Posts Tagged ‘Snowden’

NSA Director Mike Rogers Could Be Removed in Restructuring

November 21, 2016

.

By LUIS MARTINEZ and BENJAMIN SIEGEL

President Obama is considering a recommendation by Defense Secretary Ash Carter and Director of National Intelligence James Clapper to separate the commands of the National Security Agency and U.S. Cyber Command that could lead to the removal of Admiral Mike Rogers who heads both commands.

Rogers’ potential removal as the head of the National Security Agency was first reported by the Washington Post.

The White House, the Defense Department and the Office of the Director of National Intelligence declined to comment on the reports.

According to a U.S. official, in September Carter and Clapper recommended to Obama a split between the commands of the National Security Agency and U.S. Cyber Command that would result in the removal of Admiral Mike Rogers as the head of both commands.

The NSA is responsible for collecting international signals intelligence. U.S. Cyber Command (CYBERCOM) is responsible for the defense of military computer networks, but can also conduct offensive cyber operations, as it has done recently against ISIS’ cyber networks.

If the recommendation to split the commands is approved it could result in separate individuals respectively heading the NSA and Cyber Command. Rogers assumed leadership of both commands in April, 2014, a term that would likely end next April.

In an unusual move, on Thursday Rogers met with President-elect Donald Trump. No readout was given of what they discussed.

Should U.S. Cyber Command become a new combatant command, it would be up to the Defense Secretary to recommend the four star officer to head the new head of the command. Though it is a four star command, in a complex arrangement U.S. Cyber Command falls under U.S. Strategic Command, one of the nine combatant commands.

If President Obama agrees with the recommendation, Admiral Rogers or another military officer could be named to head Cyber Command and a civilian could head the NSA.

A new head of the NSA would require the input of both the Defense Secretary and the Director of National Intelligence.

In response to the possibility that Rogers could be removed as the head of the NSA, Rep. Devin Nunes, R-California, chairman of the House Permanent Select Committee on Intelligence, sent a letter to Carter and Clapper praising Rogers performance.

“Since Admiral Rogers was appointed as NSA Director in April 2014, I have been consistently impressed with his leadership and accomplishments,” Nunes said. “His professionalism, expertise and deckplate leadership have been remarkable during an extremely challenging period for NSA. I know other members of Congress hold him in similarly high esteem.”

Nunes asked Carter and Clapper “to provide a full explanation of the allegations contained in the Post article” and said he would convene an open hearing “at the earliest possible opportunity.”

“I’ll give them the benefit of the doubt if they can provide documentation and correspondence where they’ve had concerns with the admiral’s performance,” Nunes said in an interview with ABC News. “My guess is, I’ll hear crickets.”

The California Republican says he believes the leak behind the initial story was “100-percent politically motivated,” following Rogers visit with Trump in New York City, and referred to the administration, Defense Department the Office of the Director of National Intelligence as “sad, pathetic losers” for the charges about Rogers’s performance.

Nunes, who is a member of Trump’s transition team, said Rogers would be a “qualified candidate” to join the incoming administration.

Of the debate over separating the commands of the NSA and U.S. Cyber Command, Nunes said the issue is “quite complicated” and “not something that should be rushed into.”

.

 (March 2013)

 (December 2014)

 (June 2015)

Related articles prior to June 2015:

China's newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military's F-22 Raptor

China’s newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military’s F-22 Raptor

.

.

.
.
.
.

 (China has a pattern of silencing or censoring critics)

Pentagon, Intelligence Chiefs Push to Oust NSA Director

November 20, 2016

Adm. Michael Rogers is being considered for an intelligence post in Trump administration

Adm. Michael Rogers, head of the National Security Agency, shown at the Wall Street Journal CEO Council on Nov. 15.

Adm. Michael Rogers, head of the National Security Agency, shown at the Wall Street Journal CEO Council on Nov. 15. PHOTO: PAUL MORSE FOR THE WALL STREET JOURNAL

.

Nov. 19, 2016 9:54 p.m. ET

WASHINGTON—The U.S. government’s top military and intelligence leaders have recommended that President Barack Obama remove National Security Agency Director Adm. Michael Rogers from office, several people familiar with the matter said, amid questions about his leadership.

The call for his ouster, which came a month ago, is a rare rebuke of a top military commander, particularly when he is being considered for a senior intelligence post in the Trump administration.

Defense Secretary Ash Carter and Director of National Intelligence James Clapper have recommended that Mr. Obama direct Adm. Rogers to leave his command, the people familiar with the matter said. Adm. Rogers has served in the Navy since 1981 and leads both the NSA and Cyber Command.

Adm. Rogers declined to comment. Spokesmen for the Pentagon and Office of the Director of National Intelligence also declined to comment. The effort to oust Adm. Rogers was first reported Saturday by the Washington Post.

The NSA is going through a turbulent period. The agency is a division of the military that conducts spying and surveillance against foreign targets and came under heavy pressure following the Sept. 11, 2001, terror attacks to detect and intercept new plots. But its mandate was secretly expanded following those attacks, and it swept up and stored the telephone records of millions of Americans.

This surveillance expansion was revealed in 2013 by former NSA contractor Edward Snowden, which led to a public backlash against the agency. Adm. Rogers assumed command in 2014 and was charged with reforming the NSA, improving morale and responding to the new threats posed by Islamic militants.

But he is also the leader of the Pentagon’s Cyber Command, which Mr. Carter revealed earlier this year had begun offensive missions—essentially, computerized attacks—against Islamic State in an effort to disrupt the intelligence network.

Adm. Rogers’s critics say the agency wasn’t able to handle the simultaneous tasks of defending the U.S. military from cyberattacks, conducting cyberattacks of its own and collecting information through surveillance activities amid intense public scrutiny. But his supporters say Adm. Rogers was doing the best he could given the competing missions and directives, particularly as the federal government fumbled to find a way to deter foreign countries from using digital attacks against the U.S.

The NSA has faced other challenges in recent months. In October, the Justice Department charged a former NSA and Pentagon contractor with stealing thousands of pages of classified documents and digital records that included the identities of U.S. spies and secret programs. Even though the man charged in the case, Harold Miller, was accused of stealing the records over two decades, it became another embarrassment for the NSA and its ability to protect secrets, particularly after Mr. Snowden’s revelations forced the agency to rethink how it prevents leaks.

The White House and national security officials have spent months studying whether to split the NSA and Cyber Command apart, essentially having two leaders run the agencies separately instead of one. This has been a source of tension between Adm. Rogers and Messrs. Carter and Clapper, the people familiar with the matter said.

The White House was expected to push for the agencies to split on Dec. 1. That date was moved up, to Oct. 1, in an effort to expedite the changes. But the plan was shelved following pushback from Senate Armed Services Committee Chairman John McCain (R., Ariz.), people familiar with the matter said.

Following the Washington Post report, House Intelligence Committee Chairman Devin Nunes (R., Calif.) sent a letter to Messrs. Carter and Clapper, calling for more information about their reported push to have Adm. Rogers removed.

