NSA – To Finally Help Improve Security?

NSA Administration building

Releasing Free Tool for Reverse Engineering Malware

By: Cristal M Clark 

The NSA generally undermines security rather than do anything useful so as to help.

malware-crimeshop.jpeg

Now the NSA is taking a stand against malware in a pretty significant way it would seem, they are going to release a helpful tool for free in an effort to help, for a change.

On March 5th, the agency plans to release a free reverse engineering tool, GHIDRA. The software reportedly dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software.

GHIDRA entered the spotlight with the Vault 7 leak, so it’s not a secret nor is it really new, it is unusual however, for the NSA to release it.

Other similar tools to exist in fact however they are terribly expensive.

This does leave some to wonder what the NSA’s true motives are given it’s prior history and part in the Zero Days worldwide malware release.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

China Preparing for Possible High-Profile Hacks?

China_hack_crimeshop

NSA Seems to Think So

Cristal M Clark

rob-joyce-nsa-crimeshop.jpeg

Rob Joyce an official at the NSA seems to think that China is getting ready for some possible high-profile hacks, at least that is what he is telling the Wall Street Journal.  

china-hackers-breach-marriott_crimeshop

According to Rob, thus far China has focused it’s hacks on stealing trade secrets and spying which Rob could not be more wrong about by the way.

power-grid-cyber-attack-crimeshop

The suspicion is that China prepositioning itself to attack “critical infrastructure” such as energy, health care, finance and transportation.  

cyber-attack-us-infrastructure-crimeshop.jpg

What makes this a rather curious situation for the NSA – as far as the US Government is concerned this is simply just speculation, they have no proof of this – at all.

China has always denied conducting any hacking attempts, and the Chinese Ministry of Foreign Affairs spokesman Geng Shuang said to the NYT that: “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law.”

cyber-attack-us-Crimeshop

China by the way, as recently reported, the preliminary investigation results into the Marriott/Starwood hacking incident suggests it was in fact part of a Chinese intelligence operation.

hacking-US-Government-crimeshop

In all honesty the NSA is not so far off the mark in it’s suspicion of China.

However, the NSA is wrong to think China is merely prepositioning itself. China as well as other countries are already in a position to attack our “critical Infrastructure.”

While US leadership was asleep at the wheel other nations have had years to “preposition” themselves for a major cyberattack on the US and they are in fact already in a position for a major cyber attack on the US “critical infrastructure.”

Come now, nobody really believes that all of these hacks and cyber attacks were done just to merely siphon trade secrets and just simply to spy do you?

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

NSA Being Held Accountable for Stolen Secrets?

 

NSA-CrimeShop.jpg

 

Kaspersky Labs Assisted Russia – With Stealing NSA Spying Tools

In a new and improved twist, a report was recently released which indicated Kaspersky somehow helped Russian spies who ended up stealing highly sensitive U.S. spying tools after a contractor brought classified material home and put it on a computer that used Kaspersky anti-virus software.

 

kaspersky-labs-moscow-crimeshop

 

It appears that the stolen material included secret details about just how the NSA penetrates foreign computer networks as well as, the computer code it uses for such spying and how it defends networks inside the U.S.

 

StuXnet-crimeshop

 

This is not shocking to be honest, I mean the US Government released STUXnet once upon a time and case in point, paybacks are a bitch.

Here is a little down and dirty about Kaspersky labs: it is an anti-virus company owned by Eugene Kaspersky, who has been accused by U.S. officials of having ties with Russian intelligence officials.

As you may already know, the anti-virus software Kaspersky sold throughout the United States to businesses, private citizens, hospitals, schools, you name it, the products were widely sold and used here in the US.

 

Eugene-kaspersky-CrimeShop

 

It should be noted that Eugene Kaspersky does maintain the company’s innocence in assisting Russian Hackers with anything and to date the United States Government has provided nothing more than just an accusation against Kaspersky labs. 

The United States Government has brought no tangible evidence in other words, to the table so as to provide any proof whatsoever that Kaspersky had anything to do with Russian hacking here in the US.  

All they really have been able to provide is lip service and finger pointing, thus far.

Either way the NSA does seem to have issues with it’s contracted employees walking out of it’s front door with top secret information, tools and intel.

Does the NSA just have that weak of a system or is it that they simply do not care so it plays out something like: “This Friday we will have a potluck, please be sure to line your casserole pans, pie tins and cake pans with wax paper, also be sure to add an additional liner to your carrying bags so as to ensure the top secret intel that you will undoubtedly steal does not get ruined with food. Oh and Bob, could you have Marge make that macaroni casserole again, everyone just seems to love that one.”

