C4ISR is reporting LTG Paul Nakasone, current Commander of the United States Army Cyber Command, has been nominated for the dual-hat position of Commander of US Cyber Command and the Director of the National Security Agency:

According to the congressional record, Nakasone was nominated for his fourth star Feb. 8.

Cyber Command is currently in the throes of elevating to a full unified combatant command. The elevation is expected to become official following Nakasone’s confirmation by the Senate.

Nakasone’s nomination for both jobs shows that the Trump administration is not using the retirement of current commander and director Adm. Michael Rogers’s to split the dual hat arrangement as some in the national security community had expected.

Nakasone appears to be a solid selection. Since he has been with ARCYBER for quite some time, he should have a deep understanding of signals intelligence and cyber defense, while at the same time capable of leading a cyber-oriented organization.

What I find most interesting in the small article is how Congress is not yet ready to split Cyber Command away from the NSA, even though, for all intents and purposes, the decision has been made. It will be interesting to see how the elevation of USCYBERCOMMAND from sub-unified to full Combatant Command, and the divorce from NSA, will affect its capabilities. I am a bit hesitant to get excited about the move, but remain optimistic.

The New York Times reports on the United States National Security Agency (NSA) paying $100,000 to a sketchy Russian in exchange for delivering stolen “cyber weapons” from the Tailored Access Operations team, but ended up including compromising material on President Trump:

Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.

The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.

The Central Intelligence Agency declined to comment on the negotiations with the Russian seller. The N.S.A., which produced the bulk of the hacking tools that the Americans sought to recover, said only that “all N.S.A. employees have a lifetime obligation to protect classified information.”

The negotiations in Europe last year were described by American and European intelligence officials, who spoke on the condition of anonymity to discuss a clandestine operation, and the Russian. The United States officials worked through an intermediary — an American businessman based in Germany — to preserve deniability. There were meetings in provincial German towns where John le Carré set his early spy novels, and data handoffs in five-star Berlin hotels. American intelligence agencies spent months tracking the Russian’s flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg, the officials said.

The N.S.A. even used its official Twitter account to send coded messages to the Russian nearly a dozen times.

The entire story is fascinating and sounds very intelligence agency-like in execution. It almost reads like a Jason Bourne novel, but with real life spies leveraging tradecraft to achieve their esoteric goals.

The Shadow Brokers attack is one of the thorns in the NSA’s side, and they severely wish to both learn how the breach was conducted and recover their lost tools. Oddly, for an agency well versed in the internet, I cannot fathom how the NSA thinks paying some nefarious Russian spy – or any country for that matter – for their stolen tools is going to guarantee the so-called bad guys will no longer utilize the tools. This seems extremely short-sighted.

Add in all the crazy political turmoil in the United States between President Trump, Congress, Democrats, Republicans, and the population, and this just seems like a very risky operation to a layman like myself.

On the one hand I understand why the NSA is willing to pay for information leading to help them determine how the Shadow Brokers stole their most guarded secrets. But on the other hand, there is a need to assess the risk and determine if such an operation is acceptable. This is not much different than network risk assessments, just the size and scale are substantially larger, with higher stakes.

Politico reports about an upcoming leadership change to National Security Agency thanks to ADM Mike Rogers impending retirement:

Picking Nakasone — who took the reins at Army Cyber Command in late 2016 — would place someone deeply versed in cyberspace operations atop the country’s premier intelligence-gathering service. As NSA head, Nakasone would also lead U.S. Cyber Command, the Pentagon’s digital warfare organization.

It’s unclear when the administration might formally announce the choice, but it’s believed the announcement could come in the next week or two, which means the Senate Armed Services Committee would hold a confirmation hearing in early March. The Senate Intelligence Committee may also hold a hearing, given the job’s heavy surveillance focus.

Nakasone sounds like a reasonable choice to lead the NSA considering his background and recent assignments. If selected, it will be interesting to see in what way the agency changes to adapt with the growing cyber threat, and more importantly, to the fallout from the still-unsolved Shadow Brokers breach.

I am always intrigued by stories about the esoteric NSA and its cyber expertise. On the one hand, NSA appears to be extremely talented. On the other, there appears to be a lot of internal shortcomings when it comes to preventing insider attacks. Certainly it is important to trust employees who hold TS/SCI clearances. However, there is a point when too much trust becomes an unacceptable risk. NSA seems to have not yet been able to find the right balance.

