Technology Elite Hackers: Stealing NSA Secrets Is ‘Child’s Play’

06:38  12 october  2017
06:38  12 october  2017 Source:   The Daily Beast

'Glee' actor Mark Salling admits to possessing child porn

  'Glee' actor Mark Salling admits to possessing child porn LOS ANGELES - Former "Glee" actor Mark Salling has reached a deal with prosecutors to plead guilty to possession of child pornography. The plea agreement filed Tuesday in federal court in Los Angeles states the actor is admitting he possessed images of prepubescent children. The plea agreement filed Tuesday in federal court in Los Angeles states the actor is admitting he possessed images of prepubescent children. The agreement states a search warrant found more than 50,000 images of child porn on Salling's computer and a thumb drive.

exclusive. Get Out. Elite Hackers : Stealing NSA Secrets Is ‘ Child ’ s Play ’. Like Snowden, Martin was a contractor and not an employee of the NSA , as was Reality Winner, who allegedly leaked a top- secret report about Russian interference in the U.S. election to news site The Intercept.

Joseph Cox Posted at 4:20 pm on October 11, 2017. thedailybeast.com/ elite - hackers - stealing - nsa - secrets - is -childs- play .

  Elite Hackers: Stealing NSA Secrets Is ‘Child’s Play’ © Photo Illustration by The Daily Beast The NSA’s hackers have a problem.

Last week, multiple outlets reported that the NSA’s elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach. The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations, according to the Washington Post. It’s potentially the fourth large scale incident at the NSA to be revealed in the last five years.

Now, multiple sources with direct knowledge of TAO’s security procedures in the recent past tell The Daily Beast just how porous some of the defenses were to keep workers from stealing sensitive information—either digitally or by simply walking out of the front door with it.

University of Regina probing grade 'irregularities' in faculty of engineering

  University of Regina probing grade 'irregularities' in faculty of engineering The University of Regina is investigating the possibility that one or more students hacked into its computers in order to adjust grades, confirming a tip received by CBC's iTeam.Officials are "investigating irregularities in the grades of four classes in the Faculty of Engineering," Kim McKechney, associate VP of external relations, wrote in an email.

How Russian Hackers Stole NSA Secret Info With The Help Of Kaspersky Antivirus. Hacking Gmail – Hackers Elite Ebook PDF. Kulshreshtha Verma - August 13, 2017.

Russian hackers supposedly used popular antivirus software to steal NSA secrets . Although what role Kaspersky played in the breach is not entirely clear, US officials believe antivirus scan performed by Kaspersky Lab’ s security software on the contractor' s computer helped Russian hackers in

One source described removing data from a TAO facility as “child’s play.” The Daily Beast granted the sources anonymity to talk candidly about the NSA’s security practices.

TAO is not your average band of hackers. Its operations have included digging into China’s networks, developing the tools British spies used to break into Belgium’s largest telecom, and hacking sections of the Mexican government. While other parts of the NSA may focus on tapping undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA’s offensive hacking spear, and could have access to much more sensitive information ripped from adversaries’ closed networks. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses—the sort of tools that could wreak havoc if they fell into the wrong hands.

New Zealand tip leads to arrest of Winnipeg man

  New Zealand tip leads to arrest of Winnipeg man Winnipeg police have arrested a man following a tip from New Zealand. On Thursday, the Winnipeg Police Service Internet Child Exploitation (ICE) unit was notified of an investigation involving the New Zealand Digital Child Exploitation Team. New Zealand police reported that between Sept. 26 - 26, 2017 several images of child sexual abuse were shared in an online chat room by a man from an IP address in Winnipeg.

Russian government-backed hackers stole highly classified US cyber secrets from the National Security Agency in 2015 after a contractor In a later story, The Washington Post said the employee had worked at the NSA ’ s Tailored Access Operations unit for elite hackers before he was fired in 2015.

blog 'chrishunt.blogdetik.com' is not exists.

That doesn’t mean those tools are locked down, though. “TAO specifically had a huge amount of latitude to move data between networks,” the first source, who worked at the unit after Edward Snowden’s mega-leak, said. The former employee said TAO limited the number of USB drives—which could be used to steal data—after that 2013 breach, but he still had used several while working at TAO.

“Most operators knew how they could get anything they wanted out of the classified nets and onto the internet if they wanted to, even without the USB drives,” the former TAO employee said.

A second source, who also worked at TAO, told The Daily Beast, “most of the security was your co-workers checking to see that you had your badge on you at all times.”

The NSA—and recently TAO in particular—have suffered a series of catastrophic data breaches. On top of the Snowden incident and this newly-scrutinized 2015 breach, NSA contractor Hal Martin allegedly hoarded a trove of computer code and documents from the NSA and other agencies in the U.S. Intelligence Community. Martin worked with TAO, and he ended up storing the material in his car and residence, according to prosecutors. Like Snowden, Martin was a contractor and not an employee of the NSA, as was Reality Winner, who allegedly leaked a top-secret report about Russian interference in the U.S. election to news site The Intercept.

Catholic high school teacher facing sexual exploitation charges

  Catholic high school teacher facing sexual exploitation charges Catholic high school teacher facing sexual exploitation chargesToronto police said a search warrant was executed in the area of Bloor St. W. and Lansdowne Ave. on Thursday.

The website you were trying to reach is temporarily unavailable. If you are the owner of this website, please contact Technical Support as soon as possible.

WASHINGTON: Russian government-backed hackers stole highly classified US cyber secrets in 2015 from the National Security Agency after a In a later story, The Washington Post said the employee had worked at the NSA ' s Tailored Access Operations unit for elite hackers before he was fired in 2015.