While it’s great to see that some who walked out the doors of the NSA with top secret intel and tools are being held accountable, while at the same time the finger is pointed at Kaspersky and Russia, when will we start seeing the NSA being held accountable for its inability to secure its intel and tools?

Is that not the main problem here?

When you take the blame game away, you see that the bottom line is that the NSA continues to prove and show us just how lackluster it’s ability to secure intel much less a paperclip really is.

All I am seeing is blame being placed on others without the NSA being held accountable, which the NSA should be.

Perhaps it is time to do away with the NSA altogether, they really are not doing the United States much good at all, in fact they are doing us more harm than actual good.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Trump Administration to Hand Cyber Command to U.S. Military

U.S. - NSA- CrimeShop

United States Military

So after many months of delay, the Trump administration is currently finalizing plans to revamp the nation’s military command for defensive and offensive cyber operations in hopes of “intensifying” America’s ability to wage cyberwar against the Islamic State group and other threats.

U.S.-National-Security-Agency-Crime-Shop

And what will the new plan look like? Well, the new U.S. Cyber Command would eventually be split off from the intelligence focused NSA because the reality is that it will allow U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA, who happens to be responsible for monitoring and collecting telephone, internet and other intelligence data from around the world. Which also happens to be a responsibility that often times tends to clash with military operations against enemy forces.

This is and I am shocked to admit it, a smart move considering it’s coming from the Trump Administration.

The move does stem from the escalating threat of cyberattacks and intrusions from other nation states, terrorist groups and hackers, and comes as the U.S. faces new and improved fears about Russian hacking following Moscow’s efforts to meddle in the 2016 Presidential Election.

The reality here is that other nation states have already created cyber armies made up of each respective nations military. The cyber army is it’s own unit and of the nation states that have these cyber units already in place, well let’s just say, they are years ahead of us so it will in fact, take the U.S. military time to find a balance let alone its footing.  

-nsa-crimeshop

It will take time, the NSA already has what it needs to be the Cyber Command if it weren’t for things like losing intel, creating spy programs that were never approved and that were utilized to spy on U.S. Citizens that were oh, how do you say…unauthorized?

The point is, will the U.S. Military duplicate what the NSA already has, take/transfer or assume control over what the NSA already has or build the program from the ground up? The NSA has the people and the tools already in place, so my only question is, what is the price tag of putting something into place with a different agency, that is already more or less in place with the NSA currently?

This may just be me, but it seems that it would be less costly and far easier to change the rules by which the NSA is playing and move the NSA under the command of the U.S. Military.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Global ransomware epidemics – Are Here to Stay

Computer security and hacking concept. Ransomware virus has encrypted data in laptop. Hacker is offering key to unlock encrypted data for money.

WannaCry, Petya, GoldenEye – With More to Follow Any Day Now

Someone mentioned to me today that a news outlet published an article today or yesterday that suggested that the global ransomware epidemic was pretty much here to stay.

I almost spit out my coffee laughing because many security experts, writers and other major news outlets, myself included, have been warning the world about this issue for well over a year now.

News Flash: This is Not Surprising, it’s hardly even new news these days.

Ransomware has been around for years however it was used to only target individual networks, such as a single business, hospital or person.

After the infamous Shadow Brokers hacker group leaked the National Security Agency exploits back in April, cyber-criminals were able to learn about a more dangerous weapon.

petya-wannacry-goldeneye-ransomware-Crime-Shop

The kind that can strike on a global level.

But is that really all that true? I mean, I love poking fun at the NSA for losing the intel in the first place but…

Anytime you see that someone, anyone is capable of widespread hacking, you should automatically assume they or another someone or group is capable or nearly capable of global hacking, ransomware, the ability to steal data on a global level and gain access to major networks including those that are tasked with running things like banking systems, power grids and governments just to name a few.

It is not like these guys are stupid, we make the mistake of assuming that no one else in the entire world other than the NSA or any government for that matter is capable of and working on developing cyber weapons like WannaCry, Petya or GoldenEye.

NSA-Ransomware-Crime_Shop

That is so far from the truth it is not even remotely funny. Just because a cyber-criminal hasn’t used a cyber weapon such as this before does not necessarily mean they haven’t developed it or are not working on it.

These guys could have very well been waiting for some type of leak, before moving forward with unleashing the weapon that they created so that they could tweak for instance the NSA’s weapon so that it would be more difficult to trace back to the point of origin.

