Edward Snowden | Breaking Cybersecurity News | The Hacker News

On Saturday, the Senior Administration Officials cast light on the subject of Internet Security and said President Obama has clearly decided that whenever the U.S. Intelligence agency like NSA discovers major vulnerabilities, in most of the situations the agency should reveal them rather than exploiting for national purpose, according to The New York Times . OBAMA's POLICY WITH LOOPHOLE FOR NSA Yet, there is an exception to the above statement, as Mr. President carved a detailed exception to the policy " Unless there is a clear national security or law enforcement need, " which means that the policy creates a loophole for the spying agencies like NSA to sustain their surveillance programs by exploiting security vulnerabilities to create Cyber Weapons. After three-month review of recommendations [ PDF-file ], the Final Report of the Review Group on Intelligence and Communications Technologies was submitted to Mr. Obama on last December, out of which one of the recommendation on pa

Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The Bloomberg claimed that the U.S. National Security Agency (NSA) knew about the most critical Heartbleed flaw and has been using it on a regular basis to gather " critical intelligence " and sensitive information for at least past two years and decided to keep the bug secret, citing two sources ' familiar with the matter '. In response to the above report, NSA has issued a ' 94 character' statement today denying the claims that it has known about the Heartbleed bug since two years and that it has been using it silently for the purpose of surveillance. " NSA was not aware of the recently identified Heartbleed vulnerability until it was made public ," the U.S. intelligence agency said on its Twitter feed . Heartbleed is one of the biggest Internet vulnerabilities in recent history that left large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Int

We have already read so many articles on Heartbleed, one of the biggest iNternet threat that recently came across by a team of security engineers at Codenomicon , while improving the SafeGuard feature in Codenomicon's Defensics security testing tools.  The story has taken every media attention across the World, as the bug opened doors for the cyber criminals to extract sensitive data from the server's memory and almost every major site have been affected by it. UNINTENTIONAL  BIRTH OF HEARTBLEED More than two years ago, German programmer Robin Seggelmann introduced a new feature called " Heartbeat " in the most secured open source encryption protocol, OpenSSL , which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data. But introducing heartbeat feature cost him dearly, as here the most critical bug resides. Dr. Seggelmann allegedly was just trying to improve OpenSSL and wo

The respected encryption and network security company RSA Security (now a division of EMC), whose respect was already on stack after revelation by former NSA contractor Edward Snowden  revealed that the NSA created a flawed random number generation system ( Dual_EC_DRBG ), Dual Elliptic Curve, which the most trusted security provider company RSA used in its Bsafe security tool.  Until then RSA wasn't able to come up from this aspersion, a new document by Snowden revealed that RSA received $10 million from NSA for keeping Encryption Weak. Researchers from Johns Hopkins , the University of Wisconsin , the University of Illinois  have claimed that the RSA adopted one more NSA recommended tool called Extended Random extension  for secure websites, which actually helps NSA to crack a version of the Dual Elliptic Curve software tens of thousands of times faster,  Reuters reported. Dual Elliptic Curve Deterministic Random Bit Generator ( Dual EC_DRBG ) is a cryptograph

The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years. Ironically, it has now been revealed that the  National Security Agency conducted a major offensive cyber operations against the  Chinese government and networking company Huawei,  in early 2009. According to reports based on classified documents leaked by Edward Snowden   and viewed by The Times and Der Spiegel , NSA has infiltrated servers in the headquarters of Chinese telecommunications and hacked into the email servers of Huawei five years ago. Code-named as " Operation Shotgiant " was conducted with the involvement of the CIA, White House intelligence coordinator and the FBI; aimed to find a link between  Huawei  and China's People's Liberation Army. NSA accessed the emails of many Huawei employees' for this purpose. NSA STOLE SOURCE CODES NSA also aimed to conduct surveillance through computer and telephone networks Huawei sold

Another leak from  Edward Snowden files, but this time not about the NSA, rather the documents revealed that France's central intelligence agency, the DGSE has complete and unconditional  access to all of  telecom giant  Orange's data, not just metadata . Yes! It is the same  Orange company who threatened to sue the NSA for hacking into the underwater cable that it jointly owns with 15 other companies. According to the French paper Le Monde -- Orange, the leading telecom company in France with more than 26 million customers worldwide cooperated allegedly illegally for years with France's main intelligence agency. DGSE and Agents with military clearance have been working with Orange for at least 30 years. France has a PRISM like surveillance  program to target phone communications, emails and data from tech companies like Google, Facebook, Apple, Microsoft and Yahoo. Furthermore, DGSE is also sharing this data with foreign allies like GCHQ.  The revelations c