“Since Admiral Rogers was appointed as NSA Director in April 2014, I have been consistently impressed with his leadership and accomplishments,” Mr. Nunes wrote. “His professionalism, expertise and deckplate leadership have been remarkable during an extremely challenging period for NSA. I know other members of Congress hold him in similarly high esteem.”

He directed both Messrs. Carter and Clapper to notify him no later than Monday when they would be able to testify before Congress about their push to remove Adm. Rogers.

Mr. Nunes is on the transition team advising President-elect Donald Trump on how to build his national security team, and Mr. Trump’s top national security adviser, retired Lt. Gen. Mike Flynn, is close to Adm. Rogers. Mr. Trump met with Adm. Rogers on Thursday, and he is a leading candidate to take over Mr. Clapper’s job as the next director of national intelligence, people familiar with the matter said.

Earlier this week, Adm. Rogers in a public appearance repeated U.S. intelligence conclusions that Moscow sought to tamper with U.S. elections by hacking into mailboxes of the Democratic National Committee and dumping their contents in the weeks before voting.

“This was not something that was done by chance, this was not a target that was selected purely arbitrarily,” he said in a question-and-answer session at a Wall Street Journal conference in Washington, D.C. “This was a conscious effort by a nation state to attempt to achieve a specific effect.”

Write to Damian Paletta at damian.paletta@wsj.com and Carol E. Lee at carol.lee@wsj.com

http://www.wsj.com/articles/pentagon-intelligence-chiefs-push-to-oust-nsa-director-1479610439

***************************

Pentagon and intelligence community chiefs have urged Obama to remove the head of the NSA

The Washington Post
November 19 at 2:15 PM
.
The heads of the Pentagon and the nation’s intelligence community have recommended to President Obama that the director of the National Security Agency, Adm. Michael S. Rogers, be removed.The recommendation, delivered to the White House last month, was made by Defense Secretary Ashton B. Carter and Director of National Intelligence James R. Clapper Jr., according to several U.S. officials familiar with the matter.

Action has been delayed, some administration officials said, because relieving Rogers of his duties is tied to another controversial recommendation: to create separate chains of command at the NSA and the military’s cyberwarfare unit, a recommendation by Clapper and Carter that has been stalled because of other issues.

The news comes as Rogers is being considered by President-elect Donald Trump to be his nominee for director of national intelligence to replace Clapper as the official who oversees all 17 U.S. intelligence agencies. In a move apparently unprecedented for a military officer, Rogers, without notifying superiors, traveled to New York to meet with Trump on Thursday at Trump Tower. That caused consternation at senior levels of the administration, according to the officials, who spoke on the condition of anonymity to discuss internal personnel matters.

The White House, Pentagon and Office of the Director of National Intelligence declined to comment. The NSA did not respond to requests for comment. Carter has concerns with Rogers’s performance, officials said. The driving force for Clapper, meanwhile, was the separation of leadership roles at the NSA and U.S. Cyber Command, and his stance that the NSA should be headed by a civilian.

In a speech before the National Press Club on July 16, the director of the National Security Agency, Adm. Michael S. Rogers said that the agency is increasingly involved in responding to cyber threats. (C-SPAN)

Rep. Devin Nunes (R-Calif.), chairman of the House Intelligence Committee, on Saturday sent Clapper and Carter a letter defending Rogers. “I have been consistently impressed with his leadership and accomplishments,” said Nunes, who is also a member of Trump’s transition team. “His professionalism, expertise and deckplate leadership have been remarkable during an extremely challenging period for NSA. I know other members of Congress hold him in similarly high esteem.”

Rogers, 57, took the helm of the NSA and Cyber Command in April 2014 in the wake of revelations by a former intelligence contractor of broad surveillance activities that shook public confidence in the agency. The contractor, Edward Snowden, had secretly downloaded vast amounts of digital documents that he shared with a handful of journalists. His disclosures prompted debate over the proper scale of surveillance and led to some reforms.

But they also were a black eye for an agency that prides itself on having the most skilled hackers and cybersecurity professionals in government. Rogers was charged with making sure another insider breach never happened again.

Instead, in the past year and a half, officials have discovered two major compromises of sensitive hacking tools by personnel working at the NSA’s premier hacking unit: the Tailored Access Operations. One involved a Booz Allen Hamilton contractor, Harold T. Martin III, who is accused of carrying out the largest theft of classified government material. Although some of his activity took place before Rogers arrived and at other agencies, some of it — including the breach of some of the most sensitive tools — continued on Rogers’s watch, the officials said.

Martin’s alleged theft was discovered when some of the tools he is accused of stealing were mysteriously released online in August. They included computer code based on obscure software flaws that could be used to take control of firewalls and networks — what one former TAO operator called “the keys to the kingdom.”

Martin, who moved from the NSA to a job in a Defense Department acquisitions agency last year, was arrested in August. The news broke last month.

But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not believed to have shared the material with another country, the official said.

Rogers was put on notice by his two bosses — Clapper and Carter — that he had to get control of internal security and improve his leadership style. There have been persistent complaints from NSA personnel that Rogers is aloof, frequently absent and does not listen to staff input. The NSA is an intelligence agency but part of the Defense Department, hence the two overseers.

FBI agents investigating the Martin breach were appalled at how lax security was at the TAO, officials said. “[Rogers] is a guy who has been at the helm of the NSA at the time of some of the most egregious security breaches, most recently Hal Martin,” a senior administration official said. “Clearly it’s a sprawling bureaucracy . . . but I think there’s a compelling case that can be made that some of the safeguards that should have been put in place were either not fully put in place or not implemented properly.”

At the same time, Rogers has not impressed Carter with his handling of U.S. Cyber Command’s cyberoffensive against the Islamic State. Over the past year or so, the command’s operations against the terrorist group’s networks in Syria and Iraq have not borne much fruit, officials said. In the past month, military hackers have been successful at disrupting some Islamic State networks, but it was the first time they had done that, the officials said.

The expectation had been that Rogers would be replaced before the Nov. 8 election, but as part of an announcement about the change in leadership structure at the NSA and Cyber Command, a second administration official said.

“It was going to be part of a full package,” the official said. “The idea was not for any kind of public firing.” In any case, Rogers’s term at the NSA and Cyber Command is due to end in the spring, officials said.

The president would then appoint an acting NSA director, enabling his successor to nominate their own person. But a key lawmaker, Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, threatened to block any such nominee if the White House proceeded with the plan to split the leadership at the NSA and Cyber Command.

The rationale for splitting what is called the “dual-hat” arrangement is that the agencies’ missions are fundamentally different, that the nation’s cyberspies and military hackers should not be competing to use the same networks, and that the job of leading both organizations is too big for one person.

But McCain is concerned that placing Cyber Command under its own leadership will hinder its effectiveness, as it is highly dependent on the NSA for capabilities.

