan HansenJul 17-19Las Vegas, NVLas Vegas Midnight Madness (Night Play)Stan HansenJul 17-18MercedNSA's 16/18 ClassicStan HansenJul 17-18Elk GroveNorCal World Series WarmupStan HansenJul 17-18HanfordCenCal World Series WarmupStan HansenJul 17-18LancasterSoCal World Series WarmupStan HansenJul 17-18Arroyo GrandeSummer BashLynn StuartJul 24-25StocktonStockton Summer SlamStan HansenJul 24-25FresnoThe Fresno InvitationalStan HansenJul 24-25San DiegoSan Diego's World Series Warm-upStan HansenJul 28-Aug 1ClovisPacific Coast Western World SeriesStan HansenJul 31-Aug 1ModestoBack to SchoolStan HansenAug 7-8Albany, ORThe Albany Back to School ClassicStan HansenAug 7-8Santa Maria"Catch the Spirit" in Santa MariaStan HansenAug 7-8TurlockWounded WarriorsStan HansenAug 7-9ReddingHot Summer Nights (Night Play)Stan HansenAug 13-15Mesquite, NVMesquite's Night Owl (Night Play)Stan HansenAug 14-15ClovisHot Summer DaysStan HansenAug 14-15Elk GroveElk Grove's 14 ClassicStan HansenAug 14-15SacramentoNSA's Return to SacramentoStan HansenAug 21-22SalinasSalinas Summer SizzleStan HansenAug 21-22BakersfieldKalie Boyer Memorial TournamentStan HansenApr 21-22MantecaDog Days of SummerStan HansenAug 27-29St George, UTUtah's Fight Night (Night Play)Stan HansenAug 28-29HanfordSoftball QuestStan HansenAug 28-29StocktonBattle of the BatsStan HansenAug 28-29Arroyo GrandeFall ShowdownLynn StuartSep 4-5TorranceSoCal Labor Day BrawlStan HansenSep 4-5ModestoRainbow Labor DayStan HansenSep 4-5MaderaSwing into SeptemberStan HansenSep 4-5Paso RoblesLabor Day ClassicLynn StuartSep 11-12Yuba CityThe Duel in Yuba CityStan HansenSep 11-12Las Vegas, NVSwing for the Fences in VegasStan HansenSep 11-12LancasterSliding out of SummerStan HansenSep 11-12TurlockEnd of SummerStan HansenSep 11-12Klamath Falls, ORWelcome to Klamath FallsStan HansenSep 18-19TulareTulare Fall ShowdownStan HansenSep 18-19San DiegoThe Seaside SlugfestStan HansenSep 18-19CarmichaelBack to SchoolStan HansenSep 25-26Albany, ORNSA Oregon's State ChampionshipStan HansenSep 25-26BakersfieldPretty in PinkStan HansenSep 25-26MercedNSA's 14 ClassicStan HansenSep 25-26Elk GroveNSA's NorCal Scholarship TournamentStan HansenOct 2-3TracyFor the Love of SoftballStan HansenOct 2-3HanfordPlay for the PrideStan HansenOct 2-3BarstowNo Pain No Gain in BarstowStan HansenOct 9-10Albany, ORNSA Oregon's Cancer Awareness TournamentStan HansenOct 9-10LancasterNever Give Up Cancer Awareness TournamentStan HansenOct 9-10Modesto"Think Pink" Cancer Awareness TounrnamentStan HansenOct 9-10Santa MariaPink-BallLynn StuartOct 16-17Yuba CityThe Yuba City RumbleStan HansenOct 16-17FresnoFight for the CureStan HansenOct 16-17TustinSupport the Fight in TustinStan HansenOct 23-24Hanford/TulareGhost and GoblinsStan HansenOct 23-24Modesto/TurlockNSA's Zombie BashStan HansenOct 23-24San DiegoHalloween HavocStan HansenOct 23-24Kingman, AZArizona Halloween Witch HuntStan HansenOct 30-31BarstowBarstow's Halloween HauntStan HansenOct 30-31Medford, ORMedford's Monster MashStan HansenOct 30-31ClovisNSA Team AppreciationStan HansenNov 6-7ModestoNSA Fall West PacStan HansenNov 6-7Paso RoblesWinter StormLynn StuartNov 13-14BakersfieldLast Chance TournamentStan HansenNov 13-14ReddingNorCal Fall ClassicStan HansenNov 13-14TurlockTurlock Winter BlastStan HansenNov 20-21ModestoModesto Turkey TrotStan HansenNov 20-21SalinasGet Ready for ThanksgivingStan HansenNov 20-21FresnoThe Fresno PilgrimfestStan HansenNov 20-21Las Vegas, NVNevada NSA's Toys for TotsStan HansenNov 27-28ClovisClovis Holiday SpecialStan HansenNov 27-28StocktonStockton's Winter ClassicStan HansenDec 4MercedReindeer Games Canned Food DriveStan HansenDec 4-5Yuba CityYuba City's Toys 4 TotsStan HansenDec 4-5San DiegoSanta's in San DiegoStan HansenDec 11-12HanfordHanford's Toys 4 TotsStan HansenDec 18-19ClovisLast Call in ClovisStan Hansen

