University of Maryland University College and National Security Agency | Date: 2016-07-20
Physical superconducting qubits are controlled according to an encoded qubit scheme, where a pair of physical superconducting qubits constitute an encoded qubit that can be controlled without the use of a microwave signal. For example, a quantum computing system has at least one encoded qubit and a controller. Each encoded qubit has a pair of physical superconducting qubits capable of being selectively coupled together. Each physical qubit has a respective tunable frequency. The controller controls a state of each of the pair of physical qubits to perform a quantum computation without using microwave control signals. Rather, the controller uses DC-based voltage or flux pulses.
News Article | April 28, 2017
Americans' emails and texts may soon get a little more private. The US National Security Agency plans to stop gathering Americans' texts and emails with contacts overseas that include mention of a foreigner under surveillance. The government has argued that such surveillance is necessary to find people with links to terrorism and other activities that threaten security. But advocates of privacy and civil liberties have argued that it violates Americans' rights. The collection is part of the NSA's controversial Upstream program, which was first revealed to the public when former NSA contractor Edward Snowden revealed its existence to journalists in 2013. The program is legally sanctioned by Section 702 of the FISA Amendments Act, a bill that's up for renewal this year. Privacy-minded lawmakers are preparing to fight for changes to the program. For now, the program will scoop up a little bit less information on Americans. "After a comprehensive review of mission needs, current technological constraints, United States person privacy interests, and certain difficulties in implementation, NSA has decided to stop some of its activities conducted under Section 702," the NSA said in a statement Friday. According to The New York Times, these "difficulties in implementation" could refer to problems the NSA was having weeding out irrelevant emails from its collections, as required by law. This was logistically difficult to do, because internet service providers tend to "bundle" up communications in chunks of data and send them across the internet together. The NSA's bulk collection of internet communications will continue, and this can include any emails sent by Americans that leave the United States. "While the NSA's policy change will curb some of the most egregious abuses under the statute, it is at best a partial fix," Neema Singh Guliani, legislative counsel with the American Civil Liberties Union, said in a statement. "Congress should take steps to ensure such practices are never resurrected and end policies that permit broad, warrantless surveillance." First published Apr. 28, 2017, 11:46 a.m. PT. Update, 12:25 p.m.: Adds comment from the NSA and background information.
News Article | April 17, 2017
Hot on the heels of the whole WikiLeaks CIA hacking reveal, a new leak has now detailed hacking tools the National Security Agency allegedly use to hack Microsoft's Windows. A mysterious group called "Shadow Brokers" disclosed some Windows hacking tools, purportedly stolen from the NSA, on Friday, April 14. All tools date back at least a few years, but exploit vulnerabilities in several Windows versions to shift across networks and compromise Windows systems. The hacking tools Shadow Brokers dumped online revealed techniques to breach both Windows systems and certain financial networks. Some of those NSA hacking tools were already flagged by antivirus services years ago, but experts think that Shadow Brokers' leak still includes at least some unknown exploits for older Windows versions. Microsoft was quick to respond to Shadow Brokers' reveal, noting that it already went through all of the listed exploits and evaluated them. As expected, the company says that most of those exploits have already been patched. Considering that those hacking tools were a few years old, it's barely surprising to learn they don't really work anymore on newer OS versions. "Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers," the company explains. "Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched." Microsoft's response comes after exaggerated concerns from a number of security researchers. One researcher even went so far as to recommend turning off Windows computers for the weekend. The leak even drew the attention of famous NSA whistleblower Edward Snowden, who said that the NSA didn't warn Microsoft about the exploits. Microsoft itself claims that no organization or individual aside from reporters has contacted the company in regard to the Shadow Brokers' leak. However, as The Verge points out, at least one security researcher believes that the NSA might have told Microsoft about at least some of the bugs. Microsoft typically reveals who reported various security flaws, but one researcher noticed that the company issued patches with the MS17-010 update last month, fixing some of the newly revealed NSA exploits, without noting any source for flaw reports. At the same time, that update marked the first time that Microsoft significantly delayed its Patch Tuesday update because of a "last-minute issue." That update was supposed to roll out in February but didn't hit the scene until March, when it patched some of the NSA exploits disclosed by Shadow Brokers. Coincidence? Maybe, maybe not. Be that as it may, Microsoft has patched most of the flaws detailed in Shadow Hunters' NSA hack leak, so users running Windows 7 or later should have no reason to worry if they've installed all patches from Windows Update. Those still holding a torch for the old Windows XP or Vista, however, might want to consider upgrading at last, as they're still vulnerable to these exploits and many more that remain unpatched since the OS versions are no longer supported. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | March 7, 2017
