PI Newswire

The US Defense Department’s The National Security Agency (NSA) has released a security-hardened version of Google’s mobile OS, Android.

The spook-enhanced build of the operating system was released last week and is based on SELinux, also created by the National Security Agency. The inaugural release of the SE Android project focuses on limiting the scope for malicious or flawed apps to cause mischief, as explained in the project documentation:

Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.
Links to SE Android source code and instructions on putting it together can be found on the project’s web page. The focus of the project is on damage limitation rather than prevention. The target audience of the project is clearly mobile developers, security experts or perhaps device manufacturers, and not regular Android smartphone users looking for a little extra privacy and security.

App support is low and if you don’t know what you are doing you might even end up with a bricked smartphone. The goals of the SE Android were first publicly outlined during a presentation [PDF] at last year’s Linux Security Summit.

View source…

According to KCNA, North Korea’s state news agency, Premier Kim Jong Il died at 8:30 am on Saturday, December 17. However, government media did not announce the startling news until early Monday morning, that is, nearly 50 hours after the “Dear Leader’s” sudden passing. Assuming that North Korean reports of the time and location of Kim’s death are truthful, the inevitable question for intelligence observers is: did anyone outside North Korea receive news of Kim Jong Il’s death during the 50 hours that preceded its public announcement? In times like this, most Westerners tend to look at the Central Intelligence Agency, National Security Agency, MI6, DGSE, or any of the other recognizable acronyms that dominate American and European news reports. The reality is, however, that despite their often-mythical status, Western intelligence agencies tend to be limited in their global reach, which is usually heavily concentrated on selected adversaries, like Russia, or China. These agencies therefore tend to rely on their regional allies to get timely and accurate information on smaller nations that are often difficult to penetrate. In the case of North Korea, Western spy agencies depend heavily on actionable intelligence collected by South Korean and Japanese spies.

How much did the Japanese and South Koreans know about the dramatic weekend events in Pyongyang? Absolutely nothing, judging by the actions of their national governments during the 50 hours between Kim Jong Il’s death and its announcement. In fact, South Korean President Lee Myung-bak departed on a state visit to Japan about four hours after his North Korean counterpart had expired, and returned to Seoul a day later, just in time for a cocktail gala held in honor of his 70th birthday. It was early next morning that the South Korean and Japanese governments went into emergency overdrive in response to the Kim’s death. These events show that the United States was also in the dark about the developments in the North Korean capital, because it is unthinkable that Washington would have refrained from sharing such seismic news with its two closest allies in Asia. This lack of intelligence was later acknowledged by senior South Korean cabinet officials, including Won Sei-hoon, Director of the country’s National Intelligence Service, who admitted that his agency was notified of Kim Jong Il’s passing from television.

Some claim that Chinese intelligence may have been the first outside North Korea to know about the “Dear Leader’s” demise; but if this is so, then they were able to conceal it with remarkable effectiveness, since Western envoys and intelligence operatives observed no unusual political or military maneuvers in Beijing. In fact, in recent months, Chinese intelligence officials were reportedly telling their Western counterparts that Kim Jong Il’s health was improving. Even German intelligence, which arguably possessed the most accurate information on the North Korean leader’s medical condition, was caught by surprise. The Germans would have clearly been in a position to know, because members of the “Dear Leader’s” family have been frequent visitors to medical centers in former East Berlin since the 1950s. But apparently nothing was communicated to the German government, not even from the small armies of German doctors who frequently travel to North Korea to treat the country’s communist party elite.

Read more…

Worried about what your children are getting into while surfing the Web? Well, how about organizations involved in intelligence gathering and espionage?

Despite their very adult missions, both the Central Intelligence Agency and the National Security Agency have sections specifically for youngsters.

On the CIA’s site – the same one that hosts definitions of cannabis, meningococcal meningitis and maternal mortality rate – children and teens can visit the Kids’ Page where a cubist cartoon spy using her high heel as a phone presides over a “welcome” telling readers they can “learn more about the CIA, our employees, and what we do every day.”