See the rest here:
NSA California

/ Published March 24, 2021

NSA released today the first video of its new Cybersecurity Collaboration Center speaker series. In these talks, NSA experts will share insights, lessons, and contributions of their cybersecurity work. The Center works with government and industry partners to protect U.S. National Security Systems, the Department of Defense (DoD) and the Defense Industrial Base (DIB).

In this first video, the Deputy Chief Operations Officer for NSAs Cybersecurity Collaboration Center, United States Navy Lieutenant Zachary Dannelly sat down with Dr. Josiah Dykstra, Cybersecurity Collaboration Center technical fellow, to talk about his experiences in the past year co-piloting Protective Domain Name System (PDNS) as a service with the Department of Defense Data Crime Center (DC3) and partners from the Defense Industrial Base. Additionally, Dannelly spoke about the motivation for the pilot, lessons learned, and insights for those who may adopt this technology in the future.

The PDNS Pilot examined over 4 billion DNS queries to and from participating networks, flagged more than 3,500 malicious domains, and blocked more than 13 million suspicious connections. By leveraging information created by PDNS logs, Lt. Dannelly and his team were able to locate and eliminate malware in both company networks and employee devices. While there are many layers to cybersecurity, PDNS has proven through this pilot to be a low cost and scalable solution network defenders can add to their toolboxes.

The cybersecurity collaboration center augments and amplifies NSAs ability to prevent and eradicate threats to NSS, DoD, and the DIB through our industry partnerships. The center combines partner insights with NSA intelligence to detect adversary activity, creates innovative new tradecraft to discover and track adversaries, and mitigates threats through the development and sharing of mitigation guidance to inform the NSS, DoD, and the DIBs ability to prevent and eradicate threats.

View the video on our Youtube channel and learn more about PDNS in NSAs recent release, Selecting a Protective DNS Service.

See the rest here:
NSA Cybersecurity Collaboration Center Releases First Speaker Series Video on Protective D - 62nd Airlift Wing

The recent SolarWinds Senate hearing and a flurry of subsequent briefings have unearthed new questions around the attack, which acting director of the U.S. Cybersecurity and Infrastructure Agency (CISA) Brandon Wales called the most complex and challenging hacking incident the agency has come up against.As impacted agencies and private enterprises work to pick up the pieces, theres debate over the best ways to tackle systemic weaknesses and improve cyber intelligence sharing across the board. But one thing everyone can agree on is that traditional security approaches which have failed to change with the digital times are in dire need of an overhaul.

The SolarWinds breach, along with nearly every major cyber attack today, involved the compromise of identity and subsequent manipulation of privileged access. While presenting forensic analysis of the attack at NISTs most recent Information Security and Privacy Advisory Board meeting, CISA technical strategist Jay Gazlay put it bluntly: Identity is everything now.

While Gazlay acknowledged that very few could pull off such a highly sophisticated digital supply chain attack without being detected, his message was clear: traditional, perimeter-centric security wont cut it. We can talk about our network defenses. We can talk about the importance of firewalls and network segmentation. But really, identity has become the boundary, and we need to start readdressing our infrastructures in that matter, he said, according to Federal News Networks report on the briefing.