WikiLeaks published what it claims to be thousands of documents and files that exposes the tools used by the Central Intelligence Agency to hack smartphones, computers, and even internet-connected TVs. The first part of the series of files, which has been named Vault 7, consisted of 8,761 documents and files acquired from an isolated and highly secure network located in the agency's Center for Cyber Intelligence in Virginia. Vault 7 is described by WikiLeaks as "the largest ever publication of confidential documents" from the CIA, and reveals that a wide variety of consumer electronics is vulnerable to hacking attacks by the agency. According to the documents, internet-connected devices and even anti-virus software themselves can be compromised by CIA hacking attacks. Hackers from the agency are capable of recording sounds, images, and text messages of users, even when apps with encryption are utilized. Among the most noteworthy claims made by Vault 7 is that the CIA, through a partnership with agencies both local and foreign, have bypassed the encryption measures used by popular and communication apps such as WhatsApp, Signal, and Telegram. Previously, these apps were thought to be secure ways to send messages to one another without having to worry about the communications being intercepted, whether by the government or otherwise. Many of the hacking tools have been presented at cybersecurity conferences, but what surprised experts is that the CIA had used so many of the theoretical vulnerabilities of modern technology into viable attack tools that target smartphones, computers on both Windows and Mac operating systems, internet routers, and smart TVs. For example, a tool named the Weeping Angel was developed by the CIA to attack Smart TVs manufactured by Samsung. After the hack is implemented, the tool can place the target TV into a "fake-off" mode that would make the user believe that the TV is turned off. However, the TV remains in operation and functions as a bug, making it capable of recording the conversations within the room with the audio files then sent to a covert server of the CIA. The CIA also apparently studied the possibility of breaching the control systems of vehicles, which WikiLeaks claims can be used to carry out assassinations that are almost undetectable. There is also said to be a specialized unit in the agency named the Mobile Development Branch that created malware to be able to steal data from iPhones due to their popularity among "social, political diplomatic and business elites," though popular Android-powered devices were also targeted. The release of Vault 7 by WikiLeaks renewed the public's concerns on the security of the electronic devices that they use. An intelligence source confirmed with The Wall Street Journal that some of the information presented in Vault 7 is authentic. The source added that the disclosure of the CIA's hacking tools will highly jeopardize the ongoing operations of the agency in gathering intelligence, with the revelations to be far more damaging compared to the leaks that former National Security Agency contractor Edward Snowden released in 2013 on the United States government's surveillance programs. The general public, however, should not yet hit the panic button. There is no proof that the hacking tools have actually been used with the permission of the United States government and no evidence that the tools are capable of doing what they are claimed to do. In addition, the cost of these tools is too great for the government to use them on ordinary citizens. WikiLeaks, however, claims that there are more data dumps coming to Vault 7, which should provide a better idea on the reality of the CIA's hacking capabilities. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | April 27, 2017
Requests for Facebook user information from law enforcement agencies around the world increased by 9 percent in the last half of 2016, the company reported Thursday. The figure came as part of Facebook's global government requests report, which it puts out twice a year. In total, law enforcement asked for user information 64,279 times, compared with 59,229 requests from the first half of 2016. The report is part of a larger effort by Facebook and Silicon Valley in general to balance the lawful demands of law enforcement agencies with users' privacy concerns. These concerns became especially inflamed after reports in 2013 that seven tech companies, including Facebook, were giving the US National Security Agency unfettered access to user data -- a characterization all seven companies have denied. "We scrutinize each request for legal sufficiency, no matter which country is making the request, and challenge those that are deficient or overly broad," Facebook general counsel Chris Sonderby wrote Thursday in a blog post about the report. "We do not provide governments with 'back doors' or direct access to people's information." Facebook is often barred from informing users when law enforcement requests their information, so the transparency report gives the fullest picture of how often user information gets passed on to police. Sonderby said about half the requests that came from US law enforcement agencies in the last half of 2016 legally barred Facebook from informing the user of the request. Facebook lost an appeal earlier in April in a lawsuit that sought to challenge the use of a "bulk" search warrant that affected hundreds of accounts.