Meanwhile, in February, Rogers announced a major reorganization, which he called NSA21, at the NSA to better adapt to the digital age. He has merged the agency’s spying and hacking arms with its computer-security division into one Directorate of Operations. That reorganization has only intensified the discontent that has marked Rogers’s tenure at the agency, current and former officials said.

“The morale is horrible,” one former senior official said. Especially during a period of change, a leader needs to be present, the official said. “Any leader knows that when you institute change, you have to be there. You have to help heal the wounds, be very active. He was not.”

But Saxby Chambliss, a former Republican senator from Georgia who served on the Select Committee on Intelligence, said that he thinks highly of Rogers. “When it comes to the world of cyber, there’s nobody more capable than Mike Rogers in the military world today,” he said.

Nonetheless, Rogers has seen other embarrassing network breaches on his watch. In 2013, Iranian hackers managed to penetrate the Navy’s unclassified network when Rogers was head of the 10th Fleet/Navy Cyber Command, the unit responsible for protecting the Navy’s networks. It took months to expel the attackers.

Rogers is a Navy cryptologist whose military career spans 35 years. He began his career as a surface-warfare officer in 1981. A Chicago native, he also has served as head of the Chairman’s Action Group, an in-house Pentagon think tank to advise on policy and long-term issues, under then-Chairman of the Joint Chiefs of Staff, Gen. Peter Pace, and as director of intelligence at Pacific Command and then on the Joint Staff.

NSA contractor arrested over ‘stolen secret code used to hack Russia’

October 6, 2016

.

The suspected theft raises fears of more damaging intelligence leaks just three years after the Edward Snowden affair

By Tim Walker US Correspondent
The Independent

The FBI has secretly arrested a National Security Agency (NSA) contractor suspected of stealing highly classified computer codes used to hack the computer systems of foreign governments including Russia and China, raising fears of another embarrassing intelligence leak to rival the Edward Snowden affair.

Law enforcement and intelligence sources told the New York Times that, like Mr Snowden, the contractor worked for consulting firm Booz Allen, which is behind many of the NSA’s most sensitive cyberoperations. In 2013, Mr Snowden leaked more than 1.5 million documents relating to the agency’s surveillance programmes, including some that targeted US citizens.

The contractor in this case was named in a criminal complaint announced by the Justice Department on Wednesday as Harold Thomas Martin III. Mr Martin, who lives in Glen Burnie, Maryland – around 10 miles from the NSA’s Fort Meade headquarters – has been in custody since his arrest on 27 August, according to the Associated Press.

 The National Security Agency campus in Fort Meade, Md.

In a raid on his property that month, authorities searched Mr Martin’s home, two storage sheds and his car, reportedly finding highly classified information there in both physical documents and digital files. He was charged with theft of government property, and with the unauthorised removal or retention of classified documents. Some of the information was classified as “sensitive compartmented” a level higher even than “top secret”.

Mr Martin at first denied having taken the materials, but later admitted that “he knew what he had done was wrong,” the complaint stated. An unnamed administration official told theTimes that there is so far little indication that his actions were “politically motivated”, and that he may have taken the documents and digital files before Mr Snowden’s leaks.

The 51-year-old contractor is suspected of stealing the NSA’s “source code” used to break into the computer networks of rival powers such as Russia, China, Iran and North Korea. The news comes as Mr Snowden, who is currently living in Russia, has been arguing for a pardon from the US amid the release of Snowden, a film about his case by director Oliver Stone.

 

Edward Snowden

This is huge. Did the FBI secretly arrest the person behind the reports NSA sat on huge flaws in US products?http://www.nytimes.com/2016/10/06/us/nsa-leak-booz-allen-hamilton.html 

N.S.A. Contractor Arrested in Possible New Theft of Secrets

The F.B.I. is investigating whether Harold T. Martin III, a National Security Agency contractor, stole and disclosed highly classified computer code, officials said.

nytimes.com

The information allegedly stolen in this case could have been the source for a 2013 report by Der Spiegel about the agency’s top hacking unit, which was not attributed to Mr Snowden’s leaks. It might also be related to a recent dump of stolen data by a hacking group called the “Shadow Brokers”, which included source code traced to the NSA and built to break into secure networks, such as those created by US IT infrastructure firms including Cisco.

Related:

WikiLeaks and Assange may have more emails? It isn’t over until the fat lady sings….

October 3, 2016

.

Ten years on, WikiLeaks and Assange as controversial as ever

AFP | October 3, 2016
.
WikiLeaks launched in January 2007, with Assange saying it would use encryption and a censorship-proof website to protect sources and publicise secret information. The site has since published more than 10 million leaked documents.
.
BERLIN: Celebrating its 10th anniversary this week, anonymous whistleblowing platform WikiLeaks can look back on a decade that saw it turn classified documents into global headlines and inspire a host of copycat leaks.
.
But with founder Julian Assange hiding in Ecuador’s London embassy to evade rape allegations and critics accusing the site of being manipulated by shadowy forces for political gain, the organisation is fighting to maintain its image.
.
An anniversary party in Berlin on Tuesday will commemorate the 2006 registration of the domain name wikileaks.org, while Assange will make a rare public appearance on the balcony of his 18-square-metre room.
.
WikiLeaks launched in January 2007, with Assange saying it would use encryption and a censorship-proof website to protect sources and publicise secret information.
.
The site has since published more than 10 million leaked documents.
.
It first caught the world’s attention when it released manuals for prison guards at Guantanamo Bay.
.
But it really hit its stride in 2010, unveiling logs of US military operations in Iraq and Afghanistan and a video showing a US helicopter crew mowing down a group of unarmed civilians — including two journalists — in Baghdad.
.
That same year it also published a cache of diplomatic cables from US embassies around the world, deeply embarrassing Washington.
.
“The most important single collection of material we have published is the US diplomatic cable series,” Assange told German news weekly Der Spiegel in an interview at the weekend.
.
‘Power-obsessed’
.
But 2010 also saw grave blows to the organisation.
.
Assange was accused of having sex with a woman while she was asleep after the two met at a Stockholm conference.
.
The white-haired WikiLeaks founder took refuge in the London embassy of Ecuador — which granted him political asylum in 2012 after he lost a legal battle to block his extradition to Sweden.
The 45-year-old has always maintained the allegations are false and has refused to travel to Stockholm for questioning due to concerns that Sweden will hand him over to the US to stand trial for espionage.
.
In September, staffer Daniel Domscheit-Berg quit WikiLeaks, accusing Assange of being “chaotic” and “power-obsessed” in a 2011 book.
.
“The press said WikiLeaks was the end of journalism and the beginning of something totally new,” Domscheit-Berg remembers of the “hype” of 2010.
.
But Assange’s abrasive style and insistence on publishing unredacted documents quickly grated on colleagues and journalists who worked with him.
.
“If an Afghan civilian helps coalition forces, he deserves to die,” Guardian investigative journalist Nick Davies later recalled Assange saying in an argument over whether to remove names from the war logs.
.
Domscheit-Berg suspects Assange’s inflexibility discouraged future sources from turning to the organisation.
.
In 2013, former US National Security Agency contractor Edward Snowden chose to leak documents exposing intelligence agencies’ mass surveillance programmes to selected journalists instead of offering the trove to WikiLeaks.
.
And many later whistleblowers have turned to other organisations.
.
The International Consortium of Investigative Journalists this year published stories based on data dumps from tax havens Panama and the Bahamas, while environmental group Greenpeace in May released documents from negotiations over a controversial US-EU free trade deal.
.
Tool for influence?
.
WikiLeaks caused a fresh stir in July when it leaked emails showing US Democratic Party officials favouring Hillary Clinton over left-winger Bernie Sanders in presidential primary elections, forcing high-ranking party members to resign.
.
After US intelligence organisations speculated that Russian hackers were behind the leak, some accused Assange of abetting a foreign power’s bid to influence the US election.
.
“We’re not going to start censoring our publications because there is a US election. Our role is to publish,” Assange told Spiegel magazine, pointing out that the site had also published documents relating to Russia and its President Vladimir Putin.
.
But Domscheit-Berg sees a danger in this publish-and-be-damned policy.
.
“Today people mostly go to WikiLeaks who see it as a tool, who want to instrumentalise it,” he said.
.
Assange himself is unmoved by criticisms of his organisation.
.
“We believe in what we’re doing,” he told Spiegel. “The attacks only make us stronger.”
.
.
*****************************
.
UPDATED: After canceling a planned announcement in London, Wikileaks founder Julian Assange is now planning to appear via video link Tuesday morning at Wikileak’s tenth anniversary celebration in Berlin.
.He’s a last-minute addition to the roster of festivities taking place this week in Germany.