Of course, SolarWinds is far from the first major attack to prompt action. But Gazlay warned that attackers are constantly innovating, and that protections many agencies put in place after the 2015 Office of Personnel Management breach are likely inadequate today since so many resources have shifted to the cloud.

Theyre going after the identities that give them access to all the data holdings much broader campaigns, he said, according to Federal News Network. That makes trust store and identity management compromises much more impactful, and frankly, a much higher target. As we move into a cloud infrastructure where all that matters is the expectation that you are who you say you are, to get access to cloud infrastructures, this becomes even more pernicious.

This focus on identity is accelerating the shift toward Zero Trust, a never trust, always verify approach that includes authenticating and authorizing every identity human or non-human before granting access. While the concept isnt new, its safe to say Zero Trust is going mainstream as hybrid and multi-cloud environments become the norm.

The U.S. National Security Agency (NSA) recently released guidance for embracing a Zero Trust approach, noting these principles can better position [cybersecurity professionals] to secure sensitive data, systems, and services.

As we focus on helping agencies and enterprises secure identities throughout the cycle of accessing critical assets, these recommendations resonated strongly with our CyberArk team. Heres a look at our top takeaways from the NSAs Zero Trust directive:

Outsider, Insider It Doesnt Matter. Always Assume Breach

NSA authors write, Contemporary threat actors, from cyber criminals to nation-state actors, have become more persistent, more stealthy, and more subtle; thus, they demonstrate an ability to penetrate network perimeter defenses with regularity. They urge agencies and organizations to consciously operate and defend resources with the assumption that an adversary already has presence within the environment.

In the public sector, weve seen the great lengths to which legitimate, authorized users will go to exfiltrate information and accomplish ill-intentioned objectives. An assume breach mindset does not discriminate between outsiders or insiders instead, every identity and access request is presumed malicious until proven otherwise. And the question shifts from Have I been breached? to Do I have the right alarm systems and motion-sensing lights in place to detect and respond before its too late?

Least Privilege Is Foundational to Zero Trust

Motives vary. Adversaries might try to establish persistence in the environment and hide their activity; the SolarWinds attacker used the sophisticated Golden SAML technique to do this successfully. Or, attackers might aim straight for the domain controller or cloud console in search of sensitive data to steal or hold for ransom, or to cause disruption by shutting down critical systems or deleting files. No matter what theyre after, attackers usually follow the same steps: acquire credentials for an identity, move laterally and vertically to escalate privileges, then use this privileged access to compromise sensitive data and assets.

The most effective way to break this chain and shrink the overall attack surface is to enforce least privilege security controls across all identities, devices and apps from the endpoint to the cloud. NSA authors write that data-centric Zero Trust models allow the concept of least privileged access to be applied for every access decision, where the answers to the questions of who, what, when, where, and how are critical for appropriately allowing or denying access to resources.

When It Comes to Zero Trust, 1+1=3

Theres no cybersecurity silver bullet, and likewise, Zero Trust cannot be achieved with one vendor or solution its not about a specific technology, its an approach, and a mindset. Instead, it requires a holistic, layered approach that integrates disparate but related cybersecurity capabilities into a cohesive engine for cybersecurity decision-making, write NSA authors.

By placing Privileged Access Management at the core of this defense-in-depth strategy, not only can defenders protect against the leading cause of breaches, they can also minimize the attacks impact. Consider this scenario: an attacker successfully compromises an agencys vulnerability management platform, runs an authentication scan and pinpoints every vulnerable and misconfigured identity within the hybrid cloud environment essentially scoring a step-by-step playbook for the attack. By protecting these powerful tools with Privileged Access Management controls, such as vaulting and rotating privileged credentials and monitoring sessions to detect risky activity, agencies can dramatically limit exposure and keep that playbook out of reach.

Its Okay to Start Small. But the Time to Start Is Now.