The NSA page is called America’s CryptoKids and looks more like a B-level animated movie than a government organization PR campaign. The NSA has games, puzzles and a cast of animal security officers, including Rosetta Stone the multilingual fox, Crypto Cat, who learned code breaking from an elderly Navajo nanny, and Cy and Cyndi, the cybersecurity twins welcomed into the CryptoKids family last year.

So how do the CryptoKids fit into the NSA’s mission “to protect U.S. national security systems and to produce foreign signals intelligence information?” And why would the CIA offer a word find and coloring book?

Read more…

Wall Street banks and financial companies vulnerable to hackers from abroad are getting a helping hand in defense from the nation’s top security officials.

The National Security Agency has been sharing key intelligence about foreign hackers with financial firms to help them combat cyberattacks, according to a story published yesterday by Reuters.

Citing interviews with U.S. officials, security experts, and defense industry executives, Reuters said that the effort is based on growing concerns in the U.S. over the damage that would result from financial sabotage. Envisioning several “worst-case scenarios,” government officials point to the possibility of cybercriminals hacking into a bank’s network to deactivate stock trading systems, generate crashes, transfer large funds, or even turn off ATMs.

Though banks have yet to by hit by such severe attacks, they have been under fire from hackers for years. But the latest cyberattacks have become more sophisticated and coordinated, notes Reuters. That’s led security experts to point the finger at countries like China as backing the hackers amid fears that foreign hackers could take down networks and destroy data run by key financial companies.

Earlier this year the NSA was part of a probe into last October’s cyberattack against the Nasdaq’s computer network. An initial report determined that the attack did not impact the actual trading platform or any stock trades, but it wasn’t clear if other areas of the network had been accessed.

Read more…

Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command.

“That’s our concern about what’s coming in cyberspace – a destructive element,” General Keith Alexander told a US conference on cyber warfare, according to the Washington Times.

Alexander, who is also the director of the National Security Agency (NSA), said that future computer-based combat is likely to involve cyber strikes that cause widespread power outages and even physical destruction of machinery.

The potential for cyber attacks to do this, he said, is illustrated by the electrical power outage in the Northeast US in 2003 caused by the freezing of software that controlled the power grid after a tree damaged two high-voltage power lines, and the destruction of a water-driven electrical generator at Russia’s Sayano-Shushenskaya dam in 2009 that was caused by a computer operator remotely starting the generator while one of the dam’s turbines was being serviced.

These events highlight the threat of attackers breaking into electricity grid networks or remotely starting or stopping systems to cause destruction and loss of life, said Alexander.

Read more…

Whether the federal government and the nation’s telecommunication companies can be held accountable for allegedly funneling every American’s electronic communication to the National Security Agency without warrants is the subject of oral arguments scheduled for a federal appeals court Wednesday.

At issue is a Jan. 31, 2006 lawsuit, and others that followed, alleging violations of the Fourth Amendment right to be free from warrantless searches and seizures. The cases, about three dozen which will be consolidated into two oral arguments, have been thrown out of court on a variety of grounds, chiefly the government’s claim that the lawsuits would expose state secrets, and a 2008 law that immunized the nation’s telcos from such lawsuits.

Nearly six years later, the merits of the lawsuits have never been addressed. The Electronic Frontier Foundation, which brought the leading cases, appealed, and contends that the litigation should never have been dismissed.

“As far as we know the surveillance is ongoing,” says Cindy Cohn, the EFF’s legal director, who will be arguing before a three-judge panel of the 9th U.S. Circuit Court of Appeals in Seattle. “I think it is tremendously important that Americans not be subject to dragnet surveillance by the government. I think the Fourth Amendment, the right to privacy, is important for this country.”

Threat Level will cover the arguments from the courtroom Wednesday afternoon. The hearing is expected to begin at 2:00 p.m. and last at least two hours.

