35 Burst results for "NSA"
US banning use of WeChat, TikTok for national security
"All right. I'm sorry I didn't mean to be flip it but here's an example of what you're talking about Shannon. Possibly earlier than I expected the US Commerce Department announced the details of what qualifies for band transactions under the two executive orders affecting we chat and Tiktok I thought we wouldn't get until Sunday, but we got them today both we chat and Tiktok APPS will not be legal to distribute in the United States as of September twentieth. So APP stores will need to remove them just like apple decided to remove fortnight, they'll have to remove tiktok and we chat as we'll google play or. Any other APP store. Now, these executive orders can be rescinded if the Oracle deal is acceptable to the administration, keep an eye out. This isn't the final word but if condition stay as they are now that has to happen as of Sunday additionally on September twentieth taking payments through the we chat APP will be illegal. So stores in the US can't accept we chat that is often done for Chinese tourists to make it easier for them to pay. So that will not be allowed. For we chat in particular on September twentieth the US is forbidding the following any US company hosting any part of the we chat APP, a cdn service providing service to we chat any contracted transit or peering services doesn't mean that they can't transit the service but any agreement that says we'll give you peering as long as you give us peering back right or we'll. We'll give transit service if you pay us this much US companies can't. Do that anymore and any use of we check code in other APPS or services in the US. Lot Of folks think this is a first amendment violation because code is considered speech under a lot of precedents. But the idea here is stop clones to say, well, you can't just go take the we check code, put it in a different APP called something else under a different company. So you can't use the we check code in other services. This one's tricky. A dozen seemed mean we chat has to be actively blocked from the Internet. They're not asking ISP's block the we chat service they're slow down it means cdn's and transit providers can't work with ten cents on the we chat service, which would greatly reduce its reliability and availability possibly to make it almost useless. Those same prohibitions will not apply to tick Tock until November twelfth. So basically Oracle's got until November twelfth to get the deal done or tick tock becomes unusable as well. In summary As of September twentieth you won't be able to down the we chat download. We had dot from APPs stores in the US but if you have them already, you can keep them. They won't get security updates though. And we chat won't work very well but tick tock will still work as normal if you've got it until November twelfth. A couple other notes here, US Magistrate Judge Laura Bieler ruled Friday that she would not issue a preliminary injunction against this we chat order she previously had said she might be willing to because the original executive order issued in. August was a little vague but said, Friday hey. Now we have the details not vegas anymore. So. She says, this complaint is now moot. Further filings from the we at user alliance are expected to argue that it's not moot. We'll see if those come. Also instagram head at a Maseri tweeted that quote a US Tock Band would be quite bad for Instagram facebook and the Internet more broadly and in response Tiktok interim CEO Vanessa Pappas the head of tiktok in Santa Monica. Asked facebook and instagram quote publicly join our challenge and support our litigation in other words like fine. If you believe that we need your help. Of course, the president as of this recording has not yet issued his decision on the proposed deal for Oracle. It's expected at any moment oracle wants to become a trusted tech partner and minority owner in new us-based tech. Company. Owned by Bite Dance. The. Saga continues I imagine we might. Have this all solved by Monday but of course, then it's onto the next thing. How your feeling about this. Well Shannon I don't know about you but I am I was laid to the TIKTOK game but an enthusiastic TIKTOK USER I don't make stuff but I I watch other things and I really liked the APP and I'm not alone it's a very, very popular up and I can't really think of I've thought of I was trying to think of has this ever happened before some some time where there was something that I liked technology wise. That was then you kind of taken from me based on where I live a lot of other countries and regions in the world are very used to this I can't think of one I really can't. I can think of APPs or services that were available somewhere else and then they came to the US. Eventually, we're never did but not something that was sort of taken away. So I just wondered what the Creator Backlash all this is going to be like. There's a big creator backlash I. I'm sure that it's going to happen quite soon to like there's a lot of people that have that are creators on. TIKTOK. That had not diversified and just thinking of it from that Creator side there's a lot of people that are going to lose income just specifically with tiktok but also with we chat because we chat has always been. So internationally friendly where people can use it across borders. So there's a lot of like developers. There's a lot of companies that use we chat for business. So this is not only going to be hurting TIKTOK and we chat but. It's also going to be hurting the people that use it as well for their own businesses and I. Don't know if if this was considered when they decided to put in put this ban in place, and that's very very concerning not just because you know that that freedom of the Internet as I was mentioning earlier with the previous story but also from the whole income aspect of like at all times in in twenty twenty when we have a pandemic and they're going to remove the these applications because they're based in a different country and we're going to be losing the opportunities to conduct business because of that. Keep in mind folks when you're forming your opinion about this and I'm not telling you what opinion to have when I say this that. It is not against the rules for the United States to ban an APP we ban all kinds. Of APPS. There are APPs that we all agree should be gone child pornography fraud. Those kinds of APPS. What's at issue here is the administration is saying these two APPS are just as dangerous to our national security and to more personal data as a fraud APP and therefore yes, it's going to have fallout, but it's because they're dangerous apps like they pretend to give you something good but they're really. Supporting an enemy and we can't allow that seem that. That is the argument that is being made. And we can stay the same argument about a lot of social media platforms. I mean we we have American platforms that do dangerous things, but they are not under the supervision of the Chinese government. So there is a difference. It's a definitive difference and you can decide yes you want to think about it. I'm glad you added that comment that there needs to be a definitive difference. There needs to be proof and evidence. real quickly before we wrap this up yesterday, we reported that the Oracle deals term sheet would create a company called Tick Tock global based in the US with its own board of directors. We got a few more details on that term sheet axios llosa's INA freed has more detail saying the term sheet describes three boards. A board approved by the US government would oversee TIKTOK US and include a security director and an independent data security expert. With national security credentials, which is pretty much the description of a former CIA or NSA officials. So the US government would put a board to oversee the operations of tiktok in the US while Oracle would operate it. A security subcommittee of that board would be composed of US citizens with veto power over Tick Tock Global Security data privacy decisions in the US, and then there would be a board of directors independent of Bite dance over tiktok global. So Little more detail there for you to consider.
TikTok reaches deal that would give Oracle oversight of U.S. operations
"And Tick Tock recently made headlines Everywhere when Resin Donald Trump signed an executive order. That would essentially ban the Chinese owned APP in the US for national security reasons. Unless it sells its operations here to an American company. And of course, if that were to happen. We would have nowhere to go to see a million potatoes singing. To Adele. And that would be a national tragedy. This week deal actually emerged between TIKTOK and American company Oracle but some people like Zachary say trump's tiktok policy effectively changes. Nothing. The argument goes like this. It will do little to protect Americans data from the Chinese government because there are still plenty of other ways China could get that data that this move is just a new kind of security theater basically. The hard work of data security according to this actually lies elsewhere. So, Zachary TIKTOK has been banned in Indiana a few other countries, but it's still pretty popular for now it's the most popular video sharing app i. can see why it seems like fun and there are mental creative. They're short I mean the whole nature of the medium has their time limited. What happened with Tiktok this week what happened this week? Should be clear but isn't. Basically, in August, the trump administration ordered via executive order whose legality remains highly questionable that the Chinese owner of Tiktok, a company called Bite Dance. Divest itself of Owning Tiktok within ninety days or face the prospect that tiktok would be shut down in the United States. I broke the deal I said you can't do business in the United States, which is at least potentially within the power of the US federal government based on national security concerns based on national security and the logistics are complicated that you probably could order apple and other people and servers that are hosting tiktok. that. They couldn't do it and it would defacto make it impossible for Tiktok to function. So that is what began a process where the owner of Tiktok, again, a Chinese company sought an alternative way to their cell, the US portion of Tiktok or what ended up happening major deals Rocking Wall Street this morning pushing futures higher. We find an American technology partner Oracle beat Microsoft and become the technology partner for TIC TACS US operations although will not. receive its coveted algorithm so that all took talks data would be kept in the United States on servers owned by an American company and not by Chinese company because the whole point of this was that all these people using Tiktok, these tens of millions, hundreds of millions that data was potentially vulnerable to being used and therefore misused by the Chinese government. How so So the fear was because technology companies in China by Chinese law are required if. By the Chinese government to turn over data relevant data that the Chinese government could tell the parent company of Tiktok, hand us all of your user data which user data of again tens of millions of Americans. and. Then China would have that data. So that was the concern right and and that's a legitimate fact the Chinese government could order that. The problem is, of course, one via our court system, an American court can order or prosecutor can subpoena data. From our companies. So it's not like what you and I do on Google or what we do on any technology provider is somehow. Unavailable. To government if government decides that it's in its interest to get it not to mention the the various many non-government actors, the vacuum, the stuff up and use it for their own purposes that is even more important I think probably more relevant to the China issue which is. Does it matter whether the data is in this case, potentially house by Oracle massive US hardware and software company versus being housed by servers in China. In terms of the ability of the Chinese government to obtain that data, it wanted to obtain it because not just third parties that hoover up data and use it in the whole buying selling and the data market, but just spying tools. Whether it's the NSA in the National Security Agency in the United States or various Israeli cybersecurity and or cyber spying companies or the Chinese government. Most of this data isn't that secure. Not. Like. Triple encrypted quantum encrypted defense department level communications. So likely true that if the Chinese government really wanted my teens Tiktok data, it doesn't really matter whether that data's House on servers in China owned by Chinese company or whether it was housed on American servers on buying American company. So I guess, then how do we get to this point? How did you know given what you just said why has this become such a big issue? How did it start? Yeah it's a good question I I'm not sure. There's a precise answer. It's part of a whole continuum of the trump administration in particular identifying China as a proximate threat to the United States and a whole series of ways competitively in terms of trade practices hence the hundreds of billions of dollars of Chinese imported goods that have been subject to American tariffs. It's part of a multi year campaign against this massive Chinese telecom equipment company called Wa wa, which has been a leader in next generation five G. Telecom equipment in a way that again, some of the same concerns have existed which is. That the Chinese government would would use the production of that equipment as a way to spy on who met from purchase adequate. And Look a few years ago. There was a a forced sale of gay dating APP Grindr, which was also owned by a Chinese company, and so there was an earlier precedent of forcing a Chinese company to sell an American APP Social App. Because, of data concerns and finally, there's the fact that for years long predating the trump administration. China has not allowed American social media companies like facebook. To function in China. So there's the tit for tat. You know you don't let our social media functioning companies function there. Why should we let yours function here? There's Several year campaign against China which the trump administration's pursued but I think has a good deal of democratic support I. Mean if it's close to a bipartisan sentiment that China, China's a threat as anything we have right now. Why Tiktok? Suddenly became a thing I may partly have to do with the fact that it suddenly became a very big deal in the United States. I mean, this was not a company that had any footprint several years ago and suddenly as. The APP does your so it may have had to do with something that got really big and is very noticeable. Salsa not that economically important. So a lot of people would be royally pissed off Tiktok were banned. It's not like tiktok is. An integral component. To the US economy either during covid or without covid. So it's an easier target. We'll be right back. Everyone wants to become a better leader this groundbreaking new book how to lead shows you how David M Rubenstein is one of the visionary founders of the Carlisle Group and host of the David Rubenstein Show where he speaks to leaders from every walk of life about who they are, how they define success and what it means to lead. Jeff bezos Richard Branson Warren Buffett Bill Gates Ruth Bader Ginsburg Phil Knight Oprah all of them and more are featured in how to lead this essential leadership playbook illustrates the principles and guiding philosophies of the world's greatest game changers discover the expert secrets to being. Effective innovative leaders. Walter Isaacson proclaims reading this invaluable trove of advice from the greatest leaders of our time is like sitting in an armchair and listening to the masters reveal their secrets, pick up a copy of how to lead wisdom from the world's greatest CEOS founders and Game Changers Bhai David Rubenstein available in Hardcover e book or audio, and we're back I get the kind of general personal security aspect of it. Where does the national security aspect of it come in? Is it because there's concern about people who worked at the Defense Department or the military whoever having to talk in in use in their households or people in the Defense Department are not allowed to use tiktok certainly not on their phones. For before this although they may have teenagers who That's vulnerability as well. So it wasn't primarily about like US government employees who might have sensitive data that tiktok would be the back door way that the Chinese government would spy on them but it was generalized sense of any foreign government that is using private American citizen data potentially for nefarious purposes represents a national security threat. Now, it clearly has not represented the kind of national security threat in the estimation of the White House right now when it's Russian. Manipulation of social media accounts the same principle should or would apply right. If you'RE GONNA ban, Tiktok you'd probably want to take action against the a variety of Russian media enterprises that are attempting to manipulate and hoover up American user data. Some of that data's you mentioned earlier in terms of third party is available to anybody for a price just because there's a marketplace for data. Which I think either most of us aren't aware of or frankly most probably don't care if politicos data on this podcast gets sold to fourteen vendors so that it can sell you and me products based on our other computer activity most people. Either like that, or don't care about that. But the national security concern is simply because it's a foreign government that could potentially. Use, our search history or browsing history nefarious. And again a, that might be true but be it's likely that all this kind of data is obtainable irrespective of whether or not a company called TIKTOK. Happens to have access to a lot of it. It's really interesting. So into this whole story comes oracle, you know huge hardware software firm but how did they get involved here? Yes. Oracle is is a multibillion dollar firm that has had the same public profile as Microsoft or Amazon or facebook or apple because most of its business is to other large companies, you know you and I don't tend to go out and buy Oracle piece of hardware because we don't need a hundred and fifty thousand dollars server or. Network system for our employees. They're largely corporate provider throw a huge provider to the Defense Department in terms of cheer equipment and material, and they're huge software company. They're one of the early Silicon Valley success stories and the billionaire founder Larry Ellison has been probably more conservative than not I don't know that I buy into the whole. This is a reward versus. A snub to the other potential main acquirer or partner for Tiktok, which was rumored to be Microsoft but this is an unusual. This doesn't usually fit oracle's business model. Well, that's that's interesting. So what is their interest in getting involved here perceived to be I'm not one hundred percent clear about that I mean look at could allow them to. Have a little bit more of a consumer facing brand. Again, I mean Oracle's. Primarily a software company primarily a database company. Maybe this could help them increase their databases. There's no way that this is a natural fit for goal. But at the same time north this a huge cost for Oracle, maybe it'll produce some American jobs. I mean. They're looking for growth just like everybody's looking for growth, and once you get to be the size of Oracle. Growth gets harder some of they're also looking for a DIFFERENT INDUSTRY TO BE President Chore? So. What exactly did they given? What did they get here that as of this conversation is not one hundred percent clear off so it was presented as or go by tiktok. That is not the case or at least it's not the case now and as possible. The deal will be scuttled or change given that all of this has to be approved by the government has to be approved by committee. Called Syfy S, which is the committee in charge of looking at global deals in terms of US national security, but it would seem that right now. The parent company of Tiktok saw own TIKTOK and get some of the economic benefits of TIKTOK. This Chinese company called by dance and that Oracle in turn will get a massive licensing deal to house Tiktok data and information on its own. Servers and using its own software. So the concern that the Chinese government would have access to that data would be allayed meeting under this agreement arrangement because the data would be managed by and it's housing would be arranged by a US company. The Chinese government could order by dance to turn over but by dance itself wouldn't actually have access to that data. It's interesting I mean based on what you said before it's they're they're they're moving this data from place a, it's not going to be in a different place and I guess the Chinese government will no longer have a key to the door. But as you said before there's many different ways that either the Chinese government or a lot of other. State or private actors can get hold on more or less any data they want to these days right? which kind of raises the question for point of all, this is ENA. It's certainly true. It would make it a little more challenging to get that data under that kind of arrangement. It seems like this a big fight over a big company. That's not actually really about. The literal subject of the conflict here. Yeah. It is totally fair to say that whatever the imbroglio about tiktok has very little to do with tiktok. And everything to do with US policy toward China. And the trump administration looking for some High profile optic to be able to say we're we're being tough on China and protecting American citizens. Again, the oddity of Tiktok is given that so many of its users or young adults. Who Don't vote although who would be? Extremely, Acetate it. If they woke up tomorrow and there's no TIKTOK meeting, it's probably not. The most popular move if what you're trying to do is gain support during a presidential election. So it's not entirely clear what constituency the served there wasn't like a huge congressional clamor for Oh my God. We're all big imperilled by these fifteen second videos. So where do you think things go from here in terms of into in terms of the real story behind all this in terms of the U., S., China relationship and the increasing in. them of that. So I think to some degree regardless of who wins the presidential election. there. Is a train that's left the proverbial station of increasing. Distrust and animosity between the United States and China. But within the context of an incredible amount of economic interdependence that you cannot just snap your fingers and several or at least not without massive massive harm to each part of that equation both the United States and China, and that's that's pretty unprecedented. Right? Right. That's like the Cold War analogy doesn't work because there was no economic relationship between the United States and the Soviet Union nineteen. Fifty S
Trump not ready to OK TikTok deal, admits US won't get cut
"Basically, in August, the trump administration ordered via executive order whose legality remains highly questionable that the Chinese owner of Tiktok, a company called Bite Dance. Divest itself of Owning Tiktok within ninety days or face the prospect that tiktok would be shut down in the United States. I broke the deal I said you can't do business in the United States, which is at least potentially within the power of the US federal government based on national security concerns based on national security and the logistics are complicated that you probably could order apple and other people and servers that are hosting tiktok. that. They couldn't do it and it would defacto make it impossible for Tiktok to function. So that is what began a process where the owner of Tiktok, again, a Chinese company sought an alternative way to their cell, the US portion of Tiktok or what ended up happening major deals Rocking Wall Street this morning pushing futures higher. We find an American technology partner Oracle beat Microsoft and become the technology partner for TIC TACS US operations although will not. receive its coveted algorithm so that all took talks data would be kept in the United States on servers owned by an American company and not by Chinese company because the whole point of this was that all these people using Tiktok, these tens of millions, hundreds of millions that data was potentially vulnerable to being used and therefore misused by the Chinese government. How so So the fear was because technology companies in China by Chinese law are required if. By the Chinese government to turn over data relevant data that the Chinese government could tell the parent company of Tiktok, hand us all of your user data which user data of again tens of millions of Americans. and. Then China would have that data. So that was the concern right and and that's a legitimate fact the Chinese government could order that. The problem is, of course, one via our court system, an American court can order or prosecutor can subpoena data. From our companies. So it's not like what you and I do on Google or what we do on any technology provider is somehow. Unavailable. To government if government decides that it's in its interest to get it not to mention the the various many non-government actors, the vacuum, the stuff up and use it for their own purposes that is even more important I think probably more relevant to the China issue which is. Does it matter whether the data is in this case, potentially house by Oracle massive US hardware and software company versus being housed by servers in China. In terms of the ability of the Chinese government to obtain that data, it wanted to obtain it because not just third parties that hoover up data and use it in the whole buying selling and the data market, but just spying tools. Whether it's the NSA in the National Security Agency in the United States or various Israeli cybersecurity and or cyber spying companies or the Chinese government. Most of this data isn't that secure. Not. Like. Triple encrypted quantum encrypted defense department level communications. So likely true that if the Chinese government really wanted my teens Tiktok data, it doesn't really matter whether that data's House on servers in China owned by Chinese company or whether it was housed on American servers on buying American company. So I guess, then how do we get to this point? How did you know given what you just said why has this become such a big issue? How did it start? Yeah it's a good question I I'm not sure. There's a precise answer. It's part of a whole continuum of the trump administration in particular identifying China as a proximate threat to the United States and a whole series of ways competitively in terms of trade practices hence the hundreds of billions of dollars of Chinese imported goods that have been subject to American tariffs. It's part of a multi year campaign against this massive Chinese telecom equipment company called Wa wa, which has been a leader in next generation five G. Telecom equipment in a way that again, some of the same concerns have existed which is. That the Chinese government would would use the production of that equipment as a way to spy on who met from purchase adequate. And Look a few years ago. There was a a forced sale of gay dating APP Grindr, which was also owned by a Chinese company, and so there was an earlier precedent of forcing a Chinese company to sell an American APP Social App. Because, of data concerns and finally, there's the fact that for years long predating the trump administration. China has not allowed American social media companies like facebook. To function in China. So there's the tit for tat. You know you don't let our social media functioning companies function there. Why should we let yours function here? There's Several year campaign against China which the trump administration's pursued but I think has a good deal of democratic support I. Mean if it's close to a bipartisan sentiment that China, China's a threat as anything we have right now. Why Tiktok? Suddenly became a thing I may partly have to do with the fact that it suddenly became a very big deal in the United States. I mean, this was not a company that had any footprint several years ago and suddenly as. The APP does your so it may have had to do with something that got really big and is very noticeable. Salsa not that economically important. So a lot of people would be royally pissed off Tiktok were banned. It's not like tiktok is. An integral component. To the US economy either during covid or without covid. So it's an easier target.
