Mediaboss Marketing

In an opinion column in the Washington Post on Sunday, former Defense Secretary Robert Gates wrote that in the Obama administration, Gates had proposed creating the position of a deputy director at the NSA who would be a DHS cybersecurity official. That official would have the legal authority to ask the NSA to conduct surveillance on domestic networks and defend against ongoing attacks, Gates wrote.

The new position would come with legal restrictions on how the new authority would be used and would be designed to safeguard Americans from unwanted, unauthorized surveillance, Gates said. The proposal was signed off on by then Homeland Security Secretary Janet Napolitano and receivedthe blessing of the Justice Department, but Gates wrote that the initiative came to naught, mainly because of bureaucratic foot-dragging and resistance.

Asked whether such a proposal was being considered now, the DHS officials who briefed reporters declined to address it specifically. One official said the administration is conducting an in-depth lessons-learned exercise on both the Russian and Chinese attacks and would offer recommendations once it has completed the review.

CISA, which is allowed by law only to provide advisory services to federal, stateand local government agencies and U.S. companies, is not in a position to demand any information from agencies and companies that are affected by a cyber attack, leaving that agency also in the dark about the extent of a major attack.

Lawmakers have called for expanding the powers and budget for CISA to make the agency in charge of all federal government networks that operate under the "dot gov" domain, similar to how the U.S. Cyber Command oversees cybersecurity for the U.S. military network.

Read more from the original source:
DHS studying ways to plug cyber blind spots, officials say - Roll Call

By Bashir Bello, KANO

A Network of Civil Society Organizations operating in states across the federation has on Tuesday rose from an emergency meeting in Kano to kick against the alleged plot to remove Gen. Babagana Munguno as the National Security Adviser, NSA for the revelation of alleged missing or misappropriation of one billion dollars for the procurement of arms and ammunitions.

The network in a communique issued and signed by the convener, Comrade Ibrahim Waiya said Gen. Mungunos revelations deserve national honour and respect but not persecution.

Comrade Waiya describes the alleged act of conspiracy against the National Security Adviser as unpatriotic, uncalled for and a smear on decorum.

He reiterated the networks position on the need for President Muhammadu Buhari to immediately set up a special panel of investigation into the matter while the National Assembly should support the advocacy for the setting up of the panel of an investigation by the Presidency.

According to him, the Conference of States Civil Society Networks, wishes to unequivocally throw its weight behind numerous calls across the country for an immediate probe on the alleged $1 billion arms deal, urging President Muhammadu Buhari to urgently proceed by setting up a special panel of investigation into the matter.

It equally supports the efforts of Government in the fight against corruption, as well as promotion of transparency and accountability in governance.

We, therefore, feel obliged to remind the National Assembly on their constitutional role of the oversight function, hence a duty to support the advocacy for the setting up of the panel of an investigation by the Presidency on the alleged missing $1 billion released for the procurement of arms and ammunition.

The convener further said, Rising from an emergency meeting in Kano, we as a group of reputable Civil Society Organizations operating in different states across the country, resolved to take an exception to the grand conspiracy to have the National Security Adviser, Babagana Munguno replaced as a price for telling the truth about the enduring arms deal widely discussed at both national and international platforms. It is on this note we wish to describe the alleged act of conspiracy as unpatriotic, uncalled for and a smear on decorum.

It is our conviction that the singular act of patriotism demonstrated by Major Gen. Babagana Mungono on the revelations over the alleged missing funds released for the procurement of arms and ammunitions, deserves national honour and respect but not persecution on the basis of a personal vendetta by the imperceptible anti citizens and anti-democracy elements, who get pride in promoting impunity and are hell-bent on destroying the reputation and integrity of the country, by cashing on their personal gains and serving the instincts of their arrogance.

This is a total embarrassment for the Nigerian nation to be enmeshed in yet another round of arms fund scandal with vested interests desperately struggling to kill all efforts aimed at uncovering the truth for Nigerians to know.

We wish to canvass for the support of all Nigerians to rally around and ensure that we bring an end to this kind of unpleasant experience that create both domestic and international embarrassment, and ensure that all persons or groups found guilty of shortchanging the country in the fight against killings, arson and general insecurity are sanctioned and brought to justice, regardless of their self-acclaimed influence or relationship with the apex political power corridor in the land.

It is to our utmost surprise that, if it were in other civilized climes, those being widely accused in this fresh round of arms deal would have by now been charged to court. We cannot fathom why true citizens of any nation should kick against the probe of a suspected breach of this magnitude, not even minding the price of the problem on lives and properties of innocent men, women and girls in our country and the envisaged negative impact on their future.

We wish to assure Nigerians that, an alleged scam of this magnitude cannot just be swept under the carpet because those in positions of authority saddled with the responsibility of protecting Nigerians lives have no excuse for compromise, the communique however reads.