Read more…

The ACLU sued the FBI and National Security Agency for information on the FBI’s eGuardian monitoring system, by which it collects information on “suspicious activity” from law enforcement officials across the country. More than 7,100 “Suspicious Activity Reports” have been collected, the ACLU says, for activities that may include “taking photographs of prominent buildings.”

The ACLU says the FBI took more than a year to answer its FOIA request and improperly withheld materials, and the NSA blew off its request altogether.

The ACLU claims in a federal FOIA complaint that “these records will significantly contribute to the public’s understanding of how local, state and federal authorities have interpreted the broad mandate of the eGuardian program, how they have used the potentially invasive ‘suspicious activity’ reporting system, and whether effective safeguards are in place to protect Americans against unwarranted privacy invasions or discriminatory surveillance based on their race, ethnicity, national origin, religion, or protected beliefs or activities.”

The ACLU says the government cannot regain public confidence in its integrity unless it releases the information.

“The public is increasingly concerned about the ways in which federal, state and local governments collect and use reports of Americans’ ‘suspicious activity’ and the ways in which nationwide programs for sharing such information may violate civil rights and civil liberties,” the complaint states.

Read more…

A cryptology instruction book… 202 years old. A photograph of the U.S. Army’s cypher bureau… from 1919. A breakdown of Russian electoral districts… circa 1948. Schematics for a magnetic tape memory system… nearly half a century old.

These are just some of the items that, had you seen them, would have irreparably damaged U.S. national security. These are just a few of the documents, mere citizen, that for decades were far too sensitive for your uninitiated eyes.

At least, that’s what the American intelligence community would have you believe. Earlier this week, the National Security Agency announced that it had declassified and released to the National Archives “over 50,000 pages of historic records,” according to an agency statement. The document dump was “the first in a series of releases planned over the next two years” as part of NSA’s “commitment” to comply with President Obama’s January, 2009 memo demanding more transparency from federal agencies. Last month, the CIA released a trove of allegedly-explosive information from World War I, including the 90 year-old German formula for invisible ink.

Included in this new motherlode (.pdf) of supposedly secret-packed documents: a 1944 report on Japanese merchant ships, a 1946 dossier on Chinese railroads, and a 1954 German article on Lenin’s use of secret writing (with milk) while in prison. Presumably, this refers to Lenin’s stint in Siberia, in the mid-1890s. Exactly why Vladimir Ilyich’s reliance on lactose letters needed to be kept under wraps for 11 decades, the NSA doesn’t say.

Read more…

BALTIMORE For 11 years, prosecutors say, William Turley and two of his children used their Maryland manufacturing business to brazenly bill nearly $1.5 million in overcharges to a single customer: the National Security Agency.

The scam, described in a federal indictment, seems a foolish venture; after all, the NSA is the intelligence agency that helped find Osama bin Laden. Even more surprising – the scam is not unique.

The Turleys, who all pleaded not guilty last month in Baltimore’s U.S. District Court, are just the latest in a string of people prosecuted by the Maryland U.S. attorney’s office for similar crimes involving non-classified work for the NSA, records show.

The year 2006 was particularly rough: At least nine people were defrauding the nation’s chief secret-keeper in three separate schemes.

“If it wasn’t so sad it would be very funny,” said Matthew M. Aid, author of “The Secret Sentry: The Untold History of the National Security Agency.”

Read more…

The U.S. government is investigating reports from Google that hackers attempted to break into the Gmail accounts of senior government officials but at this point doesn’t believe any accounts were actually breached.

“Speaking on behalf of the U.S. government, we’re looking into these reports and seeking to gather the facts,” Caitlin Hayden, deputy spokesperson for the National Security Council, told CNET today. “We have no reason to believe that any official U.S. government e-mail accounts were accessed.”

The FBI is taking the lead on the investigation, according to Hayden, “as part of an interagency mechanism that comes together to focus on these types of incidents when they occur.”