The Diversity of Security Challenges in Higher Education
"Now. What is it like? Every year you have a new batch of of students coming on board and they all want to connect to your network I mean what's the? What's the reality of that situation from a security point of view It is a lot of prep-work over the summertime, a lot of you know repair and refine and and. You know replace things that aren't doing well, and then when you know we get about two weeks out from classes starting. which this year is September second. So we're kind of in that zone right now. That's where we're making sure that everything is working. In it in. Its, optimum. Capacity and capability. Following that it's you know let's continue planning for whatever is going to happen next you know we the spring term winter spring term in in January this past year and nobody anticipated. Kobe I I'm not. You know I'm sure that there was an -ticipant because the the fun part of that is we actually did a pandemic tabletop exercise in the division of Information Technology, which is the central a unit on campus. We do that path the fall of twenty and eighteen. So we hit already kind of work through some of the. You know the communications challenges and the organizational challenges so when it came time to do. The transition from online or from in person courses to online courses, we were able to do that in very short time and that included transitioning thirty seven hundred core courses. From in person delivery to online delivery so that really served you well, I and it was the preparation time and it was the understanding. Of what we would need to do and it was also, you know checking those channels you know. I've done some business continuity work in my in my pass and a business continuity plan to just never exercise it's not a plan. It's a bunch of on paper so So we were able to walk through and validate that and that's the kind of work we do during the school year. And we take our you know kind of slowdown period so. Beginning summer you know everybody takes a deep breath and then we exhaling get back to work you know Sometime during the summer I like to encourage my my team to have a little bit of time off. But when September goes in and the students arrive we, we try to work really hard to get him through and then we take it the winter holidays. What what kinds of things are you and your team defending against who? Who's WHO's coming at your network? You know it's the usual array of Fred actors You know think about the things that research is doing. You know we're we're doing. A lot of research in the area of Koga right now, and it's just. Be We have the capability. We have the expertise we have the researchers at want to do that. But we also have school medicine in public health. We also have a school of Nursing School of Pharmacy. So healthcare education is important in that has just a treasure trove highly valuable. Information in it. But we do engineering work, and some of that work is is patentable work. So that's probably attractive We do a lot of business influenced work. we have data science institute which is trying to figure out the the better ways to understand. You know the the magic acronyms of a I in L.. Artificial intelligence. Machine. Learning. And and that's that's attractive information not only that forty four, thousand students twenty three, thousand staff that's a treasure trove of marketable information. You know I always wonder you know someone in a situation like yours where certainly you're going to have some students and I'm thinking of Oh I don't know folks in computer science and other sorts of places who were going to look at you know the the campus system or the university system as you know their own personal playground there that. you know they're gonNA WANNA, test their own skills against yours. I mean I is that an annual thing and and how do you? How do you? How do you not be adversarial? How do you support You know the educational aspects of of those students while still keeping things up and running what's your approach to those sorts of things? Well. So I we we are establishing some really good partnerships with with the Academy with the the the professors and researchers that are interested in studying the cybersecurity arts and sciences. we've had a relationship with the information school. is They're they're part of the College of letters and Sciences and now they're part of what's been amalgam is as the the School of Computing. Data. And Information Studies so CDs. In in in doing that, I, mean, the partnership is if it's data and if it's doing things if it's you know working or arresting or or if it's needing to be analyzed, we have people that are very much interested and so I've had my my department be intentional about establishing those greater relationships we have you know researchers doing anything from identity access. Management Research to data analytics to cybersecurity metrics and then we have others on campus that are doing great work in high throughput. Computing Great Work in in you know engineering the the next greatest you know computer technologies. In other side trips we had We have a researcher that is working on, Thomas Vehicle. Research you know and there's an awful lot of cyber in there too so. Having those kind of relationships is the the real multiplier here, and this is not unusual by the way for university. This is nothing super special. We're doing it's just that You know there's a, there's a lot of cybersecurity programs out there where there you know NSA certified Center for Academic Excellence. Certified and we're GONNA. Get there eventually. I believe But right now we're just supporting the researchers in the courses are being taught. Sue I myself have been a guest lecturer in a one of the business school courses. It has an information security course as part of its core. That's been fun. I enjoy doing. I did a little bit of that as an adjunct University part of my coming here.
Barr says he would be "vehemently opposed" to pardoning Snowden
"William Barr says he would be vehemently opposed to pardoning former NSA contractor Edward Snowden. He made the comment to The Associated Press days after President Trump said he would look at possibly pardoning Snowden.
Republican national security officials back Biden
"73 former national security officials who served Republican presidents from Ronald Reagan all the way through Donald Trump, including both Bush is 41 43 formed a new group and they've endorsed Joe Biden. They're going to run a full page ad in The Wall Street Journal tomorrow. The group is called former Republican National security officials or by Michael Hayden, the former NSA and CIA director John Negroponte. Who was that? Ah, Director National Intelligence. William Webster, who was FBI director. This is significant statement that these former national security officials are making breaking from Donald Trump and endorsing that
Republican national security officials back Biden
"Dozens of former Republican national security officials today are telling Americans not to vote for President Trump and instead are endorsing Democrat Joe Biden. Jessica Rosenthal has that story. A statement says. This group of 73 former national security officials, is part of a new project of defending democracy Together. They plan to run a full page ad in the Wall Street Journal Friday and say they're 10 point case against President Trump will be on a website called Not. SEC for biden dot com. They say they're going to spend six figures on a social media campaign to convince people in swing states to vote for Biden, whom they say has the character experience and temperament to lead. Some of the signers include former NSA and CIA Director General Michael Hayden, Former Deputy secretary of State and director of National Intelligence John Negroponte and former CIA and FBI Director William Webster.
Intellectual-Property Assets Are Getting More Valuable
"As a foreign intelligence agency were responsible for understanding a broad range of threats. Presented by governments to the United States, one of those threats include our cyber threats how nations may be using cyber to achieve their national objectives that might be intellectual property theft for example, to counter department offensively valid by accelerating foreign governments ability to actually productized particular RDA for weapon that may be targetting critical infrastructure of a country. As part of threatening that country or as part of putting pressure on a given country. How are we doing against the cyber threats are we? Barely keeping up, are we catching up? Are we getting ahead of the game or? Is it always going to be hard for the defender. Overall technology is getting more secure. Technologies Belt more securely today. So. The fundamental resilience is is improving known. You have open source products. We have lots of is looking at a given technology and helping find vulnerabilities and address them. That being said for an ever-more connected economy in ever more connected society, and as we build more connections, sometimes systems that were not necessarily built for those kinds of connections we bring and introduce new risks on the third poll the positive side there's far more awareness about those risks and how to approach addressing them identifying what are the most important assets to protect. Seems to be an effort on the part of NSA to kind of open up a blackbox and Kinda shut the reputation no such agency we want to be trusted to achieve or we believe we can uniquely contribute to team USA on either the first step. Is conveying who we are conveying the culture. That's here the commitment to American values. Certainly. When a part of our mission is an intelligence mission in a democracy, you have an obligation to ensure that the Americans. We serve feel they understand the values by which we live. And neuberger is the current director of the national security. Agency's Cybersecurity Directorate. She has held a variety of jobs in both the public and private sectors. We just sat down with an to talk about her career, her and her director. It's multiple responsibilities and how she sees a cyber threats facing our country. I'm Michael Morale and this is intelligence matters. So an welcomed to intelligence matters, it is great to have you on the show. It's great to be here. So I think the place to start and is with your career before you joined the national security. Agency. You had a career in the private sector. Can you tell us about that and tell us what you did in the private sector and then what drew you into government, service. Sure. So I was in running technology at a at a financial services company during that time period when financial services companies really moved off mainframe environments to the Web. Decline server technology. So that piece of both taking an operations and emission and its associated technology and people and culture really Shaked shaped the way I approach a lot of those problems today. And I was raised in in a family where my dad came as a refugee all my grandparents came as refugees to the US and they just. Constantly instilled in US how grateful we should be for the opportunity to be born in America and raised in America, with its freedoms with its ability to pursue one's dreams and and that we owed it for that and. I was driving home from from work in. In two, thousand six, we just done a large acquisition of. Companies of banks, custodian operations. And on the radio, they were talking about the bombing of mosque. Samara Moscow in smaller rock and just the. Soldiers dying civilians dying and the troubles there and I I still don't know why but I thought of my dad and. That's myself. Perhaps now's the time to repay a little bit of of that in some way and. I've been a graduate student at Columbia had a I had a professor tell me about the White House fellows program and encouraged me to apply and I kind of I have to admit was a bit of the New Yorker Countless New York ever. kind of put that aside and for whatever reason I just felt that calling at that moment called him and said I'll apply and fast forward I was assigned to the Pentagon. With zero military background. And you learned a lot about the culture very drawn to that shared commitment and spent a year in the Pentagon worked for the navy and then came to NSA. Couple years later. What did they doing at the Pentagon and the Navy? So I was the deputy chief management officer, the Navy essentially, the Navy had a number of broad enterprise wide technology efforts which they were working again, bring that you people mission. Technology Triangle. And they asked me to help work on a couple of working directly for the secretary of the Navy figure out why a of them were struggling and then help them get on track. So I worked on that and I often get asked by people. How did YOU END UP AT NSA? A pretty funny story in that I had a seventy six year old and I was commuting from Baltimore and the. The work life balance was a bit tough and I met somebody and he asked me about. How he was doing and I commented that I really love the work but it was a little hard for me to do the juggle. And he said, you know I happen to know that NSA standing up you director NSA standing up cyber command and I know they need people with your kind of of background. So how about if I make a phone call there? And I went for an interview commute was thirty minutes and it sounds so foolish but. That was pretty much what it took. Interesting interesting. So the private sector and then the Department of Defence which is as you know this huge enterprise and then NSA and this is a this is not an easy question I know about kind of the similarities and differences of those three different experiences. It all begins with people. In every organization missions have to adapt and change They adopted change in the private sector because perhaps you have a competitor, perhaps the customer spaces adapted. Certainly financial services saw that we're the scale of data was just increasing the scale of trains was increasing and the traditional manual processes couldn't keep up. So we automation with needed to reduce errors and help us keep on track with we're trading was going. Technology could deliver on that, but the the business of the organization had to change to fully take advantage of the technology and the way people did that mission and use technology had to change along the way. So I think in each of those organizations that taught me that for that, that triangle has to be kind of guided together to get to an outcome mission technology and people if you really want to be able to fully. Whether it's take advantage of a market or stay ahead of an adversary in our own mission here in the ICU dod that triangle has to work together and you have to communicate every those three planes together when talking about why the changes needed. So an in your tenure at NSA, you've served as its first chief risk officer. The assistant deputy director of operations, the head of the Russia's small group, and now the head of the Cybersecurity Directorate. Can you take us through your trajectory there how did your responsibilities differ from roll to roll? Absolutely, and so I came into an Santa's small team part of a small team that was standing up cyber command, the chief risk officer role was. was created after the media leaks period of two, thousand, thirteen where we learned that. Really appreciating risk mount looking at in a holistic way across partnership risk operational. Risks Technology risks. We learned that we needed to adapt the way we looked at risk and then change according to that. So I think in each of those roles. Either, the adversary was changing around us a threat was changing around us. We. Wanted to take advantage fully of an opportunity and I was responsible for taking the big picture strategic goals, translating those two measurable outcomes and objectives and helping you know contribute, communicate the why and then bringing the team of people along to get their each other's efforts was a bit different. But you know. We talked about the risk of doing the risk of not doing weighing that appropriately we talked about the insuring that as we approached new missions policy and technology move together, and certainly when we looked at the elections work in two, thousand, eighteen, the Russia's small group work we saw we're adversaries of have used influence operation since the time of Adam and Eve perhaps would have changed was again the ability to use social media to both focus and directed to have larger impact. So focusing on the Russia's small group for just a second and what was that what was the what was the mission and what were your responsibilities with regard to the two thousand eighteen election's to the extent that you can talk about that. Absolutely. So the mission was ensuring the integrity of the two thousand eighteen midterm elections ensuring that we I understood the threat second that we appropriately tipped all the information we had about the threat to key partners across the US government. Certainly, FBI from a counter infants perspective digest from Cybersecurity of elections, infrastructure perspective, and they finally that we would support Cyber Command. If if authorized to impose costs, it's were attempts to disrupt. Disrupt the election. So. After the two thousand eighteen election's president trump publicly confirmed that cyber command played a role in deterring the Russians in two thousand eighteen are they're important lessons from what happened in two thousand eighteen about how we as a country can defend ourselves against this this insidious threat. Yes. So you know across the government, we look at two key polls. Integrity one is attempts to malignly influence population whether that is to highlight social discord to highlight issues that divide the population or to. Hand up sheer inappropriate. You know share information as part of shaping individuals ideas, and then the second is potentially interfering hacking into elections infrastructure as part of efforts to change the vote and I think the first pieces, the value of resiliency. The sense that you know once trust is lost, it's very hard to regain. So the knowledge for the American public that there are hundreds of people across the US government committed to and working to ensure the integrity of our elections. When it comes to counter influence though the biggest resilience as each of us. As Americans when we're reading something asking who might be trying to influence me what is the source of that information I fully confident in that source of that information. And then finally the role of the role of technology and the role of Public Private Partnership. In as part of elections integrity. So for us in the intelligence community were constantly watching for which adversaries maybe seeking to to shape a populations thinking to shape an election and then rapidly tipping that to partners or. To the private sector to ensure that they're both aware of techniques and our countering them on their platforms. So we've since learned shocked last week the updates from deny that the Russians continue to engage in election interference, the Chinese, the Iranians, and the punchline of all that for me is it's really hard to deter. Foreign interference right and I'm wondering if it's something special about foreign interference or if it's more about cyber at the end of the day and the difficulty of seeing cyber attributing it if you see it, how do you think about that question absolutely I think it is more about cyber than about elections from a cyber perspective when we look at fully both protecting cyber infrastructure and then to your second point about attribution, there's complexity laying what we call the red on top of the we may see threats. That are talked about strategic perspective and then we partners across the US government a looking to see where does that present itself? Where are the given vulnerabilities in a given infrastructure? The powers when you can lay the two together and say, here is a nation state that has intent to interfere in whatever that is an election critical infrastructure. I Pete Best and then translate that to the tactical level to say that network scanning or that vulnerability in hardware or software may well be used to achieve the objective putting that in place, and then most importantly preventing it because at the end of the day riding report about a victim and notifying the victim is far less satisfying than being able to put that together and prevent the adversary cheating their objective. So we've already started to shift now into your new role, right which was relaunched in October I believe. So be great if you could, and if you could explain for our listeners I, what NASA's two main missions are. Again and then cybersecurity and the difference between them just to give folks here level set absolutely. So Ns as a foreign intelligence agency were responsible for understanding a broad range of threats. Presented by governments to the United States, one of those threats include our cyber threats how nations may be using cyber to achieve their national objectives as that might be intellectual property theft for example, to counter the department defensively Thallady by accelerating foreign governments ability to to actually productized particular rnd for weapon that may be targetting critical infrastructure of a country. As part of threatening that country or as part of putting pressure on a given country. So that is the threat information on the second side. And say has cybersecurity mission. We're celestial known We build the keys codes and cryptography that's used to protect all of US government's most sensitive communications thinking nuclear command control weapon systems, the president's communications with allies, and we provide technical advice to mitigate those same threats that I talked about. So the really the he integration of the two missions where we think the magic is where we can say here's what we think adversaries are seeking to do, and here's how from a cybersecurity perspective we recommend you protect against. So so what motivated and the relaunch of the directorate and has its mission changed at all really good question. So we recognize that we were at a crossroads with national security as both technology and society ships were happening. We saw only kinds of technology that people want to from small satellites to Internet of things and each of those presents huge advancements. But they also present cybersecurity risk. Along with that, we saw various nation surtees. New Technologies think North Korean crypto currencies to get around sanctions to achieve their own objectives and we said we really need to up our game to more quickly be understanding those threats and ensuring that. We could both provide advice to build new technologies as early as possible, but also to counter adversaries use of those same technologies to achieve their national security. We're GONNA take a quick break to hear from our sponsor. Dumb. We'll be right back with more discussion with an neuberger. At Lockheed Martin, we're on a mission. Your mission. Not just the next mission but the one that's two steps ahead. That's why we've not only taken the lead in hyper sonics, but we're helping you integrate technology faster than. It's why we're not only developing the laser weapons systems you'll need but deploying them in the field. Our mission is to build the integrated solutions you can depend on because