News Article | April 21, 2017
There it is. Speaking in Israel on Friday, Defense Secretary Jim Mattis confirmed recent press reporting that Syria still possesses chemical weapons, and has been moving its military planes around the country in the wake of the American cruise missile attack on an air base earlier this month. “I can say authoritatively they have retained some, it’s a violation of the United Nations Security Council resolutions and it’s going to have to be taken up diplomatically and they would be ill advised to try to use any again, we made that very clear with our strike,” Mattis said during a press conference with Israeli Defense Minister Avigdor Lieberman. Earlier this week, Israeli officials said that Syria retained round three tons of chemical weapons materials. We on an award tour. On the day Mattis landed in Tel Aviv, Lebanese Hezbollah representatives took reporters on a tour of the southern Lebanese border to point out the defensive measures Israel is taking to shore up the frontier between the two countries. Tensions have increased between the two sides in recent weeks, leading to fears that the fragile peace that has held since 2006 could be broken. Israeli officials say Hezbollah has more than restocked its supply of weapons since the war, and leaders of the Iranian Revolutionary Guards, which supplies Hezbollah, have bragged the group has around 100,000 rockets and missiles at its disposal. “For the first time in the history of this enemy, its doctrine has switched from an offensive to a defensive one,” a Hezbollah military commander said. The tour was coordinated with the Lebanese army. Iran plan. Mattis also confirmed that Iran was keeping up its end of the bargain when it comes to the 2015 deal struck with Washington and other Western allies to curb its nuclear weapons program. “As our secretary of state said about three days ago, Iran appears to the degree we can determine it — we are pretty confident — they appear to be living up to their part of the agreement,” he told reporters. Just hours earlier, President Donald Trump was decidedly more vague when describing Iranian compliance, warning that Iran is not “living up to the spirit of the agreement.” The State Department certified to Congress earlier this week that Iran is honoring the accord, but Trump administration officials have said they’re reviewing the deal. North Korea watch. Both South Korea and China appear to have placed their armed forces on high alert in recent days U.S. officials have told multiple news outlets, ahead of another North Korean military parade and an expected nuclear test. Officials have said they have noticed Chinese bombers and military aircraft being prepared to launch quickly. President Trump swiped at the crisis during a press conference on Thursday, saying “some very unusual moves have been made over the last two or three hours” in North Korea — he didn’t elaborate — but that he was confident Chinese President Xi Jinping would “try very hard” to pressure Pyongyang over its nuclear and missile programs. Gaming out the North. The regime in Pyongyang is “ruthless and reckless, but they’re not crazy,” said William Perry, a former defense secretary under President Bill Clinton. Perry, speaking on a conference call on Thursday, said three generations of family rule by the Kim dynasty in Pyongyang have shared one unifying philosophy: “Keeping the regime in power.” FP’s Robbie Gramer and Paul McLeary have lots more international fallout from the recent war of words between Pyongyang and Washington in a new story here. Freedom isn’t free. The Trump administration has given military commanders far more discretion for conducting their own operations without the approval of the White House, a new way of operating that has won the praise of those commanders, but has led to a few recent SNAFUs. Not only was there a disconnect between the U.S. Pacific Command and Washington over the deployment of the USS Carl Vinson strike group in the far western Pacific recently, but the decision by the U.S. commander in Afghanistan to drop the massive MOAD bomb on Islamic State tunnels has also been questioned by the Pentagon in retrospect, according to the New York Times. “Commanders always want more freedom to act within their own judgment,” said Adm. James A. Winnefeld, a retired vice chairman of the Joint Chiefs of Staff. “Sometimes those same commanders may not sense which of their decisions will bleed over into the strategic level.” Spies add up the numbers. The Foreign Intelligence Surveillance Court, the secretive judicial branch responsible for approving surveillance requests made by the intelligence community, published its first batch of statistics from 2016 — a requirement since reformers passed the USA Freedom Act. In 2016, the court received 1,752 applications, 1,378 of which were approved