According to @wikileaks, Julian Assange will appear via video link at Berlin press conference on Tuesday AM

Wikileaks used its Facebook page to confirm that Assange would speak at the event, which takes place at 3am Eastern time.

Sources close to the event tell Heat Street that Assange may be planning to release some new information his organization has obtained about the U.S. Democratic Party. But Heat Street has yet to receive independent confirmation that Assange plans to dump information specifically on Hillary Clinton.

The news that Assange plans to appear (remotely) in Berlin comes after Wikileaks abruptly canceled a much-anticipated announcement in London that was to be made from the balcony of London’s Ecuadorian Embassy, where Assange has sought sanctuary for years. The cancelation was first reported by NBC News. According to NBC’s Jesse Rodriguez, the announcement was canceled due to “security concerns”.

From 33,000 feet the world looks a little bit smaller. And now it feels it too, with the largest network of any airline.
The world’s greatest flyers fly American.
Ad by American Airlines

There had been widespread anticipating that Tuesday’s announcement might have been Assange’s long-promised document dump on Hillary Clinton.

Due to security concerns at the Ecuadorian Embassy, Julian Assange’s balcony announcement on Tues has been cancelled, per @wikileaks

 

Julian Assange set to make an announcement from his balcony in London next Tuesday, according to @WikiLeaks

Assange appeared on Fox News last month, repeating his assertion that Wikileaks has damaging documents on Clinton and suggested WikiLeaks may soon release “teasers”. More than three weeks later, that release has yet to take place.

Clinton’s more fervent opponents have hoped for weeks that the promised document dump would be an “October surprise” – damaging and revelatory emails or the like — and inflict a mortal wound on her campaign. There’s no evidence however that such damaging information even exists.

It was only this summer that Assange’s group leaked thousands of embarrassing emails from the Democratic National Committee which showed their disdain for Bernie Sanders’ insurgent campaign for the Democratic presidential nomination. The uproar over the disclosures forced DNC Chairwoman Debbie Wasserman-Schultz to resign in disgrace on the eve of the Democratic National Convention.

The political provocateur and bomb-thrower Roger Stone, a fervent Donald Trump supporter, predicted Sunday morning that Wikileaks’ revelations would doom Clinton’s campaign.

It’s unclear if Stone was aware that Wikileaks, according to NBC News, has canceled their Tuesday announcement.

Assange and his supporters have long claimed that his personal safety is at risk due to the danger he (supposedly) represents to Clinton’s presidential ambitions. In August, liberal commentator Bob Beckel suggested in a TV appearance that Assange be murdered, proclaiming that someone should “shoot the son of a bitch!”

Hillary Clinton strategist Bob Beckel called for WikiLeaks editor Julian Assange to be assassinated.

Assange himself has also recently hinted publicly that low-level DNC staffer Seth Rich, who was murdered this summer in Washington DC, had been the source for Wikileaks’ document dump on the DNC. And that Rich’s alleged role in the leaks was linked to his death.

There has been no evidence linking Rich to the leak and no evidence that his murder was anything more than a botched robbery.

Nonetheless, the Wikileaks’ cancellation of Tuesday’s announcement in London — and the scheduling of the Tuesday video link in Berlin — has anti-Clinton conspiracy theorists working up a frantic stew of speculation.

NSA whistleblower says DNC hack was not done by Russia, but by U.S. intelligence — U.S. intelligence community angry over Hillary Clinton’s compromise of national security data with her email use

August 2, 2016

“Hillary Clinton has endangered U.S. national security information and the lives of U.S. agents.”

Bloggers Predict More Hillary Clinton Email Revelations

NSA has all of Clinton’s “deleted” emails
.
On Aaron Klein’s Sunday radio program, “Aaron Klein Investigative Radio” (broadcast on New York’s AM 970 The Answer and Philadelphia’s NewsTalk 990 AM), US government whistleblower William Binney threw his hat into the DNC hack ring by stating that the Democratic National Committee’s server was not hacked by Russia but by a disgruntled U.S. intelligence worker.
.

The motivation of the hacker…concern over Hillary Clinton’s disregard of national security secrets when she used a personal email and consistently lied about it.

Binney was just getting started with revelations we are sure no main stream media news site will dare to cover. The“Putin did it” fairytale is just to easy for the sheep to follow.

Binney also proclaimed that the NSA has all of Clinton’s deleted emails, and the FBI could gain access to them if they so wished.  No need for Trump to ask the Russians for those emails, he can just call on the FBI or NSA to hand them over.

Breitbart reports further

Binney referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBI’s ability to access various secretive databases “to track down known and suspected terrorists.”

Stated Binney: “Now what he (Mueller) is talking about is going into the NSA database, which is shown of course in the (Edward) Snowden material released, which shows a direct access into the NSA database by the FBI and the CIA. Which there is no oversight of by the way. So that means that NSA and a number of agencies in the U.S. government also have those emails.”

“So if the FBI really wanted them they can go into that database and get them right now,” he stated of Clinton’s emails as well as DNC emails.

Asked point blank if he believed the NSA has copies of “all” of Clinton’s emails, including the deleted correspondence, Binney replied in the affirmative.

“Yes,” he responded. “That would be my point. They have them all and the FBI can get them right there.”