the world is depending on you. So and what are the what are the primary areas of Focus for your directorate? What kind of people work there? What's their skill set and what kind of customers do you serve? Questions. So the first parties. Operationalizing Intelligence. How do we ensure that from the intelligence that we see we took anything that's unique. And timely quickly so that we can prevent the victim. So that's the first, the first piece of of work, our areas of focus are. Both understanding that giving guidance encryption, we believe encryption. A key protection particularly in telecommunications environment that in many cases is entrusted. So both in building the government's special encryption, modernizing that as well as providing advice and insights on how to best use. Encryption the text of people who work cure are like we see him any organizations abroad gamut we have intelligence analyst. We have country-specific experts have a broad swath of technical experts, encryption network technologies, hardware, and software vulnerability analysts as well but the power is weird that can be integrated where you can say. How do you build on route of trust all the way through to an end point? Had you properly defend network and take a step back and do risk analysis to say? We are the gaps in your resilience and we're should your next dollar investment to closest gaps Right, and then what about customers is your is, is it just the Department of Defense? Is that the US government is even broader than that? How do you think about who it is you're working for? Yup Great Question. So there's a specific set work we do for what we call national security systems systems carrying classified information national security information the director. Vanessa is also the national manager for National Security Systems, that's the authority under which as I mentioned, we have we build the keys codes and cryptography responsible for distributing threat information as well. So those are across the US government with a particular focus on duty. Weapons Systems. And Related Systems. A second set of key partners and customers are dhs I. D. H., S. and its role supporting critical infrastructure. And, the sector specific agencies, and like I said the the real magic of understanding the critical infrastructure, we're it's key gaps and vulnerabilities are and being able to marry that up with what a foreign government may be intending to do and providing focused insight. Across the US government, there is broad use of commercial technologies, particularly duty and and national security system. So you may have seen when we're issuing advisories were also issuing advice on how to secure and configure those commercial technologies well because we see that. Those are used all across. Sensitive, systems as well. Your director has issued I think a dozen or so. Advisories about cybersecurity threats. Can you talk about why you guys do that? What the criteria is for quitting one of those out and then how do you think about the impact they have? Do You keep metrics on that? How do you think about? Advisories absolutely. So. Our advisories other way we really do them for three reasons. One is if we see a nation state actor using a particular vulnerability against the system care about we find that it really drives urgency of action people run faster when they're pursued, and if we can say, this nation state actor is using this vulnerability. Here's the mitigation advice to protect yourself against that we see impact and I'll talk about that how we measure that impact at the end. The second thing is there's a deep expertise here because we build and we break encryption. So encryption related technologies like the peons like you. You may recall the windows ten cryptographic vulnerability in January. Those are areas we focus on because we know those are sometimes hard to understand technically hard to implement. So if we can give very practical advice, them will issue those as well to help that be put in place, and then the third would be where there's a timely need and we're getting a lot of questions and we feel that putting out a product helps guide people and thinking about how to think about security I'll give an example. As. As covid. Pressed a lot of organizations across the US government particularly duty as well to move to telework. We started getting a lot of questions about secure collaboration. which commercial tools were safe to us and our goal was teaching people how to evaluate what safe to us. So we issued a product we're laid out the different attributes like. Code is available for review its end to end Krypton and a few other such attributes, and then we rated different secure collaboration publicly available tools against them and the cool part was we had companies call and say, well, you didn't get something quite right or can we be included as well and we said absolutely, we issued a second version and then we have another one coming out next week because our goal was making it as useful as possible and also helping teach people. How to assess. Different. Products for security. You ask the question about how we measure impact. So there's three different measures we've been using. The first is, do we see patch rates go up? They'll do we see for vulnerabilities that we've talked about here is a foreign actor might be using a boehner ability to achieve an objective. Can we watch those patriots go up and it was really cool to see. And a number of cases we've we've watched that increase. The second piece is there is a very capable and active cybersecurity industry has the information shared enable them to better protect. Sensitive US government national security systems networks, and you know in the case of the Xm vulnerability that we issued, we're advisory where we talked about the particular unit of Russian intelligence using the XML male vulnerability. It was really great to see five different cyber-security entities using that to identify other. Russian intelligence infrastructure and then take that down. So that was success for us that we made it harder for that adversary to achieve its objectives, and then the third one is really the feedback on the number of downloads and the feedback from administrators saying this was useful. This was unique timely and actionable could act on it, and then in May you guys took what I thought was an unprecedented step of actually openly attributing the exploitation of vulnerability to the Russian, Gru. and. That seemed to rare to me and I'm wondering why you decided to actually name Russia in this instance. So I it is rare because as you noted earlier, implicitly attributions hard. You may have seen a prior product where we highlighted one st state using another country's. Infrastructure to achieve its objective and then highlight he just hard attribution is. So when it's done, it needs to be done with precision to be confident. In that and we chose to do it because. We see that it makes targeted network owners more quickly patch and secure and build the resilience of their systems network administrators have way more vulnerabilities to address than they have time for or frankly money for and way more alerts than they can act on. So we can say this particular vulnerability is being used by a nation State Intelligence Service. We see them we see network administrators moving quickly and addressing it, and that's a fundamental goal. Fundamental goal is improving cybersecurity. If you kind of step back and look at look at the big picture here, you know, maybe from a thirty five thousand foot level how are we doing? The cyber threats are we barely keeping up? Are we catching up? Are we getting ahead of the game or? Is it always going to be hard for the defender. In this game in because the guy on the offense can always come up come up with something new how you think about sort of where we are in the history of of the threat of cyber and defense against it. I think we points overall technology is getting more secure. Technologies built more securely today. So the fundamental resilience is is improving you know when you have open source products, we have lots of is looking at a given technology and helping find vulnerabilities and address them. That being said were an ever more connected economy in an ever-more connected society, and as we build more connections, sometimes two systems that were not necessarily built for those kinds of connections. Data Systems. In that way, we bring and introduce new risks. On the third poll on the positive side, there's far more awareness about those risks and how to approach addressing them identifying what are the most important assets to protect and ensuring good practices are in place and it's far easier than ever to put that in place. So I think it's a mixed story on the one hand more more technologies built more securely, and there are communities of individuals working together to ensure their secure on the other hand far more. Technology some of which. Is connected in ways that bring risk in ways that we always have to and I guess the third part, which is where we started adversary seeking to take advantage of those risks to achieve their objectives. So. If you if you were standing in front of a large multinationals board of directors in you're talking to them about cybersecurity. What's the one or two things that you would absolutely want them to take away from from your conversation? What is the tangible thing you most want to protect and what's the intangible thank you most want to protect. So if you're drug company, what is the intellectual property that's going to be your next potentially big drug big driver of economic growth, big driver of healing, and then second what's the biggest intangible? Thank perhaps, that's your reputation. The way you treat your employees, the price, the prices that you charge and what you're, what you're. How much you mark that up. Make sure that you're protecting both carefully make your your cyber security commensurate with with the risk presented to you if you lose either one. And you mentioned you mentioned Skater Systems and I'm not sure that all my listeners know what those are just explain that and then is there something? Is there something special about protecting data system from protecting? Normal network absolutely. So Skater Systems are essentially control systems for the core areas of infrastructure in a given country in a given company. So think power systems clean water drug manufacturing. and. Those are. Those are often complex system. So what's unique about them is you know those systems over the years were often built four reliability in the event of a bad storm that power system would come back online with confidence as. More technologies got connected. So for example, the ability to measure. Use of power the ability to measure confidence in in water and chemical level. Some of those systems got connected to network systems that provide a way to access them. One of the joint products we recently issued between Ns. WAS An ICS product because there had been some public articles about. a given attack against skater systems in the Middle East, and we wanted to ensure that we together with. One of our closest partners was providing technical advice to. Skate entities in the US based on what we were learning about those attacks. So interest, a couple more questions you've been terrific with your time. Seems to be an effort on the part of an essay to kind of open up the black box and showed the reputation no such agency right. Your conversation with me thinking example of that why is that a priority for for the agency and for General Nakasone? I in the cybersecurity mission fundamentally if we're not trusted we can't achieve our intact. People take advice from those they trust and the power of. Across the US Government Team USA work cyber. There each organization plays its position within that role. You Know My counterpart at Digest Chris Crabs often talks about them being the national risk managers. At an essay, we believe what we can bring uniquely is that integration of intelligence series of seeking to do what their capabilities are, what their infrastructure looks like and how to defend against cyber security advice to counter that, and that's always continuing because technologies change adversaries, goals change, and the resilient always has to be increased to meet that. So we want to be trusted to achieve what we believe. We can uniquely contribute to team USA on cyber. The first step to doing that is conveying, we are conveying the culture that's here the commitment to American values, and certainly WanNa part of our mission is an intelligence mission. In a in a democracy, we have an obligation to ensure that the Americans we serve. Feel they understand the values which we live. So your your former colleague and my really good friend Glenn Gerstl road. Op Ed about a year ago about what he saw the. Profound implications of the Digital Revolution on national security, and he raised a lot of concerns and among those was the sheer pace and scale and volume of technological change and. And data that's GONNA force intelligence agencies including NSA to fundamentally change how they do business I was GonNa say thinking big picture about those kinds of challenges. What are you trying to tackle I? Would've the adjustments look like, how do you? How do you think about the challenge that Glenn laid out? Absolutely, so I from the perspective of large amounts of data and ensuring, we can make sense of them. Ensuring that we can do big data analysis to help. Triage the information we identify and determine what are people are big assets put their time on to determine he's and how to act on them. So for example. We we're looking at machine learning to classify malware and we're certainly looking at. Machine learning potentially to help us identify vulnerabilities scale particularly when we look at systems that represent thirty years of technology like muffins systems, how do you secure a weapon system? That's been out there and represent each phase of technology and have confidence in its resilience and in command and control. And then finally. We have an obligation to both bring those technologies to be on our mission and understand how adversaries might use that and manage that accordingly. So for example, as we think about artificial intelligence and the potential to automatically. Direct weapon. In the United States we have strong values around how we would think about automation versus human control. In other countries around the world, there might be different ways that those kinds of decisions are approached. So how do we ensure that we both? Bring that integration of. Compliance and technology to the way we pursue it but also be aware of those gaps and keep an eye on the risks of those gaps. And you mentioned you mentioned people and you mentioned people a couple of times and and just took two questions about that. One is given the competition that you face with all of these cyber security firms and. Your folks must be very attractive to them, and their skills are quite valuable in their private sector. How how difficult is it for you to recruit and retain talent? Really thoughtful question because you asked two questions in their recruit entertained. So. From the recruit side, we get really great people. On the routine side. We have a really compelling mission. and. What brings keeps people. Here is the sense that they're contributing to something bigger than themselves. That is challenging fulfilling. It's on us as organizational leaders to ensure that each person has that opportunity to contribute what they can uniquely bring chew to that mission. And one of the one of the cool aspects of the Cybersecurity standup has been people who have left to call in and say, Hey, I'd like to come back I learned a lot. In the private sector, the missions, calling me and like to contribute again, and we've hired a number of them back and continuing to increase that and part of the message we have when people if people do decide to leave is to say that is great. You will continue to contribute to the nation's security. You'll learn a lot in the five at sector, and if you ever want to come back the doors open. What do you? What do you want the American people to know about the women and men who work for you. That, they're committed to the values. That this country was established for. That there are significant threats to the United States, our allies and to those values, and that not always can we talk about those threats because? By impact sometimes intelligence community, even the security mission has to operate in those shad in the show does so. Trust our values, trust that we are proud Americans. We swear an oath to the Constitution of the United States, and if you do question it or if you want to learn more roll up your sleeves and come into the for a few years and get to know what yourself because each person has unique abilities and a unique ability to contribute to their to their country in whatever way they choose whether that's government are in the private sector. But if you ever doubt it come on in and work here and and raise your voice and be a part of it. It sort of takes you back to what your parents taught you to. It really does it my dad grew up in in communist Hungary and In the beginning when I came into government, he would call me on the phone sometimes and switched to a foreign language and. I realized that for him growing up in another country. Is that complete trust of government that I American born? You know have that doesn't mean it's trust and verify it's from verify but there are things that I take for granted growing up in this society that I don't know if he ever will. So being able to look at things through his eyes and through mind make me realize how fortunate we are to be here and how much we have obligation to. To ensure it stays that way. And thank you so much for joining us and thank you for your service. Thank you so much for your time.
"nsa" Discussed on Risky Business
", the first thing we're going to talk about this wake is An FBI doc seeing some gi you malware God, , I love Twenty Twenty <hes> specifically they. . Like. . A Lennox Malware toolkit this pretty fun angles here but let me start off with you Adam. . What did you make of I? ? Mean you know you you'll links your guy right out of the three of us. . What did you think of the? ? Document that Honestly. . It's a beautiful thing. . It really warms my heart to see this really old school technique of. . Trad, , Lennox route kits, , kernel mode, , Lennox road kits with all the classic bells and whistles written finest. . Tank. . Great Engineering. . It's just a beautiful thing and the NSA's documentation of it is honestly probably better than what the Russians have like really in depth right job reversing it well, , written up our. . Yeah. . Really enjoyed it like I'm I'm Jelly I want a copy of this so that I can use it looks like a nice piece of tooling and twenty years ago me really would like this. . It's good. . Yeah I mean I. . I kept having flashbacks to to talks from like Kiwi Con Circa ten years ago. . Like a fin buyers well, , and yeah, , it was just. . Sort of that's classic beautiful technique share. . It is there enough useful stuff in this thing that someone like yourself who actually works in a role that's that's. . Way tightly sort of information try to make it actionable like was this a useful document or do you get the impression that it's just neon Jagna a bit of a middle finger at Russia. . No. So . I think it is useful. . We love attribution from a from a law enforcement agency for state-sponsored you just can't beat it because it allows us to do is we can kind of correlate and you can at the very least put a little bit to rest and attribution and say look if there's an. . If there's a press release if the NSA the FBI say that it's this group in the Intel community were all just going to kind of agree that this is the group that it is and you can get away from the hundreds of different names all hang on hang on. . What you're saying is the primary benefit here is you get to settle all of the clustering arguments that happened in threat research a slacks exactly, , and I, , think you and I have talked a little bit about what a mess that is with people like Joe Slowec it's it's. . Crazy how difficult that is the main reason for that is that everybody that does intelligence has access to a different source of data and so you know you can kind of look at the FBI and the NSA and say, , okay, , they have access to all the data. . The best data may be dated. . They shouldn't even have access to and that kind of gives us a little bit of a reprieve and we can say, , okay, , they're probably right. . Let's move forward from here. . The indicators are are usually good when they come out in these kinds of releases. . But I wanted to ask, , Adam, , you were kind of saying I wish I had this. . So what do you think the chances are that this will be potentially spread around or that somebody could create something similar. . It's using tricks that have been used by the hacker scene for for a very long time I mean this kind of rocket is pretty old school. . What's Nice is having one that's. . Supportive a modern kernels, for , example, , because that's one thing that was always really fiddly it's about about maintaining this kind of tooling was you had to have kernel modules that were built against all versions of the next year we're going to run up against and that's the sort of thing that as a bedroom hacker, , you can do for a few red hats or a few seuss's debut or whatever. . But doing it against a bunch of stuff like that takes actual work. . You know getting hold of something like this. . You know that's weaponized and usable in the real world and has workable your malleable see through channels. . That kind of thing is I mean in this case, , I, , think it's just like Jason of the. . Web sockets or anyway. . But you know having something that's actually being used versus just kind of homebrew. . There was quite a bit gap in it. . They lost eighty percent of making a tool really genuinely useful is boring, right? , ? Yeah. . That's why I wanted just for the maintenance burden and guess the you aren't really selling support contracts are. . I mean that could be. . It could be a pivot at some point you never know. . But I I look. . I found a couple of things interesting here. . One is that you just mentioned that the to handle by Jason I've HDTV the govern the US government's released a bunch of Yarrow rules that help you detect the message format that the two uses sir rather than looking at like a destination addresses, , it's actually looking at at message format. . Of course, , I can change the message format but that was an interesting thing to do I thought. . The other thing is a both of you have spoken about. . Getting your hands on this thing no one has seen it. . I've even been asked around saying you know who's got sample because a couple of people I know one no one's GonNa, , which tells me that. . Abe may not, , really be out there in the wall much which begs the question why the hell did I get it from and I don't think they got it rolling incident response. . Let's just put it that way. . It looks like they have gone right into these these these. . Operators infrastructure and just pulled it straight from there like this. . This really does look like there's a bit of a psychological Operation Angle to this is in like we are all in your. .
