Week 8 News Digest

NSA chief seeks compromise on encrypted phone snooping

February 23, 2015
http://phys.org/news/2015-02-nsa-chief-compromise-encrypted-snooping.html
In Washington, Monday February 23, the National Security Agency chief proposed that a compromise can be made when it comes to access encrypted devices. National Security Agency Director Admiral Mike Rogers, stated that he does not believe Americans should be divided on the issue of encryption. Rogers said that in the fight against terrorism, the concerns are the same as in law enforcement, and endorsed the view expressed by FBI director James Comey on gaining access to encrypted mobile devices. Rogers’ stated that “We fully comply with the law…we do that foreign intelligence mission operating within (a legal) framework.” The point of the conference was to bring awareness to the NSA’s belief that there should be a common ground with the tech sector on the issue, instead of a nothing or everything.

Alleged Hacker belonging to the hacking crew Lizard Squad run a DNS hajacking attack against the Google Vietnam domain.

February 24,2015
http://securityaffairs.co/wordpress/34058/cyber-crime/lizard-squad-dns-hijacking-google-vietnam.html
Users who accessed the Google Vietnam website were presented with a picture of a man taking a selfie, along with a message that claimed the site was hacked by Lizard Squad. The hackers also took the opportunity to advertise their Lizard Stresser DDoS service. Although Google Vietnam wasn’t actually hacked, the attackers directed the visitors to a defacement page through DNS hacking. The attackers managed to redirect users by changing the Google name-servers to CloudFlare. Experts believe this was either done to confuse network analysts and legacy tools, or the attackers simply didn’t care what type of IP address they were using as long as they achieved their goals. The name-server records were restored roughly two hours after the attackers had changed them.

Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters  and the U.S. National Security Agency

February 25,2015
http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx
On February 25,2015 the European SIM maker of Gemalto said they have investigated the past records of attempts of attacks. The website made the allegations on the theft of the keys — which encrypt and decrypt data — based on a document leaked by former NSA contractor Edward Snowden. But the company denied that these attacks resulted in a large-scale theft of encryption keys. The company said the aim of the operation was to intercept the encryption keys as they were exchanged between mobile operators and suppliers.

Most popular apps vulnerable to hacking: McAfee

February 24,2015
http://timesofindia.indiatimes.com/tech/tech-news/Most-popular-apps-vulnerable-to-hacking-McAfee/articleshow/46357311.cms

Intel Security’s McAfee Labs is reporting that the vast majority of the most popular mobile apps found to be vulnerable to man-in-the-middle attacks in research performed last year remain exposed to attacks. According to McAfee Labs, nearly three-quarters of the 25 most downloaded apps on CERT’s list are still unpatched. Although the researchers did not find evidence that these apps had been exploited, the number of downloads for the apps ranges into the hundreds of millions. The latest findings were included in the McAfee Labs Threat Report of February 2015, which also revealed that mobile malware samples jumped 14 percent during the final quarter of 2014. At least eight percent of all McAfee-monitored mobile systems reported an infection in the fourth quarter of last year.

Old Vulnerabilities Still Popular Targets for Hackers: HP

February 23,2015
http://www.securityweek.com/hp-cyber-security-report-reveals-old-vulnerabilities-still-popular-targets

Vulnerabilities in older code is continuously becoming a big risk for hacking, according to the HP report. Hackers have used older methods and codes from years ago, even decades ago. The most targeted 2014 CVE was CVE-2014-0322, a vulnerability in Microsoft Internet Explorer, leaving corporations exposed.

NSA Reform Bills: Is it Sufficient ?

Throughout time courts have ruled against any form of intrusion into American citizen’s private lives . These federal laws , for instance the FISA law , seek to discourage fishing undertakings, aimless assumptions and unconditional approaches to collect information among the society. As a matter of fact, it can be illegally retrieved evidence set off by warrantless searches and investigations are presumed unacceptable in courts. This is because the law prevents the State to gain from its infringement. Certainly, an infraction of such rights of a single person is already one too many.

http://www.gpo.gov/fdsys/pkg/STATUTE-92/pdf/STATUTE-92-Pg1783.pdf

In the PBS special Spying on the Home Front, it exposes just how much the government has no time for legally identified processes of investigation and surveillance to allow uncommon entrance to personal communication encompassed by innocent American citizens. The National Security Agency (NSA) has been explicitly constructed to deflect alarming communication with the ambition of catching the terrorists, even before the agency plans to take definite actions. Therefore, the agency at first was subsequent to the principle that investigations need to prevent private correspondences. Be that as it may, in the last few decades and more so after the 9 /11 terror attacks, the NSA, along with the Federal Bureau of Investigation (FBI) and the Central Intelligence Agency (CIA) used their skills and devices to spy on the American people.

https://www.eff.org/nsa-spying/timeline

The only thing that can be said about laws that give the government so much power and the citizens so little is that the Patriot Act gave the government permission to set up the framework of a police state. The Patriot Act, established a little over a month after 9/11, reduces civil liberties that were protected by the Constitution. The NSA can even access call records in the cell phone company Verizon, it was made so that the customers didn’t even know that they were even being spied on. Except that Verizon is not the only the information has been put into what is called “metadata”, making so that there is no need for a warrant. It also gains access through internet sites such as Google, Apple, and Facebook through an Internet-search program known as PRISM; without gaining permission not only through the people but also the companies. John Earnest a deputy of the press security states that “Collecting millions of phone records of ordinary citizens allows law enforcement to discover whether known or suspected terrorists have been in contact with other possible terrorists.”

http://usatoday30.usatoday.com/news/washington/2006-05-10-nsa_x.htm

In the summer of 2013, the spying agency claimed they foiled a little over fifty terrorist plots. But how much of that was due to looking through citizen call and internet records? A new analysis of terrorism charges in the US found that the NSA’s dragnet domestic surveillance “had no discernible impact” on preventing terrorist acts. Instead, the majority of threats over the last decade were detected by regular old intelligence and law enforcement methods—tips, informants, CIA and FBI ops, routine law enforcement.

http://securitydata.newamerica.net/nsa/analysis
http://motherboard.vice.com/blog/youll-never-guess-how-many-terrorist-plots-the-nsas-domestic-spy-program-has-foiled

I do understand that the point of the program is to protect the U.S. from terrorist attacks but by invading the American people’s personal records and not informing us of such actions? That does not seem beneficial to any innocent citizens.