@the_intercept GCHQ Top Secret Document Discloses Spy Unit in Cyberspace Researching Manipulation of Human Behaviour @AceNewsServices

#AceNewsReport – LONDON:June.22:A top-secret document, disclosing how a spy unit in the UK Government Communications Headquarters (GCHQ) operates within cyberspace, has for the first time been revealed by The Intercept.

A report, titled ‘Behavioural Science Support for JTRIGs Efforts and Online HUMINT [human intelligence] Operations’, written in 2011 by a psychologist, Mandeep K. Dhami, details the activities of the Joint Threat Research Intelligence Group [JTRIG].

British and US spy agencies use reverse engineered software products under questionable legal authority to infiltrate networks and track users, media reported on Monday.

WASHINGTON (Sputnik) — The US National Security Agency and the UK Government Communications Headquarters have worked to undermine computer security software, including Kaspersky Lab’s anti-virus programs, to infiltrate networks and track users.

“The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software,” a report from The Intercept read.

The NSA and GCHQ in particular looked into breaching software produced by the Moscow-based cybersecurity company Kaspersky Lab that protects more than 400 million people, according to the report.

@AceNewsServices

Ace Worldwide News

#edward-snowden, #antivirus-software, #auschwitz-concentration-camp, #check-point, #computer-security, #duqu, #iran, #kaspersky-lab, #national-security-agency, #stuxnet

@TheJusticeDept Over 250-people charged in Multimillion $ Medicare Fraud @AceNewsServices

#AceNewsReport – WASHINGTON:June.18: Almost two and a half hundred people including doctors, nurses, pharmacy owners and patient recruiters are charged over $712 million Medicare fraud, allegedly the biggest criminal healthcare case in the country’s history.

 US authorities charged 243 people for allegedly participating in a $712 million Medicare fraud, the largest criminal healthcare case in US history, US Attorney General Loretta Lynch announced during a press conference on Thursday.

“This is the largest takedown in the strike force’s eight year history,” Lynch said. “It is the largest criminal health takedown in the history of the Department of Justice and it adds to an already remarkable record of enforcement.”

The US Attorney’s Office said the 243 people charged are spread out in 17 federal districts across the United States.

Lynch noted 46 of the suspects are medical professionals, including doctors and nurses, but also home health care providers, pharmacy owners and patient recruiters.

 They were accused of crimes ranging from conspiracy to commit health care fraud to wire fraud and money laundering, Lynch added.

She explained some of the suspects billed Medicare for equipment they did not provide to patients, for care that was not needed and for services that were not rendered.

In one instance, owners of mental health facilities in Miami, Florida received tens of millions in reimbursements for intensive psychotherapy sessions, while they only moved patients from one location to another, Lynch said.Lynch was joined at the press conference by Federal Bureau of Investigation Director Jim Comey, Department of Health and Human Services Inspector General Daniel Levinson, and other officials.

@AceNewsServices

Ace Worldwide News

#alabama, #association-football, #bank-robbery, #computer-security, #confirmation, #dean-heller, #espionage, #federal-bureau-of-investigation, #united-states

SWITZERLAND: ‘ Prosecutors open case on alleged spying on Iran’s Nuclear Program ‘

#AceNewsReport – #BreakingUpdate: SWIZERLAND:June.11: The Swiss Attorney General’s office has opened a criminal case into alleged spying on talks over Iran’s nuclear program, TASS reported.

The probe concerns unidentified actors involved in prohibited spying activities in Switzerland, said the office’s spokesman, Andre Marty. Kaspersky Lab earlier said it had uncovered a spy campaign targeting hotels that hosted the negotiations between Tehran and six world powers.

Israeli Deputy Defense Minister Eli Ben-Dahan on Wednesday denied a report that Israel carried out a cyber-espionage campaign targeting the hotels.

US officials have accused Israel of spying on the talks in the past, the Jerusalem Post said.

@AceBreakingNews

#auschwitz-concentration-camp, #computer-security, #duqu, #espionage, #iran, #israel, #kaspersky-lab, #nuclear-program-of-iran, #stuxnet

HealthCare.Gov: ” Government has Failed to Secure from Cyber Attacks”

#AceSecurityNews says a group of computer experts in the United States says the government has failed to secure the HealthCare.gov from cyber attacks and that the site is fundamentally flawed.

Healthcare.Gov Cyber AttacksThe government has yet to remedy more than 20 vulnerabilities that security experts reported to the government shortly after the website went live on October 1, according to Reuters, citing cyber security professionals.

Hackers could steal personal information, modify data or attack the personal computers of the website’s users, David Kennedy, head of computer security consulting firm TrustedSec LLC, said.

“These issues are alarming,” Kennedy told Reuters on Wednesday.

At a November House Committee hearing, Kennedy and three other experts said they believed the site was not secure and should be shut down immediately.

The HealthCare.gov allows Americans to purchase health insurance under President Barack Obama’s Affordable Care Act, widely known as Obamacare, which mandates health insurance for all Americans.

The site was crippled by technology errors in the first two months after its launch.