NSA and FBI document GRU's Linux malware for them
"The first thing we're going to talk about this wake is An FBI doc seeing some gi you malware God, I love Twenty Twenty specifically they. Like. A Lennox Malware toolkit this pretty fun angles here but let me start off with you Adam. What did you make of I? Mean you know you you'll links your guy right out of the three of us. What did you think of the? Document that Honestly. It's a beautiful thing. It really warms my heart to see this really old school technique of. Trad, Lennox route kits, kernel mode, Lennox road kits with all the classic bells and whistles written finest. Tank. Great Engineering. It's just a beautiful thing and the NSA's documentation of it is honestly probably better than what the Russians have like really in depth right job reversing it well, written up our. Yeah. Really enjoyed it like I'm I'm Jelly I want a copy of this so that I can use it looks like a nice piece of tooling and twenty years ago me really would like this. It's good. Yeah I mean I. I kept having flashbacks to to talks from like Kiwi Con Circa ten years ago. Like a fin buyers well, and yeah, it was just. Sort of that's classic beautiful technique share. It is there enough useful stuff in this thing that someone like yourself who actually works in a role that's that's. Way tightly sort of information try to make it actionable like was this a useful document or do you get the impression that it's just neon Jagna a bit of a middle finger at Russia. No. So I think it is useful. We love attribution from a from a law enforcement agency for state-sponsored you just can't beat it because it allows us to do is we can kind of correlate and you can at the very least put a little bit to rest and attribution and say look if there's an. If there's a press release if the NSA the FBI say that it's this group in the Intel community were all just going to kind of agree that this is the group that it is and you can get away from the hundreds of different names all hang on hang on. What you're saying is the primary benefit here is you get to settle all of the clustering arguments that happened in threat research a slacks exactly, and I, think you and I have talked a little bit about what a mess that is with people like Joe Slowec it's it's. Crazy how difficult that is the main reason for that is that everybody that does intelligence has access to a different source of data and so you know you can kind of look at the FBI and the NSA and say, okay, they have access to all the data. The best data may be dated. They shouldn't even have access to and that kind of gives us a little bit of a reprieve and we can say, okay, they're probably right. Let's move forward from here. The indicators are are usually good when they come out in these kinds of releases. But I wanted to ask, Adam, you were kind of saying I wish I had this. So what do you think the chances are that this will be potentially spread around or that somebody could create something similar. It's using tricks that have been used by the hacker scene for for a very long time I mean this kind of rocket is pretty old school. What's Nice is having one that's. Supportive a modern kernels, for example, because that's one thing that was always really fiddly it's about about maintaining this kind of tooling was you had to have kernel modules that were built against all versions of the next year we're going to run up against and that's the sort of thing that as a bedroom hacker, you can do for a few red hats or a few seuss's debut or whatever. But doing it against a bunch of stuff like that takes actual work. You know getting hold of something like this. You know that's weaponized and usable in the real world and has workable your malleable see through channels. That kind of thing is I mean in this case, I, think it's just like Jason of the. Web sockets or anyway. But you know having something that's actually being used versus just kind of homebrew. There was quite a bit gap in it. They lost eighty percent of making a tool really genuinely useful is boring, right? Yeah. That's why I wanted just for the maintenance burden and guess the you aren't really selling support contracts are. I mean that could be. It could be a pivot at some point you never know. But I I look. I found a couple of things interesting here. One is that you just mentioned that the to handle by Jason I've HDTV the govern the US government's released a bunch of Yarrow rules that help you detect the message format that the two uses sir rather than looking at like a destination addresses, it's actually looking at at message format. Of course, I can change the message format but that was an interesting thing to do I thought. The other thing is a both of you have spoken about. Getting your hands on this thing no one has seen it. I've even been asked around saying you know who's got sample because a couple of people I know one no one's GonNa, which tells me that. Abe may not, really be out there in the wall much which begs the question why the hell did I get it from and I don't think they got it rolling incident response. Let's just put it that way. It looks like they have gone right into these these these. Operators infrastructure and just pulled it straight from there like this. This really does look like there's a bit of a psychological Operation Angle to this is in like we are all in your.
Trump says he will look 'very strongly' at granting pardon to whistleblower Edward Snowden
"Snowden may be able to stop hiding out in Russia President Donald Trump's considering pardoning the former NSA contractor who's been in Russia. It's leaking intel that said, the U. S government buying honest, I mean, I'm not that aware of the Snowden situation, but I was looking at it. There are many, many people. It seems to be a split decision that many people think that hey, should be somehow created differently, and other people think he did very bad things and I'm going to take a very good look at it. In 2016 the president said he thought Snowden is a traitor, and he would deal with him harshly.
This Woodcutters no Railsplitter: NSA and FBI Release Report on a GRU Toolset
"The US NSA and be I. This morning released a report on drove rube malware a hitherto publicly unremarked strain deployed by twenty eight, which of course is fancy bear. Russia's generic. Military Intelligence Service. The report describes drove a rube as a Lennox malware tool set consisting of an implant coupled with a kernel module root kit, a file transfer and port forwarding tool and a command and control server. When deployed on a victim machine drove rube implant client provides the capability for direct communications with actor controlled see to infrastructure filed download and Upload Capabilities Execution of arbitrary commands as route and port forwarding of network traffic to other hosts on the network, all of which is well allot. McAfee CTO Steve Grubman commented an email that drove a rube is a Swiss army knife of capabilities that allows the attacker to perform many different functions such as stealing files and remote controlling the victim's computer. Drove a rube can be detected about the two agencies warned that like other advanced route kits, the malware take some pains to hide itself, and so it may be overlooked if you're not on the lookout for it. The alert recommends updating to Lennox Kernel three point seven or later, which will enable users to take full advantage of colonel signing enforcement. It also encourages administrators to configure systems. So they will only load modules that have a valid digital signature. An Essay and the bureau don't say what they think. Fancy bears objectives are with drove rube but they do scowl in the direction of the GRU's interest in election meddling fancy bears been there before still a Swiss army knife you can do a lot. So why is it called? Drove a rube. You're probably wondering the word means woodcutter would chopper or would splitter. In this case, it's the GRU's own name. That's what the hoods back at the aquarium call it. Nice. Touch that an essay you could Americanize. The name is rail splitter but honest Abe 's they're not. Another question, the alert is detailed and specific. You can get it from the NSA pressroom at NSA DOT GOV and it's a lively read that really put the G. Into Gru. Why release it the authors say in an accompanying fact, we're sharing this information with our customers and the public to counter the capabilities of the GRU GT SS an organization which continues to threaten the United States and its allies. We continuously seek to counter their ability to exploit our nation's critical networks and systems and quote. That seems right to us. It also seems likely that Fort Meade is leading the girls and boys over at the aquarium. No. That NSA sees right through them, wood chips and
Does TikTok Really Pose a Risk to US National Security?
"Hank Shaw. He's the senior manager on the security solutions team for the cybersecurity company lookout I asked him whether he thinks Tiktok is actually threat and how it compares to other Social Media Apps when it comes to your privacy, is it really that much different from what's being collected from other social media? In reality no these APPs we give them access to lot and we accept that right. There is this kind of level of access that we all except when it comes to our lives on on the Internet. The difference he says is tick talks parent company by dance, any access, the Chinese, Communist Party, which you'll hear them referred to as C. C. P. May get your data. The core of the concern is who owns it? It's it's the fact. That it's a Chinese own company in that the CDC has demonstrated certain data usage tactics that don't fly in the United States, and that's why the center this whole debate tic TAC itself at least says, the data is secure and doesn't go to China, but Hank isn't so sure by dances under contract with the CCP to promote propaganda in the Chinese equivalent APP, which is called Julian getting getting that pronunciation right? They do that in the Jinjiang Province where The government is to put likely controlling the weaker Muslim population. So when I look at it from a moral perspective, I just personally when want my data potentially accessible by people who are doing something like that and in comparison to a US based company someone like facebook or twitter obviously instagram's owned by facebook they at least have to answer to the US government. As we've seen, know can take a series financial hit they have the US government. In Regulatory standards to answer to, and they've they've got a federal by to answer to which in my opinion bite dance doesn't totally considering they have that agreement with C.. P.. That's why Hank feels the possible Microsoft takeover of Tiktok in the US would be a step in the right direction and would help set some new standards for the APP but I also spoke with Patrick Jackson. The chief. Technology. Officer at the privacy firm disconnect who's also worked. For the NSA test. APPS. For a living I look at the network communication I also reverse engineer, the binoculars areas to see what secrets they hold in them. He says not so fast I would say that anytime you let your data leave your device Goto even if it's a US company or a foreign company that data can wind up in the wrong hands and it's because data is sold, it could be shared or could be stolen he points. To, facebook scandal a few years back facebook a US company allow data to be used by Cambridge. ANALYTICA to possibly interfere with the US election that data was was misused by companies that were US based, and so it to think that just because this APP is owned by a US company that data will only stay in the US and users don't have to worry is is false because you know money talks and these companies will do deals that will. Bring in dollars in May mean exchanging data for those dollars and also data can be stolen if we're giving up all of this data about ourselves location things that we like you know how long we look at certain videos. If we're giving up all this data to a US company and that data is stolen, then we're still back at square one. In fact, he says facebook who owns instagram and is now rolling out the tiktok copycat. Reels may have. More information about us than any other company almost every single APP that I do testing on has an integration with facebook, and so if you think about how much data that facebook is getting not only from the APPS that you use directly owned by Facebook Messenger. What's APP instagram and then eventually reels they're also embedded in so many apps that they don't own including Tiktok and so it's it's you know for a lot of attention to be on TIKTOK. Justified. That's okay. It's it's people's right to be suspicious, but that same suspicion should carry over to even. US. Companies like facebook they know when you're opening your workout apps and they know how much time you spend in them, our phones go everywhere with us. Our phones probably knows better than our loved ones still patrick has found some abnormal things about Tiktok specifically even beyond. Who owns it the amount of data that they collect within the first I counted the first nine seconds I counted two hundred, ten network requests from my device back to tick tock servers. It's clear that they've architect did this in the way to suck up as much data as possible. So knowing what these experts no I had to ask, would they ever download Tiktok? Henshaw says not right now personally for the privacy concerns until it's all hashed out I just is just something that I don't want to be the potential of Patrick Jackson on the other hand has downloaded it, but he gave it very limited access are revoked all the permissions that it's asked of me in the APP is still usable I can't postings because I don't give it microphone and camera permission. But if you just WANNA browse what's popular, you can do that and he says that's a good rule of thumb for any APP give the least permissions prop possible. See that APPs still works without permission that they were asking you for, and if it does then great if it doesn't and let's say you need, it's a calendar APP and you needed to actually access your calendar thing just give it that single permission ultimately, both experts agree it's up to us to understand where our data might be going for. As much as we use mobile phones in for as much as as comfortable as we are with them, people generally don't really know what to do to keep themselves safe. So we have to get really savvy about being able spot that abnormal behavior and then decide for ourselves. What do we feel comfortable with as they know that this is that this is happening then they could make better decisions. But if you don't know that you know High Fructose Corn Syrup is in your children's you know Pancake Syrup. Then you'll continue to buy it, but once you realize then you might say you know what I'll pick this other natural one over here. That just has a sugar
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
"Everybody from the British. Ask this week's interview. Episode has any Greenberg senior writer at wired. He just SORTA book called Sand Worm New Era of cyber war in the hunt for the Kremlin's Miss, dangerous hackers, it is all about hacking group inside of the Russian government called San Worm. They were responsible for the most damaging cyber warfare attacks over the past year there behind not PECI. The hackers took out in the mayor shipping line hospitals across the U. K San has totally escalated. What we think of Cyber War, and he's book gets all into how they were discovered how they were flushed out the. The intricacies of these various hacks. It's super interesting. The book is a thrill ride. If you're looking for something that isn't the virus. This is like a thriller, a highly recommended. It was really fun to talk to her about the stuff. one thing I. WanNa know we're all at home so during this in every might hear some kids in the background. I asked you just be a little forgiving that we're all. We're all dealing with it and he was a great interview. Check Out Sandy Greenberg of sand worm, a new era of cyber war and the hunt for the Kremlin's most dangerous hack. Any Greenberg your senior writer at wired you're also the author of Sand Worm, new era of cyber war in the hunt for the Kremlin's most dangerous. Welcome glad to be here so even writing about cybersecurity frontier I think you just said two thousand six and writing about Cybersecurity, but this book sand worm as I was reading it. It seems like it's called the new era of cyber war. It seems like there's been a huge turn in sort of state-sponsored. Particularly Russians sponsored cyber attacks. How did you come onto that notion? How did you begin reading this book I'm I'm very curious how you see. See that turn happening well. In late twenty sixteen, my former colleague Kim Zetter she had been the one who really covered state sponsored hacking in cyber war stuff, but she left wired, and this was also at the time. When you know Russian hackers were meddling in the US election, they'd hacked the democratic. National Committee and the Democratic Congressional Campaign Committee and the Clinton Campaign, so my editors were really primes on face, mantra hacking all of a sudden, but what they? They really what they told me they wanted was a actually like a big takeover of the whole magazine. All about cyber war, but cyber war to me is different than those kinds of espionage election, meddling tactics so I went looking for no real cyber war story, which means to me like a actual disruptive cyber attacks, and as I looked around. It seemed like the place where that was really happening was in Ukraine not really in the US in fact maybe. Maybe what was happening in? Ukraine seemed to me like it was in some ways, the only real full blown cyber war that was actually occurring where Russian hackers were not just attacking the election which they had done, they tried this spoof the results of a presidential election, but they had also attacks media and destroyed their computers. They had attacked government agencies and tried to like destroy entire networks, and then they had turned off the power for the first time. In December of two thousand, fifteen, the the first actual blackout triggered by hackers, and just as I was look into this happened again the the effect, the seem hacker group caused a blackout this time in the capital of Kiev so I wince looking in Ukraine for this cyber war story that. Turned into a cover story for wired that kind of gave editors what they wanted, but then also kept unfolding This cyber war kept growing in scope and scale and. The original story written for wired was kind of about the fact that you could look to Ukraine to see the future of cyber war that will what was happening. There might soon spread to the rest of the world. And that is actually what happens to like just after we publish that cover story to same hackers released this climactic terrible cyber attack in Ukraine. Called Not Petiot that spread beyond Ukrainians became the worst cyberattack history cost ten billion dollars, so when that happened, that was when I saw that there was potential to do a book about this that it was not just a kind of case study about Ukraine or even kind of predictive story, but a an actual full story arc about this one group that had carried out the what I would say was not only the first. First Real Cyber War, but the worst cyberattack in history and the you know I wanted to capture the the Ark of that story in the effects, the real experience of cyber war. Yeah, so the group is called sand worm in this is just one of the the sort of opening arcs of the book is how they've come. They come to be named this because references and code walk people through just like it's so. relatable that like even these hackers are using using this language that leads them recalled Sandwich Tell people about it. So when I started to look into the origins of this group after that second blackout attack I I found that this this company called eyesight partners which have been acquired by fire I I, said partners was the first to find these hackers in twenty, fourteen, basically using fishing in kind of typical espionage tactics, plant malware in the networks of typical Russian hacking targets like groups across Eastern, Europe and NATO in a look like what they were doing was just kind of typical espionage. They were planning. This by wear calls lack energy buds will first of all they could see that they were rushing, because they had this server that they were using to administer some of these attacks and they. They left the server, so anybody could look at it in. There was a kind of Russian language to file for how to use black energy on the service, so these guys seem like they were rushing, but even more interesting in some ways. was that they to track each victim each instance of black energy? This malware has little campaign code in each campaign was a reference to the science fiction novel Dune and you know so like one of them was something about Iraq is, and then one of them is about the sutter cars, these like imperial soldiers in in that SCI FI universe so I said partners named this group sand worm, because well just because it's a cool. Name associated with doing, but it turned out to me. It became this very powerful because a sandwich miss this monster that lies beneath the surface, and occasionally arises from underground to do terribly destructive things. partners didn't know that at the time, they they soon afterward realized what sand. was doing was not just espionage, but they were actually doing reconnaissance for disruptive cyberattacks. They were also hacking power grids. They were planning black energy, not only in the European Eastern European targets in the US power grid networks as well. The Ultimately Syndrome was the first twenty fifteen to cross that line in use black energy as the first step in a multi step attack that led to a blackout. So this was not just espionage really was kind of like you know this monster that rises from under the ground to do terrible acts of mass destruction that came to pass so one of the things that comes up over in the book. Is this growing sense of dread from security researchers and analysts? Oh this is an imminent threat to the united. States just Ukraine, but like this is happening here and then there's a sense that the United States actually open the door to this kind of warfare with stuxnet. which was an attack on Iran? How how did those connect for you that it seemed like there's a new rule of engagement new set of rules of engagement for cyber warfare that actually the United States implicitly created with with stuxnet by attacking Iran. Yeah, I mean I tried to highlight. Clearly sand worm are the real bad guys in the story, they are the actual hacker group that did these terribly reckless destructive attacks that actually in some cases put people's lives at risk, the kind of in some parts of the story they actually shutdown medical record systems and I. Think may have cost people's lives with cyber attacks today they are the actual antagonist here, but I also want to highlight the ways that the US government is is partially responsible for the state of Cyber War, and there are a few ways that that's true. I The US! Open the Pandora's box of cyber war with stuxnet. This piece of now where that. That was used to destroy Iranian nuclear enrichment centrifuges that was the first piece of our that actually have caused that physical disruption destruction, and we now see Sandra doing the same thing in Ukraine. In in fact, in some ways around the world, also the the US hordes, these kind of zero day, secret hacking techniques, some of which were stolen and leaked and used by sand worm, but then I think the in fact, the biggest way that I tried to highlight that the US is responsible or complicit or negligent. Here is that we did not call allows what Santorum was doing in Ukraine and say to Russia. We know what you're doing. This is unacceptable. Nobody should be turning out the lights. Two civilians with cyber attacks. There wasn't a message like that I. mean the Obama White House sent a message to Russia over this kind of cyber hotline to say your election hacking is not okay. We see what you're doing and we want you to stop, but they said nothing about a tube blackout attacks in Ukraine, and that was kind of implicit signal to Russia. They could keep. Keep escalating, and even as all the cyber security, researchers and Ukrainians were warning that what was happening to Ukraine, would soon spread to the rest of the world, the US government ignore this both Obama, and then the trump administration until that prediction came to pass and a sand worm cyberattack did spread to the rest of the world, and it was too late, and we all