Usually eventually one can figure out who created what cyber weapon by pouring through the code after all, so in an attempt to disguise that, so if it were me, I would use someone else’s cyber-weapon with that someone else’s code and tweak it just slightly enough to change it without giving away from what country I am in, or what group I am part of and so on.

The point is, without a doubt, cyber-criminals were already moving in this direction believe it or not. Criminals on any level who do not want to become upstanding citizens spend a good majority of their time thinking of new and improved ways around the laws, and that includes new and improved ways of breaking the law, ways that are less detectable by law enforcement.  

Those in the business of committing cyber-crimes are no different than any other type of criminal in that respect.

So no, global epidemics of ransomware being unleashed is not going anywhere soon, new and improved weapons are already being made and developed so as to unleash.

We’ll all have to find better security measures, but a word of caution, much like the flu virus every year, the one we get flu shots for,  we will not truly know how to protect ourselves or whether or not our newest security measures will actually work, until we know what kind of virus we are facing as each new attack is released.

Last but not lease, some of these attacks may also be disguised as mere ransomware, they could actually end up being something much worse that we have yet to learn about.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

 

U.S. National Security Agency Shuts down Honda Factory

U.S.-National-Security-Agency-Crime-Shop

NSA – WannaCry/Wcry ransome worm

Well folks in the gift that just keeps on giving, the NSA has managed to shut down a Honda Factory after they found the WannaCry/Wcry ransome worm in its networks.

WannaCry-Wcry-Crime-Shop

Not that the NSA directly shut the factory down, it was however indirect because WannaCry/Wcry was derived after all at and by the NSA.

According to a report released today by Reuters, the automaker had to shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions.

the-shadow-brokers-crime-Shop

Forget Russian hacking, look at all the damage the NSA has managed to cause. Which we would not have known about had it not been for the Shadow Brokers, who obtained the code for this beauty and released it to the public back in April.

WannaCry/Wcry is basically a weaponized exploit developed, used, by the NSA. It was also in shocking news, stolen from the NSA.

Honda officials for some odd reason did  explain how or why engineers found WCry in their networks 37 days after the kill switch was activated although, it is highly possible that engineers had mistakenly blocked access to the kill-switch domain.

That kill switch by the way was created by sheer luck. A security researcher who had been playing around and acting out of curiosity just so happened to register a mysterious domain name contained in the WCry code that subsequently acted as a global kill switch which immediately halted the self-replicating attack.

I’m more than sure someone is developing ways around that sort of kill switch, I mean if you are in the business of stealing data, and shutting the internet down, power grids, hospitals and the like, you wouldn’t want to be stopped, so advertising the fact that some guy was able to create a kill switch by accident, only entices new developers to create ways around any type of kill switch.

At any rate, here’s to the NSA for not managing to keep it’s top secret weaponized exploits from falling into the the wrong hands or rather from falling out of it’s very own front door.

Does the NSA even know about all the of intel has left it’s facility or will we have to wait on someone like Shadow Brokers to inform us, the hard way…again?

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

 

 

 

 

 

 

U.S. – National Security Agency – Special thanks to you

donald-trump-poison-crimeshop

Cyberattack hit 99 countries

The NSA’s stolen goods

internet-of-things-the-crime-shop

Personally, I would not trust the NSA with the password to my junk email account much less my grocery list.

This week we saw one of the worst cyberattacks in history, one that utilized some goods that walked out the door of the NSA. Europe and Russia were hit the worst by the way.

What makes it worse is that the NSA and the United States just sat by in painful silence as the attack was underway. The true hero’s came from the cyber security community.

To those that created the attack, my hats off to you, kudos for pointing out the most obvious flaw of all.

The NSA designed the program that was used to cause the attack and did absolutely nothing to help those that were affected which leads me to believe that while they may be able to create Frankenstein, they have very little idea as to how to stop it once it’s on a roll which is a pretty important detail to miss.

I’d be more impressed once I see power grids, the banking system, governments shut completely down, unlimited funds in my Starbucks account, etc. Thus far however all we have is enough to create some media fluff and 99 countries who are all lined up to thank the NSA for creating the bug, yet who seemingly couldn’t fix the monster that which they created.

Way to take a back seat guys.

To those that caused the attack, do something to impress next time. I mean really impress instead of create just some fluff. 

Wow me.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Edward Snowden vs – Edward Jay Epstein and Newsweek

edward-snowden-crimeshop

Earlier this week Newsweek published a couple of articles regarding Edward Snowden.  

Edward Snowden asserts that the articles are in fact, fake news.

The articles are in reference to a book that Edward Jay Epstein has been promoting “How America Lost Its Secrets: Edward Snowden, the Man and the Theft”

Edward Jay Epstein has an op-ed in the WSJ.