Binney surmised that the hack of the DNC could have been coordinated by someone inside the U.S. intelligence community angry over Clinton’s compromise of national security data with her email use.

And the other point is that Hillary, according to an article published by the Observer in March of this year, has a problem with NSA because she compromised Gamma material.  Now that is the most sensitive material at NSA. And so there were a number of NSA officials complaining to the press or to the people who wrote the article that she did that. She lifted the material that was in her emails directly out of Gamma reporting. That is a direct compromise of the most sensitive material at the NSA. So she’s got a real problem there. So there are many people who have problems with what she has done in the past. So I don’t necessarily look at the Russians as the only one(s) who got into those emails.

The Observer defined the GAMMA classification:

GAMMA compartment, which is an NSA handling caveat that is applied to extraordinarily sensitive information (for instance, decrypted conversations between top foreign leadership, as this was).

Zerohedge has some background on Binney, who is about as rock solid a security analyst as you could get.

Over a year before Edward Snowden shocked the world in the summer of 2013 with revelations that have since changed everything from domestic to foreign US policy but most of all, provided everyone  a glimpse into just what the NSA truly does on a daily basis, a former NSA staffer, and now famous whistleblower, William Binney, gave excruciating detail to Wired magazine about all that Snowden would substantiate the following summer.

We covered it in a 2012 post titled “We Are This Far From A Turnkey Totalitarian State” – Big Brother Goes Live September 2013.” Not surprisingly, Binney received little attention in 2012 – his suggestions at the time were seen as preposterous and ridiculously conspiratorial. Only after the fact, did it become obvious that he was right. More importantly, in the aftermath of the Snowden revelations, what Binney has to say has become gospel.

Binney was an architect of the NSA’s surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency. He referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBI’s ability to access various secretive databases “to track down known and suspected terrorists.”

Via:

http://www.zerohedge.com/news/2016-07-31/whistleblowers-stunning-claim-nsa-has-all-hillarys-deleted-emails-it-may-be-leak

http://www.breitbart.com/jerusalem/2016/07/31/exclusive-nsa-architect-agency-clintons-deleted-emails/

.
http://theduran.com/nsa-whistleblower-says-dnc-hack-not-done-russia-u-s-intelligence/
.
One blogger told Peace and Freedom“If Hillary Clinton ever saw it on a computer, we’ve got it.”

Hillary Clinton’s Damning Emails — Democrats Don’t Seem To Care

May 1, 2016

Before the Democrats lock in their choice for President, they might want to know if Hillary Clinton broke the law with her unsecure emails and may be indicted, a question that ex-CIA analyst Ray McGovern addresses.

Then-Secretary of State Hillary Rodham Clinton preparing to testify before the House Foreign Affairs Committee in 2012.  (Photo: House Committee on Foreign Affairs/flickr/cc)

.

A few weeks after leaving office, former Secretary of State Hillary Clinton may have breathed a sigh of relief and reassurance when Director of National Intelligence James Clapper denied reports of the National Security Agency eavesdropping on Americans. After all, Clinton had been handling official business at the State Department like many Americans do with their personal business, on an unsecured server.

In sworn testimony before the Senate Intelligence Committee on March 12, 2013, Clapper said the NSA was not collecting, wittingly, “any type of data at all on millions or hundreds of millions of Americans,” which presumably would have covered Clinton’s unsecured emails.

But NSA contractor Edward Snowden’s revelations — starting on June 5, 2013 — gave the lie to Clapper’s testimony, which Clapper then retracted on June 21 – coincidentally, Snowden’s 30th birthday – when Clapper sent a letter to the Senators to whom he had, well, lied. Clapper admitted his “response was clearly erroneous – for which I apologize.”  (On the chance you are wondering what became of Clapper, he is still DNI.)

I would guess that Clapper’s confession may have come as a shock to then ex-Secretary Clinton, as she became aware that her own emails might be among the trillions of communications that NSA was vacuuming up. Nevertheless, she found Snowden’s truth-telling a safer target for her fury than Clapper’s dishonesty and NSA’s dragnet.

In April 2014, Clinton suggested that Snowden had helped terrorists by giving “all kinds of information, not only to big countries, but to networks and terrorist groups and the like.” Clinton was particularly hard on Snowden for going to China (Hong Kong) and Russia to escape a vengeful prosecution by the U.S. government.

Clinton even explained what extraordinary lengths she and her people went to in safeguarding government secrets: “When I would go to China or would go to Russia, we would leave all my electronic equipment on the plane with the batteries out, because …they’re trying to find out not just about what we do in our government, they’re … going after the personal emails of people who worked in the State Department.” Yes, she said that. (emphasis added)

Hoisted on Her Own Petard

Alas, nearly a year later, in March 2015, it became known that during her tenure as Secretary of State she had not been as diligent as she led the American people to believe. She had used a private server for official communications, rather than the usual official State Department email accounts maintained on federal servers. Thousands of those emails would retroactively be marked classified – some at the TOP SECRET/Codeword level – by the department.

During an interview last September, Snowden was asked to respond to the revelations about highly classified material showing up on Clinton’s personal server: “When the unclassified systems of the United States government, which has a full-time information security staff, regularly gets hacked, the idea that someone keeping a private server in the renovated bathroom of a server farm in Colorado is more secure is completely ridiculous.”

Hillary Clinton. Credit Andrew Burton, Getty Images

Asked if Clinton “intentionally endangered US international security by being so careless with her email,” Snowden said it was not his place to say. Nor, it would seem, is it President Barack Obama’s place to say, especially considering that the FBI is actively investigating Clinton’s security breach. But Obama has said it anyway.

“She would never intentionally put America in any kind of jeopardy,” the President said on April 10. In the same interview, Obama told Chris Wallace, “I guarantee that there is no political influence in any investigation conducted by the Justice Department, or the FBI – not just in this case, but in any case. Full stop. Period.”

But, although a former professor of Constitutional law, the President sports a checkered history when it comes to prejudicing investigations and even trials, conducted by those ultimately reporting to him. For example, more than two years before Bradley (Chelsea) Manning was brought to trial, the President stated publicly: “We are a nation of laws. We don’t let individuals make decisions about how the law operates. He [Bradley Manning] broke the law!”

Not surprisingly, the ensuing court martial found Manning guilty, just as the Commander in Chief had predicted. Though Manning’s purpose in disclosing mostly low-level classified information was to alert the American public about war crimes and other abuses by the U.S. government, Manning was sentenced to 35 years in prison.

On March 9, when presidential candidate Clinton was asked, impertinently during a debate, whether she would withdraw from the race if she were indicted for her cavalier handling of government secrets, she offered her own certain prediction: “Oh, for goodness sake! It’s not going to happen. I’m not even answering that question.”

Prosecutorial Double Standards

Merited or not, there is, sadly, some precedent for Clinton’s supreme confidence. Retired General and ex-CIA Director David Petraeus, after all, lied to the FBI (a felony for “lesser” folks) about giving his mistress/biographer highly classified information and got off with a slap on the wrist, a misdemeanor fine and probation, no jail time – a deal that Obama’s first Attorney General Eric Holder did on his way out the door.