suffered globally as a result, so let's talk about patch it. WAS CATASTROPHIC IN SCOPE, right? It took out the mayor shipping line, which is a massive business. It took out some hospitals in UK like it was huge in scope. I don't think people really put it all together. Talk about how it started and how big it grew. Yeah, so not too was kind of like big apotheosis sandwich, where all of these predictions of the terribly destructive things they were doing to the rest of the world came to pass but it did it started in Ukraine. They hijacked this. The the software updates of this accounting software called me doc that is basically used by everybody in Ukraine. The quicken turbo tax of Ukraine. If you do business in Ukraine, you have to have this installed, so sanborn hijack the updates of that news to push out this worm to thousands of victims mostly in Ukraine, but it was a worm, so it's spread the mmediately end quickly kind of carpet bombs. The entire Ukrainian Internet's every computer at spread to would encrypt permanently. You could not recover the computer, so it very quickly took down pretty much every. Every Ukrainian government agency twenty two banks multiple airports for hospitals in Ukraine that I. could count and in each of these cases. What is eight took them down. I mean it destroyed essentially all of their computers, which requires sometimes weeks or months to recover from, but then as you know, this is a worm that does not respect national borders. So even though it was, it seemed to be an attack intended to disrupt Ukraine. It immediately spread beyond Ukraine's borders. Borders to everybody who had this accounting software installed? That was doing business in Ukraine and some people who didn't so that includes Maersk. The world's largest shipping firm and Fedex and Mondelez, which owns cadbury, NABISCO and ranking manufacturing firm that makes tylenol in Merck. The Pharmaceutical Company in New Jersey on each of these companies lost hundreds of millions of dollars. The scale of this is kind of difficult to capture but I in the book I tried to. To I focused in part Maersk because it is just a good company to look at because you can. They had this gigantic global physical machine that is they have seventy six ports around the world that they own as well as these massive ships that have tens of thousands of shipping containers on them. And I told the story of how on this day seventeen of their terminals of were entirely paralyzed by this attack with ships arriving with just. Piles of containers on them. Nobody could unload. Nobody knew what was inside of nobody knew how to load or unload them with around the world of seventeen terminals, thousands of trucks, Semitrailers, carrying containers were lining up in Lyons miles long because the gates that were kind of checkpoints to check in the these trucks to drop something off or pick it up. They were paralyzed as well. This was a fiasco on a global scale is responsible for a fifth of the world's lable shipping capacity. They were truly just a rendered brain dead by this attack, but yeah displayed out at all of these different victims MERC had to borrow their own each vaccine from the Center for Disease Control because they're manufacturing. Manufacturing was disrupted by this, and it ultimately spread to a company called nuance, nate speech to text software. They have a service that does this for hospitals across the US to dozens of our possibly hundreds of American hospitals at this backlog of transcriptions to medical records that were lost because of this, and that resulted in patients, being do for surgeries or transfers, other hospitals in nobody knew their medical records were updated. I mean this was scale where hundreds of hospitals each of which has thousands of patients missing changes the medical records. We don't know what the effects of that work, but very well could've actually harmed people's health. Our lives I mean the scale of not petty is very difficult to. Get your mind around, but we do know that you know monetarily cost ten billion dollars, which is by far the biggest number we've ever seen, but it also had this this kind of harder to quantify toll on people's lives, so it it you know you read about it at length and wired. Obviously these companies go down of ripples in mainstream sort of general press, but I don't feel like people really not like Oh. This Russian group called San Worms sponsored by the Russian government. Unleash this attack in it caused this cascading effect of failure and disaster cost in that because we know what we can attribute it to the government, our government. I don't feel like that connection got made for people. What is the gap between other as a hack and Oh, this is actually a type of warfare engagement, because that that connection seems very tenuous. I think for a lot of people. Even as sort of the more general mainstream press covers this stuff. Yeah, you know. I don't think that that's is just like the nature of. Of Cyber War I think that was a failing that that lack of connection is a failing on our government's parts, and on you could say even on the part of some of these victims like these large companies I mean I at the time did not pitch it happened. I was fully on the trail of standard within days. I was talking to cyber security researchers who? Who had piece together? Some of the forensics to show the not petiot was Sandra that it was a Russian state-sponsored attack in yet none of those companies that I mentioned mercker Mondelez or Maersk or Fedex, or any of them wanted to say the Russia had done this to them and know governments were talking about either like the Ukrainian government was. They're always willing to point. Point the finger at Russia, but the US government was not, and you know that to me seemed to be just kind of I mean I felt like I was being gas. Let's at that point. I had watched Russia due to Ukraine for a long time at that point tonight. I sort of understood that NATO in the West. We had this kind of cruel logic that. Ukraine is not us. Russia can do what it likes to Ukraine because they're not NATO not e you. They are Russia's sphere of influence or something I think that that's very wrongheaded, but at least it made sense. You know to have that that viewpoints, but now this attack had spread from Ukraine to hit American soil American companies in many cases and yet still the US government was saying nothing I just thought this was bizarre and you know so i. For months I was like. Trying to get any of these companies to tell the story of of their experiences, not Peta I was trying to figure out why the US government wasn't talking about the fact that this was a Russian cyberattack and ultimately I. Think it was I. think it was kind of I know partly disorganization negligence. I think it may have something to do with the fact that the. The? Trump administration doesn't like talking about Russian hackers for obvious reasons, but eight months after it took eight months ultimately for the US government to finally say not that it was a was Russia it was the worst cyberattack in history, and then a month later. The White House impose consequences in put new sanctions on Russia and response, but it took nine months and more importantly it took. Multiple years this without was the first time this was twenty eighteen, and the Russian cyber war in Ukraine had started around the fall of Twenty fifteen, so that's just incredible span of negligence when the US government said nothing about these escalating unfolding. Acts, of Cyber Award that there should have been unacceptable from the very beginning I mean these are the kind of quintessential acts of state sponsored cyber attacks on civilians, trying out the lights. You know that's the kind of thing that I believe that the US government should have called out and drawn a red line across at the very beginning took ears, so I do think it was a big failing. Of of diplomacy, it just seemed like that part of the problem, and this is kind of an expression is it's so hard to describe like if the Russian government sent fighter jets to America and live their support. Okay, like everyone understood, you can see it. You can understand what happened there. In the you know, there's like a however many decades of movies about how to fight that war. This is a bunch of people in a room typing. Like it there's just an element of this where the dangerous Oh federal where the attack is invisible, and while the effects might be very very tangible, the causes are still sort of mysterious people so. My question is who is sandwich. What what do we know about them? Where do they work? What are they like? Do we have a sense of how this operation actually operates? In some ways the the biggest challenge of reporting this book, and I spent essentially the third act of the book, the last third of the reporting of the book, trying to answer the question of who is in worm, who are these people? Where are they located? What motivates them and I guess to partially spoil the ending here. They are a unit of the year you. They are a part of Russia's military intelligence agency, which is responsible for you know, this is not a coincidence. They are responsible for election meddling responsible for the attempted assassination of You. chemical weapons in the United Kingdom they're responsible for the downing of a seventeen as commercial passenger jet over Ukraine were three hundred innocent people died on the G. R.. You are this incredibly reckless callous out military intelligence agency, but they act like kind of almost just cut through mercenaries around the world. Doing Russia's bidding in ways that are very scary, so I threw essentially like a combination of excellent work of a bunch of security researchers who I was speaking to combined with some confirmation from US intelligence agencies, and then ultimately some other clues from the investigation of Robert Muller into meddling all these things combined created the trail that led to one group within the JERE. You that were you know I? Eventually had some names and faces even address of this this group, and all that was actually only finally fully confirms After the book came out Justin in recent months when the White House finally actually was the State Department's. End as well as the UK on Australian and other governments together finally said yes, sand worm is in fact that this unit of the year you so this theory that I developed in positive near the end of the book was finally basically confirmed by governments just in recent months. So one thing that strikes me at that is I, think of the Russian military things. Gru is being foreboding being obviously, they're very very good at this other a buttoned up in then they have like a incredible social media presence that kind of POPs up throughout the book that distracts from what doing. They set up Gucci for two point Oh when they were doing the DNC hacks that fed to wikileaks in the. That account insisted it was just guy. They set up the shadow brokers which was. I read. It is just like your some goof-balls like they wanted to seem a lot dumber and a lot smaller than they were. They were very effective at it to people I. Talk About those that strategy, and then I guess my question have is like a re better at seeing that strategy for what it is well. You make a really interesting point. The uses these false flags like throughout their recent history that we I should say we don't know that they were responsible for shadow brokers. In fact, nobody knows who shot a brokers. The shadow brokers truly are, and they are in some ways the biggest mystery in this whole story, this one group that hacked the NSA apparently and leaked a bunch of their zero day hacking techniques, or maybe they were even say insiders. We still don't know the answer to that question, but the other other incidents you mentioned. That are you are responsible for this Guja for two point zero fake hacktivists leaked a bunch of the Clinton documents. They're responsible for other false flags like they at one point to call themselves the Cyber Caliphate pretended to be Isis. They've a pretended to be like patriotic pro. Russian Ukrainians at some point they they're always like wearing different masks ends. They're very deceptive. in the a later chapter of the book, some of the biggest one of the biggest attacks they. They did was this attack on the twenty thousand Olympics where they not only wore a false mask, but they actually had layers of false flags where as cyber security researchers W. This melwert was used to destroy the entire back end of the two thousand eighteen winter Olympics. Just as the opening ceremony began, this was a catastrophic events. The aware had all of these fake clues made look like it was Chinese or North Korean or maybe Russian. Nobody could tell it was like. It was this kind of confusion bomb almost designed to to just make researchers throw up their hands. Give up on attributing mallards. Any particular actor was only through some amazing detective work by some of the analysts that I spoke to the able to cut through those false flags identify that sand was behind this essentially, but yeah, it's it is a one very real characteristic of the jury you that they are almost they seem to almost take pleasure or like be showing off their deception capabilities to and their evolving those capabilities they are getting more deceptive over time as fake gets more, destructive aggressive. Advertising content when I say Utopia what comes to mind? Birds Chirping lush natural beauty dialed up and vibrant technicolor. Is it within reach. Your world. World. explained. You are an essential part of the Pathak social body. Everybody in that place. Everybody happy now. While the peacock original series brave new world takes place in a scientific futuristic utopia. The concept is nothing new Sir Thomas more. I introduced the theory five hundred years ago, but we keep looking for that community identity stability of aldous. Huxley's Utopia and not finding it. Americans are the unhappiest they've been in decades and we're increasingly lonely. whereas in a utopia, everyone belongs to everyone else. In nineteen, forty-three, the psychologist Abraham Maslov developed a theory of Yoga. One that allows total self determination in basic terms. maslow's theory says that in a utopia we decide for ourselves what we need and how we're going to get it in Huxley's Utopia. Citizens always get what they want and don't want what they can't get. Sounds pretty good right then. Why can't we make it happen? For a Utopian Society, to work, we might need to disband some of the things we hold dearest marriage government privacy individualism, even family. See for yourself if a utopian world is as perfect as it seems watch, brave new world now streaming only on peacock. This is advertising content. Hey. This is bowes I'm a podcast or By, I, a Gamer Five G. is changing the gaming world in really unexpected exciting ways with the help of Samsung Five G. I'm getting a peek at how gaming is getting faster smoother and can even improve our lives well. Let's dish some secrets about the future gaming. Dr Jean Mechanical Direct Route Game Research and development at the Institute of the future. She's also a bestselling author game inventor. She's optimistic about gaming impact on us and our minds. The biggest thing that we've seen in research is that. We need to be able to game in the moment wherever we are. So, what happens when when you're playing when your favorite games is that it fires up than her logical pathways, it's kind of like having a of caffeine and a pet dog from your favorite coach, and you've just meditated for an hour. This emotional neurological power up is called the game transfer effect, and that effect is heightened when using five. Five G. The game transfer fact requires you to be totally immersed in the game, so you want to have the most amazing graphics and the most immersive audio and with five G. to do that anywhere anytime, be one of the first to harness the game transfer effect with Samsung Galaxy Five G. now available on Galaxy, S Twenty-five g and a seventy one five G. feels good to be I with Samsung. I love to play the game of like. Imagine the meeting and imagine that the one set of meeting which is like the actual hackers finding the vulnerabilities figuring out how to jump from Windows, eight computer to some sort of physical hardware controller that actually runs like that. That's a very hard problem in and of itself, and then the other meeting. They're like what we're GONNA do is claim to be a guy called Gucci for two point, Oh and like those are. Not Connected Right, but the way they throughout the book the way they execute East campaigns they're deeply connected, and that seems like not only just a new kind of warfare, and you kind of craft, but some just consistently seems to work in surprising ways like the tech press is GonNa. Be Like Gucci. I says this and we're. There's never that next step of also we think it's Russian government, and that seems like first of all I'm dying. I imagine the meeting right. I would love to be a fly on the wall of the meeting where they decide what their twitter name is going to be today. I'm very curious how they evolve those attacks in such a way that it just seems to be more and more effective time. Yeah, I mean. I also love to have been those meetings in. It's my one kind of regret in this book that I never actually got. Interviews, it's almost an impossible thing to do. They liked find defectors from the R., you or something. He will tell those stories at a knock it murdered I mean. It's kind of a possible, but but. In some cases? I think your earlier points. They almost seem kind of bumbling in these things they do them in a very improvisational way. for two point Oh seemed almost like it was a justice thing they invented on the spot, tried to cover up some of the the accidental ups like they had left russian-language formatting errors in the documents that they had leaked from the DNC, so they admitted this guy who appeared the next day and started. Talking about being a Romanian. Friends as motherboard Lorenza, Franceschi decry he started this conversation. Align with with Guja for two point, oh basically proved at the guy could not actually properly speak Romanian. BE Russian speaker. In fact, it was. It was almost comical at the same time. They're using very sophisticated hacking techniques doing destructive attacks on a massive scale, but they're also. They seem like they're kind of making it up as they go along. They do things that don't actually seem very kind of strategically smart. They kind of seem like they're trying to impress their boss for the day. Sometimes with just like some sometimes, it's just seems like the Jere. You wakes up in asks themselves. Like what can we blow up today? Rather than thinking like? How can we accomplish the greater strategic objectives of the Russian Federation? So they are fascinating in that way and very stringent colorful group. That's I think one of the biggest questions I have here is. We spend a lot of time trying to imagine what flat and Mirror Putin wants. You know when he grows up, but it. None of this seems targeted like what is the goal for Russia to disrupt the Winter Olympics right like. Is there a purpose to that? Is that just a strike fear? Is it just to? EXPAND THAT SUV influenced. Is it just to say we have the capability furious is there? has there ever really been the stated goal for this kind of cyber warfare? That one is particularly mystifying. I mean you can imagine why Russia would want to attack the Olympics. They were banned from the two thousand Eighteen Olympics doping, but then you would think that they might want to attack the Olympics and send a message maybe like eight deniable message a message that you know if you continue to ban us. We're GONNA. Continue to attack you like like any terrorists would do, but instead they attacked the winter. Olympics in this way, that really seemed like they were trying not to get caught, and instead like make it look like the was Russia North Korea? And then you have to like what is the point of that was? The could kind of. Sit there in Moscow and kind of like rub their hands together in gleefully. Watch this chaos unfolds. It almost really does seem like it was petty vindictive thing that they just for their own emotional needs wanted to make sure that nobody could enjoy the Olympics if they were not going to enjoy them I that was, but that one is i. think outlier in some ways for the most part you can kind of see. The Russia is advancing. The G. R. You that sand worm is advancing something that does generally make sense which is that. In Ukraine for instance, they're trying to make Ukraine look like a failed state. They're trying to make Ukrainians. Lose faith in their security. Services are trying to prevent investors globally from funneling money into Ukraine trying to create a kind of frozen conflict, as we say in Ukraine where there's this constant perpetual state of degradation. They're not trying to conquer the country, but they're trying to create a kind of permanent war in Ukraine and would cyber war. You can do that beyond the traditional front end. It is in some ways the same kind of tactic that they used in other places like the US which. which here we saw more than influence operation that they were hacking leaking organizations like democratic campaign organizations and anti doping organizations to kind of so confusion to embarrass on their targets. They're trying to influence like the international audiences opinion these people, but in Ukraine, it is in some ways, just a different kind of influence operation where they're trying to influence the world's view of Ukraine. Influence Ukrainians view of their themselves under government to make them feel like they are in a war zone even when their kid hundreds of miles from the actual fighting. That's happening on the eastern fronts in the eastern region of. Of Ukraine so in a book you you you go to Kiev. You spent time in Ukraine. Is there a sense in that country that while sometimes light goes out sometimes our TV stations. Their computers don't boot anymore. Because they got rewritten, the Hydros got Zeros like. Is there a sense that this is happening? Is there a sense the defy back is there does Microsoft deploy you know dozens of engineers to to help fight back. How does that play out on the ground there? Yeah, I mean to be fair. Ukrainians are very stoic about these things and regular. Ukrainian citizens were not bothered by you know. Know a short blackout. They didn't particularly care you know. This blackout was the first ever. Hacker induced blackout in history but Ukrainian cyber security. People were very unnerved by this end, people in these actual utilities were traumatized I mean these attacks were truly like relentless sins very kind of scary for the actual operators at the controls I mean in the first blackout attack. These poor operators Ukrainian control room in western Ukraine they were locked out of their computers, and they had to watch their own mouse cursor. Click through circuit breakers, turning off the power in front of them I. Mean They watched it happen? At these kind of Phantom hands to control of their mouse movements, so they took this very very seriously, but yet Ukrainians as a whole I mean they have seen a lot. They are going through an actual physical war. They've seen the seizure of Crimea and the invasion of the east of the country. You know the the date hits. A Ukrainian general was assassinated with a car bomb in the middle of Kiev, so they have a lot of problems, and I'm not sure that cyber war is one of the top of their minds, but not patio I. Did, actually reach Ukrainians normal. Ukrainian civilians to it. It shook them as well. I talked to two regular Ukrainians. who found that they couldn't swipe into the Kiev Metro. They couldn't use their credit card at the grocery store. All the ATM's were down The Postal Service was taken out for every computer that the postal service had was taken out for more than a month. I mean these things really did affect people's lives, but it kind of. A until that kind of climactic worm. Not Patio for I think for this to really reach home for Ukrainians. who have kind of seen so much. How do you fight back? I, mean I one of things that struck me as I was reading. The book is so many of the people you talked to people who are identifying the threat. They're actually private companies. Eyesight was the first even detect it. they are contractors to intelligence agencies the military in some cases, but they're not necessarily the government right like it's not necessarily Microsoft. Who has to issue the patches from the software not necessarily GE which makes simplicity, which is the big industrial controls talk about a lot. How does all