“Of all the lies that Edward Snowden has told since his massive theft of secrets from the National Security Agency and his journey to Russia via Hong Kong in 2013, none is more provocative than the claim that he never intended to engage in espionage, and was only a “whistleblower” seeking to expose the overreach of NSA’s information gathering. With the clock ticking on Mr. Snowden’s chance of a pardon, now is a good time to review what we have learned about his real mission.”

I always try to keep my articles more in the “my opinion” perspective and I have to say that I have started to notice that, more and more people are starting to sit down and really question the government’s decision to label Edward Snowden a traitor.

Edward Snowden is quite frankly, no more a traitor than my cat is thin and young.

That said I have to ask, what mission is the author talking about in his statement above? From what actually happened, Edward Snowden did not release intel to any specific government, he released his stolen information to the entire world through some media contacts and a blogger.  

nsa-mass-surveillance-crimeshop

Besides, Edward Snowden really just figured out that the NSA was involved in illegal activity and he wanted to investigate the depth of it.

He succeeded in doing that but the man never sold intel, he in turn just handed it over to an entire world because he happens to have a moral compass.

I had no idea about the book until I started seeing Edward Snowden’s tweets, so I looked into it.

The first Newsweek article headline was all about why Obama could not, even if he wanted to, pardon Edward Snowden.

If you read the article like I did, it was the instant regret you get when you pay full price for a movie ticket to something that left you questioning not only your values by why in God’s name would you ever pay money for something like it?

All the great parts were actually in the commercials and $40 and two hours later you walked out of the theater feeling really, really let down.  

The story was the same he said/she said stuff.

The first Newsweek article did not live up to it’s title of telling us why the president cannot pardon Edward, it simply told us why he chooses not to pardon Edward Snowden based off of what Edward Jay Epstein says.

Which amounts to a regurgitation of speculation and false investigative reports.

Because some of what Edward Jay Epstein wrote about in his book, was actually debunked a very long time ago.

For instance the not too subtle insinuation that Edward Snowden’s release of this intel helped Terrorists like Osama Bin Laden change how they communicate is a very far cry from being close to any truth.

Terrorist groups had already changed the means of communication they used because years before Edward Snowden’s release of intel they actually, all by themselves caught onto certain surveillance techniques.

Which was what the second article in Newsweek focused on, how Edward Snowden sabotaged the war on terrorism.

I won’t bore you with all of the specifics but I will point another big flaw in Edward Jay Epstein’s theory with regards to Edward Snowden and how he sabotaged the war on terrorism.

NSA-Crime_Shop.jpg

Epstein talks about the NSA’s PRISM program and encryption etc, Epstein more or less asserts that because of Edward Snowden, the idea of encryption started and that service providers, developers of app’s and social media now refuse to just hand over user info…blah, blah, blah

Edward Snowden or no Edward Snowden, the sad, very sad truth of that is that programs like PRISM and the NSA’s program 215 is that, from the very beginning they were inevitably doomed to fail, be discovered and stopped.  

Not because of anything Edward Snowden released, but because things like encryption were already on the minds of developers.

People were already pushing social media giants, email providers, online stores, banks and search engines to put measures into place that would ensure users were better protected from prying eyes.

So yes, those programs were absolutely going to be discovered and shut down without Edward Snowden, he just happened to make it happen a little sooner than it would have.

The book also insinuates that Edward Snowden has met with Russian intelligence multiple times.

Which actually does make sense. OF course they’d want to see him, with the information that he had given away already, they’d want to make sure it was true and want to know if the US had in fact, had access to anything of the Russian Government’s.

Sure you can choose to believe the investigative reports from Booz Allen Hamilton, the firm that the NSA uses.

The one that Edward Snowden worked for when he reportedly walked out of the NSA with top level intel.

But then again, you also have to realize that Booz Allen Hamilton has a nasty habit of procuring employee’s that do a better job of hacking the air gapped system of the NSA than Russian hackers do.

They employ individuals who can obtain jobs at government facilities that house top level intel and manage to walk out the door with said top level intel.

Which by the way has happened more than once with this particular firm.

Obama loves to toss around the idea that Edward Snowden never at any time tried to use the proper whistleblower channels to report any of his concerns.

But let’s take a step back for a moment and think about that one.

First, Booz Allen Hamilton and the United States Government are the one’s saying they could find no proof of Edward Snowden’s attempts to report his concerns.

He did attempt to report his concerns multiple times but was also basically backed into a corner while trying to report his concerns as he has spoken about multiple times.