Conceptually, Zero Trust makes perfect sense. But NSA authors warn that putting it into practice will take time. Instead, they encourage a phased, risk-based approach. Incorporating Zero Trust functionality incrementally as part of a strategic plan can reduce risk accordingly at each step, they write. Among the NSAs key Zero Trust design recommendations is to architect from the inside out, first protecting critical data and assets, such as Tier 0 systems, then securing all paths to access them.

TheIdentity Defined Security Alliance framework can help with scoping and tiering the various technology components that will require protection at the identity level.

In SolarWinds shadow, many agencies are feeling pressure to address their greatest identity-related vulnerabilities quickly. This NSA directive offers valuable prioritization guidance for achieving quick wins to drive down risk, while laying the groundwork for a phased Zero Trust implementation strategy.

In the famous words of Bob Dylan, The times, they are a-changin. Drive resilience in this new threat landscape by embracing a Zero Trust model. And trust CyberArk to help along the way. As the recognized leader in protecting privileged access with multiple Department of Defense customers and 130+ installations across the U.S. federal government, were uniquely positioned to help agencies meet todays modern security and compliance requirements.

*** This is a Security Bloggers Network syndicated blog from CyberArk authored by Kevin Corbett. Read the original post at: https://www.cyberark.com/blog/cisa-and-nsa-the-times-they-are-a-changin-identity-is-everything-now/

Continue reading here:
CISA and NSA: The Times, They Are A-Changin. Identity is Everything Now - Security Boulevard

Washington, March 24

The US plans to hold the NSA-level trilateral talks with Japan and South Korea next week on issues related to North Korea, making them among the most senior foreign officials to visit Washington since the start of the Biden presidency, officials here have said.

Were in the final stages of that (North Korea policy) review, and next week plan to host the national security advisors of Japan and the Republic of Korea to discuss the outcomes and other issues. This is the first time that we will have convened the trilateral at this level, a senior administration official told reporters during a conference call.

And these will be among the most senior foreign officials to visit Washington since the start of the Biden administration. We look forward to a robust discussion on a wide range of issues on how the US, Japan, and South Korea can deepen our trilateral cooperation, said the official who spoke with reporters on condition of anonymity.

The United States, the official said, is aware of military activity last weekend by North Korea that is not sanctioned under UN Security Council resolutions restricting the ballistic missile programme.

North Korea fired short-range missiles this past weekend, just days after the sister of Kim Jong-un threatened the United States and South Korea for holding joint military exercises.

The tests were confirmed by two senior Biden administration officials who told reporters on condition of anonymity.

While we take all of its military activity seriously and will continue to consult closely on this with partners and allies, we see this action in the category of most normal military activity by the North, said the official.

North Korea has a familiar menu of provocations when it wants to send a message to the US administration: ballistic missiles of various range, mobile and submarine launch platforms, nuclear and thermonuclear tests. Experts rightly recognised what took place last weekend as falling on the low end of that spectrum, the official added.

Ahead of the trilateral talks and as the policy review continues, a second administration official said that the Biden administration has also had a series of conversations with Trump administration officials to get their sense of how their diplomacy with North Korea worked out over the last four years.

We have been in touch with virtually every individual whos been involved in diplomacy with North Korea since the mid-1990s. So this has been an extraordinarily thorough process, and were nearing the conclusion of putting together our approach for North Korea, the official said.

The next step will be, the NSA-level trilateral.

I think we recognise that, you know, we are stronger if we approach these challenging issues in North Korea in partnership with Japan and South Korea, the second official said.

The official, however noted, that the administration is under no illusions about the difficulty this task presents to them.

We have a long history of disappointment in diplomacy with North Korea. It defied expectations of Republican and Democratic administrations alike. Weve had working groups. Weve tried it at the highest levels, at the head of state. And all the while, weve seen North Korea proceed ahead accordingly, the official said.

The trilateral talks will take place just days after US Secretary of State Antony Blinken and Defence Secretary Lloyd Austin visited Japan and South Korea to discuss various issues, including strengthening alliances and the push to denuclearise North Korea. PTI

Read the original:
US to hold trilateral NSA-level talks with Japan, South Korea on North Korea next week - The Tribune India