Make ready your tinfoil hat

NSA chief General Keith Alexander spoke in front of the House Armed Services subcommittee on Emerging Threats and Capabilities on Tuesday, 20Mar12.  Georgia Democratic Congressman Hank Johnson asked Alexander if the NSA could hunt down every email bashing Dick Cheney, and Alexander testified, "No.  The "NSA does not have the ability to do that in the United States."  He added, “We don’t have the technical insights in the United States. In other words, you have to have some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We’re not authorized to do that, nor do we have the equipment in the United States to collect that kind of information.” 

According to a Wired article, this contradicts James Bamford’s story, The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say), as well as stories from The New York Times, the Los Angeles Times, and USA Today, which collectively described the NSA’s post-9/11 foray into wiretapping the nation’s telecommunication’s infrastructure to spy on Americans without getting warrants.

James Bamford said, in his recent op-ed, Post-9/11, NSA 'enemies' include us ~ “somewhere between Sept. 11 and today, the enemy morphed from a handful of terrorists to the American population at large, leaving us nowhere to run and no place to hide.”

Make ready your tinfoil hat, because total information awareness may be here now.

Cyber Investigators 1, Russian hackers -8

According to the Computerworld article listed here, eight hackers were investigated and arrested Monday, 19Mar12 by the Russian Federal Security Service (FSB), based on a joint investigation by the FSB, Group IB and and the Ministry of the Interior (MVD) of Russia.  Group IB is the first Russian company providing comprehensive investigation of IT security incidents and breaches of information security.

The hackers stole $4.5 million in the last quarter alone. They used the Caberb Trojan, which utilized various vulnerabilities to access victim machines. The Trojan then used a man-in-the-middle attack to detect passwords and logins credentials.  Rdpdor malware was used to establish a RDP, to see exactly what the victim's were doing or to take over their machines.  It sounds so simple!

The hackers completed fraudulent transactions using the stolen credentials and sent the money to their own special account.  It appears the entire hacking group was caught.  The investigation took about 1.5 years to complete.

Check out Group IB's website  at http://group-ib.com/news_2012_03_20.html.

Way to go, cyber guys!