An FBI representative confirmed the investigation to CNET today. “We are aware of Google’s announcement regarding attempts to obtain passwords and gain access to the accounts. We are working with Google and other [U.S. government] agencies to review this matter further to identify the origin of this campaign and to see what information may have been compromised,” the FBI said in an e-mail.

Google revealed yesterday that it had “detected and disrupted” a plan to break into hundreds of Gmail accounts through a series of phishing attacks. The targets of the attacks included top government officials from the U.S. and several Asian countries, along with journalists, political activists, and military personnel. The attackers apparently tried to use stolen passwords to access and change certain settings on the accounts.

In a familiar scenario, Google has implicated China as the source of the incident, saying that the attacks seemed to originate from Jinan, China. But the search giant didn’t go so far as to blame the Chinese government directly. China has denied any involvement in the attacks, according to BBC News, saying that “blaming these misdeeds on China is unacceptable.”

View Source…

On June 13th, a fifty-four-year-old former government employee named Thomas Drake is scheduled to appear in a courtroom in Baltimore, where he will face some of the gravest charges that can be brought against an American citizen. A former senior executive at the National Security Agency, the government’s electronic-espionage service, he is accused, in essence, of being an enemy of the state. According to a ten-count indictment delivered against him in April, 2010, Drake violated the Espionage Act—the 1917 statute that was used to convict Aldrich Ames, the C.I.A. officer who, in the eighties and nineties, sold U.S. intelligence to the K.G.B., enabling the Kremlin to assassinate informants. In 2007, the indictment says, Drake willfully retained top-secret defense documents that he had sworn an oath to protect, sneaking them out of the intelligence agency’s headquarters, at Fort Meade, Maryland, and taking them home, for the purpose of “unauthorized disclosure.” The aim of this scheme, the indictment says, was to leak government secrets to an unnamed newspaper reporter, who is identifiable as Siobhan Gorman, of the Baltimore Sun. Gorman wrote a prize-winning series of articles for the Sun about financial waste, bureaucratic dysfunction, and dubious legal practices in N.S.A. counterterrorism programs. Drake is also charged with obstructing justice and lying to federal law-enforcement agents. If he is convicted on all counts, he could receive a prison term of thirty-five years.

The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”

Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”

When President Barack Obama took office, in 2009, he championed the cause of government transparency, and spoke admiringly of whistle-blowers, whom he described as “often the best source of information about waste, fraud, and abuse in government.” But the Obama Administration has pursued leak prosecutions with a surprising relentlessness. Including the Drake case, it has been using the Espionage Act to press criminal charges in five alleged instances of national-security leaks—more such prosecutions than have occurred in all previous Administrations combined. The Drake case is one of two that Obama’s Justice Department has carried over from the Bush years.

Read more…

New details about the NSA’s post–Sept. 11 domestic surveillance programs have emerged in a stunning New Yorker article about NSA whistleblower Thomas Drake, who faces trial next month for allegedly leaking information about waste and mismanagement at the agency.

The article provides new insight into the warrantless surveillance program exposed by The New York Times in December 2005, including how top officials at the intelligence agency viewed the program. Former NSA Director Michael Hayden, in 2002, reportedly urged a congressional staffer who was concerned about the legality of the program to keep quiet about it, telling her that she could “yell and scream” about the program once the inevitable leaks about it occurred.

Asked why the NSA didn’t employ privacy protections in its program, Hayden reportedly told the staffer, “We didn’t need them. We had the power,” and admitted the government was not getting warrants for the domestic surveillance.

The New Yorker also spoke with a former head of the agency’s Signals Intelligence Automation Research Center, or SARC, who invented software codenamed ThinThread that is believed to have been adapted by the NSA for the warrantless surveillance. The program had privacy protections built into it, but the official says he believes the NSA rejiggered the program to remove those protections, so that it could collect data on everyone, including people in the United States.

Read more…