Technology Elite Hackers: Stealing NSA Secrets Is ‘Child’s Play’

06:38  12 october  2017
06:38  12 october  2017 Source:   thedailybeast.com

'Glee' actor Mark Salling admits to possessing child porn

  'Glee' actor Mark Salling admits to possessing child porn LOS ANGELES - Former "Glee" actor Mark Salling has reached a deal with prosecutors to plead guilty to possession of child pornography. The plea agreement filed Tuesday in federal court in Los Angeles states the actor is admitting he possessed images of prepubescent children. The plea agreement filed Tuesday in federal court in Los Angeles states the actor is admitting he possessed images of prepubescent children. The agreement states a search warrant found more than 50,000 images of child porn on Salling's computer and a thumb drive.

One source described removing data from a TAO facility as “ child ’ s play .” The Daily Beast granted the sources anonymity to talk candidly about the NSA ’s security practices. TAO is not your average band of hackers .

The National Security Agency ’s hackers have a problem. Last week, multiple outlets reported that its elite Tailored Access Operations One source described removing data from a TAO facility as “ child ’ s play .” Experts granted the sources anonymity to talk candidly about the NSA ’s security practices.

  Elite Hackers: Stealing NSA Secrets Is ‘Child’s Play’ © Photo Illustration by The Daily Beast The NSA’s hackers have a problem.

Last week, multiple outlets reported that the NSA’s elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach. The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations, according to the Washington Post. It’s potentially the fourth large scale incident at the NSA to be revealed in the last five years.

Now, multiple sources with direct knowledge of TAO’s security procedures in the recent past tell The Daily Beast just how porous some of the defenses were to keep workers from stealing sensitive information—either digitally or by simply walking out of the front door with it.

University of Regina probing grade 'irregularities' in faculty of engineering

  University of Regina probing grade 'irregularities' in faculty of engineering The University of Regina is investigating the possibility that one or more students hacked into its computers in order to adjust grades, confirming a tip received by CBC's iTeam.Officials are "investigating irregularities in the grades of four classes in the Faculty of Engineering," Kim McKechney, associate VP of external relations, wrote in an email.

TAO is the tip of the NSA ’ s offensive hacking spear. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses.

thedailybeast.com/ elite - hackers - stealing - nsa - secrets - is -childs- play . Kirstjen Nielsen on child separation: Our message is simple -- if you enter the U. S . illegally you'l. "Armed bystander" ends carjacking spree terminally.

One source described removing data from a TAO facility as “child’s play.” The Daily Beast granted the sources anonymity to talk candidly about the NSA’s security practices.

TAO is not your average band of hackers. Its operations have included digging into China’s networks, developing the tools British spies used to break into Belgium’s largest telecom, and hacking sections of the Mexican government. While other parts of the NSA may focus on tapping undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA’s offensive hacking spear, and could have access to much more sensitive information ripped from adversaries’ closed networks. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses—the sort of tools that could wreak havoc if they fell into the wrong hands.

New Zealand tip leads to arrest of Winnipeg man

  New Zealand tip leads to arrest of Winnipeg man Winnipeg police have arrested a man following a tip from New Zealand. On Thursday, the Winnipeg Police Service Internet Child Exploitation (ICE) unit was notified of an investigation involving the New Zealand Digital Child Exploitation Team. New Zealand police reported that between Sept. 26 - 26, 2017 several images of child sexual abuse were shared in an online chat room by a man from an IP address in Winnipeg.

← Liberals and conservatives call on Trump to reject JFK assassination secrecy . DHS Now Won’t Say How Many Federal Agencies Use Kaspersky Software →.

If the NSA was to lock down TAO systems more ferociously, that could hamper TAO’ s ability to effectively build tools and capabilities in the first place, and two of the sources emphasised that excessive searches would likely create a recruiting problem for the agency .