It is with great interest that the Shadow Brokers breach continues to confuse the NSA and has it reeling to determine the exact cause:

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both.

There is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach.

“Is NSA chasing shadowses?” the Shadow Brokers asked in a post on Oct. 16, mocking the agency’s inability to understand the leaks and announcing a price cut for subscriptions to its “Monthly dump service” of stolen N.S.A. tools.

There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.

N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets.

The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

American officials believe Russian intelligence was piggybacking on Kaspersky’s efforts to find and retrieve the N.S.A.’s secrets wherever they could be found.

Watching how Russia has been leveraging cyber security for its geopolitical ambitions has been educational, but the successful attacks on the NSA are the most intriguing. It will be interesting to see how things play out over the coming months and years, and if there will ever be a story confirming exactly how the Shadow Brokers were able to compromise such a huge treasure trove of the most dangerous cyber weapons on the planet.

This detailed article explaining how the Shadow Brokers acquired some of the most coveted and sophisticated cyber attack weapons ever developed is quite interesting:

The Justice Department Friday announced that Nghia Hoang Pho, a 67-year-old from Ellicott City, Maryland, has admitted to willful retention of national defense information.

Pho illegally mishandled classified information in spite of being an agent in the NSA’s elite Tailored Access Operations foreign hacking group from 2006 to 2016.

Though it’s somewhat astonishing that someone with his position and training would cause such a basic breach, Pho brought classified data and paper documents to his home between 2010 and 2015.

“In connection with his employment, Pho held various security clearances and had access to national defense and classified information. Pho also worked on highly classified, specialized projects,” the DoJ said in a statement on Friday.

Pho stands out among recent NSA leak culprits in that he specifically worked as a developer for TAO, which would have brought him into contact with a diverse array of sensitive NSA data, systems, and materials.

The case documents don’t give much indication of what types of data and materials Pho took and left on his personal computer.

The frantic investigation into valuable NSA tools stolen by Russian spies indicates that Pho may have exposed more than just resume materials.

This story is about the NSA employee who had installed Kaspersky anti-virus on their home computer, which was then allegedly compromised by Russian operatives.

In a number of presentations I have given about the NSA TAO tools stolen by the Shadow Brokers, I hypothesized the agency was hesitant to publicly comment on the Kaspersky link because of the embarrassment it would cause the NSA. Why one of the NSA’s top TAO operatives thought it was safe to use Kaspersky anti-virus, a product created by a Russian company, is extremely curious. It really makes me wonder what he knows that the rest of us do not.

Disclaimer: I work for McAfee, a Kaspersky competitor.

The New York Times has done an incredibly in-depth report on how the various Shadow Brokers breaches and leaked NSA tools have really disturbed the organization like never before:

Like cops studying a burglar’s operating style and stash of stolen goods, N.S.A. analysts have tried to figure out what the Shadow Brokers took. None of the leaked files date from later than 2013 — a relief to agency officials assessing the damage. But they include a large share of T.A.O.’s collection, including three so-called ops disks — T.A.O.’s term for tool kits — containing the software to bypass computer firewalls, penetrate Windows and break into the Linux systems most commonly used on Android phones.

Evidence shows that the Shadow Brokers obtained the entire tool kits intact, suggesting that an insider might have simply pocketed a thumb drive and walked out.

But other files obtained by the Shadow Brokers bore no relation to the ops disks and seem to have been grabbed at different times. Some were designed for a compromise by the N.S.A. of Swift, a global financial messaging system, allowing the agency to track bank transfers. There was a manual for an old system code-named UNITEDRAKE, used to attack Windows. There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.

This is one of the most fascinating cyber security and intelligence community stories of our time.

I completely understand the problem folks have with Snowden and the methods he used to blow the whistle on some of the surveillance programs the NSA undertook. However, for Mike Pompeo, an elected representative and Trump’s section for the next CIA Director, to call on Snowden to be executed is just mind boggling:

On the intelligence committee, Pompeo has taken a particularly hard-line stance on how to treat NSA whistleblower Edward Snowden. After Snowden’s allies began a campaign to get him pardoned, the entire House Select Committee on Intelligence wrote a letter to President Barack Obama urging against a pardon. The letter said Snowden was no whistle-blower, but rather a “serial exaggerator and fabricator.”