Vanguard News Nigeria

Read the original:
Alleged $1 Billion Arms Deal: CSOs kick against alleged plot to remove Munguno as NSA - Vanguard

Court hearings into the EncroChat encrypted phone network compromised by French police have been delayed after lawyers requested prosecutors to disclose further evidence on law enforcements capabilities to decrypt communications.

The National Crime Agency (NCA) has made more than 1,550 arrests under Operation Venetic after the French Gendarmerie harvested millions of supposedly secure messages from the EncroChat cryptophone network, which police say was used by criminal groups.

Defence lawyers have argued that the disclosure of evidence has been made more difficult because disclosure officers do not understand the technical detail in documents relating to police hacking of the EncroChat encrypted phone network.

The courts are preparing to hear up to a dozen preparatory hearings that will decide on the lawfulness, admissibility and reliability of material retrieved from the EncroChat network the decisions in which will be binding on future prosecutions.

The NCA has not disclosed details of how many people have been charged under Operation Ventetic, the UKs response to the takedown of EncroChat, but it is understood that around 450 defendants are contesting their prosecutions across the UK.

Jonathan Kinnear QC is overseeing the national strategy for all 250 prosecution cases in the UK including dealing with legal challenges to the admissibility of EncroChat evidence for the Crown Prosecutions Organised Crime Division.

Speaking at a preparatory hearing, he said prosecution lawyers were working to process requests for discovery from defence lawyers.

He told a court that defence lawyers had submitted documents from public websites, some of which were marked top secret or top secret strap one in evidence.

We have been working on a response to defence disclosure requests and re-reviewing the disclosure position over the course of last week and this weekend, he said.

Given the complexity of the issues, including the technical nature of them and the sheer volume of the material involved, we have not yet completed that review. These are important issues that have an impact not just on this case, but on a significant number of other cases.

Defence lawyers raised new questions about the capabilities of law enforcement to decrypt live communications after Belgian and Dutch police announced they had infiltrated a second secure cryptophone network, Sky ECC.

Belgian and Dutch police disclosed during a press conference on 10 March 2021 that they had intercepted more than one billion encrypted messages from the Sky Cryptophone network, and had decrypted half of them.

Defence lawyers have raised questions over whether the joint operation between the UK, France and Holland had the ability to decrypt messages from EncroChat. If true, they argue, that would undermine facts presented in earlier court hearings.

If it turns out there have been investigations with the NCA or other British agencies, and that involves decryption of messages whilst in transmission, this is clearly disclosable and goes to the heart of the case, one defence lawyer told a judge the day after the announcement.

Experts are divided over how the French Gendarmerie obtained the decrypted messages, notes and photographs from the EncroChat network.

Classified documents leaked by former CIA whistleblower Edward Snowden show that the US and the UK have invested heavily in highly sensitive programmes to break the encryption of online communications.

The NSA and GCHQ developed capabilities to break the encryption web mail, encrypted chat, encrypted voice over IP (VoIP), virtual private networks (VPNs) and the encryption used by 4G mobile phone services.

Snowden documents reveal that theNSAs mission was to weaken encryption technologies by influencing encryption standards, forming partnerships with telecommunications companies and inserting vulnerabilities into commercial encryption systems.

Both EncroChat and Sky ECC phones use a form of encryption known as elliptical curve cryptography (ECC), which is suited to mobile applications as it offers small faster and more secure cryptographic keys than other forms of encryption.

Secure encryption relies on the ability of software to generate secret prime numbers randomly, often using pseudo-random number generators, to calculate encryption keys which are difficult for intelligence agencies to predict.

Internal NSA memos reported byThe New York Times suggest that the NSA had compromised at least one random number generator, called the Dual EC ERBG, which was adopted by the US National Institute of Standards and Technology and the International Standard Organisation.

Security company RSA, which used Dual EC ERBG by default in some of its security products, subsequently advised its customers to switch to alternative pseudo-random number generators.

A judgment by the Court of Appeal on 5 February 2021, however, found that French police had been able to use a software implant to access messages from phone handsets before they had been encrypted. They were automatically forwarded to a server set up by the French digital crime unit, C3N.

Defence lawyers said in a preliminary hearing that they suspected that disclosure officers do not understand a lot of the technical details in documents related to Operation Venetic.

There is far more likely to be a reliable disclosure exercise if there is an expert assisting a disclosure officer or even an expert appointed as a disclosure officer who can understand the significance of the material, one lawyer said.

The lawyer said the defence team had requested prosecution disclosure in November last year, but that it was making further reactive requests for disclosure following the takedown of Sky ECC in Belgium.

French investigators broke the supposedly secure EncroChat encrypted mobile phone network, used by 50,000 people worldwide, including 9,000 in the UK, in April 2020, after gaining access to the EncroChat servers discovered in a datacentre run by OVH in Roubaix.

Investigators installed software implants on tens of thousands of mobile phone handsets which, according to the court of appeal, retrieved supposedly secure messages, photographs and notes from the phones before they were encrypted.