The problem with taking the word of the firm in terms of its investigation is that they are a paid organization contracted to do work for the government.

They don’t want to do anything that would risk the loss of that beloved government contract. If they knew about Edward Snowden’s concerns prior to his departure from his job, they risk losing that contract.

Because that government contract equals money and Booz Allen Hamilton just so happens to be a for profit organization.

Then you have the investigation the United States government did.

The NSA was caught doing something they never should have been doing, they didn’t like getting caught.

In fact, the US Government’s reaction to what Edward Snowden did is comparable to a narcissistic type of personality.

A narcissist is really, really good at turning the tables back onto the accuser or victim. They deflect and absolve themselves from any wrongdoing and place the blame on the accuser or victim.

What’s more however, when you really sit down and think it through, the government can’t really pardon Edward Snowden either, because it sends the message to others that stealing top level, secret and highly classified intel is okay.

They have to send a clear message and so by default the messenger will be shot in this case, not literally of course but, you get the picture.

I feel for Edward Snowden, his girlfriend and his family. I’ve been in his shoes, sometimes doing the right thing turns into giving up your entire life, everything you know and trust is just gone.   

What I can tell you from personal experience, is that ,it is not an easy place to be and it’s a decision that is not taken lightly.

A lot of thought goes into it, a lot of back and forth thinking about doing the right thing.

What Edward Snowden did, was make the choice to give up his life because he believed that what the NSA was doing, was wrong and he sought only to educate his fellow man about it, not to cause or inflict harm.

When a person has morals they think of others, they gladly give up personal comforts and possessions in order to take care of others.

Edward Snowden gave up his life here at home for all of us.

Our government by default cannot condone what he did, so by default he can’t be pardoned for a very long time, if ever.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

NSA – finally shows us what they are good at

Obama - Putin.jpg

US National Security Agency – Russian Hacking

So this week Obama decided to come down hard on Russia for its penchant for hacking of late. On Thursday, The United States expelled 35 Russian diplomats and closed two Russian compounds in New York and Maryland in response to cyber attacks.

So how could the US have proof of Russian hacking?

u-s-national-security-agency-thecrimeshop

As it turns out, the NSA has tracked Russian hacking before.

The NSA is actually aside from being good at letting classified intel walk out the door with contracted employees, are also quite good at tracking Russian hacks.

They know the tell tail signs of Russian hacking.

They became good at it before the murder of journalist Anna Politkovskaya, she had been gunned down back in 2006 in her Moscow home after having written articles that were rather critical of the Kremlin and Vladimir Putin.

Prior to her murder however, she had been hacked by Russian intelligence who just so happened to be using malicious software. And naturally the NSA discovered that her email had been hacked and they did in fact, trace it back to Russian intelligence at the time.

So, if the US Government says they have proof of Russian hacking, well I am inclined to believe them now that they are backing it up by doing something about it.

But then again, this could all be part of the typical sore loser syndrome the Dems to be suffering of late.

Putin-and-Obama-crimeshop.jpg

This week’s move however comes after many have implored the US Government to either disclose proof of Russian hacking and do something about it or drop it.

In kind, the administration decided to move forward with punishing Russia for the hacks, which started well before 2016 and the campaign…of course.

What makes this interesting is that the public still does not feel that Russian hacking and leaked intel had any sway in terms of who won and who lost the 2016 presidential election and I really think that is only partially true.

With some of the leaks mind’s did change but…the leaks were designed to release intel that informed the public instead of to destroy a Government.

In the end, that actually matters. What matters more however is what information or intel they have that they haven’t leaked yet.

Many are wondering now however if the move wasn’t too late? Is it politically motivated in a way that it will make Trump’s start in office more difficult in terms of a relationship with Putin and Russia?

Will it thwart further attacks? Will it prevent more leaks, or leaks that would threaten national security?

Personally, I doubt that they can leak anything to threaten national security, those leaks typically come from contracted employees of the NSA.

As for Russia and Vladimir Putin, I doubt they will do much until Trump heads into office, all indications are that they very much want a good relationship with the United States, they have simply been awaiting a leader that is more capable of building a trusting relationship with them and other allies.

Either way, it is refreshing to see our Government do more than just give lip service for once. The next round of punishment will be less public I am sure, because in all reality the expulsion of these 35 diplomats is not really a new thing.

Nations do this to each other all of the time, over all sorts of different reasons.

This first move, well that was just for show, give the public something to feed off of more or less.

Everything else will be done way under the table.

As I’ve said before, in the world of spy games and cyber warfare, all’s fair in love and war.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop