Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Security

Symantec Researchers Find 49 New Modules of Regin Spying Tool 23

itwbennett writes: Security researchers from Symantec have identified 49 more modules (bringing the total number found so far to 75) of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies. Some of the modules implement basic malware functions, while other modules are much more specialized and built with specific targets in mind. 'One module was designed to monitor network traffic to Microsoft Internet Information Services (IIS) web servers, another was observed collecting administration traffic for mobile telephony base station controllers, while another was created specifically for parsing mail from Exchange databases,' the Symantec researchers said in an updated version of their white paper (PDF) published Thursday.
The Courts

Federal Court Overturns Ruling That NSA Metadata Collection Was Illegal 141

New submitter captnjohnny1618 writes: NPR is reporting that an appeals court has overturned the decision that found the NSA's bulk data collection to be illegal. "Judges for the District of Columbia court of appeals found that the man who brought the case, conservative lawyer Larry Klayman, could not prove that his particular cellphone records had been swept up in NSA dragnets." The article clarifies that due to the recent passage of new laws governing how metadata is collected, this is of less significance than it would have otherwise been: "If you remember, after a fierce battle, both houses of Congress voted in favor of a law that lets phone companies keep that database, but still allows the government to query it for specific data. The three-judge panel of the United States Court of Appeals for the District of Columbia still decided to take on the case, because that new program doesn't begin until 180 days after the date that law was enacted (June 2, 2015.)" On top of that, the injunction from the earlier ruling never actually went into effect. Still, it seems like an important ruling to me: a government agency was willfully and directly violating the rights of the Americans (and international citizens as well) and now it's just going to get shrugged off?
Privacy

German Intelligence Traded Citizen Data For NSA Surveillance Software 64

An anonymous reader sends news that Germany's domestic intelligence agency, the BfV, was so impressed with the NSA's surveillance software that they were willing to "share all data relevant to the NSA's mission" in order to get it. "The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. ... Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."
Security

How an Obscure Acronym Helped Link AT&T To NSA Spying 54

netbuzz writes: Slashdot on Saturday highlighted a story by Pro Publica and the New York Times that used Snowden documents to reveal previously unknown details of the "highly collaborative" relationship between AT&T and the NSA that enabled the latter's controversial Internet surveillance program. An aspect of the story that received only passing mention was how the reporters connected an acronym for an obscure proprietary network configuration – SNRC — to AT&T and the NSA in part through a 1996 story in the now-defunct print version of Network World. In essence, that acronym proved to be a fingerprint confirming the connection — and its match was found thanks to Google Books.
Network

The Network Is Hostile 124

An anonymous reader writes: Following this weekend's news that AT&T was as friendly with the NSA as we've suspected all along, cryptographer Matthew Green takes a step back to look at the broad lessons we've learned from the NSA leaks. He puts it simply: the network is hostile — and we really understand that now. "My take from the NSA revelations is that even though this point was 'obvious' and well-known, we've always felt it more intellectually than in our hearts. Even knowing the worst was possible, we still chose to believe that direct peering connections and leased lines from reputable providers like AT&T would make us safe. If nothing else, the NSA leaks have convincingly refuted this assumption." Green also points out that the limitations on law enforcement's data collection are technical in nature — their appetite for surveillance would be even larger if they had the means to manage it. "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."
Wireless Networking

The Promise of 5G 158

An anonymous reader writes: From instant monitoring of leaking pipelines, to real-time worldwide collaboration, the increase in machine-to-machine communications that 5G allows will change the way we live. This TechCrunch article takes a look at the promise that 5G holds and its possibilities. From the article: "By 2030, 5G will transform and create many uses that we cannot even think of yet. We will live in a world that will have 10-100 times more Internet-connected devices than there are humans. Hundreds of billions of machines will be sensing, processing and transmitting data without direct human control and intervention."
AT&T

AT&T Helped the NSA Spy On Internet Traffic 82

An anonymous reader writes: Newly disclosed NSA documents show that the agency gained access to billions of emails through a "highly collaborative" relationship with AT&T. The company provided access from 2003 to 2013, including technical assistance to carry out court orders permitting wiretapping. "The company installed surveillance equipment in at least 17 of its Internet hubs on American soil, far more than its similarly sized competitor, Verizon. And its engineers were the first to try out new surveillance technologies invented by the eavesdropping agency. One document reminds NSA officials to be polite when visiting AT&T facilities, noting, 'This is a partnership, not a contractual relationship.'" The new files don't indicate whether the partnership currently exists, but the government has been doing its best to keep corporate partnerships hidden. The article also notes that "In 2011, AT&T began handing over 1.1 billion domestic cellphone calling records a day to the N.S.A. after 'a push to get this flow operational prior to the 10th anniversary of 9/11,' according to an internal agency newsletter."
Privacy

