In room-size metal boxes secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world.According to documents provided by former NSA contractor Edward Snowden, the effort to build “a cryptologically useful quantum computer” — a machine exponentially faster than classical computers — is part of a $79.7 million research program titled “Penetrating Hard Targets.” Much of the work is hosted under classified contracts at a laboratory in College Park, Md.
President claims he disclosed information for ‘humanitarian reasons’ – in statement appearing to contradict administration’s previous account
Donald Trump has insisted he has the “absolute right” to share selected information with Russia amid allegations he passed on classified intelligence.
The President made his first statement on Twitter following a series of denials from White House officials.
Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.
White House officials, speaking on the condition of anonymity to discuss an ongoing investigation, said that the intruders did not damage any of the systems and that, to date, there is no evidence the classified network was hacked.
“In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” said one White House official. “We took immediate measures to evaluate and mitigate the activity. . . . Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.”
The FBI, Secret Service and National Security Agency are all involved in the investigation. White House officials are not commenting on who was behind the intrusion or how much data, if any, was taken.
“Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” the White House official said. “We are still assessing the activity of concern.”
U.S. officials were alerted to the breach by an ally, sources said.
Recent reports by security firms have identified cyber-espionage campaigns by Russian hackers thought to be working for the government. Targets have included NATO, the Ukrainian government and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top tier of states with cyber-capabilities.
In the case of the White House, the nature of the target is consistent with a state-sponsored campaign, sources said.
The breach was discovered two to three weeks ago, sources said. Some staffers were asked to change their passwords. Intranet or VPN access was shut off for awhile, but the email system, apart from some minor delays, was never down, sources said.
White House officials said that such an intrusion was not unexpected.
“On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system,” said a second White House official. “This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”
The Russian intelligence service was believed to have been behind a breach of the U.S. military’s classified networks, which was discovered in 2008. The operation to contain the intrusion and clean up the computers, called Buckshot Yankee, took months.
That incident helped galvanize the effort to create U.S. Cyber Command, a military organization dedicated to defending the country’s critical computer systems — including those in the private sector — against foreign cyberattack, as well as helping combatant commanders in operations against adversaries. The command is expected to have some 6,000 personnel by 2016, officials said.
When directed by the president or defense secretary, Cyber Command can undertake offensive operations.
Leaked documents purport to show that NSA wiretapped current leader Francois Hollande as well as two former presidents.
The United States wiretapped France’s former presidents Jacques Chirac and Nicolas Sarkozy, as well as current leader Francois Hollande, according to documents released by WikiLeaks.
The spying spanned 2006 to 2012, French newspaper Liberation and the Mediapart website, said on Tuesday, quoting documents classed as “Top Secret” which include five reports from the US National Security Agency based on intercepted communications.
The most recent document is dated May 22, 2012, just days before Hollande took office, and reveals that the French leader “approved holding secret meetings in Paris to discuss the eurozone crisis, particularly the consequences of a Greek exit from the eurozone”.
Another document dated 2008 was titled “Sarkozy sees himself as only one who can resolve world financial crisis”.
Hollande called a meeting of his defence council to discuss the reports on Wednesday.
Ever since documents leaked by former NSA contractor Edward Snowden showed in 2013 that the NSA had been eavesdropping on the mobile phone of German Chancellor Angela Merkel, it had been understood that the US had been using the digital spying agency to intercept the conversations of allied politicians.
Still, the new revelations are bound to cause diplomatic embarrassment for the Americans, even though allies have been spying on allies for thousands of years.
Hollande said last year that he discussed his concerns about NSA surveillance with President Barack Obama during a visit to the US, and they patched up their differences.
Spy scheme reviewed
After the Merkel disclosures, Obama ordered a review of NSA spying on allies, after officials suggested that senior White House officials had not approved many operations that were largely on auto-pilot.
After the review, American officials said Obama had ordered a halt to spying on the leaders of allied countries, if not their aides.