“The site is fundamentally flawed in ways that make it dangerous to people who use it,” said Kevin Johnson, chief executive of Secure Ideas and a teacher at the non-profit SANS Institute, the world’s biggest organization that trains and certifies cyber security professionals.

Americans have tended to disapprove rather than approve of the healthcare law throughout the past year and generally view Obamacare negatively.

According to a Gallup poll conducted Jan. 3-4, nearly half of Americans say the Affordable Care Act will make the healthcare situation in the US worse in the long run.

 

Enhanced by Zemanta

#acesecuritynews, #affordable-care-act, #barack-obama, #computer-security, #gallup, #kennedy, #patient-protection-and-affordable-care-act, #reuters, #sans-institute, #united-states

“NSA had Secret Contract with a Computer Security Company #RSA

#AceSecurityNews says according to SAN FRANCISCO (Reuters) – As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with #RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former #NSA contractor #Edward-Snowden show that the #NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that #RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that #RSA received $10 million in a deal that set the #NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at #RSA had taken in during the entire previous year, securities filings show.

The earlier disclosures of #RSA’s entanglement with the #NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990’s effort by the #NSA to require a special chip to enable spying on a wide range of computer and communications products.

#RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.

#RSA and EMC declined to answer questions for this story, but #RSA said in a statement: “#RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of #RSA products are our own.”

The NSA declined to comment.

The #RSA deal shows one way the #NSA carried out what#Snowden’s documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. #NSA documents released in recent months called for using “commercial relationships” to advance that goal, but did not name any security companies as collaborators.

The NSA came under attack this week in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that “encryption is an essential basis for trust on the Internet,” and called for a halt to any #NSA efforts to undermine it.

Most of the dozen current and former #RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA’s corporate evolution away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance.

“They did not show their true hand,” one person briefed on the deal said of the #NSA, asserting that government officials did not let on that they knew how to break the encryption.

STORIED HISTORY

Started by MIT professors in the 1970’s and led for years by ex-Marine Jim Bidzos, RSA and its core algorithm were both named for the last initials of the three founders, who revolutionized cryptography. Little known to the public, RSA’s encryption tools have been licensed by most large technology companies, which in turn use them to protect computers used by hundreds of millions of people.

At the core of RSA’s products was a technology known as public key cryptography. Instead of using the same key for encoding and then decoding a message, there are two keys related to each other mathematically. The first, publicly available key is used to encode a message for someone, who then uses a second, private key to reveal it.

In some related signature schemes, the private...

In some related signature schemes, the private key is used to sign a message; anyone can check the signature using the public key. Validity depends on security of the private key. (Photo credit: Wikipedia)

From RSA’s earliest days, the U.S. intelligence establishment worried it would not be able to crack well-engineered public key cryptography. Martin Hellman, a former Stanford researcher who led the team that first invented the technique, said NSA experts tried to talk him and others into believing that the keys did not have to be as large as they planned.

The stakes rose when more technology companies adopted RSA’s methods and Internet use began to soar. The Clinton administration embraced the Clipper Chip, envisioned as a mandatory component in phones and computers to enable officials to overcome encryption with a warrant.

RSA led a fierce public campaign against the effort, distributing posters with a foundering sailing ship and the words “Sink Clipper!”

A key argument against the chip was that overseas buyers would shun U.S. technology products if they were ready-made for spying. Some companies say that is just what has happened in the wake of the Snowden disclosures.

The White House abandoned the Clipper Chip and instead relied on export controls to prevent the best cryptography from crossing U.S. borders. RSA once again rallied the industry, and it set up an Australian division that could ship what it wanted.

“We became the tip of the spear, so to speak, in this fight against government efforts,” Bidzos recalled in an oral history.

#RSA EVOLVES

RSA and others claimed victory when export restrictions relaxed.

But the NSA was determined to read what it wanted, and the quest gained urgency after the September 11, 2001 attacks.

Image representing VeriSign Authentication Ser...

Image via CrunchBase

#RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.

And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA’s revenue, less than 9% of the $310 million total.

“When I joined there were 10 people in the labs, and we were fighting the NSA,” said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. “It became a very different company later on.”

By the first half of 2006, #RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.

New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.

An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST’s blessing is required for many products sold to the government and often sets a broader de facto standard.

RSA September 29

RSA September 29 (Photo credit: BillT)

RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.

RSA’s contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

“The labs group had played a very intricate role at BSafe, and they were basically gone,” said labs veteran Michael Wenocur, who left in 1999.

Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula “can only be described as a back door.”

After reports of the back door in September, RSA urged its customers to stop using the Dual Elliptic Curve number generator.

But unlike the Clipper Chip fight two decades ago, the company is saying little in public, and it declined to discuss how the NSA entanglements have affected its relationships with customers.

The White House, meanwhile, says it will consider this week’s panel recommendation that any efforts to subvert cryptography be abandoned.

Courtesy of the (Reporting by Joseph Menn; Editing by Jonathan Weber and Grant McCool)

 

#edward-snowden, #bsafe, #clipper-chip, #computer-security, #cryptography, #emc, #encryption, #martin-hellman, #national-security-agency, #new-york-times, #reuters, #verisign, #white-house

Speech on Building a new international consensus on the future of Cyberspace

English: William Hague at the U.S. Deptartment...

