The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos.
There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.
The “long lost lecture” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.)
It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person.
Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.
The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled “Future Possibilities: Data, Hardware, Software, and People.” The agency is (so far) refusing to release it.
Basically, the recording is in an obscure video format. People at the NSA can’t easily watch it, so they can’t redact it. So they won’t do anything.
With digital obsolescence threatening many early technological formats, the dilemma surrounding Admiral Hopper’s lecture underscores the critical need for and challenge of digital preservation. This challenge transcends the confines of NSA’s operational scope. It is our shared obligation to safeguard such pivotal elements of our nation’s history, ensuring they remain within reach of future generations. While the stewardship of these recordings may extend beyond the NSA’s typical purview, they are undeniably a part of America’s national heritage.
Surely we can put pressure on them somehow.
The National Security Agency (NSA) of the United States, responsible for overseeing national security and defense matters, has recently made headlines due to a reported cyber attack resulting in a significant data breach. Approximately 1.4GB of data, including classified information purportedly sourced from defense databases, has been compromised and is now available for sale on an online forum.
The leaked data comprises sensitive details such as full names, email addresses, personal phone numbers, and office contacts of individuals working within government, military, and the Pentagon. The breach was attributed to a cyber attack targeting Acuity Inc., a technology consulting firm based in Virginia known for its work with U.S. government agencies on cybersecurity, data analytics, and operational support.
The individual responsible for the data leak, identified as ‘Gostingr’, claimed that the information was obtained during the attack on Acuity Inc. The availability of such information on public forums poses significant risks, including potential social engineering attacks like phishing and identity theft.
Coinciding with this incident, another notable data breach involving Twitter user data has emerged online. This breach reportedly exposed a dataset of approximately 9.86GB, encompassing over 200 million user records that include account profiles, names, email addresses, and in some cases, contact numbers. The dataset was made available for sale on a darknet forum by a user known as ‘Michupa’.
Both incidents are currently under investigation by Twitter and the NSA to determine the extent and veracity of the breaches. Such compromised data is highly sought after on the dark web, fetching prices ranging from $100 to $900 per dataset depending on the sensitivity and demand for the information online.
The post Cyber Attack leads to 1.4GB NSA data breach appeared first on Cybersecurity Insiders.
Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
Former NSA Director Paul Nakasone has joined the board of OpenAI.
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003.
There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:
Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year. According to the jacket, Schneier is a data security expert with a master’s degree in computer science. According to his followers, he is a hero who has finally brought together the loose threads of cryptography for the general public to understand. Schneier has gathered academic research, internet gossip, and everything he could find on cryptography into one 600-page jumble.
The book is destined for commercial success because it is the only volume in which everything linked to cryptography is mentioned. It has sections on such-diverse topics as number theory, zero knowledge proofs, complexity, protocols, DES, patent law, and the Computer Professionals for Social Responsibility. Cryptography is a hot topic just now, and Schneier stands alone in having written a book on it which can be browsed: it is not too dry.
Schneier gives prominence to applications with large sections.on protocols and source code. Code is given for IDEA, FEAL, triple-DES, and other algorithms. At first glance, the book has the look of an encyclopedia of cryptography. Unlike an encyclopedia, however, it can’t be trusted for accuracy.
Playing loose with the facts is a serious problem with Schneier. For example in discussing a small-exponent attack on RSA, he says “an attack by Michael Wiener will recover e when e is up to one quarter the size of n.” Actually, Wiener’s attack recovers the secret exponent d when e has less than one quarter as many bits as n, which is a quite different statement. Or: “The quadratic sieve is the fastest known algorithm for factoring numbers less than 150 digits…. The number field sieve is the fastest known factoring algorithm, although the quadratric sieve is still faster for smaller numbers (the break even point is between 110 and 135 digits).” Throughout the book, Schneier leaves the impression of sloppiness, of a quick and dirty exposition. The reader is subjected to the grunge of equations, only to be confused or misled. The large number of errors compounds the problem. A recent version of the errata (Schneier publishes updates on the internet) is fifteen pages and growing, including errors in diagrams, errors in the code, and errors in the bibliography.
Many readers won’t notice that the details are askew. The importance of the book is that it is the first stab at.putting the whole subject in one spot. Schneier aimed to provide a “comprehensive reference work for modern cryptography.” Comprehensive it is. A trusted reference it is not.
Ouch. But I will not argue that some of my math was sloppy, especially in the first edition (with the blue cover, not the red cover).
A few other highlights:
Via a FOIA request, we have documents from the NSA about their banning of Furby toys. 404 Media has the story.
EDITED TO ADD: The documents are now on Archive.org.
There seems to be no end to warrantless surveillance:
According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.
The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs’ departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure—a maze of routers and switches that crisscross the United States.