We are likely to learn shortly whether Attorney General Loretta Lynch is as malleable as Holder or whether she will allow FBI Director James Comey, who held his nose in letting Petraeus cop a plea, to conduct an unfettered investigation this time – or simply whether Comey will be compelled to enforce Clinton’s assurance that “it’s not going to happen.”

Last week, Fox News TV legal commentator Andrew Napolitano said the FBI is in the final stages of its investigation into Clinton and her private email server. His sources tell him that “the evidence of her guilt is overwhelming,” and that the FBI has enough evidence to indict and convict.

Whether Napolitano has it right or not, it seems likely that Clinton is reading President Obama correctly – no profile in courage is he. Nor is Obama likely to kill the political fortunes of the now presumptive Democratic presidential nominee. Yet, if he orders Lynch and Comey not to hold Hillary Clinton accountable for what – in my opinion and that of most other veteran intelligence officials whom I’ve consulted – amounts to at least criminal negligence, another noxious precedent will be set.

Knowing Too Much

This time, however, the equities and interests of the powerful, secretive NSA, as well as the FBI and Justice, are deeply involved. And by now all of them know “where the bodies are buried,” as the smart folks inside the Beltway like to say. So the question becomes would a future President Hillary Clinton have total freedom of maneuver if she were beholden to those all well aware of her past infractions and the harm they have done to this country.

One very important, though as yet unmentioned, question is whether security lapses involving Clinton and her emails contributed to what Clinton has deemed her worst moment as Secretary of State, the killing of Ambassador Christopher Stevens and three other U.S. personnel at the lightly guarded U.S. “mission” (a very small, idiosyncratic, consulate-type complex not performing any consular affairs) in Benghazi, Libya, on Sept. 11, 2012.

Somehow the terrorists who mounted the assault were aware of the absence of meaningful security at the facility, though obviously there were other means for them to have made that determination, including the State Department’s reliance on unreliable local militias who might well have shared that inside information with the attackers.

However, if there is any indication that Clinton’s belatedly classified emails contained information about internal State Department discussions regarding the consulate’s security shortcomings, questions may be raised about whether that information was somehow compromised by a foreign intelligence agency and shared with the attackers.

We know that State Department bureaucrats under Secretary Clinton overruled repeated requests for additional security in Benghazi. We also know that Clinton disregarded NSA’s repeated warnings against the use of unencrypted communications. One of NSA’s core missions, after all, is to create and maintain secure communications for military, diplomatic, and other government users.

Clinton’s flouting of the rules, in NSA’s face, would have created additional incentive for NSA to keep an especially close watch on her emails and telephone calls. The NSA also might know whether some intelligence service successfully hacked into Clinton’s server, but there’s no reason to think that the NSA would share that sort of information with the FBI, given the NSA’s history of not sharing its data with other federal agencies even when doing so makes sense.

The NSA arrogates to itself the prerogative of deciding what information to keep within NSA walls and what to share with the other intelligence and law enforcement agencies like the FBI. (One bitter consequence of this jealously guarded parochialism was the NSA’s failure to share very precise information that could have thwarted the attacks of 9/11, as former NSA insiders have revealed.)

It is altogether likely that Gen. Keith Alexander, head of NSA from 2005 to 2014, neglected to tell the Secretary of State of NSA’s “collect it all” dragnet collection that included the emails and telephone calls of Americans – including Clinton’s. This need not have been simply the result of Alexander’s pique at her disdain for communications security requirements, but rather mostly a consequence of NSA’s modus operandi.

With the mindset at NSA, one could readily argue that the Secretary of State – and perhaps the President himself – had no “need-to-know.” And, needless to say, the fewer briefed on the NSA’s flagrant disregard for Fourth Amendment protections against unreasonable searches and seizures the better.

So, if there is something incriminating – or at least politically damaging – in Clinton’s emails, it’s a safe bet that at least the NSA and maybe the FBI, as well, knows. And that could make life difficult for a Clinton-45 presidency. Inside the Beltway, we don’t say the word “blackmail,” but the potential will be there. The whole thing needs to be cleaned up now before the choices for the next President are locked in.

http://www.commondreams.org/views/2016/04/30/hillary-clintons-damning-emails

Did An NSA Backdoor Bring Down Security of U.S. Government and Corporate Computer Systems?

December 23, 2015

.

By Kim Zetter

Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper’s devices.

The researchers’ findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the company’s source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.

Evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of Comsecuris, a security consultancy in Germany, suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes. Weinmann reported his findings in an extensive post published late Monday.

They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.

Weinmann says the Juniper backdoor is a textbook example of how someone can exploit the existing weaknesses in the Dual_EC algorithm, noting that the method they used matches exactly a method the security community warned about back in 2007.

The new information about how the backdoor works also suggests that a patch Juniper sent to customers last week doesn’t entirely fix the backdoor problem, since the major configuration error Juniper made still exists.

“One [more] line of code could fix this,” Weinmann says. He’s not sure why Juniper didn’t add this fix to the patch it sent to customers last week.

Although the party behind the Juniper backdoor could be the NSA or an NSA spying partner like the UK or Israel, news reports last week quoted unnamed US officials saying they don’t believe the US intelligence community is behind it, and that the FBI is investigating the issue. Other possible culprits behind the sophisticated attack, of course, could be Russia or China.

If someone other than the US did plant the backdoor, security experts say the attack on Juniper firewalls underscores precisely why they have been saying for a long time that government backdoors in systems are a bad idea—because they can be hijacked and repurposed by other parties.

How the Backdoor Works

According to Weinmann, to make their scheme work, the attackers behind the Juniper backdoor altered Juniper’s source code to change a so-called constant or point that the Dual_EC algorithm uses to randomly generate a key for encrypting data. It’s assumed the attackers also possess a second secret key that only they know. This secret key, combined with the point they changed in Juniper’s software, the inherent weaknesses in Dual_EC, and the configuration error Juniper made, would allow them to decrypt Juniper’s VPN traffic.

The weaknesses in Dual_EC have been known for at least eight years. In 2007, a Microsoft employee named Dan Shumow gave a five-minute talk at a cryptography conference in California discussing discoveries that he and a Microsoft colleague named Niels Ferguson had made in the algorithm. The algorithm had recently been approved by the National Institute of Standards and Technology, along with three other random number generators, for inclusion in a standard that could be used to encrypt government classified communication. Each of the four approved generators are based on a different cryptographic design. The Dual_EC is based on elliptic curves. The NSA had long championed elliptic curve cryptography in general and publicly championed the inclusion of Dual_EC specifically for inclusion in the standard.

Random number generators play a crucial role in creating cryptographic keys. But Shumow and Ferguson found that problems with the Dual_EC made it possible to predict what the random number generator would generate, making the encryption produced with it susceptible to cracking. But this wasn’t the only problem.