The NSA's Philosopher 95

An anonymous reader writes: In 2012, the NSA decided it needed an in-house ethicist to write about the philosophy of surveillance. They searched within the organization for a candidate, finally giving the job to an analyst who had abandoned a writing career that hadn't worked out. The Intercept got its hands on some of his work: "The columns answer a sociological curiosity: How does working at an intelligence agency turn a privacy hawk into a prophet of eavesdropping?" At one point, the analyst wrote, "We probably all have something we know a lot about that is being handled at a higher level in a manner we're not entirely happy about. This can cause great cognitive dissonance for us, because we may feel our work is being used to help the government follow a policy we feel is bad." The article analyzes this man in detail, including his life history and his personal blog — it's a strange coupling of invasiveness and anonymization, for they take steps to avoid revealing his identity. The article's author correctly notes (while the NSA does not) that surveilling somebody doesn't mean you really know them.
Communications

Questioning the Dispute Over Key Escrow 82

Nicola Hahn writes: The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year's Aspen Security Forum and in an op-ed published recently by the Washington Post. However, the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable." Hence, there are people who suggest the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?
United States

Germany Won't Prosecute NSA, But Bloggers 111

tmk writes: Despite plenty of evidence that the U.S. spied on German top government officials, German Federal Prosecutor General Harald Range has declined to investigate any wrongdoings of the secret services of allied nations like the NSA or the British GCHQ. But after plans of the German secret service "Bundesamt für Verfassungsschutz" to gain some cyper spy capabilities like the NSA were revealed by the blog netzpolitik.org, Hange started an official investigation against the bloggers and their sources. They are now being probed for possible treason charges.
Supercomputing

Obama's New Executive Order Says the US Must Build an Exascale Supercomputer 223

Jason Koebler writes: President Obama has signed an executive order authorizing a new supercomputing research initiative with the goal of creating the fastest supercomputers ever devised. The National Strategic Computing Initiative, or NSCI, will attempt to build the first ever exascale computer, 30 times faster than today's fastest supercomputer. Motherboard reports: "The initiative will primarily be a partnership between the Department of Energy, Department of Defense, and National Science Foundation, which will be designing supercomputers primarily for use by NASA, the FBI, the National Institutes of Health, the Department of Homeland Security, and NOAA. Each of those agencies will be allowed to provide input during the early stages of the development of these new computers."
Government

Two Years Later, White House Responds To 'Pardon Edward Snowden' Petition 608

An anonymous reader writes: In June of 2013, a petition was posted to Whitehouse.gov demanding that Edward Snowden receive a full pardon for his leaks about the NSA and U.S. surveillance practices. The petition swiftly passed 100,000 signatures — the point at which the White House said it would officially respond to such petitions. For two years, the administration was silent, but now they've finally responded. In short: No, Edward Snowden won't be receiving a pardon.

Lisa Monaco, the President's Advisor on Homeland Security and Counterterrorism, said, "Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it. If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and — importantly — accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers — not hide behind the cover of an authoritarian regime. Right now, he's running away from the consequences of his actions."
Government

NSA Releases Open Source Security Tool For Linux 105

Earthquake Retrofit writes: The NSA's systems integrity management platform — SIMP — was released to the code repository GitHub over the weekend. NSA said it released the tool to avoid duplication after US government departments and other groups tried to replicate the product in order to meet compliance requirements set by US Defence and intelligence bodies. "By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: the wheel would not have to be reinvented for every organisation," the NSA said in a release.
Privacy

Anonymizing Wi-Fi Device Project Unexpectedly Halted 138

An anonymous reader notes that a project to develop an anonymizing Wi-Fi device has been canceled under mysterious circumstances. The device, called Proxyham, was unveiled a couple weeks ago by Rhino Security Labs. They said it would use low-frequency radio channels to connect a computer to public Wi-Fi hotspots up to 2.5 miles away, thus obscuring a user's actual location. But a few days ago the company announced it would be halting development and canceling a talk about it at Def Con, which would have been followed with a release of schematics and source code. They apologized, but appear to be unable to say anything further.