Neither Hollande’s office nor Washington would comment on the new leaks. Contacted Tuesday by AFP, Hollande’s aide said:
“We will see what it is about.”
US State Department spokesman John Kirby meanwhile said: “We do not comment on the veracity or content of leaked documents.”
WikiLeaks spokesman Kristinn Hrafnsson said he was confident the documents were authentic, noting that WikiLeaks previous mass disclosures have proven to be accurate.
The Wall Street Journal thinks Edward Snowden may have provided China with a new, powerful cyberweapon.
China is known for its so-called Great Firewall, a nationwide system of web blocks and filters that the government uses to maintain strict online censorship in mainland China.
Now it reportedly has a complementary offensive tool — dubbed the Great Cannon — to go after sites it doesn’t like. And Snowden, the NSA-contractor-turned-whistleblower, may be to blame.
“The Great Cannon is not simply an extension of the Great Firewall,” experts at the University of Toronto’s Citizen Lab said, “but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses and can arbitrarily replace unencrypted content as a man-in-the-middle.”
China can now reroute innocent traffic coming to Chinese websites and use it for a malicious distributed denial of service (DDoS) attack to overload the servers of another website. It may also be able to inject malicious code into target computers.
Citizen’s Lab notes that the only other “known instances of governments tampering with unencrypted internet traffic to control information or launch attacks” involve the use of a program called Quantum that was developed by the US’ National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ).
Snowden revealed the existence of Quantum through slides given to American journalists Glenn Greenwald and Laura Poitras in Hong Kong after he arrived on May 20, 2013. The Journal is now wondering whether the former NSA contractor provided the source code to Beijing before flying to Moscow on June 23.
“Did Snowden give the Chinese the code for the Great Cannon?” the editorial asks. “He denies sharing anything with foreign governments. But then he’s an admitted liar, and we don’t know what the Chinese and Russian spy services have been able to copy from what he stole.”
The Journal’s evidence regarding Snowden and the Great Cannon is scant and circumstantial and is based mainly on suspicion of Snowden, the similarities between the Great Cannon and Quantum, and timing.
“A South China Morning Post report that the Great Cannon has been under development for about a year is suggestive,” The Journal asserts. “This means China’s hacking bureaucracy geared up to produce this new product soon after the Snowden leaks.”
In any case, China now has a powerful new cyberweapon to enforce its status as the world’s vastest internet censorship regime.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users,” CitizenLab notes.
Agility and digital savvy traditionally haven’t been the strong suits of government agencies, so it’s encouraging that CIA Director John O. Brennan wants a big investment in cyberespionage and a new Directorate of Digital Innovation as part of what he calls a “bold” reorganization of the CIA. Brennan’s overhaul is commendable, but it’s urgent to do more to make his agency cyber literate.
Cyber competence isn’t just a set of technical skills; it’s a state of mind. Digital thinking must be baked into the CIA’s whole intelligence mission and its covert operations. No agency employee should be able to say “cyber” isn’t in their job description. As Brennan brings more hackers to Langley, Va., he should be careful not to let new walls rise between the new digital spies and those undercover. There’s precedent for this: The agency’s counter-terrorism center successfully dismantled silos between analysts and operators to track militants around the globe.
Next, the Directorate of Digital Innovation should think critically about what it means to conduct clandestine operations in the digital realm. Unlike drone specs or bomb schematics, code is very difficult to keep classified. Think of the Stuxnet virus. Even though it was written to attack a closed computer network, the code escaped onto the broader Web, where it was publicly dissected by digital security firms such as Symantec. Since then, more cyberespionage tools have been uncovered “in the wild,” meaning some are suddenly available to rogue nations and terrorists. As the CIA gets into this game, it should keep in mind the old admonition not to write down anything you wouldn’t want to see on the front page. In this case, be wary of writing code you wouldn’t want thrown back against your own networks.