immediately. Of the remaining requests, 339 were modified, 26 partially denied, and 9 denied in full, which were more rejections than any other previous year. The reporting comes after disclosures made by former NSA contractor Edward Snowden, who described the court as a “rubber stamp” that approved nearly every request without question. Since then, Congress passed the USA Freedom Act, requiring more information about the court’s annual activities. — Jenna McLaughlin Welcome to SitRep. Send any tips, thoughts or national security events to email@example.com or via Twitter: @paulmcleary or @arawnsley. France attack. A gunman shot and wounded two policemen in an attack at the Champs Elysee in Paris on Thursday in an apparent terrorist attack. Police shot and killed the man as he tried to escape on foot and at least one suspected associate of the attacker has turned himself into authorities in Belgium. The man had previously been imprisoned in over a decade ago for a similar attack on police, according to the BBC. The Islamic State has since claimed the man as one of its “fighters.” Syria. Russia has suffered one of its highest-ranking casualties yet in Syria, losing a marine major in an artillery attack on a Russian base. Reuters reports that Major Sergei Bordov, who had previously commanded a reconnaissance unit, was killed in an attack that took place on Tuesday. Russia claims it has lost around 30 troops in the fighting in Syria but reporting indicates the death toll is much higher than the official tally. Carrier fallout. The Trump administration’s misleading claim about an aircraft carrier heading to Korean Peninsula has cost it some goodwill and trust among South Korean allies, according to the New York Times. Trump had claimed that an “armada” was steaming towards Korea earlier in the week but it was soon revealed that the USS Carl Vinson aircraft carrier was actually in the Indian Ocean and headed south, away from Korea. Coming amidst heightened tensions with the North and a presidential election campaign, South Korean media and defense experts have slammed the U.S. for the apparent misdirection, characterizing it as a reckless bluff and an embarrassing blunder. WikiLeaks. The U.S. Justice Department is preparing to seek the arrest of WikiLeaks founder Julian Assange, according to a scoop from CNN. Prosecutors reportedly believe that Assange played a role in helping National Security Agency contractor leak a massive cache of top secret documents stolen from the agency. Assange had previously been a supporter of President Trump’s campaign, championing him against Hillary Clinton and publishing hacked emails from the Clinton campaign on the WikiLeaks website. But despite praise from Trump himself during the campaign, the Trump administration has since changed its tune, with CIA Director Mike Pompeo labeling it “a non-state hostile intelligence service” in a speech earlier this week. Gulf. Anonymous officials tell Reuters that the U.S. is willing to step up arms sales to help the Saudi-led coalition in its war in Yemen, but only if members agree to take additional steps to prevent civilian casualties. A group of Democratic lawmakers in Congress has pushed back hard against the sale of additional munitions to Saudi Arabia, citing the high cost to civilians of its air war in Yemen, with over 4,800 civilians killed in the conflict so far. The Trump administration is hoping that adding a conditionality for the protection of civilians will help it pass the sale of $390 million worth of munition guidance kits through Congress. Bomb damage assessment. How many people were killed in the much-talked about use of the “mother of all bombs” in Afghanistan? SecDef Jim Mattis told reporters Friday that “frankly, digging into tunnels to count dead bodies is probably not a good use of our troops.” Mattis said he’s not that interested in the enemy body count, dismissing the metric as a misguided relic of the Vietnam War. Earlier in the week, Afghanistan’s TOLO News reported that 96 people had been killed in the bombing of the Islamic State in Afghanistan, with the majority of casualties coming from the Pakistani Taliban alongside 13 Islamic State commanders. Spending. The Trump administration’s defense spending will not live up to President Trump’s rhetoric about a massive buildup of the military, according to private conversations between Secretary of Defense Mattis and Congress. CNN reports that Mattis told lawmakers that next year’s budget won’t cover any of the big ticket items Trump has called for, including a 350 ship Navy, more fighter jets, and increased end-strength across the services. Mattis has reportedly pushed President Trump for more funding along the lines proposed by defense hawks like Sen. John McCain (R-AZ), but lost the argument to fiscal hawk and White House Budget Director Mick Mulvaney.