At that time, Pompeo issued his own press release, calling Snowden a “liar and a criminal,” who deserves “prison rather than pardon.”

In a C-SPAN interview earlier this year, Pompeo went further, stating:

He should be brought back from Russia and given due process, and I think that the proper outcome would be that he would be given a death sentence for having put friends of mine, friends of yours, in the military today, at enormous risk because of the information he stole and then released to foreign powers.

Surely Pompeo fully understands that Snowden is unable to mount a whistleblower defense, thanks to the way the current espionage law is written. So it is impossible for Snowden to receive a fair and impartial trial, no matter how you slice it.

But more to the point: playing politics with someones life is just flat out wrong.

If you, like many American citizens, are worried that a Donald Trump presidency is going to lead towards increased domestic surveillance, you really need to consider howto encrypt your internet communications to evade eavesdropping:

The result of this election is starting to feel like a hodgepodge of science-fiction films and dystopian young-adult novels. You have the prospect of a walled country dominated by the wealthy—as in Elysium or the Divergent trilogy—and you have groups of political supporters threatening to attack others for their beliefs. Perhaps everyone could just be pitted against each other, Hunger Games-style. As BoingBoing’s Cory Doctorow put it today: “A madman has been given the keys to the surveillance state.”

If you’re worried about living in a country where surveillance and governance are overseen by a man who can barely control his anger when people say his hands are small, then you might want to know how to encrypt and protect your digital communication over the next four, eight, or infinite years. Here are some simple steps to follow if you’re looking to launch the resistance—like The Brotherhood, the Rebel Alliance, or whatever Katniss Everdeen’s group was called—or just want a safe space to talk to friends and family

Most of these recommendations are common sense. However, if you are unfamiliar with the idea of encrypting your communications, and using security best practices, this is a good primer.

Regardless of whoever is in office – Trump, Clinton, Sanders, Cruz – American citizens should take their privacy much more seriously. The more apathetic the country becomes, the more those constitutional protections will be eroded away by a government far too willing to acquiesce to the fantastical threats the intelligence community dreams up to keep their self-licking ice cream cone frozen.

According to Director of National Security Agency, Admiral Mike Rogers believes the cyber security danger is continuing to grow and will only get worse before we start to see things begin to subside:

“Our nation is being challenged as never before to defend its interests and values in cyberspace,” Adm. Rogers said in a report made public this week. “Adversaries increasingly seek to magnify their impact and extend their reach through cyber exploitation, disruption and destruction.”

The four-star admiral is intent on moving quickly “to build our military capabilities” as the key element of “the nation’s war fighting arm in cyberspace,” according to the report, “Beyond the Build: Delivering Outcomes through Cyberspace.”

The Fort Meade, Maryland-based command, co-located with the National Security Agency that Adm. Rogers also directs, is integrating cyberwarfare capabilities into other war-fighting commands for use “when significant cyber attacks against the nation require DoD support,” Adm. Rogers stated in an introduction to the report.

The report says the United States is losing its technology edge to adversaries and competitors in cyberspace. Defense Secretary Ashton Carter confirmed the problem in a speech in St. Louis Wednesday.

“Nations like Russia and China are modernizing their militaries to try to close the technology gap and erode our superiority in every domain — air, land, sea, space and cyberspace,” Mr. Carter said in a speech. “And at the same time, our reliance on things like satellites and the Internet has led to real vulnerabilities that our adversaries are eager to exploit.”

Are we really supposed to believe the US is falling behind technologically? Surely this is propaganda designed to scare Congress into increasing NSA and USCC budgets?

The Director of National Intelligence James Clapper admitted in a public forum the Snowden disclosures forced “needed transparency” even though he still believes it was the wrong way to go about it:

In comments after giving the opening plenary presentation of the Intelligence & National Security Summit, Director of National Intelligence James Clapper said that the disclosures made by former National Security Agency contractor Edward Snowden had driven the intelligence community to become more transparent to citizens about how it does business. In response to a question about the impact of Snowden’s disclosures on the intelligence community asked through moderator and former Director of National Intelligence Ambassador John Negroponte, Clapper said, “On one hand, it forced some needed transparency, particularly on programs that had an impact on civil liberties and privacy in this country. If that had been all he had done, I could have tolerated it.”

