background preloader

How the NSA Plans to Infect 'Millions' of Computers with Malware

How the NSA Plans to Infect 'Millions' of Computers with Malware
One presentation outlines how the NSA performs “industrial-scale exploitation” of computer networks across the world. Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. “That would definitely not be proportionate,” Hypponen says. Related:  NSA / PrismINSECURITY on the Web!

La NSA enregistrerait 100% des conversations téléphoniques d'un pays étranger non identifié «Big Brother is watching you», répète souvent George Orwell dans 1984. Dans la réalité, la NSA préfère écouter: selon les dernières révélations d'un document fourni par Edward Snowden au Washington Post, l'agence américaine a mis en place un système capable d'enregistrer 100% des conversations téléphoniques passées depuis un pays. Selon le quotidien, le programme Mystic a été déployé dans au moins une nation étrangère dont le nom est gardé secret à la demande des autorités US. L'agence pourrait l'avoir étendu, ou s'apprêterait à la faire, à six autres pays. Les contenus des appels enregistrés pour 30 jours Il ne s'agit pas simplement des métadonnées des appels, comme dans un autre programme domestique. Les lois américaines imposent moins de restrictions sur les communications qui n'incluent pas de ressortissant américain ou se situant sur le territoire des Etats-Unis. La NSA ne nie pas P.B. avec AFP Plus d'informations sur ce sujet en vidéo

Algorithms and Future Crimes: Welcome to the Racial Profiling of the Future Photo Credit: February 28, 2014 | Like this article? Join our email list: Stay up to date with the latest headlines via email. Across the country, large police departments have been developing their ability to track where crime will happen next using predictive software. Proponents describe the program in techno-pragmatist terms, arguing that it uses data to make smart inferences about the future in much the same way meterologists do. There is one major feature of predictive policing that the libertarian critique often glosses over: it's unmistakably racist. Any attempt to predict future criminality will be based on the crime rates of the past. The Verge took these questions to Chicago to examine the most developed and well-financed iteration of predictive policing in the country. Keeping with the dry data-babbling sell, the predictive analyst behind Chicago's program, Dr.

NSA surveillance: anger mounts in Congress at 'spying on Americans' | World news Anger was mounting in Congress on Tuesday night as politicians, briefed for the first time after revelations about the government's surveillance dragnet, vowed to rein in a system that one said amounted to "spying on Americans". Intelligence chiefs and FBI officials had hoped that the closed-door briefing with a full meeting of the House of Representatives would help reassure members about the widespread collection of US phone records revealed by the Guardian. But senior figures from both parties emerged from the meeting alarmed at the extent of a surveillance program that many claimed never to have heard of until whistleblower Edward Snowden leaked a series of top-secret documents. The congressional fury came at the end of a day of fast-moving developments. • In a lawsuit filed in New York, the American Civil Liberties Union accused the US government of a process that was "akin to snatching every American's address book". The anger was apparent in both parties.

IBM X-Force report outlines half a billion reasons why data security still faces major challenges Today we released the 2014 IBM X-Force Threat Intelligence Quarterly which explores the latest security trends—from malware delivery to mobile device risks—based on 2013 year-end data and ongoing research. New quarterly format and team expansion – introducing Trusteer The first thing previous readers will notice is that we completely revamped the report in terms of style, format and page count. Previously, the X-Force Trend and Risk Report was over a hundred pages and released twice a year. With this edition of the report, we are introducing data collected from the researchers at Trusteer, an IBM company since September, 2013. We are pleased to welcome Trusteer to IBM and to this report. Central strategic targets are the focus of security incidents Since 2011, IBM X-Force has been reporting on the steady increase and scope of security incidents, data breaches and cyber-attacks. DNS providersSocial media networks with large user bases, andPopular forum software sites

Twenty years ago the NSA tried to protect you from spies, not spy on you By Charles Seife On December 6, 2013 There’s a crushing monotony to stories on how the National Security Agency has been bending and breaking every rule to crack open your mail. Each new revelation that hits the news — that the agency has tapped into data warehouses belonging to Google and Yahoo, systematically undermined commercial encryption with backdoors, surreptitiously engineered weaknesses in encryption standards – seems like another confirmation that the NSA is trying to batter down every technological barrier that might prevent it from reading your e-mails and listening in on your phone calls. The steady drip-drip-drip of new violations obscures the most interesting — and saddest — part of the whole NSA story. The agency wasn’t always out to steal your secrets. Twenty years ago, the agency was trying to protect them from outsiders. Sometime in the 1990s or early 2000s, most likely in the late Clinton administration, there began a quiet but dramatic shift in doctrine.

NSA files decoded: Edward Snowden's surveillance revelations explained | World news Two factors opened the way for the rapid expansion of surveillance over the past decade: the fear of terrorism created by the 9/11 attacks and the digital revolution that led to an explosion in cell phone and internet use. But along with these technologies came an extension in the NSA’s reach few in the early 1990s could have imagined. Details that in the past might have remained private were suddenly there for the taking. Chris Soghoian Principal technologist, ACLU NSA is helped by the fact that much of the world’s communications traffic passes through the US or its close ally the UK – what the agencies refer to as “home-field advantage”. The Snowden documents show that the NSA runs these surveillance programs through “partnerships” with major US telecom and internet companies. The division inside the NSA that deals with collection programs that focus on private companies is Special Source Operations, described by Snowden as the “crown jewels” of the NSA. Jeremy Scahill Fiber-optic cable