that come together into a defense because that seems like harder problem of coordination? Yeah, I mean defense in Cyber. Security is in an eternal problem. It's incredibly complicated, and when you have a really sophisticated determined adversary, it know they will win eventually ends I. think that they're absolutely lessons for defense in this book about you know. Maybe you need to really really think about software updates for instance like the kind that were hijacked to a with this medoc accounting software. As a vector for terrible cyber-attacks. Imagine that like. Any of your insecure apps that have kind of updates can be become a a piece of Malware, really unique to signature networks need to think about patching on. There are just an endless kind of checklist of things to every organization needs to do to protect themselves so. In some ways that just like a Sisyphean task and I don't. I don't try to answer that question in the book because it's too big, and it's kind of boring as well, but what I do really hammer on is the thing that the government's really could've done here. which is to try to establish norms tried to control attackers through diplomacy through kind of disciplinary action through things like kind of Geneva Convention for Cyber War if. If you think about a kind of analogy to say like chemical weapons, we could just try to give everyone in the world a gas mask that they have to carry around with them at all times, or we could create a Geneva. Convention norm that chemical weapons should not be used in if they are than crime, and you get pulled in front of the Hague. Hague and we've done the ladder and I think that in some ways should be part of the the answer to cyber war as well we need to establish norms and make countries like Russia or like organizations like the G. Are you understand that there will be consequences for these kinds of attacks, even when the victim is not the US or NATO or the? The EU and I think we're only just starting to think about that. One of the questions I had as reading is it seems like a very clear red line for almost everyone you talk to is attacks on the power grid right? That is just unacceptable. You should not do it if you do it. You've crossed a line and there should be some consequence. Is, that clear to governments. Is that something that our government says? It's something that the says it has been established. It seems like it's it's the conventional wisdom wants to salvage, but I'm not unclear whether that is actually the line that exists. It definitely has not been established, and when I kind of did these I managed to get sort of interviews with the top cyber security officials in the Obama ends trump administration Jay Michael Daniel was the cyber. Cyber Coordinator for the administration was the kind of cyber coordinator boss in the The Homeland Security Adviser for trump and both of them when I asked him about like wiped. Why didn't you know to put it bluntly like? Why didn't you respond? When Russia caused blackouts in Ukraine? Both of them essentially said well. You know that's not actually the rule that we want to set. We want to be able to cause blackouts in our adversaries networks. In their power grids when we are in a war situation or when we believe it's in our national interest, so you know that's the thing about these cyber war capabilities. This is part of the problem that every country. Absolutely the US among them isn't really interested in controlling these weapons, because we in this kind of Lord of the rings fashion, we are drawn to them to like we want to maintain the ability to use those weapons ourselves and nobody wants to throw this ring in the fires, of Mount Doom. We all wanted maintain the ring and imagine that we can use it for good in out. So that's why neither administration called that Russia for doing this because they want that power to. Make the comparison to to nuclear weapons but Negotiated drawdown and treaties with Russia in the past we count warheads where aware that the United States stockpiles can destroy the world. Fifty Times over today maybe tomorrow one hundred hundred like what we have a sense of the the measure of force that we can. Put on the world when it comes to nuclear weapons, there's a sense that Oh, we should never use these right like we have them as a deterrent, but we've gained out that actually leads to his mutually assured destruction like there's an entire body of academics. There's entire body of researchers. Entire body is got scenario planning with that kind of weapon. Does that same thing exist for for cyber weapons. There are absolutely. Know community is of academics. Policymakers who are thinking about this stuff now, but I don't think it's kind of gotten through to actual government decision. that. There needs to be kind of cyber deterrence in how that would work. In in the comparison to nuclear weapons is like instructive, but not exactly helpful. In fact, it's kind of counter-productive because we cannot deter cyber-attacks with other cyber-attacks i. don't think that's GonNa work in part because we haven't even tried to establish it yet. There are no kind of rules or read lines, but then I think more importantly. Everybody thinks that they can get away with cyberattacks that they can. They're going to create a false flag. That's clever enough that that when they blow up a power grid, they can blame their neighbor instead, so they think they're. They're gonNA. Get Away with it, and that causes them to do it anyway. A not fear the kind of assured destruction so I think that the the right response, the way to to deter cyber attacks is not with the promise of a cyber attack in return. It's with all the other kind of tools we have, and they've been used sometimes, but but they were not in the case of Sand Werman. Those tools include like sanctions which came far too late in the story indictments of hackers. In some cases, we still haven't really seen syndrome. Hackers indicted for the things that they did in Ukraine or or even not petty. And then ultimately just kind of messaging like calling out naming and shaming bad actors, and that has happened to some degree with Sandra, but in some cases there have still been massive failures there there has still been no public attribution of the Sandwich attack on the twenty eighteen Olympics I mean. My Book has been out for months. I think show pretty clear evidence that syndrome is responsible for this attack. The very least it was Russia and yet the US and Korean War, These Olympics took place at UK, none of these governments have named Russia as having done that. That attack which almost just invites them to do it again whenever our next Olympics are going to be, I guess maybe not this year, but if you don't send that message than you're just essentially inviting Russia to try again so I think might my big question is what happens now? I mean right we you write about. The NSA has tailored access operations, which is their elite hacking group. We are obviously interested in maintaining some of these capabilities. We've come to a place where people are writing books about how it works. What is the next step? What is the next? does it just keep getting worse or does this kind of diplomacy you're talking about? Is that beginning to happen I? Think there is some little glimmers of hope about the diplomacy beginning to happen I mean this year in February I think it was the State Department's called out a sand worm attack on Georgia, where a worms hackers basically took down a ton of Georgian websites by attacking the hosting providers as well as a couple of TV's broadcasters in the US. State Department with a few other governments not. said this was sand. Worm named the unit of the GRU. That's is that was confirmation that I've been looking for for a long time, but they also made a point of saying that we're calling this out is unacceptable, even though Georgia. Georgia is not part of NATO or the U. so that's that's progress. That's essentially creating a new kind of rule. That's state-sponsored. Hackers can't do certain things, no matter who the victims and that's really important. Also, it was kind of interesting because federal officials like gave me a heads up about that announcement before happened, which they have very very rarely do and I think they were trying. To say was in we. We read your book and we. Got The message okay like Stop attacking us about this like we're trying. We're doing something different here I. Don't want flatter myself that I actually changed their policy, but it did seem interesting that they wanted to tell me personally about this so i. I think that like maybe our stance on this kind of diplomacy is evolving, and we're learning lessons, but at the same time we also see the attacks evolving to. To and their new innovations in these kinds of disruption happening, we've seen since some of these terrible Sandra attacks. You know other very scary things like this piece of our called Triton or crisis that was used to disabled safety systems in a oil refinery in Saudi Arabia on that was you know that could have caused an actual physical explosion of petrochemical facility? The the attacks are evolving to okay final last real question. Tell people where they can get your book. You can find all kinds of places by on indie Greenberg Dot net. Written another book as well previously, yes. That's right. I wrote a book about wikileaks. Cypher punks and things like that. That's right well. I'm a huge fan. It was an honor to talk to you. Thank you so much for coming on I know it's. It's a weird time to be talking about anything, but the coronavirus I was very happy to talk about something else, which is that it seems a little bit more in control Even if it is quite dangerous, a thank you for the time. I appreciate it. Yeah, I'm glad to provide people with a different kind of apocalypse as a distraction.
Pence says CDC changing school reopening guidelines after Trump called them 'tough and expensive'
"And. After president, trump assailed. Ripped apart tore up guidelines issued by his own centers for Disease Control and Prevention for reopening schools Mike Pence appearing with the White House Corona virus course announced. The agency is going to issue new recommendations next week. Saying administration officials don't want the guidance to be a reason. Schools don't
Dan Guido of Trail of Bits - The Evolution of Smart Contract Security
"So I've been doing security stuff for the better part of my life started probably when I was about thirteen fourteen, breaking into my school computers, like when does as when does. Luckily escaped being severely punished for that but I ended up going to college for concentration program and cybersecurity. It was called politicking university when I went there, but now the Nyu School of Engineering and they have one of these NSA center of excellence programs that teach kids a formalized education in Cybersecurity I think the people that are a little bit younger than me have a lot more formalized education and people that are a little bit older than me, don't they learned? Learned from their peers, learned and kind of like a master apprentice kind of set up, so I'm right on the cusp of that, so I have a formal background in computer, science and computer security, and this is the only field that I've ever been interested in working in, so I've worked at the Fed reserve doing incident response, helping prevent people hacking into the currency reserve the United States. I've been a consultant at Isaac Partners now NC group I saw that Isaac. Isaac partners before they were acquired help start their office in the on the East Coast worked with dozens of technology companies across the globe, but I was pretty frustrated that it seemed like an unending treadmill that you kind of go back to clients year after year, and there's always the same bugs, and they don't really internalize the information that you give them. I thought that there was some improvement that we could make, and I wanted to make fundamental improvements to the. The whole field so I found a trail with two friends of mine back in twenty twelve to fundamentally advance the science of computer, science and computer security I think by and large succeeded at doing that very small ways. The company started as a Darpa contractor. We worked on for your long research programs in Automated Program Analysis and Advanced Cryptography, and then from there we've branched out to help provide those advances to commercial firms and now to blockchain firms, so that's. I guess the medium length overview of where I came from and what we're doing now. Tell us about how you got interested in blockchain as a cryptographic field. Because basically found a trade of bits and two thousand twelve, and obviously, then it was pretty new, so what exactly spoke to you about it? A couple of things I think it was really driven by employee interest there about two or three people in the company that were just really enamored with blockchain technology, because it was a Greenfield, not necessarily because it was anything that you could do with blockchain, but because the field was in its infancy, it was a chance to start over it was there were no security tools. There was no security knowledge. People were building their own programming languages building their own compilers. The execution environment looked a little bit different, so there was this huge gap of knowledge that we could rush into fill and create things that were. From the first step back about three to four years ago, we had a couple people dabbling in that area of technology, and what we contributed was a symbolic verifier. That was our very first thing. We didn't raise our hands and say hey. We'll audit your code for you. We're engineers, so we set up a little unit of people that wrote Symbolic Capable A. A theory in virtual machine, a tool that we have called manticore, and then once we were able to do that. We realized that Hey, this is actually kind of valuable and people would love to work with us to improve their own security, so because we'd already mastered the field through that activity that research activity. That's how we started offering services for
Trump slams ex-NSA John Bolton over memoir
"President trump again slamming his former national security adviser John Bolton for his upcoming book on his time in the White House very simple I mean that as much as it's going to be broken this is highly classified that's the highest stage is highly classified information that he did not have approval that's come out now very loud and very strong Sox's Hannity the justice department is seeking an injunction to stop the publication of the book
Protecting your digital privacy during a protest
"So we've all seen the footage of protesters clashing with police, but beyond the fiscal confrontation police another law enforcement officials are using a lot techniques to monitor and identify protesters. Give me a rundown on what they're doing yet. So police have had tools for a very long time, and they used things like IAMs eye catchers, a more simple name for that would be sting rays which are tools that serve as fake cell phone power. So when you're when you're texting somebody when you're calling somebody, it would connect to them rather than. Than, connecting to whatever service provider that you have, and they would be able to use that to intercept all your calls, and all your text message that you're sending they also have been using tools like Gio fence warrants where they can send requests to police to tech companies, or they can send requests to sell service providers and say we want. Data on all the mobile phones that were in this specific area. Can you please provide that kind of information and Google and companies like t mobile at and t horizon? They have complied with these requests because they're legally obligated to. Other tools include facial recognition that they use to identify people in protests. There was another tool used during protests in Baltimore where they used. A company called Geo Fida with social media surveillance to basically help identify protesters. That were demonstrating again. Police brutality, so you? You actually wrote about Gio. Fence warrants yesterday, and it's an interesting thing. I don't think people really understand. How specific or how narrow is that geographic target that they can get? Can you get them to square block, too? Like a ten square feet patch of land like how specific talking about so these you fence warrants to threat is more about the fact that. They don't have to be specific at all more so versus how specific it can get so a case in Virginia that I had found, they narrowed it down to within the range of like just a bank or the block that a bank was on because they were trying to figure out who was behind this bank robbery, and they didn't have a name they didn't have. Any details about what the person looks like or anything like that, but they. They knew that happened at this bank at this time, so they send us warned request to Google that says we're looking for data on all the phones that was in this area during this hour, but the problem is. Is that with these warrants? You can have it, you know the. The size of entire neighborhood these are this is essentially a dragnet surveillance kind of thing. Where imagined the non tech? Like version of this right? It would basically be cops knocking on every single door, being able to go in and search every single home and say and and seeing you know hey, where you at this bank at this time that kind of thing. That happened in colonial times. I was called a general warrant. And that's part of the reason why we have the fourth amendment now say you need probable cause, and you need a specific reason to search someplace, and that was understood for a very long time with search warrants GIO fence warrants. It seems like you know because the law hasn't really caught up with technology. They're able to just do these widespread searches and gathered data on on. An entire range of people there are so many cases where you know innocent people have had their data swept up by these searches just because they've just happened to be in the wrong place at the wrong time. Well, and it's not very difficult for police obtained warrants right? It's not difficult at all from what we've seen in other cases so out of Minnesota. The Minnesota public radio did an investigation on this where judges will sign off on this within with like just looking at it for like five ten minutes, or so the another issue with that being that it's hard for to visualize something when you just get the latitude and longitude so these war requests. They don't show they don't show like. Oh, we're looking for something in this area. They'll say something like we're looking for data on devices between the coordinates of negative, one, hundred and ten. Latitude and positive one hundred five launched your. I don't know where that is. That could be in the middle of the ocean for all I know, but. That's the point like you. When you hear something like that, you don't know how large that whole area is. And you kind of just an judges have just signed off on warrants like that well, and you also mentioned in your store today. The DA is now authorized mantra protesters. What are the implications with that? So th Buzzfeed News? Take a memo. I'm from the Justice Department basically signing off or the DA to do covert surveillance, which basically means they're allowed. They have a blank check to basically secretly spy on George Floyd protesters. Now the argument from the Justice Department has been. You know were doing this kind of surveillance to look for riders and members of Antigua and things like that, you know the people that are causing damage during these peaceful protests. Outside of police, and the consequences of the being do blanket surveillance means that you now have the full force of the federal government. Able to do secret surveillance, and that includes things like. Catchers. But not just at the scene of a of what are these? Protests are because they have planes that can fly around and just gathered data on thousands of people. All at once, and you think about the surveillance tools at the NSA
NSA: Russian agents have been hacking major email program
"Hi hi Mike Mike Crossey Rossi a reporting reporting the the largest NSA union says for Russian meatpacking agents workers have says been hacking over forty of major have email died from program the corona virus the National Security the United Agency food and issued commercial an advisory workers union Thursday says warning at least that forty Russian four military meatpacking hackers workers in the have United been infiltrating States have died a major from email cold in server nineteen program while since last the union August estimates or another earlier three thousand the NSA workers says have the tested intrusions positive of the for ex the virus the mail transfer its director agent of food processing have been carried and meat out packing by the says Russian the military actual numbers group are known likely as higher sandworm than the estimate that's the same the union hacking says group thirty that interfered meat packing in the twenty plants sixteen were closed U. S. at presidential some point due election to infection and since carried March out a twenty hi seventeen Mike Rossi cyber up attack targeting businesses that operate in Ukraine X. M. which is widely used mostly runs on unix type operating systems hi Mike Rossi up
"nsa" Discussed on WSB-AM
"We run a start with the national security agency's mass surveillance of our phones I don't remember the NSA quietly analyze metadata on our phone calls and text messages for years collecting millions or even billions of records every single day yeah the program was officially shut down last year when all was said and done it end up costing about a hundred million dollars okay maybe the money's worth it if it stops a meaningful number of crimes or terrorist related activities but listen to this a declassified study put together by the privacy and civil liberties oversight board was just presented to Congress now according to The New York Times during all that time and all those records collected the NSA program resulted in are you ready let's count them together two unique leads and only one significant investigation that's about thirty three million dollars each so if the NSA is truly interested in collecting information about every single person they really ought to consult with say no no Google Facebook Amazon be a heck of a lot cheaper number two swimming with the sharks can cost you an arm and a leg now before joining the popular shark tank show about a decade ago bar Cochran founded in New York City real estate brokerage firm that she sold in two thousand one for sixty six million dollars she's seen a lot she knows what she's doing but that doesn't mean she can't be scaled covers bookkeeper recently received an email from the reality host assistant asking for renovation payment the email looks legit and since she does invest in real estate it didn't seem all that suspicious so the bookkeeper wired over nearly four hundred thousand dollars well guess what it wasn't really barber's assistant who sent that email they created a very similar email address they just change one letter so the moral of story is is that anybody can be fooled by phishing emails at the website I committed a com we have a lot of tips on how to spot phishing emails texts and other messages a bar Cochran one said finding opportunity is a matter of believing it's there words to live by for the scammers this turns out to number three your smart speakers are listening a lot a new study paints a grim picture of how many times your smart speaker listens in per day by accident thanks to your television researchers from Northeastern University and imperial college London gathers several whole models of these smart speakers they had the Amazon echo the Google home mini apple homepod and Harman Kardon invoke they wanted to find out how and why the speakers mistakenly here wake words so they streamed a hundred twenty five hours of Netflix and what they found out is that apple's Siri and Microsoft's Cortana running on the Harman Kardon with the worst offenders your TV's triggering your smart speakers about nineteen times a day recording who knows what you know and it kind of reminds me of a joke this something that you're gonna want to share with your family members and friends to take a husband as his wife Hey you know how do you turn Alexa off she says it's simple honey just try walking around the house naked number four you can get more than creepy drivers and uber left here's something I never considered bed bugs that's right if you have AA the ABC affiliate in Dallas interviewed a local exterminator who has a.