The agency also will face tough decisions about if and when to share knowledge about computer and network vulnerabilities. As Kim Zetter detailed in her book “Countdown to Zero Day,” the government faces a difficult choice when it discovers a security flaw: share it so it can be patched, or keep it secret and useful. In my opinion, the dangerous impulse to over-classify should be resisted. If we want the private sector to share threat information with the government, the government – even its intelligence agencies – should get used to reciprocating.
I hope the CIA’s new commitment to all things cyber also will boost its work on open-source intelligence – the collection and analysis of public information and material – especially on social media. Invaluable intelligence on Islamic State and al-Qaida is sitting in plain digital sight. Private consulting firms such as SITE Intelligence Group have been quick to leverage that opportunity, and the CIA should follow their example. If Islamic militants recruit through Facebook, Twitter, Pinterest or other social networks, understanding exactly what they do and how to shut them down must become a major intelligence community priority.
Finally, the CIA should remember that just because it can do something doesn’t mean it should. That’s a lesson that the National Security Agency learned the hard way. Programs revealed by Edward Snowden, giving away much of our technology playbook to bad guys, prompted severe backlash; the ongoing encryption fight between Washington and Silicon Valley is just part of that fallout. Digital spies should have been asking: Will the intelligence gained outweigh the risk of damaging the trust of key constituencies?
Our nation’s enemies are remarkably adaptable. They form opportunistic, horizontal relationships and strike new partnerships. They quickly adopt new digital tools and social media. Brennan deserves credit for overhauling the CIA to become more nimble and more ready to meet these threats on this digital front. But as cyber becomes part of the CIA’s mission, friends of the agency should ask tough, constructive questions – to make certain that the human and digital worlds are being seamlessly integrated.
ABOUT THE WRITER
Jane Harman, former nine-term representative of California’s 36th Congressional District, is the head of the Woodrow Wilson International Center for Scholars. She served for eight years on the House Intelligence Committee, four as ranking member. She wrote this for the Los Angeles Times.
The UK government has admitted for the first time that its intelligence agencies can access data collected by other international agencies about UK citizens without a warrant.
Human rights groups Privacy International, Liberty and Amnesty International have revealed that the UK’s Government Communications Headquarters (GCHQ) had almost limitless access to a “massive searchable database” compiled by the NSA and other overseas partners, which includes information about British citizens caught in surveillance operations.
The revelations were heard at a private hearing at the Investigatory Powers Tribunal, the UK surveillance watchdog, after the three groups brought GCHQ to court in July this year.
“On the face of the descriptions provided to the claimants, the British intelligence agencies can trawl through foreign intelligence material without meaningful restrictions and can keep such material, which includes both communications content and metadata,” the groups said in a joint statement.
“The ‘arrangements’, as they are called by government, also suggest that intercepted material received from foreign intelligence agencies is not subject to the already weak safeguards that are applied to communications that are intercepted by the UK’s Tempora programme.”
A document submitted by the UK government to the court shows that GCHQ’s interception and collection of communications gathered by foreign intelligence agencies about UK citizens is permitted, if it is not a “deliberate circumvention” of the Regulation of Investigatory Powers Act (Ripa).
It is stated that a warrant is not necessary for GCHQ if it is “not technically feasible” and it is “necessary and proportionate” for the agency to gather the information.
“[A] Ripa interception warrant is not as a matter of law required in all cases in which unanalysed intercepted communications might be sought from a foreign government,” the document states.
According to MI5’s own website, the “interception of communications includes listening to the calls made on a telephone or opening and reading the contents of a target’s letters or e-mails” and “is only allowed under the authority of a warrant signed by a Secretary of State [usually the Home Secretary]”.
The issue of warrantless surveillance was brought to light last year by the whistleblower Edward Snowden, the former contract worker for the National Security Agency (NSA). Since then privacy advocates and campaigners have been fighting to curtail the powers of intelligence agencies around the world.
“We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ’s database and analyzed at will, all without a warrant to collect it in the first place,” said Privacy International’s deputy director Eric King.
“It is outrageous that the government thinks mass surveillance, justified by secret ‘arrangements’ that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful.”