That doesn’t mean those tools are locked down, though. “TAO specifically had a huge amount of latitude to move data between networks,” the first source, who worked at the unit after Edward Snowden’s mega-leak, said. The former employee said TAO limited the number of USB drives—which could be used to steal data—after that 2013 breach, but he still had used several while working at TAO.

“Most operators knew how they could get anything they wanted out of the classified nets and onto the internet if they wanted to, even without the USB drives,” the former TAO employee said.

A second source, who also worked at TAO, told The Daily Beast, “most of the security was your co-workers checking to see that you had your badge on you at all times.”

The NSA—and recently TAO in particular—have suffered a series of catastrophic data breaches. On top of the Snowden incident and this newly-scrutinized 2015 breach, NSA contractor Hal Martin allegedly hoarded a trove of computer code and documents from the NSA and other agencies in the U.S. Intelligence Community. Martin worked with TAO, and he ended up storing the material in his car and residence, according to prosecutors. Like Snowden, Martin was a contractor and not an employee of the NSA, as was Reality Winner, who allegedly leaked a top-secret report about Russian interference in the U.S. election to news site The Intercept.

Catholic high school teacher facing sexual exploitation charges

  Catholic high school teacher facing sexual exploitation charges Catholic high school teacher facing sexual exploitation chargesToronto police said a search warrant was executed in the area of Bloor St. W. and Lansdowne Ave. on Thursday.

The leak provided an unprecedented look into the actual tools that the NSA uses to hack its targets, and in the process, put the spotlight on a little-known team that works inside the spy agency —its elite - hacking unit. Let' s Play NSA ! The Hackers Open-Sourcing Top Secret Spy Tools.

Russian government-backed hackers stole highly classified U. S . cyber secrets in 2015 from the National Security Agency after a In a later story, The Washington Post said the employee had worked at the NSA ’ s Tailored Access Operations unit for elite hackers before he was fired in 2015.

Then there’s the incident now in the news. Israeli operatives broke into the systems of the Russian cybersecurity firm Kaspersky Lab, officials told The Washington Post. On those systems were samples of sophisticated NSA hacking tools; a TAO employee had brought them home and placed them on his home computer. That machine was running Kasperky software, which allegedly sent the NSA tools back to Moscow.

It’s not totally clear how the breach overlaps with any others, but in 2016, a group called The Shadow Brokers started publishing full NSA exploit and tool code. Various hackers went on to incorporate a number of the dumped exploits in their own campaigns, including some designed to break into computers and mine digital currency, as well as the WannaCry ransomware, which crippled tens of thousands of computers around the world. (A handful of other, smaller NSA-related disclosures, including a catalogue of TAO hacking gear from 2007 and 2008, as well as intelligence intercepts, were not attributed to the Snowden documents, and the public details around where that information came from are muddy.)

Google launches advanced Gmail security features for high-risk users

  Google launches advanced Gmail security features for high-risk users Google Inc said on Tuesday that it would roll out an advanced protection program in order to provide stronger security for some users such as government officials and journalists who are at a higher risk of being targeted by hackers. The internet giant said that users of the program would have their account security continuously updated to deal with emerging threats.The company said it would initially provide three defenses against security threats, which include blocking fraudulent account access and protection against phishing.

Joseph Cox 184d ago. New: TAO sources describe how easy it is to steal data from the elite NSA hacking unit. One said it’s “ child ’ s play ” thedailybeast.com/ elite - hackers -… pic.twitter.com/YDGhLOENud.

WASHINGTON (Reuters) - Russian government-backed hackers stole highly classified U. S . cyber secrets in 2015 from the National Security In a later story, The Washington Post said the employee had worked at the NSA ' s Tailored Access Operations unit for elite hackers before he was fired in 2015.

Although not a data breach per se, in 2015 Kaspersky publicly revealed details on the history and tools of the so-called Equation Group, which is widely believed to be part of the NSA. A third source, who worked directly with TAO, said the fallout from that exposure meant the hacking unit entered a “significant shutdown,” and “ran on minimum ops for months.”