But, Clapper added, Snowden “exposed so many other things that had nothing to do with” civil liberties and privacy, including information about the US intelligence community’s operations that did tangible damage to operations. “He has [done] untold damage to our collection activities,” Clapper said, asserting that “terrorists have gone to school on what Snowden leaked.” And programs that had a real impact on the security of American forces overseas, including one program in Afghanistan, “which he exposed and Glenn Greenwald wrote about, and the day after he wrote about it, the program was shut down by the government of Afghanistan,” Clapper noted.

That statement was likely an allusion to the NSA’s monitoring of virtually all the phone calls in the Bahamas and one other country—a country that Wikileaks later outed as Afghanistan.

Although the Commander of US Cyber Command is dual-hatted as the Director of the National Security Agency, and although NSA likely has the greatest minds in cyber security on its payroll, they were not on the front-lines of the OPM hack. In fact, NSA did step in to thwart the ostensible Chinese hackers but it took a while for them to get to the battlefield:

After the intrusion, “as we started more broadly to realize the implications of OPM, to be quite honest, we were starting to work with OPM about how could we apply DOD capability, if that is what you require,” Rogers said at an invitation-only Wilson Center event, referring to his role leading CYBERCOM.

NSA, meanwhile, provided “a significant amount of people and expertise to OPM to try to help them identify what had happened, how it happened and how we should structure the network for the future,” Rogers added.

One of the command’s missions is to be prepared to defend key U.S. infrastructure, including the dot-gov domain — but only at the request of the affected organization and when directed by the president, a Defense official told Nextgov, adding that the top priority of CYBERCOM is to defend military networks.

Anyone surprised the NSA did not step in earlier on in the breach process does not know how the agency generally reacts to these types of events. As an intelligence gathering organization, it is more important to the NSA to learn about attackers trade-craft than actually preventing and defending against these types of breaches. NSA prefers to watch what the attackers are doing because it allows them to gain better insight into how the attacks happen, what vulnerabilities are being leveraged, and what tools they use once they do penetrate networks.

Long story short: if you were surprised the NSA did not prevent the OPM attack, don’t be – this is the NSA modus operandi.

Federal District Court Judge Richard Leon urged lawyers to move forward with their suit against the NSA:

During an hourlong hearing in U.S. District Court in Washington, Judge Richard Leon repeatedly urged the conservative lawyer who brought the suit to take steps to allow the case to move forward quickly by asking a federal appeals court to formally relinquish control over an appeal in the case.

Leon noted that the so-called bulk collection program is set to shut down on November 29 as part of a transition to a new system where queries will be sent to telephone companies rather than to a central database stored at the NSA.

“The clock is running and there isn’t much time between now and November 29,” Leon told conservative gadfly Larry Klayman. “This court believes there are millions and millions of Americans whose constitutional rights have been and are being violated, but the window…for action is very small….It’s time to move.”

Leon also told Justice Department lawyers that he was intent on moving the case forward and would not countenance any stalling aimed at preventing him from acting in the case before the program, aimed at aiding terrorism investigations, ends.

The ACLU has asked a US appeals court to halt the NSA from continuing to collect millions of Americans’ phone records prior to its expiration in November:

Under the USA Freedom Act, which Congress passed in June, new privacy provisions take effect on Nov. 29 that will end the bulk collection, first disclosed by former NSA contractor Edward Snowden in 2013.

The program collects “metadata” such as the number dialed and the duration of calls but does not include their content.

Arguments on Wednesday centered on whether the program may continue operating between now and November.

Henry Whitaker, a lawyer for the Obama administration, told the three-judge panel that Congress clearly intended the collection to continue while the NSA transitions to the new system.

But Alex Abdo, an ACLU lawyer, said the statute explicitly extended the same Patriot Act provisions that the court concluded do not permit bulk collection.

The judges expressed concern that, as Circuit Judge Robert Sack put it, halting the program would “short-circuit” a process already under way.

Saying the ACLU had won a “historic achievement,” Sack asked, “Why don’t you declare victory and withdraw?”