Mark Zuckerberg is continually denying working with the NSA or any other Government Intelligence Agency in serving out data they gathered through extended surveillance, and even he expressed his indignation over the damage the Government is creating for all, on the phone call to the US President Obama . " I've called President Obama to express my frustration over the damage the government is creating for all of our future ," he said in a blog post. Facebook - HTTPS Now, just yesterday morning, Facebook's Chief Security Officer Joe Sullivan sat down whiteboard session on social networks in Silicon Valley headquarters for providing information on the company's security policy diving. The session was conducted after a recent report revealed by The Intercept , suggested the National Security Agency (NSA) may have masqueraded as the social network to infect a number of target's computers, according to Edward Snowden documents. He said, " no one co

The US intelligence agency NSA ( National Security Agency ) broke the Silence on the claim that it has reportedly  'infected millions of computers around the world with malware' and that it is 'impersonating U.S. Social media or other websites ', emphasized the claim as inaccurate. The document provided previously by NSA whistleblower Edward Snowden , analyzed by Glenn Greenwald from  The Intercept claimed that the NSA is spreading surveillance malware on computers and networking devices around the world that are capable to spam out millions of pieces of sophisticated malware at a time on a large scale.  Moreover, the report also claimed that the NSA could silently masquerade as legit websites, such as Facebook, or other sites and therefore intercepting victims' online activities, but the agency denied the claims issuing a statement on Thursday. The statement released by the agency notes: " Recent media reports that allege NSA has infected millions of computers

Besides collecting metadata and inserting backdoor to the devices and softwares, the US National Security Agency (NSA) has an eye on each post, picture, message you have ever sent on Facebook. I know you won't be feeling free considering your privacy, but, this is what the NSA is doing to you. The new revelation from the Glenn Greenwald 's desk remove the mask from one more secret surveillance operation carried out by the US intelligence agency NSA, the extensive program dubbed as ' TURBINE ', according to the classified files provided previously by NSA whistleblower Edward Snowden . Yes, the NSA, who has been working with its dedicated hacking unit, Tailored Access Operations (TAO) from the past several years on enlarging its caliber to infect devices with spyware and creating its own command-and-control servers to manage millions of infected systems at a time. The secret documents presented by The Intercept  website shows that the NSA with its British counterpart G

Last week, The Foreign Intelligence Surveillance Court (FISA) ruled the National Security Agency (NSA) to do not keep Internet and phone metadata gathered through bulk surveillance programs longer than five years and destroy them. Judge Reggie Walton said, keeping records for more than 5 years " would further infringe on the privacy interests of United States persons whose telephone records were acquired in vast numbers and retained by the government ," Later, The Electronic Frontier Foundation, an Internet privacy and civil liberties group asked the Court to temporarily hold the destroy orders, saying the records may be used as an evidence in its lawsuits challenging the NSA surveillance . U.S. District Judge Jeffrey White, who is overseeing an invasion-of-privacy lawsuit against the National Security Agency (NSA), ruled to stop the destruction of millions of Telephone records collected by the National Security Agency's surveillance program and ruled to safeguard th

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden's disclosures they think that by adopting encrypted communications, i.e. SSL enabled websites, over the Internet, they'll be secure. People do care of their privacy and many have already changed some of their online habits, like by using HTTPS instead of HTTP while they are surfing the Internet. However, HTTPS may be secured to run an online store or the eCommerce Web site, but it fails as a privacy tool. The US researchers have found a traffic analysis of ten widely used HTTPS-secured Web sites " exposing personal details, including medical conditions, financial and legal affairs and sexual orientation. " The UC Berkeley researchers Brad Miller, A. D. Joseph and J. D. Tygar and Intel Labs' researchers, Li