Nevertheless, a report by the Defense Department’s inspector general completed in 2016 found that the NSA’s “Secure the Net” project—which aimed to restrict access to its most sensitive data after the Snowden breach—fell short of its stated aims. The NSA did introduce some improvements, but it didn’t effectively reduce the number of user accounts with ‘privileged’ access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts’ activities, the report reads.

Physical security wasn’t much better, at least at one TAO operator’s facility. He told The Daily Beast that there were “no bag checks or anything” as employees and contractors left work for the day—meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but “nobody cared what came out,” the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.

Privacy groups warn of perils in smartwatches for kids

  Privacy groups warn of perils in smartwatches for kids Smartwatches designed to help parents keep tabs on children could create privacy and security risks, activist and consumer groups said Wednesday as they called for probes by regulators. A coalition of child protection, consumer, and privacy groups asked the US Federal Trade Commission to investigate the risks posed to children by the devices and also called on retailers to stop selling the watches.The groups said consumer organizations in Europe were expected to file similar complaints with EU regulators.

Elite Hackers : Stealing NSA Secrets Is ‘ Child ’ s Play ’. The National Security Agency ’s hackers have a problem. Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking

The Wall Street Journal just published an incendiary article that says hackers working for the Russian government stole confidential material from a National The trove comprises as much as 75 percent of the exploits belonging to the Tailored Access Operations, the elite hacking NSA unit that develops

“If you have a thumb drive in your pocket, it’s going to get out,” they said.

Unsurprisingly, workers need to swipe keycards to access certain rooms. But, “in most cases, it’s pretty easy to get into those rooms without swipe access if you just knock and say who you’re trying to see,” the third source added.

To be clear, The Daily Beast’s sources described the state of security up to 2015—not today. Things may have improved since then. And, of course, the NSA and TAO do of course have an array of security protections in place. TAO operators are screened and people on campus are already going to have a high level clearance, some of the sources stressed. The part of the NSA network that TAO uses, and which contains the unit’s tools, can only be accessed by those with a designated account, according to the source who worked with TAO. Two of the sources believed in the NSA’s ability to track down where a file came from after a breach.

Indeed, the system TAO members use to download their hacking tools for operations has become more heavily audited over the years too, although the network did have a known security issue, in which users could make their own account and automatically gain access to additional information, the source who worked with TAO said.

“The NSA operates in one of the most complicated IT environments in the world,” an NSA spokesperson told The Daily Beast in a statement. “Over the past several years, we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies.”

“We do not rely on only one initiative. Instead, we have undertaken a comprehensive and layered set of defensive measures to further safeguard operations and advance best practices,” the spokesperson added.

The problem of securing this data from the inside is not an easy one to solve. If the NSA was to lock down TAO systems more ferociously, that could hamper TAO’s ability to effectively build tools and capabilities in the first place, and two of the sources emphasised that excessive searches would likely create a recruiting problem for the agency. “It’s not prison,” one of the former TAO employees said.

“The security is all predicated on you having a clearance and being trusted,” the source who has worked with TAO said.

“The system is just not setup to protect against someone with a clearance who is determined to go rogue,” they added.

Google will pay hackers who find flaws in top Android apps .
Google is probably hoping to raise the quality of apps in the Play store by launching a new bug bounty program that's completely separate from its existing one. Google promises $1,000 for every issue that meets its criteria, but bounty hunters can't simply choose a spammy app (of which there are plenty on the Play Store) to cash in. For now, they can only get a grand if they can find an eligible flaw in Dropbox, Duolingo, Line, Snapchat, Tinder, Alibaba, Mail.ru and Headspace. Google plans to invite more app developers in the future, but they have to be willing to patch any vulnerabilities found...

—   Share news in the SOC. Networks

Topical videos:

This is interesting!