Abdo said the ongoing collection harmed the ACLU’s ability to confer with clients, such as whistleblowers, without worrying about whether the communications would be swept up by the NSA.

An appeals court ruling on NSA bulk data collection rested on an unresolved technicality rather than focusing on the constitutionality of the surveillance aspect of NSA activity. Ultimately what the court ended up saying is they are unable to rule on the bulk collection because there is no way to determine if the plaintiff’s data was collected (emphasis added):

The decision did not declare the NSA’s program, which was revealed by whistleblower Edward Snowden in 2013, to have been legal or constitutional. Rather, it focused on a technicality: a majority opinion that the plaintiffs in the case could not actually prove that the metadata program swept up their own phone records. Therefore, the plaintiffs, the court declared, did not have standing to sue.

“Plaintiffs claim to suffer injury from government collection of records from their telecommunications provider relating to their calls. But plaintiffs are subscribers of Verizon Wireless, not of Verizon Business Network Services, Inc. — the sole provider that the government has acknowledged targeting for bulk collection,” wrote Judge Stephen F. Williams.

“Today’s ruling is merely a procedural decision,” said Alexander Abdo, the American Civil Liberties Union attorney who argued against the program at the U.S. District Court. “Only one appeals court has weighed in on the merits of the program, and it ruled the government’s collection of Americans’ call records was not only unlawful but ‘unprecedented and unwarranted.’”

Despite Friday’s decision, the bulk collection program will end later this year in accordance with the USA Freedom Act, passed by Congress in June.

The NSA previously argued that its massive collection of telephony metadata was legal because the records met the legal standard of being “relevant to an authorized investigation.”

In the May decision, Judge Gerald E. Lynch described the government’s interpretation of the word “relevant” as “extremely generous” and “unprecedented and unwarranted,” saying that the program had serious constitutional concerns and was ultimately illegal. However, the court did not order the program’s closure, because Congress was due to debate the USA Freedom Act within a month’s time.

Much of the NSA’s ability to conduct internet surveillance has relied on AT&T being willing to assist the clandestine agency conduct these operations:

While it has been long known that American telecommunications companies worked closely with the spy agency, newly disclosed N.S.A. documents show that the relationship with AT&T has been considered unique and especially productive. One document described it as “highly collaborative,” while another lauded the company’s “extreme willingness to help.”

AT&T’s cooperation has involved a broad range of classified activities, according to the documents, which date from 2003 to 2013. AT&T has given the N.S.A. access, through several methods covered under different legal rules, to billions of emails as they have flowed across its domestic networks. It provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters, a customer of AT&T.

This really should come as no surprise. In 2006, Mark Klein, an AT&T technician, blew the whistle on the company’s involvement with the NSA in internet spying.

Fairview is one of its oldest programs. It began in 1985, the year after antitrust regulators broke up the Ma Bell telephone monopoly and its long-distance division became AT&T Communications. An analysis of the Fairview documents by The Times and ProPublica reveals a constellation of evidence that points to AT&T as that program’s partner. Several former intelligence officials confirmed that finding.

A Fairview fiber-optic cable, damaged in the 2011 earthquake in Japan, was repaired on the same date as a Japanese-American cable operated by AT&T. Fairview documents use technical jargon specific to AT&T. And in 2012, the Fairview program carried out the court order for surveillance on the Internet line, which AT&T provides, serving the United Nations headquarters. (N.S.A. spying on United Nations diplomats has previously been reported, but not the court order or AT&T’s involvement. In October 2013, the United States told the United Nations that it would not monitor its communications.)

The documents also show that another program, code-named Stormbrew, has included Verizon and the former MCI, which Verizon purchased in 2006. One describes a Stormbrew cable landing that is identifiable as one that Verizon operates. Another names a contact person whose LinkedIn profile says he is a longtime Verizon employee with a top-secret clearance.

After the terrorist attacks of Sept. 11, 2001, AT&T and MCI were instrumental in the Bush administration’s warrantless wiretapping programs, according to a draft report by the N.S.A.’s inspector general. The report, disclosed by Mr. Snowden and previously published by The Guardian, does not identify the companies by name but describes their market share in numbers that correspond to those two businesses, according to Federal Communications Commission reports.

The entire article is a fascinating, enlightening, yet not at all surprising read.