Once again, a new revelation showed the ugly side of the Government who are conducting Global Mass surveillance and previous documents leaked by the whistleblower Edward Snowden have defaced the US Intelligence Agency NSA , who were taking care of a number of projects like PRISM, XKeyscore, DROPOUTJEEP , and various others to carry out surveillance of millions of people. Now, it has been revealed that the US National Security Agency ( NSA ) helped its British counterpart, the Government Communications Headquarters ( GCHQ ), to allegedly capture and store nude images and others from webcam chats of millions of unsuspecting Yahoo users, The Guardian reported. Documents handed to the Guardian by the former NSA contractor Edward Snowden show that the GCHQ's worked with the US intelligence agency NSA on a joint project dubbed as ' Optic Nerve '. The project carried out a bulk surveillance program , under which they nabbed webcam images every five minutes from random Yahoo

Sooner or later it had to Happen! After whistle-blower Edward Snowden unfolded various spying operations that were controlled by the US Intelligence agency, it gave a reason to all other countries to start their own Counter-Surveillance programs. Last year in October, it was revealed that the National Security Agency ( NSA ) was eavesdropping the mobile communications of German Chancellor  Angela Merkel's  and  Gerhard Schroder's   from many years. Snowden documents detailed about a so-called  National Sigint Requirement List , a list of people and Institutions named as primary targets for the U.S. Intelligence Agency; whose telephone communications should be monitored. After Suffering from spying on them, Germany has finally decided to give a ' Roland for their Oliver ' and planning to resume active Counter Espionage Operations against both the US and several Western associate countries. " This step would be an about-face from the decades-long practic

We are quite aware of the leaks that the Whistleblower Edward Snowden carried out against the US National Security Agency (NSA) and after reading every related update, watching every document that he provided to various news websites, you all are left with a question in mind that,  How he could carry out this whole operation without any helping hand? Yes, you are right! The former NSA contractor Edward Snowden allegedly managed to access thousands of the classified documents by stealing one of his coworker's passwords, according to an unclassified NSA memorandum obtained by the NBC News . Three Members, one NSA's civilian employee, an active duty member of the U.S. Military and a contractor were found involved in the actions that may have aided Snowden's operation; from which NSA 's civilian employee has been stripped of his security clearance and has resigned. Other two has been obstructed from accessing National Security Agency (NSA) facilities, th

The US Government has allotted a large share of its ' Black Budget ' for secret military research and weapons programs, along with surveillance programs, that is harvesting hundreds of millions of Metadata from emails, web activity, chats, social networks, and everything else around the world. To make this happen, NSA has used a number of unethical ways, but labeled as legal solutions.  Today, on February 11th, we all unite to fight against the Government intrusion on the privacy of innocent people worldwide, under one banner of ' The Day We Fight Back ', along with other 7000 websites by hosting a large banner at the bottom of the websites; reading " Dear Internet, we're standing with 300+ nonprofits worldwide in demanding an end to mass, suspicionless surveillance ", asking people of the world to vote against proposed NSA reforms that the American Civil Liberties Union has labeled " Bad for Privacy ". The Banner, you can see at the bottom of this page, e

National Security Agency (NSA) – the one that had ruled over the privacy of the entire world from countries to individuals, the one with master access to read anyone's data, intruded into large fiber networks, and can target anyone, at any time, at any place; but lapsed somewhere in protecting its own privacy and security of the confidential data. If I am wrong, then from where did Snowden gets hold over roughly 1.7 million NSA's confidential files in sequence? According to the Intelligence officials who has investigated the insider theft by Snowden, noticed that he had accessed all these documents using some ' web crawler ', a freely available automated tool also known as spiders, which used to search, index and backup a website, " scraped data out of our systems " he said. " We do not believe this was an individual sitting at a machine and downloading this much material in sequence ," he added. He used the web crawler tool against NSA 's internal network and 'probably

Since 2011, the collective hacking group, Anonymous and LulzSec were targeting both Government and law-enforcement websites of U.S and UK, by their own DDoS attack tactics which they used to communicate and plan on Chat rooms known as IRCs, but British intelligence agency GCHQ used their own weapon against them. According to the recent Edward Snowden document, a division of Government Communications Headquarters (GCHQ), which is also very well known as the British counterpart of the NSA, had shut down communications among Anonymous hacktivists by launching a " denial of service " (DDOS) attacks, making the British government the first western government known to have conducted such an attack, NBC news reports . The same DDoS technique the hackers use to take down government, political and industry websites, including the Central Intelligence Agency (CIA), Federal bureau of Investigation (FBI), the Serious Organized Crime Agency (SOCA), Sony News International and Westbor