Skip navigation
Help

National Security Agency

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

The National Security Agency wants your kids to know that it's cool to be "cyber smart."

As part of the agency's outreach to promote interest in technology and recruit a future generation of computer security experts, the NSA has links on its homepage to two sites targeted at children and adolescents. The "Kids Page," intended for elementary age children, appears to be down at the moment—either that, or the error code reference (Reference #97.887ffea5.1374616699.dc7bfc5) is an encoded message to grade school operatives that it's time to report in.

But the "Change The World" page, targeted at middle and high school students, is chock full of crypto-clearance fun. There's a word search, a PDF to print to make your own letter substitution code wheel, and a collection of tips on how to be a good cyber-citizen. Ironically, some of these tips might be useful for people concerned about how much data is being collected on them through broad metadata collection and FISA Court warranted PRISM probes.

Among the NSA's tips for kids is this sage wisdom: "Be cyber courteous! It is too easy to hide behind a computer! A cyber smart person never says anything online that they wouldn’t say in person. Remember that what you write in an e-mail can usually be retrieved and shared with others, so be responsible with e-mails, chats, and online communications." Especially since those e-mails, chats, and online communications could be getting captured in real-time by one of the NSA's network taps.

The NSA does offer kids some helpful password advice. "Try this: Take four random words…take the first three letters of each word, make some letters upper case and others lower case, then add any two or three numbers and then some character like @#$%&... the password should be at least 14 characters and memorable (or write it down but protect it). You should have a different password for each account that you have!" The NSA also suggests that kids only share their passwords with their parents. "No one else should have them—not your friends, teachers, or other family members."

The NSA wants kids to look out for software trojan horses and to play fair. "Do you download 'cheat' programs that promise information to how to perform better or beat a game?" the site asks. "Sometimes cheat downloads are used to implant a virus or malware on your computer!"

There's also some helpful information on protecting kids' identities online, including how to behave on social networks and in online games. "Do you use an avatar? You should. While cameras and webcams are popular, they also reveal who you are. When gaming, keep your true identity a mystery. Cyber sleuths never reveal their true identity except to trusted adults, like your parents!"

0
Your rating: None

An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."

0
Your rating: None

Given that we now know that the National Security Agency (NSA) has the ability to compromise some, if not all of VPN, SSL, and TLS forms of data transmission hardening, it’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the “Five Eyes” group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include:

  • A company volunteers to help (and gets paid for it)
  • Spies copy the traffic directly off the fiber
  • A company complies under legal duress
  • Spies infiltrate a company
  • Spies coerce upstream companies to weaken crypto in their products/install backdoors
  • Spies brute force the crypto
  • Spies compromise a digital certificate
  • Spies hack a target computer directly, stealing keys and/or data, sabotage.

Let’s take these one at a time.

0
Your rating: None

The National Security Agency and its UK counterpart have made repeated and determined attempts to identify people using the Tor anonymity service, but the fundamental security remains intact, as top-secret documents published on Friday revealed.

The classified memos and training manuals—which were leaked by former NSA contractor Edward Snowden and reported by The Guardian, show that the NSA and the UK-based Government Communications Headquarters (GCHQ) are able to bypass Tor protections, but only against select targets and often with considerable effort. Indeed, one presentation slide grudgingly hailed Tor as "the king of high-secure, low-latency Internet anonymity." Another, titled "Tor Stinks," lamented: "We will never be able to de-anonymize all Tor users all the time."

An article published separately by The Washington Post also based on documents provided by Snowden concurred.

"There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale," the report said. "But for almost seven years, it has been trying."

0
Your rating: None
Original author: 
Sean Gallagher


NSA Headquarters in Fort Meade, MD.

mjb

One organization's data centers hold the contents of much of the visible Internet—and much of it that isn't visible just by clicking your way around. It has satellite imagery of much of the world and ground-level photography of homes and businesses and government installations tied into a geospatial database that is cross-indexed to petabytes of information about individuals and organizations. And its analytics systems process the Web search requests, e-mail messages, and other electronic activities of hundreds of millions of people.

No one at this organization actually "knows" everything about what individuals are doing on the Web, though there is certainly the potential for abuse. By policy, all of the "knowing" happens in software, while the organization's analysts generally handle exceptions (like violations of the law) picked from the flotsam of the seas of data that their systems process.

I'm talking, of course, about Google. Most of us are okay with what Google does with its vast supply of "big data," because we largely benefit from it—though Google does manage to make a good deal of money off of us in the process. But if I were to backspace over Google's name and replace it with "National Security Agency," that would leave a bit of a different taste in many people's mouths.

Read 31 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Megan Geuss

The Guardian

The Guardian released an interview today with the man who has been the paper's source for a few now-infamous leaked documents that revealed a vast dragnet maintained by the NSA for gathering information on communications in America. That source is Edward Snowden, 29, an employee of American defense contractor Booz Allen Hamilton and a former technical assistant for the CIA.

When The Guardian published a leaked document on Wednesday of last week that showed a FISA court granting the NSA power to collect the metadata pertaining to phone calls from all of Verizon's customers over a period of three months, it became one of the biggest exposures of privacy invading actions taken by the government without the public's knowledge.

That is, until the next day, when The Guardian and The Washington Post revealed slides pertaining to another NSA project called PRISM, which apparently gathered vast swaths of information on users of Google services, Facebook, Apple, and more. While the companies named in the PRISM slides have all denied participation in such a program, President Obama and a number of senators confirmed the collection of phone call metadata on Friday.

Read 9 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Adi Robertson

Boundless-heatmap-large-001_large

Leaked information about a piece of NSA software called Boundless Informant could shed light on how organized the agency's surveillance program really is. Glenn Greenwald — who recently exposed both widespread phone metadata collection and an internet spying program called PRISM — has revealed details about the ominously named program, which aggregates and organizes the NSA's data. Greenwald says the tool is focused on metadata, not the contents of emails or phone calls. Among other things, it tracks how many pieces of information have been collected per country.

3 billion pieces of information were allegedly tracked in the US over a 30-day period ending in March. In that same period, 97 billion pieces were collected worldwide, with...

Continue reading…

0
Your rating: None