News Article | April 29, 2017
U.S. President Donald Trump delivers remarks at the National Rifle Association (NRA) Leadership Forum at the Georgia World Congress Center in Atlanta, Georgia, U.S., April 28, 2017. REUTERS/Jonathan Ernst (Reuters) - Highlights for U.S. President Donald Trump's administration on Friday: The Trump administration could respond to North Korea's latest failed missile test by speeding plans for new U.S. sanctions against Pyongyang, including possible measures against specific North Korean and Chinese entities, a U.S. official says. Secretary of State Rex Tillerson warns failure to curb North Korea's nuclear and missile development could lead to "catastrophic consequences" while China and Russia rebuke Washington for its threat of force. Trump signs a bill approved by the Republican-led Congress to avert a U.S. government shutdown and give lawmakers another week to work out federal spending through Sept. 30, with tricky issues like defense spending still unresolved. Trump pledges to uphold Americans' right to possess guns in a speech that he uses to revisit some 2016 election campaign themes from his vow to build a border wall to dismissing Democratic Senator Elizabeth Warren as "Pocahontas." Trump tells Reuters he will either renegotiate or terminate what he calls a "horrible" free trade deal with South Korea and says Seoul should pay for a U.S. anti-missile system he prices at $1 billion. A 5-year-old U.S.-South Korean trade deal could be improved to increase access for American vehicles and deter currency manipulation but changes will not necessarily shrink the U.S. trade deficit with the Asian export powerhouse. Lawmakers, lobbyists and interest groups are making a final push in their fight over regulations enacted during former President Barack Obama's last months in office, with the financial services industry working hard to kill a rule on retirement plans run by states. Trump signs an executive order to extend offshore oil and gas drilling to areas that have been off limits -- a move meant to boost domestic production but that could fall flat due to weak industry demand for the acreage. A U.S. appeals court grants a Trump administration request to put on hold a legal challenge by industry and a group of states to Obama administration regulations aimed at curbing greenhouse emissions mainly from coal-fired power plants, rules Trump is moving to undo. In an unexpected triumph for privacy advocates, the U.S. National Security Agency says it has stopped a form of surveillance that allowed warrant-less collection of the digital communications of Americans who mentioned a foreign intelligence target in their messages.
