FISA GRANTS NSA

Intelligence chief declassifies FISA court approval for collection of phone data

The top U.S. spy opened the door a sliver Friday on the mass collection of telephone records, acknowledging that national intelligence agencies had sought and been granted permission to vacuum up Americans' calling data for three more months.
In a statement released quietly on Friday , the Office of the Director of National Intelligence said Director James Clapper had decided to declassify and disclose that the government made the request to the hush-hush Foreign Intelligence Surveillance Court, which approved it earlier in the day.
U.S. District Judge William Pauley upheld the constitutionality of the National Security Agency's bulk collection of millions of Americans' telephone records — what's called "telephony metadata" — in a controversial ruling in New York last week. The American Civil Liberties Union, which brought the suit challenging the program, said Thursday that it would appeal Pauley's ruling.
Pauley's ruling came just 11 days after U.S. District Judge Richard Leon said the program appeared to be unconstitutional in a ruling in Washington, D.C., that sided with two Americans who wanted their data removed from NSA records.
It's now up to appeals courts and, most likely, the U.S. Supreme Court to sort through the contradictory findings.
The intelligence statement said Friday that Clapper was officially disclosing the FISA process "in order to provide the public a more thorough and balanced understanding of the program," which has polarized Americans over how deeply the U.S. government should dig into their privacy to keep them safe.
Documents released by former NSA contractor Edward Snowden revealed that the agency has been scarfing up phone and Internet metadata — information about where and when calls are made, not the content of those calls — without a warrant since two months after the terrorist attacks of Sept. 11, 2001
The FISA court reviews the program every three months, meaning Friday's seal of approval is the 36th it has issued since May 2006, when the administration of President George W. Bush successfully persuaded the secret court that the mass collection of data was legal under the USA Patriot Act.
Friday's statement also represented a sharp reversal from March, when Clapper flatly denied in testimony to the Senate Intelligence Committee that the NSA was doing any such thing. 
After the Snowden documents emerged, however, the intelligence community came under vigorous attack from civil liberties advocates, and Clapper issued a public apology in July for having "misstated" the program's reach in his testimony.
"The Intelligence Community continues to be open to modifications to this program that would provide additional privacy and civil liberty protections while still maintaining its operational benefits," Friday's statement said.
While Clapper disclosed that the FISA court had issued the approval, the court's ruling itself wasn't made public.

Read More

NSA Server vulnerable to SMTP Spoofing, can be used for Social Engineering 

An Indian hacker known as "Godzilla" has identified a vulnerability in the NSA website that allows an attacker to send fake emails from NSA's SMTP server.

NSA's SMTP server allows anyone to use the service without verifying the IP address and password.  The most interesting part is that it allows you to use any email address(for eg: admin@nsa.gov).

This vulnerability can be exploited by an attacker for launching a Spear phishing attack. An attacker can send email to anyone inside the organization(for eg to: admin2@nsa.gov).  As it is using the NSA SMTP server, it is need not to worry about firewalls. 

In a screenshot provided to EHN, the hacker used the email id of the NSA Director "Gen Keith B Alexander"(KeithAlexander@nsa.gov) to send email to another email id. 

"sending a mail with a link attach to it. That can be a bot link. Everyone will receive the mail with .nsa.gov domain as the mail is shooted from the same network." The hacker said.

"The mail will be send with the name of Director as no one will dare to skip the mail and have to read it. After opening the mail the attacking vector will get active. After this the ball will be in the attackers court."
"SMTP is a dangerous protocol and if you dont know how to secure it, its better you shut it down."

"Stupid NSA you are lucky its 31st December and we are not in a mood to shoot are malwares in your server." Hacker said 

Read More

Security researchers at Symantec have spotted a series of Network Time Protocol (NTP) reflection DDoS attacks during the Christmas Holidays.

DDoS attacks are very simple methods of offence that could cause serious problems to targeted systems, behind the word DDoS there are numeros techniques that could be exploited by attackers to reach their goals.

Last year principal security firms observed a significant increase for the DDoSattacks, the report issued by Arbor Networks on global DDoS attack trends for the first three quarters of 2013 provides an interesting overview into Internet traffic patterns and threat evolution. The data show a constant growth in the number or attacks and related efficiency, the analysts observed a significant increase (32%) for malicious traffic, the IPv4 traffic reached  69Tbps of peak, up from 47Tbps in registered in  Q2.

In particular is has been observed an increase in the adoption of DDoS methodology known as Distributed Reflection Denial of Service attacks (DrDoS) that substantially exploits misconfigured DNS (Domain Name System) to launch powerful DDoS attacks. The abuse of DNS systems is just an option for the attacker, security researchers at Symantec have spotted a new insidious methods to conduct DDoS attacks, cyber criminals started a series of Network Time Protocol (NTP) reflection DDoS attacks during the Christmas Holidays.

