Home Tags US House of Representatives

Tag: US House of Representatives

Congress may make the US Register of Copyrights a presidential appointment

Copyright Office could be split off from Librarian of Congress, an Obama appointee.

House could vote tomorrow to let ISPs sell your Web browsing...

House moves quickly after last week's Senate vote to kill FCC privacy rules.

Feds snooping on your email without a warrant? US lawmakers are...

Will senators prevent axe falling on 180-day slurp rule? On Monday, the US House of Representatives – normally a body that can't agree on anything – voted unanimously to pass the Email Privacy Act (HR 387).…

Group claims to hack NSA-tied hackers, posts exploits as proof

Shadow Brokersreader comments 13 Share this story In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency. In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr). Last year, Kaspersky Lab researchers described Equation Group as one of the world's most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn't immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group. Not fully fake "These files are not fully fake for sure," Bencsáth Boldizsár, a researcher with Hungary-based CrySyS who is widely credited with discovering Flame, told Ars in an e-mail. "Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group." The Shadow Broker post came the same day that Guccifer 2.0, the online persona behind high-profile hacks of the Democratic National Committee and the Democratic Congressional Campaign Committee, posted a new batch of private material purportedly taken during the breach of the latter Democratic group. Monday's Guccifer post came on the heels of Friday's separate document dump that leaked a massive amount of personal data belonging to every Democratic member of the US House of Representatives. Taken together, the three posts, and several earlier Guccifer 2.0 dispatches, represent a major broadside against US interests, although it’s impossible to directly connect the people behind the two online personas. Shadow Brokers’ post also differed in that it was offering to auction off the stolen data in exchange for a payment reaching one million Bitcoins (current value more than $500 million). (The 256 MB of data included in Monday’s post was offered as a small sample of what Shadow Brokers had acquired.) Many researchers doubt the group has any hope of selling the data. As international tensions over hacking remain high, those experts speculate the true aim of Shadow Brokers is to discredit and embarrass the US government and its intelligence apparatus. Many researchers similarly doubt the data was acquired during a direct hack of Equation Group networks. Instead, researchers speculate the data came after breaching a command-and-control channel server used by a hacking group. Samples of the stolen files are dated most recently to 2013 and contain implants, exploits, and other tools for controlling routers and firewalls, including those from Cisco Systems, Juniper, Fortigate, and China-based Topsec, according to this analysis from Matt Suiche, cofounder and CEO of security firm Comae Technologies. A separate analysis from firm Risk Based Security noted that an IP address in an exploit labeled "ESPL: ESCALATEPLOWMAN" contained an IP address belonging to the US Department of Defense. Using broken English, Shadow Brokers posted the following: We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files. At the same time, the Risk Based Security post cautioned that so-called false-flag operations—in which attackers manufacture evidence that falsely implicates others—is a regular occurrence in hacking campaigns, particularly those sponsored by nations. If the claims in the Shadow Brokers’ post are true, this may be one of the only publicly known times the NSA has been compromised. But even if the claims turn out to be exaggerated, the Shadow Brokers’ post is significant, if only for the amount of work and planning that went into the fabricating evidence to provoke one of the world’s most advanced hacking operations.

US Politicians tell DEF CON it’ll take Congress ages to sort...

Congressmen want to protect commerce, but also give law enforcement powerful tools DEF CON It’s going to be at least a year or so, and probably a lot longer, before the United States Congress gets around to ruling on the second war on encryption, two members of the US House of Representatives told the DEF CON event. Alex Stamos, chief security officer (CSO) of Facebook, hosted a panel with Representatives Eric Swalwell (D-CA) and Will Hurd (R-TX) to examine the current battle between some elements of law enforcement and technology communities over backdooring encryption standards and the news isn’t good. Swalwell, a member of the House Permanent Select Committee on Intelligence and the Committee on Science, Space, and Technology, has co-sponsored a bill to set up a year-long consultation period to examine the issue, with technical experts and law enforcement weighing in.

But with the US currently in election mode it’s unlikely to get started soon. He said that the country has to avoid banning end-to-end unbreakable encryption on which ecommerce depends, but also had to take into account the needs of law enforcement to track suspects and bring them to justice. “As a prosecutor the last three cases I got convictions on then the lynchpin was cellphone data; without that evidence we wouldn’t have had what we needed to prosecute,” he said. “But the San Bernardino case highlighted the challenge, with the FBI using the 1789 All Writs Act.

That they had to rely on legislation from 1789 is a failure of congress to update the law as it is related to technology," Swalwell said, "we’ve done nothing legislatively since encryption was built and we owe it to the technology community to make sure they know their rights.” His opposite number Hurd, who consulted for a cybersecurity firm and served in the CIA before going into politics, agreed. Hurd pointed out that the San Bernardino iPhone turned out to have contained nothing of use to investigators and law enforcement has a duty to concentrate on traditional police work before it calls for encryption to be broken. “Encryption is good for national security and for the economy, we should be spreading encryption not weakening it,” he said. “You don’t have to get into technology by these means, that has already been debunked. You just have to utilise old techniques.” He pointed out that there was an international aspect to the case that is harming America. Non-US companies, particularly in Europe, were using the issue to introduce protectionist policies that are hurting American companies trying to sell their services abroad. Hurd, who worked undercover in the Middle East and South Asia during his time at the CIA, also offered an interesting perspective on using technology to counter the machinations of medieval terror bastards ISIS. While the Daesh-bags have been very smart about using social media to recruit worldwide, these techniques could be a two-edged sword. “In 2005, if you were an American and went into tribal areas of Pakistan offering to fight for Islam you’d get your head cut off,” he said. “Now people can, thanks to social media, but when you think about it that’s also an opportunity to insert human intelligence operatives.” ® Sponsored: 2016 Cyberthreat defense report

Millions of Yahoo Accounts Pop Up for Sale on the Dark...