The French have refused to disclose any details to the courts in the UK and European countries bringing prosecutions against EncroChat users about how the implants work, citing national defence reasons.

Further hearings have been put back to late April or early May.

Read this article:
EncroChat hearings delayed as lawyers seek disclosure on police hacking - ComputerWeekly.com

Enlarge / The Free Software Foundation might be happy to have RMS back on its board, but much of the Free Software world feels otherwise. Last week, Richard M. Stallmanfather of the GNU Public Licensethat underpins Linux and a significant part of the user-facing software that initially accompanied the Linux kernelreturned to the board of the Free Software Foundationafter a two-year hiatus due to his own highly controversial remarksabout his perception of Jeffrey Epstein's victims as "[appearing to be] entirely willing."

As a result of RMS' reinstatement, Red Hatthe Raleigh, North Carolina-based open source software giant that produces Red Hat Enterprise Linuxhas publicly withdrawn funding and support from the Free Software Foundation:

Red Hat was appalled to learn that [Stallman] had rejoined the FSF board of directors. As a result, we are immediately suspending all Red Hat funding of the FSF and any FSF-hosted events.

Red Hat's relatively brief statement goes on to acknowledge an FSF statement on board governance that appeared on the same day:

But Red Hat says the statement gives it "no reason to believe that [the statement] signals any meaningful commitment to positive change."

This sentiment seems to be widely shared by many, including at least one FSF board memberKat WalshwhoopposedRMS' reinstatement and resignedher board position on the same day as the board's statement and Red Hat's withdrawal.

Immediately following Walsh's resignation, the FSF announcedthe creation of a new board seat, to be filled with someone from FSF union staff; on Sunday, it filled this new seat with senior system administrator Ian Kelling.

FSF President Geoffrey Knauth describes the new seat:

The board and voting members look forward to having the participation of the staff via this designated seat in our future deliberations. This is an important step in the FSF's effort to recognize and support new leadership, to connect that leadership to the community, to improve transparency and accountability, and to build trust. There is still considerable work to be done, and that work will continue.

Knauth, who began serving in his current role as FSF president in August 2020, declared that it's only a temporary gig:

I commit myself to resign as an FSF officer, director, and voting member as soon as there is a clear path for new leadership assuring continuity of the FSFs mission and compliance with fiduciary requirements.

The elephant in the room that the FSF's remaining board members seem determined to ignore is the continued presence of Stallman himselfwho, along with the rest of the FSF board, will soon need to undergo its new "transparent, formal process for identifying [members] who are wise, capable, and committed to the FSF's mission."

It's probably worth re-examining the FSF's stated mission to understand its choice to reinstate Stallman, who has been widely panned as far too controversial to make an effective software evangelist.

The Free Software Foundation is working to secure freedom for computer users by promoting the development and use of free (as in freedom) software and documentationparticularly the GNU operating systemand by campaigning against threats to computer user freedom like Digital Restrictions Management (DRM) and software patents.

Although this statement leads with "promoting development and use of [free software]," it immediately veers off into the Stallman-esque weeds with an implicit declaration that the GNU toolkit is an entire "operating system." From there, it moves into "campaigning against" perceived enemies of software freedom rather than campaigning for that freedom itself.

The next section, "Our Core Work," moves on from promotion entirely, which we'll summarize here with one bullet point per paragraph:

We suspect that closely examining the FSF's own mission statementsas opposed to simply assuming its missionanswers many of the questions about RMS' return. The FSF describes itself as an organization far more concerned with maintaining a part of history it holds dearand attacking its perceived enemies, whether real or notthan with discovery, outreach, and mentorship to new faces in free software.

Read more:
Red Hat withdraws from the Free Software Foundation after Stallmans return - Ars Technica

The aftermath of Richard Stallman rejoining the Free Software Foundation (FSF) continues as a long-time donor and contributor suspends its funding to the foundation. Red Hat announced that it will suspend any Red Hat funding to the FSF and any FSF-related event. Red Hat contributors have also announced they plan to stop participating in FSF-led or backed events.

The company announced that it was appalled to learn that Stallman had rejoined the foundations board of directors.

While the FSF says it is taking steps to adopt a transparent and formal process to identifying board candidates and appointing new members, Red Hat doesnt believe this signals any meaningful commitment to positive change.

RELATED CONTENT: The free software community calls for the removal of entire FSF board

In 2019, we called on the FSF board to use the opportunity created by Stallmans departure to transition to a more diverse, inclusive board membership. The FSF took only limited steps in this direction. Richard Stallmans return has reopened wounds we had hoped would slowly heal after his departure. We believe that in order to regain the confidence of the broader free software community, the FSF should make fundamental and lasting changes to its governance, the company stated.

If the FSF can change and once again go back to being an effective and trusted organization, Red Hat will reconsider its funding.

Continued here:
Red Hat suspends funding to the Free Software Foundation - SDTimes.com