In the below graph it is possible to note that on December 16th were observed nearly 15000 IP addresses involved in the Network Time Protocol (NTP) reflection DDoS attack likely belonging to a botnet.

The Network Time Protocol (NTP) is a networking protocol widely used  for clock synchronization purpose between systems over packet-switched, variable-latency data networks.

Network Time Protocol (NTP) implementations exchange timestamps using the User Datagram Protocol (UDP) on port number 123.

“NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don’t worry about it after that.  Unfortunately, that means it is also not a service that is upgraded often, leaving it vulnerable to these reflection attacks.”  states the Symantec post to highlight how much dangerous is to not consider the evolution of each service that is used by our systems.

Exactly as DNS Reflection attack, in the Network Time Protocol (NTP) reflection DDoS the hackers sends a small spoofed 8-byte UDP packets to the vulnerable NTP server that requests megabytes of data to be sent to the target IP Address.

CVE has already coded the Network Time Protocol vulnerability as CVE-2013-5211,the attackers exploit the monlist command for the offensives.

“Monlist is a remote command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server.  For attackers the monlist query is a great reconnaissance tool.  For a localized NTP server it can help to build a network profile.  However, as a DDoS tool, it is even better because a small query can redirect megabytes worth of traffic” reports Symantec.

[root@server ~]# ntpdc -c monlist [hostname]

To protect Network Time Protocol server it is necessary to update it to NTP 4.2.7, a version that has excluded the support of ‘monlist’ query substituted by a new safe ‘mrunlist’ function which uses a nonce value ensuring that received IP address match the actual requester.

“If upgrading is not an option, you can start the NTP daemon with noquery enabled in the NTP conf file.  This will disable access to mode 6 and 7 query packetts (which includes monlist). “

Read More

NSA reportedly building quantum computer that could crack most encryption types

The National Security Agency is reportedly racing to build a computer that will be able to break almost every kind of encryption used to protect medical, banking, business and government records around the world.

According to documents provided by NSA whistle blower Edward Snowden, a $79.7 million research program titled “Penetrating Hard Targets” includes a project to build a “cryptologically useful quantum computer” – a machine considerably faster than classic computers, The Washington Post reported Thursday

The implications of the NSA building a quantum computer are far reaching. Such a machine would open the door to cracking the strongest encryption tools in use today, including a standard known as RSA that scrambles communications and make them impossible to read for anyone except the intended recipient. RSA is commonly used in Web browsers for encrypted emails and secure financial transactions.

The development of such a machine has long been a goal of many in the scientific community, and would have revolutionary implications for fields like medicine as well as for the NSA’s code-breaking mission.

The NSA reportedly sees itself as in a race with European Union and Swiss sponsored quantum computing labs.

“The geographic scope has narrowed from a global effort to a discrete focus on the European Union and Switzerland,” one NSA document says, according to the Washington Post.

The Snowden documents also indicate that the NSA has been carrying out a part of its research in large shielded rooms designed to prevent electromagnetic energy from leaking. The rooms are required in order to keep quantum computing experiments running.

Read More

Backdoor in wireless DSL routers lets attacker reset router, get admin

A hacker has found a backdoor to wireless combination router/DSL modems that could allow an attacker to reset the router’s configuration and gain access to the administrative control panel. The attack, confirmed to work on several Linksys and Netgear DSL modems, exploits an open port accessible over the wireless local network.

The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources. Update: Vanderbeken reports some routers have the backdoor open to the Internet side as well, leaving them vulnerable to remote attack.

Eloi Vanderbeken described the backdoor in a PowerPoint posted with the code to Github. In his illustrated report, he explained how over the Christmas holiday he was trying to get access to the administrative console of his family’s Linksys WAG200G wireless DSL gateway wirelessly—mostly so he could limit how much bandwidth the others in the house were using. But Vanderbeken had previously turned off wireless access to the administration web console (and had forgotten his administrative password).

Performing a scan, he found that the router responded to messages over an unusual TCP port number: 32764. A search of the web found other Linksys and Netgear router owers had found the same service, but there was no documentation for what it did.

So Vanderbeken downloaded a copy of the Linksys firmware and commenced reverse-engineering the binary MIPS code. What he found was a simple interface that allowed him to send commands to the router without being authenticated as the administrator. On his first attempt to brute-force the interface, the router flipped its configuration back to factory settings, causing his family members to all lose Internet access at the same time.

After some additional testing, Vanderbecken found that the interface allowed him to execute a number of commands directly against the router, including a command-line shell. Using the commands he discovered, he was able to write a script that allowed him to turn wireless access to administration on and reset the web password, and published the script (with his cartoon report on the backdoor) to Github.

Read More