Why the NSA Surveillance Program Isn't Like "The Wire" David Simon, creator of The Wire, got a lot of attention over the weekend for his defense of the NSA program that collects records of every phone call made in the United States. It's really nothing new, he says: Allow for a comparable example, dating to the early 1980s in a place called Baltimore, Maryland. There, city detectives once began to suspect that major traffickers were using a combination of public pay phones and digital pagers to communicate their business. authorized, detectives gleaned the numbers of digital pagers and they began monitoring the incoming digitized numbers on those pagers — even though they had yet to learn to whom those pagers belonged. Point taken. I'm guessing not. This cuts both ways in the debate. On the other hand: You can make a pretty good case that groups like Al Qaeda are only truly dangerous if they get their hands on nukes or weaponized biological weapons.

cybersécurité dans les infrastructures critiques US, NIST : un nouveau prisme Il y a quelques semaines, le 14 février 2014, le NIST (Institut National des Standards et de la Technologie Américain) dévoilait dans un document de 41 pages, son très attendu cadre « cybersécurité pour les infrastructures critiques ». Ce document présente les meilleures pratiques de gestion de la sécurité à destination des acteurs d’infrastructures critiques (Gouvernement, santé, transport, énergie...) sous un angle de lecture un peu nouveau. Bien que développé avec le tissu industriel, ce cadre n’est pas une révolution « normative » et le modèle a reçu un accueil mitigé, car au-delà d’un nouveau prisme de lecture du management des risques « cyber » en entreprise, il n’en demeure pas moins « très » flou en terme d’utilisation. un modèle en cinq axes Le fond du document est la mise en perspective de cinq fonctions de processus : identify, protect, detect, respond et recover. La méthodologie est basée sur un modèle de « classification des processus » permettant : le mot de la fin Eric

cyberaction Oui à la protection des droits fondamentaux Non à l'espionnage et au TAFTA Cette cyberaction est maintenant terminée Mise en ligne du 27/02/2014 au 12/03/2014 Le 12 Mars, à cause du scandale de l’espionnage de la NSA, les députés du Parlement Européen voteront une résolution qui recommandera entre autres choses le refus de l’accord de libre échange commercial du TAFTA/GMT entre l’UE et les USA à moins que les droits fondamentaux garantis par la loi dans la Charte de l’UE soit respectés complètement. Bilan de la cyberaction : NSA: mettre fin à la surveillance massive ou faire face aux conséquences SESSION PLÉNIÈRE Communiqué de presse - Droits fondamentaux − 12-03-2014 - 13:11 L'approbation du Parlement à l'accord commercial UE-États-Unis pourrait être menacée si la NSA n'arrête pas ses activités de surveillance de masse, ont affirmé les députés dans une résolution résumant leur enquête de 6 mois. Protection des lanceurs d'alerte et nuage informatique européen Présentation de la cyberaction : La lettre qui a été envoyée : 16 commentaires credible

Cable Reveals Extent Of Lapdoggery From Swedish Govt On Copyright Monopoly Among the treasure troves of recently released WikiLeaks cables, we find one whose significance has bypassed Swedish media. In short: every law proposal, every ordinance, and every governmental report hostile to the net, youth, and civil liberties here in Sweden in recent years have been commissioned by the US government and industry interests. I can understand that the significance has been missed, because it takes a whole lot of knowledge in this domain to recognize the topics discussed. But all of a sudden, there it was, in black on white. This will become sort of a longish article, as I intend to outline all the hard evidence in detail, but for those who want the executive summary, it is this: The Pirate Party was right on every detail. At the middle of this, we find the US cable Stockholm 09-141, recommending Sweden to not be blacklisted by the US on the so-called Special 301 list, and outlines why. This sounds like fiction, right? All this seems eerily familiar. 1. 2. 3. [...] 1.

The NSA's Secret Role in the U.S. Assassination Program Credit: Kirsty Wigglesworth/Associated Press. The National Security Agency is using complex analysis of electronic surveillance, rather than human intelligence, as the primary method to locate targets for lethal drone strikes – an unreliable tactic that results in the deaths of innocent or unidentified people. According to a former drone operator for the military’s Joint Special Operations Command (JSOC) who also worked with the NSA, the agency often identifies targets based on controversial metadata analysis and cell-phone tracking technologies. Rather than confirming a target’s identity with operatives or informants on the ground, the CIA or the U.S. military then orders a strike based on the activity and location of the mobile phone a person is believed to be using. His account is bolstered by top-secret NSA documents previously provided by whistleblower Edward Snowden. It is also supported by a former drone sensor operator with the U.S. “They might have been terrorists,” he says.

Internet des objets oui, mais de façon sécurisée Votre conjoint ou conjointe surgit alors que vous êtes en train de regarder un film pour adultes à la TV. Mais si, la TV existe encore, et elle est maintenant connectée et intelligente ! Et donc piratable. Dites que vous regardiez les feux de l’amour et que la TV a zappé sur un autre canal sans vous demander votre avis. ;-) Vous faites une rencontre sympathique, et vous l’invitez à dîner. Vous trouvez cela peu crédible, et pourtant cela vous arrivera peut-être demain. Internet des objets : quid des bonnes pratiques de sécurité ? Pour leur connexion ces équipements utilisent des Linux Busybox et autres serveurs MiniHttpd et Apache. Premièrement, les constructeurs utilisent les paramétrages par défaut. Deuxièmement, les constructeurs ne prévoient rien pour mettre à jour les logiciels. Internet des objets = attaques par milliers ? C’est donc « open bar » pour les hackers à 10 sous qui pourront : C’est un peu comme pour la sécurité des SCADA. Pour en savoir plus : Eric