News Article | April 21, 2017
Two basic types of encryption schemes are used on the internet today. One, known as symmetric-key cryptography, follows the same pattern that people have been using to send secret messages for thousands of years. If Alice wants to send Bob a secret message, they start by getting together somewhere they can't be overheard and agree on a secret key; later, when they are separated, they can use this key to send messages that Eve the eavesdropper can't understand even if she overhears them. This is the sort of encryption used when you set up an online account with your neighborhood bank; you and your bank already know private information about each other, and use that information to set up a secret password to protect your messages. The second scheme is called public-key cryptography, and it was invented only in the 1970s. As the name suggests, these are systems where Alice and Bob agree on their key, or part of it, by exchanging only public information. This is incredibly useful in modern electronic commerce: if you want to send your credit card number safely over the internet to Amazon, for instance, you don't want to have to drive to their headquarters to have a secret meeting first. Public-key systems rely on the fact that some mathematical processes seem to be easy to do, but difficult to undo. For example, for Alice to take two large whole numbers and multiply them is relatively easy; for Eve to take the result and recover the original numbers seems much harder. Now cryptographers think that a new kind of computer based on quantum physics could make public-key cryptography insecure. Public-key cryptography was invented by researchers at the Government Communications Headquarters (GCHQ)— the British equivalent (more or less) of the US National Security Agency (NSA)—who wanted to protect communications between a large number of people in a security organization. Their work was classified, and the British government neither used it nor allowed it to be released to the public. The idea of electronic commerce apparently never occurred to them. A few years later, academic researchers at Stanford and MIT rediscovered public-key systems. This time they were thinking about the benefits that widespread cryptography could bring to everyday people, not least the ability to do business over computers. Now cryptographers think that a new kind of computer based on quantum physics could make public-key cryptography insecure. Bits in a normal computer are either 0 or 1. Quantum physics allows bits to be in a superposition of 0 and 1, in the same way that Schrödinger's cat can be in a superposition of alive and dead states. This sometimes lets quantum computers explore possibilities more quickly than normal computers. While no one has yet built a quantum computer capable of solving problems of nontrivial size (unless they kept it secret), over the past 20 years, researchers have started figuring out how to write programs for such computers and predict that, once built, quantum computers will quickly solve 'hidden subgroup problems'. Since all public-key systems currently rely on variations of these problems, they could, in theory, be broken by a quantum computer. Cryptographers aren't just giving up, however. They're exploring replacements for the current systems, in two principal ways. One deploys quantum-resistant ciphers, which are ways to encrypt messages using current computers but without involving hidden subgroup problems. Thus they seem to be safe against code-breakers using quantum computers. The other idea is to make truly quantum ciphers. These would 'fight quantum with quantum', using the same quantum physics that could allow us to build quantum computers to protect against quantum-computational attacks. Progress is being made in both areas, but both require more research, which is currently being done at universities and other institutions around the world. Yet some government agencies still want to restrict or control research into cryptographic security. They argue that if everyone in the world has strong cryptography, then terrorists, kidnappers and child pornographers will be able to make plans that law enforcement and national security personnel can't penetrate. But that's not really true. What is true is that pretty much anyone can get hold of software that, when used properly, is secure against any publicly known attacks. The key here is 'when used properly'. In reality, hardly any system is always used properly. And when terrorists or criminals use a system incorrectly even once, that can allow an experienced codebreaker working for the government to read all the messages sent with that system. Law enforcement and national security personnel can put those messages together with information gathered in other ways—surveillance, confidential informants, analysis of metadata and transmission characteristics, etc.— and still have a potent tool against wrongdoers. In his essay 'A Few Words on Secret Writing' (1841), Edgar Allan Poe wrote: '[I]t may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve.' In theory, he has been proven wrong: when executed properly under the proper conditions, techniques such as quantum cryptography are secure against any possible attack by Eve. In real-life situations, however, Poe was undoubtedly right. Every time an 'unbreakable' system has been put into actual use, some sort of unexpected mischance eventually has given Eve an opportunity to break it. Conversely, whenever it has seemed that Eve has irretrievably gained the upper hand, Alice and Bob have found a clever way to get back in the game. I am convinced of one thing: if society does not give 'human ingenuity' as much room to flourish as we can manage, we will all be poorer for it. This article was originally published at Aeon and has been republished under Creative Commons.
News Article | April 17, 2017
Microsoft says users are protected from alleged NSA malware (AP) — Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet . In a blog post , Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code . The three others affected old, unsupported products. "Most of the exploits are already patched," Misner said. The post knocked back warnings from some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsoft's code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company's massive customer base. Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsoft's fixes, also called a patch, was only released last month . "I missed the patch," said British security architect Kevin Beaumont, jokingly adding, "I'm thinking about going to live in the woods now." Beaumont wasn't alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning "many servers will still be affected by these flaws." Everyone involved recommended keeping up with software updates. "We encourage customers to ensure their computers are up-to-date," Misner said.
Agency: NSF | Branch: Interagency Agreement | Program: | Phase: FED CYBER SERV: SCHLAR FOR SER | Award Amount: 2.50M | Year: 2016