Then there’s the incident now in the news. Israeli operatives broke into the systems of the Russian cybersecurity firm Kaspersky Lab, officials told The Washington Post. On those systems were samples of sophisticated NSA hacking tools; a TAO employee had brought them home and placed them on his home computer. That machine was running Kasperky software, which allegedly sent the NSA tools back to Moscow.

It’s not totally clear how the breach overlaps with any others, but in 2016, a group called The Shadow Brokers started publishing full NSA exploit and tool code. Various hackers went on to incorporate a number of the dumped exploits in their own campaigns, including some designed to break into computers and mine digital currency, as well as the WannaCry ransomware, which crippled tens of thousands of computers around the world. (A handful of other, smaller NSA-related disclosures, including a catalogue of TAO hacking gear from 2007 and 2008, as well as intelligence intercepts, were not attributed to the Snowden documents, and the public details around where that information came from are muddy.)

Google launches advanced Gmail security features for high-risk users

  Google launches advanced Gmail security features for high-risk users Google Inc said on Tuesday that it would roll out an advanced protection program in order to provide stronger security for some users such as government officials and journalists who are at a higher risk of being targeted by hackers. The internet giant said that users of the program would have their account security continuously updated to deal with emerging threats.The company said it would initially provide three defenses against security threats, which include blocking fraudulent account access and protection against phishing.

Home » Cyber News » Russian hackers stole U. S . cyber secrets from NSA . In a later story, The Washington Post said the employee had worked at the NSA ’ s Tailored Access Operations unit for elite hackers before he was fired in 2015.

blog 'andrewlowry.blogdetik.com' is not exists.

Although not a data breach per se, in 2015 Kaspersky publicly revealed details on the history and tools of the so-called Equation Group, which is widely believed to be part of the NSA. A third source, who worked directly with TAO, said the fallout from that exposure meant the hacking unit entered a “significant shutdown,” and “ran on minimum ops for months.”

Nevertheless, a report by the Defense Department’s inspector general completed in 2016 found that the NSA’s “Secure the Net” project—which aimed to restrict access to its most sensitive data after the Snowden breach—fell short of its stated aims. The NSA did introduce some improvements, but it didn’t effectively reduce the number of user accounts with ‘privileged’ access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts’ activities, the report reads.

Physical security wasn’t much better, at least at one TAO operator’s facility. He told The Daily Beast that there were “no bag checks or anything” as employees and contractors left work for the day—meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but “nobody cared what came out,” the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.

Privacy groups warn of perils in smartwatches for kids

  Privacy groups warn of perils in smartwatches for kids Smartwatches designed to help parents keep tabs on children could create privacy and security risks, activist and consumer groups said Wednesday as they called for probes by regulators. A coalition of child protection, consumer, and privacy groups asked the US Federal Trade Commission to investigate the risks posed to children by the devices and also called on retailers to stop selling the watches.The groups said consumer organizations in Europe were expected to file similar complaints with EU regulators.

The attack, which was carried out in 2015 but discovered only last year, has been considered by experts as "one of the most significant security breaches in recent years." Russian Hackers Stole NSA Secrets : Here' s How It Happened.

blog 'kimgreene.blogdetik.com' is not exists.

“If you have a thumb drive in your pocket, it’s going to get out,” they said.

Unsurprisingly, workers need to swipe keycards to access certain rooms. But, “in most cases, it’s pretty easy to get into those rooms without swipe access if you just knock and say who you’re trying to see,” the third source added.

To be clear, The Daily Beast’s sources described the state of security up to 2015—not today. Things may have improved since then. And, of course, the NSA and TAO do of course have an array of security protections in place. TAO operators are screened and people on campus are already going to have a high level clearance, some of the sources stressed. The part of the NSA network that TAO uses, and which contains the unit’s tools, can only be accessed by those with a designated account, according to the source who worked with TAO. Two of the sources believed in the NSA’s ability to track down where a file came from after a breach.

Indeed, the system TAO members use to download their hacking tools for operations has become more heavily audited over the years too, although the network did have a known security issue, in which users could make their own account and automatically gain access to additional information, the source who worked with TAO said.

“The NSA operates in one of the most complicated IT environments in the world,” an NSA spokesperson told The Daily Beast in a statement. “Over the past several years, we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies.”

“We do not rely on only one initiative. Instead, we have undertaken a comprehensive and layered set of defensive measures to further safeguard operations and advance best practices,” the spokesperson added.

The problem of securing this data from the inside is not an easy one to solve. If the NSA was to lock down TAO systems more ferociously, that could hamper TAO’s ability to effectively build tools and capabilities in the first place, and two of the sources emphasised that excessive searches would likely create a recruiting problem for the agency. “It’s not prison,” one of the former TAO employees said.

“The security is all predicated on you having a clearance and being trusted,” the source who has worked with TAO said.

“The system is just not setup to protect against someone with a clearance who is determined to go rogue,” they added.

Google will pay hackers who find flaws in top Android apps .
Google is probably hoping to raise the quality of apps in the Play store by launching a new bug bounty program that's completely separate from its existing one. Google promises $1,000 for every issue that meets its criteria, but bounty hunters can't simply choose a spammy app (of which there are plenty on the Play Store) to cash in. For now, they can only get a grand if they can find an eligible flaw in Dropbox, Duolingo, Line, Snapchat, Tinder, Alibaba, Mail.ru and Headspace. Google plans to invite more app developers in the future, but they have to be willing to patch any vulnerabilities found...

—   Share news in the SOC. Networks

Topical videos:

This is interesting!