The NIST standard also included guidelines for implementing the algorithm and recommended using specific constants or points—static numbers—for the elliptic curve that the random number generator relies on to work. These constants serve as a kind of public key for the algorithm. Dual_EC needs two parameters or two points on the elliptic curve; Shumow and Ferguson referred to them as P and Q.

They showed that if Q is not a true randomly generated point, and the party responsible for generating Q also generates a secret key, what they referred to as “e”, then whoever has the secret key can effectively break the generator. They determined that anyone who possessed this secret key could predict the output of the random number generator with only a very small sample of data produced by the generator—just 32 bytes of output from it. With that small amount, the party in possession of the secret key could crack the entire encryption system.

No one knew who had produced the constants, but people in the security community assumed the NSA had produced them because the spy agency had been so instrumental in having the Dual_EC algorithm included in the standard. If the NSA did produce the constants, there was concern that the spy agency might have also generated a secret key.

Cryptographer Bruce Schneier called it “scary stuff” in a piece he wrote for WIRED in 2007, but he said the flaws must have been accidental because they were too obvious—therefore developers of web sites and software applications wouldn’t use it to secure their products and systems.

The only problem with this is that major companies, like Cisco, RSA, and Juniper did use Dual_EC. The companies believed this was okay because for years no one in the security community could agree if the weakness in Dual_EC was actually an intentional backdoor. But in September 2013, the New York Times seemed to confirm this when it asserted that Top Secret memos leaked by Edward Snowden showed that the weaknesses in Dual_EC were intentional and had been created by the NSA as part of a $250-million, decade-long covert operation to weaken and undermine the integrity of encryption systems in general.

Despite questions about the accuracy of the Times story, it raised enough concerns about the security of the algorithm that NIST subsequently withdrew support for it. Security and crypto companies around the world scrambled to examine their systems to determine if the compromised algorithm played a role in any of their products.
In an announcement posted to its web site after the Times story, Juniper acknowledged that the ScreenOS software running on its NetScreen firewalls does use the Dual_EC_DRBG algorithm. But the company apparently believed it had designed its system securely so that the inherent weakness in Dual_EC was not a problem.

Juniper wrote that its encryption scheme does not use Dual_EC as its primary random number generator and that it had also implemented the generator in a secure way so that its inherent vulnerabilities didn’t matter. It did this by generating its own constant, or Q point, to use with the generator instead of the questionable one that had been attributed to the NSA. Juniper also used a second random number generator known as ANSI X.9.31. The Dual_EC generated initial output that was supposed to then be run through the ANSI generator. The output from the second random generator would theoretically cancel out any vulnerabilities that were inherent in the Dual_EC output.

Except Juniper’s system contained a bug, according to Willem Pinckaers, an independent security researcher in the San Francisco area who examined the system with Weinmann. Instead of using the second generator, it ignored this one and used only the output from the bad Dual_EC generator.

“What’s happening is they managed to screw it up in all the firmware, such that the ANSI code is there but it’s never used,” Weinmann told WIRED. “That’s a catastrophic fail.”

This put the output at risk of being compromised if an attacker also possessed a secret key that could be used with the Q point to unlock the encryption.

Weinmann and others discovered that the attackers altered Juniper’s Q and changed it to a Q they had generated. The attackers appear to have made that change in August 2012—at least that’s when Juniper started shipping a version of its ScreenOS firmware with a Q point that was different than previous versions used.

So essentially, although Juniper used its own Q point instead of using the one allegedly generated by the NSA, in an effort to make the Dual_EC more secure, the company hadn’t anticipated that attackers might break into Juniper’s network, gain access to critical systems used to build its source code, and change the Q again to something of their own choosing. And presumably, they also possess the secret key that works with the Q to unlock the encryption, otherwise they would not have gone to the trouble of changing Q. “It stands to reason that whoever managed to slip in their own Q [into the software] will also know the corresponding e,” Weinmann says.
This would not have been enough to make the backdoor work, however, if Juniper had indeed configured its system the way it said it did—using two random number generators and relying only on the second one, the ANSI generator, for the final output. But we now know it failed to do that. The backdoor remained undetected for at least three years, until Juniper recently discovered it during a code review.

Matthew Green, a cryptographer and professor at Johns Hopkins University, says that the ANSI failure raises additional questions about Juniper. “I don’t want to say that Juniper did this on purpose. But if you wanted to create a deliberate backdoor based on Dual_EC and make it look safe, while also having it be vulnerable, this is the way you’d do it. The best backdoor is a backdoor that looks like a bug, where you look at the thing and say, ‘Whoops, someone forgot a line of code or got a symbol wrong.’ … It makes it deniable. But this bug happens to be sitting there right next to this incredibly dangerous NSA-designed random number generator, and it makes that generator actually dangerous where it might not have been otherwise.”

The evidence that someone intentionally changed the Q parameter in Juniper’s software confirms what Shumow and Ferguson had warned: The inherent weaknesses in Dual_EC provide the perfect backdoor to the algorithm. Even if the algorithm was not intended to create a backdoor for the NSA, it made it possible for someone to piggyback on its weaknesses to turn it into a backdoor for themselves.

Even more worrisome is that Juniper systems are still essentially insecure. Juniper didn’t patch the problem by removing Dual_EC altogether or by altering the configuration so that the VPN encryption scheme relies on output from the ANSI generator; instead Juniper patched it simply by changing the Q point back to what the company originally had in the system. This leaves the firewalls susceptible to attack again if attackers can change the points a second time without Juniper detecting it.

The company, Weinmann says, should at least issue a new patch that makes the system use the ANSI generator and not the Dual_EC one.

“It would take one line of code to fix this,” he says.

And there’s another problem, he notes.

Juniper admitted that it had generated its own Q for Dual_EC, but it has not revealed how it generated Q—so others can’t verify that Juniper did it in a truly random way that would ensure its security. And in generating its own Q, it raises questions about whether Juniper also generated its own secret key, or “e” for the generator, which would essentially give Juniper a backdoor to the encrypted VPN traffic. This should worry customers just as much as the NSA holding a key to the backdoor, Weinmann says.

“It now depends on whether you trust them to have generated this point randomly or not. I would probably not do that at this point,” he says, given the other mistakes the company made.

Green says because of the weakness inherent in Dual_EC, Juniper should have removed it back in 2013 after the Times story published and should do so now to protect customers. “There’s no legitimate reason to put Dual_EC in a product,” he says. “There never was. This is an incredibly powerful and dangerous code and you put it in your system and it creates a capability that would not have been there otherwise. There’s no way to use it safely.”

http://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/

*******************************

Juniper Networks announced a serious security flaw on 17 December but said there was ‘no way to detect that this vulnerability was exploited’. Photograph: Oliver Berg/DPA/Corbis

Juniper Networks security flaw may have exposed US government data

Secure networking devices used by the US Defense Department and the FBI could have been targeted by a vulnerability that lay undetected for three years

Two security flaws that lay undiscovered in Juniper Networks’ widely used corporate virtual private network (VPN) software for three years could have exposed sensitive informative to foreign governments or criminal groups, researchers have said.