"nsa" Discussed on News & Talk 1380 WAOK
"Day of black history month we continue to celebrate black history month no matter where NSA that last days actually we go to the twenty ninth this year leave your situation right yeah in the studio my dear friend who has made black history herself none other than our fearless leader chief magistrate judge because Sandra Kirk forty county how are you mad I am wonderful how are you and good morning good morning to you and thank you for being on the show is early you are been Adam yes yes always twenty four seven three sixty five always up your court is a twenty four hour court Hey literally and I'm so glad for that because they are sometimes I got arrested on Saturday and I need a bomb by Sunday a magistrate court was rated and really that's not why we're here you literally oversee the busiest court beyond just the state really in the of southeast region right one of them I would say that yeah absolutely we do about eighty thousand cases a year and so I would say we're close yeah and your point you can you can appoint up to thirty judges you do have help on that band you don't have a strong administrative staff but with the staff you have you guys are very responsive right just everything Sir all the time all the time let's talk about something that your office is cosponsoring OB so the magistrate court of forty county is cosponsoring with W. A. okay our next leadership talks sit down with Peggy Cole up salute Lee young was the founder of slavery vegan a two year let's talk about your partnership right and so for us pinky call has been an incredible partner to the magistrate court we have a landlord tenant clinic it is really a tenant assistance center is the housing court assistance center which is housed in the magistrate court and Peggy Cole has been a friend and we are appreciative of that yep and PhD dear friend of mine as well she sometimes as you know were shot I have some money I want to help a few people how can I do that and that and I will plug a remand with what you do absolutely yeah land of on your lawyers foundation has been very helpful in helping us find those people that match that need yeah I remember later a German leadership talk is free okay it is your master class without the massive money it is free parking free entry we sit down with a mover and shaker once a month effort of a live audience and that we talk about their background their life their struggles there try young and also their business savvy Biggie cold is one of the most remarkable and genius business people I've met in a very long time I've had her lecture my college class multiple times as well which we're gonna talk about entrepreneurship we're gonna talk about branding marketing and also how to create patterns in your personal life that helps you to overcome yourself because a lot of times we talk ourselves out of doing what we think is the impossible okay and naturally it's impossible until somebody does it right so you chief judge the first of may you're the first African American female elected no I am the first elect elected period but because you African American female they measured Hey you got it Blake is a my number got a place at a month right yeah how does that how does that feel to steal B. and that ground breaking arm tradition as an African American a black female so it's amazing for us but more importantly it's amazing for the citizens of Fulton County we have an opportunity now to craft what this court will be structurally going forward and so these first four years I know people are like she was appointed by the governor we're not sure what she's going to do and despite that we have moved forward as the governor has expected us to become independent and to become accountable to the people we serve in our next four years having now been elected thank you again citizens it's important that we continue to craft that court in such a way that we are responsive and that as we do what we say it's warm engage and empower our community and you are very active legal clinics with Hosea helps will talk about the the Christmas community dinner on thanksgiving the R. MA okay all of that and and you stayed very active even outside of that and so let's talk about the other thing because yeah big part of what we do we are the people's court which mean a lot of people come in representing themselves in order to make this an easy on ramp for them we have spent good time energy and thanks thanks to a grant from the national center for state courts we have been able to make videos that tell people how courts gonna work we've been able to make pamphlets that tell you what to expect so we really want to empower the people that are walking into our court so you don't get surprised because court is where you come as a last resort yeah it is where the final will be taken and you need to be able to make sure that you can win are you have this heart of a public servant that shows in everything you do what did they come from so I think it comes from just growing up my parents my grandparents this is what I watch them do and so this is kind of where we were raised here this is the only thing I know and the leadership is reflected in how you run the court eight that thank you Bob so a nod to birch street we are going to be there March fifth at seven PM this is leadership talks this is one of those talks where you need to bring your entire family you need to bring your entire family to sit down in front of Peggy Cole the founder of slutty vegan okay you are going to be tremendously blessed by the words and the wisdom of this remarkable entrepreneur as she's one of our own right here went to Clark Atlanta university and has created one of the most recognizable brands in the United States she announced on my show just a few weeks ago the she's opening up thirteen new slated vegan locations I just hope that means we don't have to stand in line and that line is serious now let me ask you judge have you been solidified so I have not I tried to stand in line and they closed before I got there I was like what in the world like it was in line and we got to get you a burger we will get to them R. will work on back that's an order okay here's how you can get with us on March fifth Thursday at seven PM all you gotta do is R. S. V. P. as I said before free entry free parking but very very valuable information and as with every leadership talks I make sure that the audience gets an opportunity to engage directly with the gas and oil paint you she's going to stay there as long as is needed are so make sure you got a bill that Edie you B. E. U. L. A. H. dot EDU forward slash talks that's B. E. U. L. A. H. dot E. D. U. forward slash talks and R. S. V. P. right now B. E. U. L. A. H. dot EDU forward slash talks and because of great partnerships of like chief judge Kirk I W. A. okay in Beulah heights university these discussions are all ways free and they are absolutely incredible I would encourage everyone to come you come to a lot of them I do I do I heard a lot yeah the staff judge we appreciate you this morning thank you for having me thank follow you all on social media so absolutely glad you mentioned that obviously come to our website but our ideas Fulton magistrate please look us up it was the website it is magistrate Fulton dot org there is thank you thank you news and top thirteen eighty W. A. O. K. for gambling.
"nsa" Discussed on The WAN Show Podcast
"Oh sorry I just wanted to note that feature requests because it's good an error. An error occurred. Please try again later. But also it says live. They've excellent condition. I love the so much. Hey Jake he wandered off okay. I'm just GONNA sing. This is probably the quickest way. Wait for me to do this. I'm just GonNa snap a quick picture this because this is hilarious. We have we have a call with them probably next week like we actually have a contact act like actively working on the development of this panel and be hard right we were like straight up honest with with them. We were like look the way that it's so confusing to us because the way it messages things is terrible like it's undecipherable and so me getting like excellent connection action live by the way there's a problem you can't you can't do that anyway. We're live a show ladies and gentlemen. We've got a fantastic show for you guys today. The NSA has revealed a major flaw in Microsoft's Windows operating system. Apple may be forced to ditch the late in connector. Luke got banned by Blizzard Lizard Months. Well I'm fascinated to hear about it. Okay story and you don't have to go home but you can't can't stay here. Windows seven is dead. Dead has doornail dead as you can still use it. Yeah you can still use it but like AAC people used. Xp for a long time they did they shouldn't anymore no but they should do to Windows Network.
"nsa" Discussed on TalkRadio 630 KHOW
"NSA decided to create hacking tools to weaponize the windows back if you don't remember how that ended let me give you hit want to cry that's right cyber criminals stole those hacking tool developed by the NSA and a twenty seventeen launched a massive ransomware campaign against a hundred and fifty countries and about two hundred thousand companies so now there's a major flaw in windows ten that's worse than eternal below once again the NSA knows about it so what are they gonna do this time seems like they learn the lesson they learned Microsoft the bug which is central that a patch to keep the bugs from being exploited so if you're running windows ten or windows server twenty sixteen the need to download this patch immediately you can check commander dot com for some more tips on how to make sure that happens and make sure that your PC save but here's a fun fact the windows PC is running at the NSA they have stickers on them and the sticker say Intel inside all right number three forget sex ed it's sexting at researchers from universities in Florida Wisconsin conducted a survey of five thousand kids between the ages of twelve and seventeen and nearly twenty five percent responded that they have received messages that were sexually explicit fifteen percent said they've sent sexting messages which brings us back to the researchers advice which they compare to sex ed they say it is talk to your kids and teach them about safe sex in because they're gonna do it anyway so for starters don't share the messages it's only bears the of those images get out and make their way on to the internet it could be a legal it's easy to follow because teens don't brag right not it goes on with other tips engaging in sex with people who you trust making sure to get consent first sending suggestive photos incident naked photos and leaving your face out of it and here you thought the birds and the bees talk was tough now it's hardly the meaning of life number four fake virtual people are making more money than you are as tech because we're sophisticated artificial intelligence continues one of the big questions I hear a lot is a camel robot take my job some day there can be a quite hard question to answer depending upon what field you're at but if you're an influence or Instagram be afraid be very afraid the new rising social media stars aren't even real take should do a beautiful gorgeous south African model with nearly two hundred thousand Instagram followers she was created by a fashion photographer the U. K. you took up three D. animation as a hobby little McClellan is they buy influencer with nearly two million followers not remember this is a fake virtual person created by someone who's really good at photo shop at a five dollars CPM little gal is earning about ten thousand dollars for a single post just got a job at a magazine as a contributing arts editor yeah I don't say I understand it either the influencers might not be real but the money that they raking in sure has a right number five Ilan mosque deep down is still a twelve year old boy all right first and tell you probably the auto pilot features built into test was supposed to help you drive but not take over apparently nobody told the Tesla owner in Ontario according to police they started Tessler was speeding while the fifty eight year old driver was flossing his teeth that's right kudos for the good dental hygiene but a bad idea when you're supposed to be focused on the road he was charged with careless driving just remember don't floss and drive is being of Tesla Ilan mosque says your toes will soon be able to talk to pedestrians which he demonstrated in a recent tree that's great but now it's really hard was the power of artificial intelligence and technology must also said that soon you'll be able to use the feature on your Tesla to quote fart any pedestrians a general direction correct who has who has a real need for flying cars when we have this to look for to talk about to do your own **** all right there are tons of VPN providers out there but only to research my sponsors and I only only recommend brands to my listeners and viewers that I believe in and the ones that I have trusted and I can say with full confidence that express V. P. N. isn't the best VPN on the market and here's why first and they're not gonna log your data in fact expressed B. P..
"nsa" Discussed on Conspiracy Theories
"To work to counteract the Jay's efforts with its own network of pro American propaganda. The task naturally fell to the still new CIA. They found their proxy in the national student association, the NSA was founded in nineteen forty seven the same year as the CIA in Madison, Wisconsin. It's main purpose was to represent the colleges of America at the international union of students. A global congress of students based in Prague. It was also in town. Tended to help forward the more liberal, politics of the younger generations of Americans who were becoming increasingly concerned with the right wing zealotry of the early Cold War era. When we talk about the United States, government, surveilling, actively persecuting, antiwar, or left leaning, American students, we usually focus on the presidency of Richard Nixon. But the NSA CIA scandal reveals that from the very first year of the CIs existence. The US government had concerns about liberal, politics infecting America's youth. It was the political schism that actually allow the CIA to get involved with the NSA in the first place in two thousand fifteen a great compilation of the story was published in patriotic betrayal, the inside story of the CIA secret campaign to enroll American students in the crusade against communism by Karen Padgett. We referenced pants book, as well as the review of it from the New Yorkers Lukman for large part of the section as early as nineteen forty eight just after the organization was form. The NSA was on the radar of the FBI, US State Department and of all things that Catholic church, which played a big role in anticommunist propaganda through the nineteen fifties and nineteen sixties. None of these organizations had a chance at infiltrating the pro civil rights antiwar and essay but to see was new, it didn't have the baggage of more established wing of the American government beginning in the early nineteen fifties. It's operatives were able to bazillion themselves, as more forward thinking liberal agents, whose views aligned with the student leadership of the NSA. That's ridiculous. Of course, the CIA reports directly to the president. It's aims are as much in line with the broader American military as anything else in the executive branch, but the ploy worked in nineteen forty eight no one had heard of the CIA, and even fewer people knew what it was intended to do. See. Aubert is were able to position themselves as liberal anti-communist to get in with the NSA. There are few exact names in the story of how these two organizations came together, but the general count is this as early as nineteen forty-eight, CIA operatives began underwriting, the budget for the NSA's offices, and operations with that they were able to influence the outcome of student, elections, and policies that the NSA brought to the international union of students, the US split up in nineteen forty eight after the NSA withdrew in objection to a coup that had occurred in Czechoslovakia. They formed their own international body. The international student conference, the US and I s c functioned, essentially, as proxies for the US, and the USSR respectively, the NS, a operated as a sort of window for the CIA through the organizations access CI operatives could reach students across. The country as well as anti war, and civil rights organizations. They also use NSA student says, proxy, operatives, whenever they went overseas to deal with SEA affairs, as an extension of the American government. The CIA was prohibited from dealing directly with USSR controlled countries that the United States did not have diplomatic relations with, but members of the NSA could interact. With anyone they wanted, including student groups from communist countries, the CIA as the NSA to foam money to these student groups, influencing elections, and working to put pro American anticommunist leaders in charge, the students in these foreign groups were often the children of prominent military and political leaders through the NSA the CIA was able to start building files on these individuals and a mass data that may come in handy in the years to come when the suit. Grew up and took leadership positions in communist governments. And the CIA was able to identify individuals who may be partial to bribe to become an informant and report on what was going on in these communist countries..