The accounts appear to be from 2012; Yahoo said it is investigating. Yahoo is investigating a potential security breach, a day after 200 million Yahoo user accounts reportedly showed up for sale on the dark web. A hacker linked to breaches of LinkedI...

Dem-owned-crats: Now its congressional committee is hacked

Political attacks from Russia mystery source continue The Democratic Congressional Campaign Committee – which represents Democrats in the US House of Representatives – has been hacked, and miscreants have made off with a massive amount of data. The DCCC confirmed its computer systems were infiltrated and ransacked in a manner similar to the high-profile intrusion at the Democratic party that resulted in the leaking of thousands of emails and personal data. The congressional committee is the branch of the Democratic Party that handles fundraising efforts for members serving in the House.

A breach of the group could result in the loss of details and party strategy on local campaigns around the country. The DCCC said in a statement to The Register: "The DCCC can confirm that we have been the target of a cybersecurity incident. Upon discovering the issue, we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing this incident.

The investigation is ongoing. "Based on the information we have to date, we've been advised by investigators that this is similar to other recent incidents, including the DNC breach.

The DCCC takes this matter very seriously. "With the assistance of leading experts we have taken and are continuing to take steps to enhance the security of our network in the face of these recent events. We are cooperating with federal law enforcement with respect to their ongoing investigation." The nature of the attacks suggests they were performed by the same group that lifted data from the DNC.

The contents of that data dump were passed on to WikiLeaks, who in turn made all of the information public. While the source of the DCCC breaches has not been made public, widespread belief among many in the security community is that the attacks are likely the work of a Russian-based group with political motives, though others have challenged that notion. Thus far, the details of what was stolen from the DCCC have not been released.

The committee is reportedly working with the FBI on an investigation into the attack. ® Sponsored: 2016 Cyberthreat defense report

Microsoft Stands Behind Apple in iPhone Case

Microsoft voices its support for Apple in its challenge to a court order requiring the company to unlock an iPhone used by one of the San Bernardino shooters. Bill Gates may be on the FBI's side in the San Bernardino iPhone case, but the company he co-...

Lawmakers push for encryption commission to find compromise

The U.S.

Congress should allow an expert commission to recommend ways to resolve the contentious debate over police access to encrypted communications before passing "knee-jerk" legislation, one lawmaker said. Even as Apple and the FBI fight in court o...

Congress passes permanent ban on Internet access taxes

New law would force seven states to phase out existing tax schemes by 2020.

Let Europeans sue America for slurping their data – US Senate

European citizens will soon win the right to sue the US government for snatching their personal and private data. On Tuesday, the US Senate passed the Judicial Redress Act, which is a critical jigsaw piece for the new Privacy Shield agreement that governs the exchange of people's personal information over the Atlantic. The Senate has passed a slightly different version from the one approved by the House earlier, so the two versions will need to be reconciled before being passed on to the President for his signature. Co-sponsor of the bill Senator Orrin Hatch (R-UT) said: "I am pleased the full Senate has passed this legislation, which demonstrates that the United States respects cross-border data privacy ... It will complete an important agreement with the EU and thereby improve the ability of law enforcement to fight crime and terrorism." What the legislation will do is provide a vital right of judicial redress for European citizens if they feel their privacy rights have been infringed by the US government. It will also allow them to review and correct information held on them by federal agencies. Wrangles over NSA These were critical rights that the European Court of Justice (ECJ) said needed to be included in any new deal after it struck down the long-standing Safe Harbor agreement covering data sent between the US and Europe. What is less certain is whether the description of US security services' right to access that data is sufficiently clear. It was Edward Snowden's revelations that the NSA, among others, were conducting mass surveillance of internet traffic that led to a lawsuit against Facebook, which led to the ECJ decision. Although there have been changes in the US over the security services' access to that data, a key part of the negotiation between US and EC officials over a new agreement was clarity over when and how they are allowed to access people's personal information. Despite the US feeling confident it has done that under the new Privacy Shield agreement, many in Europe are less confident. In particular, the Senate added a new provision that said the bill could not impede US national security interests – which many view as an escape clause for continued security services access. Although the Senate passing the Judicial Redress Act will tie things up at the US end of things, Europe still has to go through a number of steps and legislative reviews before the Privacy Shield agreement is formally accepted. ® Sponsored: Building secure multi-factor authentication

House bill would kill state, local bills that aim to weaken...

Bipartisan legislation likely to be thorn in law enforcement's "Going Dark" side.