"In fact, all [the speaker] can say is that the talk is canceled, the ProxyHam source code and documentation will never be made public, and the ProxyHam units developed for Las Vegas have been destroyed. The banner at the top of the Rhino Security website promoting ProxyHam has gone away too. It's almost as if someone were trying to pretend the tool never existed." The CSO article speculates that a government agency killed the project and issued a gag order about it. A post at Hackaday calls this idea absurd and discusses the hardware needed to build a Proxyham. They say using it would be "a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges — but so will blowing up a mailbox with some firecrackers." They add, "What you’re seeing is just the annual network security circus and it’s nothing but a show."
Government

Eric Holder Says DoJ Could Strike Deal With Snowden; Current AG Takes Hard Line 194

cold fjord writes with the report at Yahoo that Former Attorney General Eric Holder said today that a "possibility exists" for the Justice Department to cut a deal with ... Edward Snowden that would allow him to return to the United States ... Holder said "we are in a different place as a result of the Snowden disclosures" and that "his actions spurred a necessary debate" that prompted President Obama and Congress to change policies ... "I certainly think there could be a basis for a resolution that everybody could ultimately be satisfied with. I think the possibility exists." A representative of current Attorney General Loretta Lynch, though, said that there has been no change in the government's position ("This is an ongoing case so I am not going to get into specific details but I can say our position regarding bringing Edward Snowden back to the United States to face charges has not changed."), Holder's musings aside. As the article points out, too, "any suggestion of leniency toward Snowden would likely run into strong political opposition in Congress as well as fierce resistance from hard-liners in the intelligence community."
Crime

In Response to Open Letter, France Rejects Asylum For Julian Assange 146

Several outlets report that Julian Assange has requested, but been denied, political asylum in France, by means of an open letter published by Le Monde. From The Globe and Mail's coverage, linked above: Less than an hour after his letter was published by Le Monde's website, Hollande's office issued a statement saying the asylum request was rejected.

"France has received the letter from Mr. Assange. An in-depth review shows that in view of the legal and material elements of Mr Assange's situation, France cannot grant his request," the statement said.

"The situation of Mr. Assange does not present any immediate danger. He is also the target of a European arrest warrant," it noted.

Assange wrote in the letter that his youngest child is French, and so is the child’s mother. "I haven't been able to see them in five years, since the political persecution against me started," he said.
Worth noting: Assange's legal team says that Assange's letter has been mischaracterized, and that it is in fact not a request for asylum per se; instead, they assert, the letter merely expresses Assange's "willingness 'to be hosted in France if and only if an initiative was taken by the competent authorities.'"
Security

Amazon's New SSL/TLS Implementation In 6,000 Lines of Code 107

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.
Privacy

Surveillance Court: NSA Can Resume Bulk Surveillance 161

An anonymous reader writes: We all celebrated back in May when a federal court ruled the NSA's phone surveillance illegal, and again at the beginning of June, when the Patriot Act expired, ending authorization for that surveillance. Unfortunately, the NY Times now reports on a ruling from the Foreign Intelligence Surveillance Court, which concluded that the NSA may temporarily resume bulk collection of metadata about U.S. citizens's phone calls. From the article: "In a 26-page opinion (PDF) made public on Tuesday, Judge Michael W. Mosman of the surveillance court rejected the challenge by FreedomWorks, which was represented by a former Virginia attorney general, Ken Cuccinelli, a Republican. And Judge Mosman said that the Second Circuit was wrong, too. 'Second Circuit rulings are not binding' on the surveillance court, he wrote, 'and this court respectfully disagrees with that court's analysis, especially in view of the intervening enactment of the U.S.A. Freedom Act.' When the Second Circuit issued its ruling that the program was illegal, it did not issue any injunction ordering the program halted, saying that it would be prudent to see what Congress did as Section 215 neared its June 1 expiration."
Businesses

Cisco To Acquire OpenDNS 147

New submitter Tokolosh writes: Both Cisco and OpenDNS announced today that the former is to acquire the latter. From the Cisco announcement: "To build on Cisco's advanced threat protection capabilities, we plan to continue to innovate a cloud delivered Security platform integrating OpenDNS' key capabilities to accelerate that work. Over time, we will look to unite our cloud-delivered solutions, enhancing Cisco's advanced threat protection capabilities across the full attack continuum—before, during and after an attack." With Cisco well-embedded with the US security apparatus (NSA, CIA, FBI, etc.) is it time to seek out alternatives to OpenDNS?