"nsa" Discussed on Off The Hook
"So that prevents gummy residue on your lens. Which is a lot better than masking tape, which I know a lot of people use. So it's not just you know, covering it up with with a piece of tape. This is something that specially designed I believe, rob. You have some information on how not to do that. Right. There was there was a fun tweet by the F F on February the first the NSA that many of you may have heard of famous three-letter government organization is among these these organizations that if you go to various tech, events and conferences and things they'll they'll give away swag and a popular swag. These days is a little plastic cover for your webcam. The NSA was giving out these purple ones, but the EFF noticed that these webcam covers we're actually translucent. You could you could you could kind of see through them, and they posted a picture of this and tweeted to the NSA at NSA at NSA of the webcam covers your giving out have an interesting effect. The purple ones are transparent and they posted the photo and stuff. And of course, they they referred to these stickers which are part of this package. We're giving away that the F F make which are actually not translucent think that was that was done on purpose at the did it on purpose. They do spine. Do they they like spying it? It's kind of funny that they were giving out webcam covers in the first place when they're part of the reason that I think some people want to have a Cam either they they did on purpose or even the NSA doesn't know how to do it properly event. These stickers will will protect you. And it's it's it's done the right way. But that's still not all because one more item in this amazing package is the EFF beanie. That's right. It's a hat that probably says EFF on it. It's white embroidery on stretchy double layered black acrylic hats measures seven. Point five by eight inches. And that is just an amazing package. All of that. Did I mentioned also the Lawrence Lessig book is autographed code and other laws of cyberspace. So you get two books you.
"nsa" Discussed on Risky Business
"To which organization opera operation should belong. Good question. And I think you know, there's probably a fair number of your listeners that don't understand some of those distinctions. So we are were in always will be what's known as a combat support agency. And and that means were an element of the department of defense. And we exist to make sure that the war fighters have the information they need as they're looking to defend the US or go into battle. And so the foreign intelligence mission of NSA is one of the KEA neighbors. Right. That is that is central to one of the activities and say does is for an intelligence cyber command. And and interestingly enough that foreign intelligence if you get down into the authorizations that allow NSA to do that. It's it's an area known as as title fifty. Which is a civilian intelligence authorization the military operates and performs operations under title ten. And in fact, NSA has no authority to do offensive cyber operations. So we have the technical capability we will often support, but sensei Bor command has stood up. We do that in support of cyber command. We will do that at other times in support of other US government agencies that have thirties execute operate. But we don't have any authority ourselves outside generating foreign intelligence. Sorry, it's purely a collection role now and all offensive operations. The command all offensive operations, our cyber command or another US government agencies to lead, but we can integrate people onto their teams under there. Authorities. Okay. So you can deliver the work, but you can't initiate it. Correct. In one I think you'll see, you know, the the expertise you needed to do cyber operations resided in an essay. And and when I say resided at an assay that still meant there could be a lot of military people. We have a fair uniform population within NSA, I'm it could've been military people who are gaining those skills and building those capabilities, but I think what what the department of defense recognize was the world was changing the amount of conflict kind of below the level of war. That was coming at us. The amount of threats to our ability to be able to rate weapon systems our ability to safeguard or information and even operate the platforms like planes and ships and tanks that now are mobile computers ability to keep them safe an operational. We head to head. Have more people in the military capable of performing the the cyber operations necessary to do the DOD's mission. And yeah, some of those things are very defensive a significant amount of cyber commands resources are defensive cyber activities running our networks and securing our networks. Well, I mean, I'm on you, describe what you described is pretty clear separation of the balls of of anti and cyber command in very very simply explained, and yet, you know, general Neka sunny, of course, west who hats runs both NSA, and and saw the command and has said has been on record saying that, you know, splitting those roles is actually going to be quite quite difficult at least in the in the sort of short to medium-term sorry. How do you then go about actually separating these things out? I mean because it seems like we've got two different parallel bureaucracies operating out of the same building. How do you go about actually turning them into more distinct organizations without kind of ruining the cooperation between the two the two bodies? You made a good point that, you know, general Naksone dual headed, and if you look at the way the structures of the two organizations are he is literally the only person that that lives on both sides of that fence what we're going to have is we're gonna have NSA insider command supporting interoperation and and collaborating for the for the infinite future. Right. I don't think you can have a military organization operating inside or space. That's not going to have to engage with an essay be supported by NSA because that's our role. Right. Combat support agency and even informed by NSA. So cyber command has some civilians, but predominantly most of their or forces is uniformed a fair amount of them are enlisted military that are going to rotate up out. It's a benefit to the to NSA because we're seeing talent AMAN. We're also seeing a good amount of that talent go into industry where they where they're going to be able to bring that knowledge out into defending the nation at the corporate low..
"nsa" Discussed on Risky Business
"Get detected a lot easier. There's a lot more attention on it. You've given up some of your good. So I I think you'll still see some pretty good firewalls between these countries and their cyber programs now that's interesting now, one of the strategies case strategies of the United States government is to is to indict in obsessed show some of the operators of programs that the United States has deemed broke its laws. Often the discussion in the information security field is that there is potential for some unwanted consequences there. I mean, we've seen after the detention of this ten gentle, but we've seen after the detention of Renzo phase daughter in Canada, I should say the arrest because she's being we've seen various Canadian citizens kind of being. Throw it into the van. And I think the concern is among some people that we could say some of these other countries that where the US is indicted. It's operated we could say some of those countries actually targeting US operators. I mean that has to be a legitimate concern, doesn't it? It's a concern. But I think you need to put it into perspective. Right. When when I joined NSA, you know, I joined an arm of the department of defense where I knew that, you know, I had the opportunities to do operations. And and with that comes the understanding that some of the things we're doing our are authorized and supported by our government. And what that means is you have the full backing and security of the things the US government can do disappoint you. And so, you know, yes, if you are doing cyber espionage for the US government, and you get caught there's the potential that somebody could go out and issue an indictment. The thing we have behind us as I mentioned earlier, we got the rule of law. Right. We we are very specific on what we will and won't do. And I think if you look at the types of. Indictments we've done. That's what differentiates the work. We do for mothers. Right. It's the it's whether it's espionage for economic gain, or whether it's destructive activities against mersal. Entities. Those kind of things could and should get you indicted by the US if you're coming here on breaking the law. I don't think anybody would want the US from shying away from pursuing the the the criminals that that have broken the law because we worry that others might get indicted by people in in other places, I guess it has all side the the angle to it that if you're gonna play spy games, you're gonna win spy prizes. Right. Like, you know, it's it's it's it's a bit naive to suggest that you know, that doing this type of thing might be entirely consequence free. It's a it's a reason I guess people have to accept is what I'm getting. It's a fair assessment right in. You've gotta consider, you know, all of the activity. I don't think you're gonna see rob Joyce go into Beijing in the next six months, but at the same time, do I worry that you know, as I go take an international flight that I'm gonna wind up with international indictment. I really don't. But the thing that that I do understand is that you know, I have the whole of the US government behind me. And they're always going to stand up for me. And that's base while that helps right? So I look I wanna move onto another topic here which is talking about the roles of cyber command and innocent. Now, I understand that you work for an SI. And and you don't work facade command. Right. So so you can only speak for NSA's pot, but on behalf, but I guess what? I'm hearing about here is to nor more about the how you split the roles between the two because. You know, you look at some innocent materials particularly historical materials, and there's a lot of talk about supporting the war warfighter and all of this sort of stuff. Right. So the NSA was certainly tasked with supporting the military. So why is cyber command all of a sudden needed, and how do you how do you actually determine?.
"nsa" Discussed on Armchair Expert with Dax Shepard
"They are them the next eleven military's combined. I think it's currently twenty four cents of every tax dollar supports the Pentagon and military. Just clarify. I'm not getting facts. What is often not in that number is they don't include homeland security in it doesn't sound like him that number. They did. But yeah, whatever if you include homeland security and stuff, but go ahead. And it's the biggest after the next seven countries, not eleven and bigger. Meaning we spend more than seven countries now combined cry combined. Yeah, we spend six hundred ten billion dollars. Okay. Great. So. Yeah. That that makes sense where that number. Because I think it's one point two trillion with homeland security and. NSA? I love you. We got through Sam we were a little nervous. Yeah. Don't you think? Yeah. I'm still nervous. There's still. Yeah. Yeah. Because we we aim to be less divisive. And but what I feel is this is Sam I mean, this we have people on to talk about them and talk about what makes them tick and what what is their work and their interests. And that's what SAM's interested in his doing great. You know, he is expanding minds, and it's great, and this is a part of him. So of course, it's going to be on the show in minimally. Even if you hate what he says, you think it's stupid. Can lead to a compelling conversation. Yeah. That could bear fruit. It is good Tillerson to people who challenge your normal thinking, even if it just means so you can build a good argument against it. Sure. So you don't build a straw, man argument are y love you. I love you way, more than any election. That's coming way, more than my wife have ledge way more than my male privilege or my toxic masculinity. I love you more. The fact that I wanna Ferrari F f his toxic masculinity. Now, I I don't go on whatever you want. All right. I love you..
"nsa" Discussed on 600 WREC
"Out of the country there was a cover up the DNC put pressure. On the local police to, drop it, to stop, looking into it we also know that the, his his server was accessed illegally from Pakistan so there is national security. Hillary's emails national security The DNC hacking which is just internal politics there's no national security and the fusion GPS which because Russia. Is involved it might be national security which one do they which one. Did they do the indictment on which, one did Which one did they solve Solve the toughest one yeah the toughest one that also has zero Democrats involved in the, possibility of doing anything bad Because it's the DNC hack? It's. The one that is all internal politics no national security and the Democrats were the victim It also like Pat said is the, hardest one to. Solve because this one involves WikiLeaks DC leaks dot, com and Gustav for now if you don't. Have time here to explain all of those but those are mysteries wrapped in an enigma Nobody knows who goose affir-? Was nobody knew who DC leaks were nobody, knows how the DNC servers got to WikiLeaks all kinds of. Speculation but how did all of it happen So here's this is quite interesting We just indicted I think sixteen GRU like the. KGB military version of the KGB we. Just indicted and somebody on this somebody who listen to the, show called yesterday and said Glen and we just. Going to take, the Democrats word? And I said you know what I. Don't know what the evidence. Was let me look into. It we. Started looking into it it's incredible Here's how they. Here's how they did it. The NSA Identified sixteen GRU okay now I don't know about. You but let's, just talk about this like. Mission impossible These? Agents are here and they're all undercover it's like mission impossible how do the? NSA identify these sixteen people we don't know or did, they identify more but only find it on this so. We have the g r you the KGB agents the NSA found. Them. And then they started monitoring them, they tracked them to a bitcoin wallet that's, like You know bit. Pay so okay I can see how the. NSA did that they. Go and they're following these guys and they? See that there's a large transfer from a Bank to a bitcoin wallet well? That's where it should stop because remember bitcoin is unhappy, cobble you cannot you, can't track those that's why drug. Cartels use them because you can't track. Them right Somehow or another the NSA Hacked it and they tracked the bitcoin expenditures to buy a. A VPN A VPN is I think it's a very private network And these are what. You have. To have to go onto the dark web you, can't you, can't just go. Onto the dark web with you know outlook or explorer you need to have a VPN me only reason why you'd have a VPN as you're going to. Do some various stuff. And VPN's also make you invisible you can't, track those so the NSA found the GRE you, guys they then tracked into a bit pay a. Wallet then they followed that money to buy..
"nsa" Discussed on Newsradio 970 WFLA
"We know so we went back and we looked the NSA track these GRE you guys you know military KGB if you will and track, them. To a a crypto wallet right and then they. Tracked that wallet or they track that money to, a VPN which is. What you need to go onto the dark web right then they tracked those players in the dark web it's my understanding is people. Say all the time it's just money laundering only the. People that are using bitcoin or the dark web are bad people probably, right about the dark web But not necessarily about bitcoin but I thought it, was? Untrue symbol it is not untraceable it is the cryptography is unbreakable it is pseudo anonymous so every single transaction that happens in bitcoin shows, up. On the bitcoin blockchain and anybody can see it. So if you can be tied to just one, purchase right if they. Can say okay tika bought this then then they can go and trace all the way back to the bitcoin We'll just. Waiting for that number they look into that number and then they can. They can unfold everything I do use bitcoin to break, the law you you've got to be dumber than two rocks and. A sock it's just not bright to do that when I? Speak, to. Prosecute is, off the record they say, tika we'd love it. When criminals are stupid enough to use bitcoin because. It's, like they, leaving a trail for us to follow they've only got time back to one. Transaction and they can unfold everything I. Can't believe. That these Russian agents didn't use cash they would have been much better. Off using, cash than using bitcoin is that your understanding of, a pet certainly wasn't until, now no that's I mean I know..
"nsa" Discussed on Pocket Now Weekly
"Nsa's doing all this stuff and like kim trails this is awesome i love that this was like someone immediately went to you know they they are the law enforcement is offering it adviser he against while way because there too difficult now i'm telling you are the chinese are turning the frogs gay screwed you are a alexander contact group together spit there an end later will will our sponsor is not selling disaster buckets of food that you can also turn into founder i i'd be before we get to our sponsor and i apologize the outlet sponsoring i guess this week i i did also just wanted it lightly touch on this because in in light of this political news you're losing a fight badly in trying to get while way phones in to us carriers law enforcement issuing an advisory against the security of these devices it's just over wrong time to be entertaining shenanigan review common trick arri on trying to encourage people to buy your phones this best by this best buy problem was a bad look for while i i can't imagine any one being able to to properly justified that instantly create sort of an arab illwill around the brand yet definitely didn't make any sense like there there was a just peace in that they had two different marketing operations happening simultaneously in wires got cross some wearing they asked people from won promotion to to participate in other sorry for my cat uh.
"nsa" Discussed on KTLK 1130 AM
"I've never gone to google and they just they lost all those answers have you ever seen that happen is there no backup the nsa his spying on you and me they are collecting all of our data and they say they are not listening to it but it's saved forever the national archives are saving every tweet and every facebook post for historical purposes in the national archives you have fp i devices that by law are supposed to be preserved every single tweet every single taxed everything written or spoken on that phone is supposed to be recorded and saved by law and they've lost them but just this one time period it's so unfortunate tonight at five o'clock i am going to i laid out this morning for the staff and i asked them to do the research on it i'm i'm telling you this is this is worse then watergate except it's not the president that's covering this up it's the system that is covering this up and i believe that both the republicans and the democrats are so dirty this is exactly like that was was sandy berger remember when sandy berger red if you're not eleven sandy berger goes in you know to to some research he just going to look at some papers aboard the bush administration and the clinton administration is is looking to add some stuff for history and then all of a sudden those favors are missing we don't even know what those papers are but he took him out in his underpants.
"nsa" Discussed on KSFO-AM
"Seven seven three eight one three eight one one eight seven seven three eight one three eight one one we're going to talk more about this down the road and not that far down the road little bit later this week and a lot next week and the week after and one hundred more points that relate to this because this is your society at cheer culture it your country at your government and we need to understand what it's supposed to be and what it is and we're going to do that in a moment be dyer and so forth i think it'll be really bracing and compelling an inspiring in many respects now i'll take your calls on these subjects at all worried only to hang up we have a full board but i want to move onto a few other things trade judge the former secretary department of homeland security never much like this guy under obama but he was testifying today at a house hearing on russian hacking and i've asked over and over and over again if this was so bad and it was didn't happen on obama's watch mr johnson's watch mr holders watch and ms lynch's watch didn't happen on the watch of their cia and they're nsa in the democrat party the hell they do about it while for a while they covered it up they didn't tell the american people all right so let's begin speaking at the beginning cut one go in two thousand sixteen the russian government at the direction of ladimir putin himself orchestrated cyber attacks on our nation for the purpose of influencing.
"nsa" Discussed on The Majority Report with Sam Seder
"The idea that this whole russia thing is some type of complete fabrication i think um is getting harder and harder to defend another story associated with this is that the fbi has arrested a twenty five year old woman named reality lee winner reality winner reality sperry thomas pension we yes i would say apparently this is what happened and she has been charged under the espionage act the fbi affidavit filed with her arrest said she's worked for plural bus international corporation at a government facility in georgia since february thirteenth she is charged with providing a copy of a highly confidential top secret nsa document and here's how they found out it was her some of this is the intercept apparently not using best practices the intercept when they were going to the nsa to get comments on the story that they were preparing to write on this document showed the nsa a copy of the document they had which apparently was a copy in and of itself the copy of the document as opposed to being an original document the copy showed some type of crease in the paper which indicated that it was a copy and there were specific signatures left by the copy machine i don't know if it's expressly for this purpose but it's the case nsa's auditing system showed that six people had printed out the report concluding ms winner investigators then examined the computers of those six people and found them is winner had been in email contact with the news outlet this being the intercept but the other five had not so look here's one thing that.
"nsa" Discussed on As It Happens from CBC Radio
"This is an early twenty correct correct i was arrested in two thousand twelve and went to prison from two thousand thirteen to two thousand fifteen and so now to this see this woman who has been charged allegedly she is the leaker she was she had the classified nsa documents she it's somehow guided to them uh and that uh they went to confirm the center city the document and have revealed on this do you know anything about with the information that document how important it was to be put into the public domain yeah this was not uh raw cia or nsa intelligence it was an fa analysis of russian meddling in the two thousand sixteen presidential election so sure was classified but one of the one of the tenets of the espionage act is that it had to cause harm to the national security and as an analytic product this is this is and if an opinion of the nsa's a analytic staff i can't imagine that there's any harm to the national security here and you know another thing too up until barack obama was elected president these issues were dealt with administratively and internally i worked at the cia for many years and there was a woman that i sat near who leaked information wants to a cnn she was having an affair with the cnn correspondent uh she was caught she admitted what she had done and she was suspended without pay for six weeks and she was barred from promotion for three years and that's normally how these things are are dealt with but since obama the us government has used the espionage act which is really an iron fist to crack down on leaks so is this really the new policy that we have now we have two successive presidents using the espionage act to crack down on leaks.