The vulnerabilities were in the form of “unauthorised code” discovered during a recent internal code review and announced on 17 December. One of the flaws could have allowed hackers to decrypt information passing through Juniper’s devices, including equipment for a secure network used by companies internally.

“Whoever planted it would have access to all the VPN traffic,” said Seth Rosenblatt, managing editor of the security and privacy site the Parallax. “Data that the VPN user thought was protected from prying eyes may have been spied on.”

The FBI is reportedly investigating the breach, which could be the work of a foreign government, though the investigation is ongoing.

German security researcher Ralf-Philipp Weinmann suggested the hack took advantage of weaknesses in the password encryption algorithm “Dual_EC” that were reportedly engineered by the NSA, which then promoted the tool as a standard.

“Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” said Bob Worrall, SVP and chief information officer at Juniper Networks.

Read the rest:

http://www.theguardian.com/technology/2015/dec/22/juniper-networks-flaw-vpn-government-data

Related:

Former CIA Director Says Edward Snowden “Has Blood on His Hands,” Should Be Hanged

November 21, 2015

By Bradford Richardson
The Hill

James Woolsey
A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris.

“It’s still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he’s dead, rather than merely electrocuted,” James Woolsey told CNN’s Brooke Baldwin on Thursday.

Woolsey said Snowden, who divulged classified in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured.
“I think the blood of a lot of these French young people is on his hands,” he said.

Woolsey, who served as the head of the CIA from 1993 to 1995, said the Snowden leak was “substantial.”

“They turned loose not only material about some procedural aspects of something, they turned loose, for example, some substantial material about the Mexican intelligence service and law enforcement working together against human trafficking,” he said.

Woolsey wondered if Snowden were “pro-pimp.”

Current CIA Director John Brennan has recently echoed his predecessor’s sentiments, arguing that Snowden’s disclosures make it harder for intelligence officials to track terror plots.

“I think any unauthorized disclosures made by individuals that have dishonored the oath of office, that they have raised their hand and attested to, undermines this nation’s security,” Brennan said about Snowden at the Overseas Security Advisory Council’s annual meeting on Wednesday.

Snowden fled the country after stealing classified information and disclosing the extent of U.S. surveillance programs. He currently resides in Russia, where he has been granted temporary asylum.

http://thehill.com/blogs/blog-briefing-room/260817-ex-cia-director-snowden-should-be-hanged-for-paris

China Daily: China, US gradually move to manage cyber dispute

September 14, 2015

.

By Chen Weihua in Washington(China Daily USA)

While cybersecurity has been a thorny issue between China and the United States in the last few years, there are signs in the past days that both sides do not want it to spill into the overall bilateral relationship and impact negatively on the upcoming state visit to the US by President Xi Jinping.

A high-level Chinese delegation, led by Meng Jianzhu, Xi’s special envoy and a member of the Politburo of the Communist Party of China (CPC), concluded a four-day talk on the issue in Washington last Saturday with senior US officials.

“The two countries have reached important consensus on combating cyber crimes,” was how Xinhua News Agency described the meeting.

During the visit, Meng, also head of the Commission for Political and Legal Affairs of the CPC Central Committee, exchanged in-depth views on tackling outstanding issues of law enforcement and security, including cyber crimes, with US Secretary of State John Kerry, Secretary of the Department of Homeland Security Jeh Johnson and US National Security Advisor Susan Rice.

The Chinese delegation included officials from the ministries of public security, state security, justice and information technology.

China and the US are both countries with highly developed Internet technology. Against a backdrop of frequent incidents and ever-increasing security threats in cyberspace, it is especially important for the two to enhance mutual trust and cooperation in the sphere of cybersecurity, Xinhua quoted Meng as saying.

Meng reiterated China’s firm stand against cyberattacks and commercial cyber espionage. He said anyone who conducts such acts in the Chinese territory violates the laws of China and will be subject to legal liability.

Meng said China-US dialogue and cooperation on combating cyber crime serve the common interest of both countries and the international community.

A White House statement said Rice had a “frank and open exchange about cyber issues” in her meeting with Meng.

Before Meng’s trip, Zhang Yesui, Chinese executive vice-minister of foreign affairs and several other senior Chinese officials have visited the US, while Rice, Daniel Russel, assistant secretary of state for East Asian and Pacific Affairs, and other senior US officials have visited China to prepare for Xi’s trip late this month.

These visits have been seen as indications that both sides want to make Xi’s trip a success despite issues such as cyber hacking and tensions over the South China Sea having cast a shadow over the bilateral relationship.

White House and State Department spokesmen have both spoken positively about Xi’s trip.

In a statement after Rice’s trip to Beijing in late August, the National Security Council spokesman Ned Price said that Rice in her meeting with Xi reaffirmed US commitment to develop and deepen practical cooperation in areas of overlapping interest and to address disagreements forthrightly and effectively.

There has been widespread concern that tensions over cybersecurity could escalate after a Washington Post report on Aug 30 saying that the Obama administration is considering applying sanctions against Chinese companies and individuals it believes have benefited from hacking of US trade secrets. It said the sanctions could come as quickly as the coming two weeks.

Both White House and State Department spokesmen have downplayed the report, describing such sanctions as a tool in the toolbox and dismissing that the US has decided to retaliate on alleged Chinese cyber theft.

Many observers have seen the Post report as a message deliberately leaked by the White House to call for more attention for the Chinese side.

On Friday, Obama said during his visit to Fort Meade, Maryland, that “we have made very clear to the Chinese that there are certain practices that they’re engaging in that we know are emanating from China and are not acceptable”.

“And we can choose to make this an area of competition — which I guarantee you we’ll win if we have to — or, alternatively, we can come to an agreement in which we say, this isn’t helping anybody; let’s instead try to have some basic rules of the road in terms of how we operate,” Obama said at Fort Meade, also home to the National Security Agency (NSA).

China has long claimed to be a victim of cyberattacks, many of which originated from the US. Revelations made by former NSA contractor Edward Snowden have shown that the US has been conducting aggressive and wide-ranging cyber espionage in the world, including against the Chinese government, universities and corporations.

Targets of US cyber espionage also have included leaders and corporations in Germany, France, Japan and Brazil, most of which are US allies.

Most countries, including China, have regarded such US cyber surveillance activities as unacceptable.

As a result, US technology companies, which have been willingly and unwillingly collaborative with NSA, also have become victims of US government activities.

A June report by the Washington-based Information Technology and Innovation Foundation said the NSA’s pervasive digital surveillance will likely cost US companies more than $35 billion in foreign business in 2016 after Snowden’s revelations pushed foreigners away from US-made technologies.

Contact the writer at chenweihua@chinadailyusa.com

http://usa.chinadaily.com.cn/opinion/2015-09/14/content_21849481.htm

Related: