(click on the above link to be re-directed to source page)
Well if you have been keeping up, this is no friggin’ surprise.
But like all things, there is a work around to Big Brother’s antics.
Remember, A Civilian Operator’s Cyber skill-set in the 21st Century are just as, if not more important than being handy with a gun.
Stay Alert, Stay Armed and Stay Dangerous!
Last month, the FBI was ordered to reveal the full malware code used to hack visitors of a dark web child pornography site. The judge behind that decision, Robert J. Bryan,said it was a “fair question” to ask how exactly the FBI caught the defendant.
But the agency is pushing back. On Monday, lawyers for the Department of Justice filed a sealed motion asking the judge to reconsider, and also provided a public declaration from an FBI agent involved in the investigation.
In short, the FBI agent says that revealing the exploit used to bypass the protections offered by the Tor Browser is not necessary for the defense and their case. The defense, in previous filings, has said they want to determine whether the network investigative technique (NIT)—the FBI’s term for a hacking tool—carried out additional functions beyond those authorised in the warrant.
DoJ attorneys have also asked to submit a filing ex parte and in camera, meaning that only the judge would be presented with evidence under the motion.
“Tsyrklevich claims that he requires access to the government’s ‘exploit’ to determine if the government ‘executed additional functions outside the scope of the NIT warrant,’” Special Agent Daniel Alfin writes. He is referring to Vlad Tsyrklevich, a malware expert held by the defense to analyse the NIT. In January, the defense did receive some of the NIT code, but not sections that would ensure that the identifier issued to the suspect’s NIT-infection was unique, and the exploit used to break into the computer.
This specific case concerns Jay Michaud, a public school administration worker from Vancouver, Washington, who was arrested in July 2015. In February 2015, the FBI seized a dark web child pornography site and ran it from their own servers for 13 days. During this time, the agency deployed a NIT against people who visited specific, child pornography threads, which grabbed their real IP address, among other technical details.
“Knowing how someone unlocked the front door provides no information about what that person did after entering the house.”
Tsyrklevich has written a declaration after analysing the parts of the NIT that have been disclosed, but the full text of that document remains under seal.
“He is wrong,” Alfin continues. “Discovery of the “exploit” would do nothing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud’s computer, not what it did once deployed.”
Here, Alfin starts an analogy for software vulnerabilities: that of a flaw in a lock.
“In layman’s terms, an ‘exploit’ could be thought of as a defect in a lock that would allow someone with the proper tool to unlock it without possessing the key,” he writes.
“Knowing how someone unlocked the front door provides no information about what that person did after entering the house. Determining whether the government exceeded the scope of the warrant thus requires an analysis of the NIT instructions delivered to Michaud’s computer, not the method by which they were delivered.”
Alfin also claims that the identifiers attached to each NIT-infection, another point of contention for Tsyrklevich, are indeed unique.
“I have reviewed the list of unique identifiers generated during the operation and confirmed that there were in fact no duplicate identifiers generated,” Alfin adds.
NIT code has been disclosed in the past. In a 2012 case, the government provided details of its technique which turned out to involve the hacking-toolkit Metasploit. The FBI used a Flash applet to make a direct connection over the internet, instead of routing the targets’ traffic through Tor.
Peter Carr, a spokesperson for the Department of Justice, told Motherboard in an email “We’ll decline to comment beyond our public filings.”
Read the Original Article at Motherboard
IT WAS THE talk most anticipated at this year’s inaugural Usenix Enigma security conference in San Francisco and one that even the other speakers were eager to hear.
Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.
Joyce is head of the NSA’s Tailored Access Operations—the government’s top hacking team who are responsible for breaking into the systems of its foreign adversaries, and occasionally its allies. He’s been with the NSA for more than 25 years but only became head of the TAO division in April 2013, just weeks before the first leaks from Edward Snowden were published by the Guardian andWashington Post.
Joyce acknowledged that it was “very strange” for someone in his position to stand onstage before an audience. The TAO has largely existed in the shadowy recesses of the NSA—known and unknown at the same time—until only recently when documents leaked by Snowden and others exposed the workings of this cabal as well as many of its sophisticated hacking tools.
Joyce himself did little to shine a light on the TAO’s classified operations. His talk was mostly a compendium of best security practices. But he did drop a few of the not-so-secret secrets of the NSA’s success, with many people responding to his comments on Twitter.
How the NSA Gets You
In the world of advanced persistent threat actors (APT) like the NSA, credentials are king for gaining access to systems. Not the login credentials of your organization’s VIPs, but the credentials of network administrators and others with high levels of network access and privileges that can open the kingdom to intruders. Per the words of a recently leaked NSA document, the NSA hunts sysadmins.
The NSA is also keen to find any hardcoded passwords in software or passwords that are transmitted in the clear—especially by old, legacy protocols—that can help them move laterally through a network once inside.
And no vulnerability is too insignificant for the NSA to exploit.
“Don’t assume a crack is too small to be noticed, or too small to be exploited,” he said. If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter. Those are the ones the NSA, and other nation-state attackers will seize on, he explained. “We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.”
Even temporary cracks—vulnerabilities that exist on a system for mere hours or days—are sweet spots for the NSA.
If you’ve got trouble with an appliance on your network, for example, and the vendor tells you to briefly open the network for them over the weekend so they can pop in remotely and fix it, don’t do it. Nation-state attackers are just looking for an opportunity like this, however brief, and will poke and poke your network patiently waiting for one to appear, he said.
Other vulnerabilities that are favorite attack vectors? The personal devices employees bring into the office on which they’ve allowed their kids to load Steam games, and which the workers then connect to the network.
Read the Remainder at Wired