English: William Hague at the U.S. Deptartment of State (Photo credit: Wikipedia)

Foreign Secretary William Hague calls for countries to discuss collectively one of the greatest challenges facing our generation.

I thank President Park and the government of Korea for hosting this important conference and for organising it brilliantly well.

We are two years into a process that began in London in 2011 to address one of the greatest challenges facing our generation: building a new international consensus on the future of cyberspace. There is more that unites us as nations than divides us on this issue. We all want to benefit from secure and reliable access to the internet as a driver of growth, development, good governance and innovation in our societies, and to protect our citizens from crime and terrorism on-line.

But there is a divide emerging in the international community that we must confront.

On one side are countries like the UK and many others like Korea who argue that the internet must remain open and borderless, and benefit from collective oversight between governments, international organisations, industry and civil society. In our view this is the only way to ensure that the benefits of the digital age are expanded to all countries; that ingenuity and competition flourish and investment and enterprise are rewarded; and that the creativity that spurs economic growth is nurtured not stifled by excessive regulation.

On the other side are countries calling for an international legal framework for the internet that would enable governments to exercise exclusive control over the Internet’s content and resources.

I am convinced that placing the controls of cyberspace entirely in the hands of governments would be a drastic error that would have profound social and economic consequences. The dead hand of state control would be as stifling for the internet as it has been for many economies in the past. It would erect barriers that impede the free flow of ideas, and would lead to a ghettoized or two-tier cyberspace that hinders free trade and holds back economic growth and development. This world of closed, fragmented Internets would certainly be less free and democratic – but it would also be less creative, less innovative, less progressive and, ultimately, less prosperous than a world with a single and open Internet.

The Internet is the heartbeat of the global economy, linking businesses that are based thousands of miles apart and constantly creating new markets, industries and technologies. Over the last 5 years, it has accounted for one fifth of GDP growth in advanced economies, with vast potential for future growth in countries where many people are now coming online for the first time.

It provides an environment where ideas flourish and barriers to market entry are removed, enabling innovators and entrepreneurs in every corner of the globe to turn those bright ideas into financial gain. It is improving the delivery of public services such as health and education, which heighten the skill and efficiency of workforces the world over.

It is facilitating the development of smart grids, smart buildings and smart cities, which support green and sustainable growth.

And it is creating more attractive investment climates by widening accountability and increasing transparency.

For these reasons, and more, societies that embrace an open and vibrant internet will be the ones that develop and prosper most in the 21st century.

And let us be clear – human rights apply online as much as they do offline. We should have no illusions about the motivation of those who call for a regulated internet stem from a desire to control the expression and curtail the political freedoms of their citizens.

We do all face sophisticated and persistent threats in cyberspace from terrorists or organised criminals. We will not compromise on the United Kingdom’s security or give free rein in cyberspace to those who wish to harm our country. With my full support our security and intelligence agencies will continue to address threats in cyberspace and to help our allies and partners to do the same – and the UK will remain at the centre of the debate on how we tackle those threats more effectively. But countries who seek to hide behind firewalls and erect artificial barriers on the internet will ultimately reduce their security, not enhance it. A fragmented Cyberspace would reduce trust and cooperation, making malicious or subversive activity more likely and harder to detect.

So our challenge is to work together to build confidence and engrain norms of behaviour which govern state behaviour online and support our collective security, while upholding the values of openness and freedom which have been integral to the success of the internet and are our core values as democratic nations.

We need a more transparent and inclusive model of governance; one where no single body controls all of the functions that govern the Internet; which is flexible, adaptable and can keep pace with the lightning speeds at which technology is advancing.

The London process, a process that began two years ago, is designed to achieve that objective and we have made some important progress:

We have brought the debate on the future of cyberspace to the front of the international agenda. We have taken strides towards agreeing principles that can form the basis of widely accepted norms for behaviour in cyberspace, which are captured in the “principles and guidelines” document put forward by Korean hosts. And we are making progress on capacity building to help all states tackle challenges in cyberspace. In the UK, this includes the establishment of the Global Cyber Security Capacity Centre which will open in Oxford next month and help other countries to build their own resilience and security.

Nevertheless, we have still not reached agreement on international ‘rules of the road’ or set of standards of behaviour.

To all those states that are uncertain where their interests lie between these competing visions of the future of cyberspace, I say that there is no stark choice between an open Internet and a secure Internet. But there is a choice between an Internet which continues to create growth and prosperity on all continents, and one which does not. We must agree to take steps to increase the confidence and trust that governments, companies and citizens all have in the Internet while preserving its transformative dynamism and creativity.

At a time of such global economic uncertainty, making the wrong choice would have profound consequences for the future. We must come together and ensure that the Internet is not only secure, but remains an engine for progress all over the world.

Related articles

#acesecuritynews, #aceworldnews, #computer-security, #cyberspace, #economic-growth, #london, #net-neutrality, #political-freedom, #secretary-of-state-for-foreign-and-commonwealth-affairs, #william-hague