Monday, May 15, 2017

Shadow Broker Bull$h**

Sorry for the theme lately, but it's what I'm wading through at the present time:

"Hackers hit dozens of nations, exploiting stolen NSA tool" by Dan Bilefsky New York Times   May 12, 2017

LONDON — Hackers exploiting data stolen from the US government conducted extensive cyberattacks on Friday that hit dozens of countries around the world, severely disrupting Britain’s public health system and causing havoc in tens of thousands of computers elsewhere.

Hospitals in Britain appeared to be the most severely affected by the attacks, which aimed to blackmail computer users by seizing their data. The attacks blocked doctors’ access to patient files and forced emergency rooms to divert people seeking urgent care.

Corporate computer systems in many other countries — including FedEx of the United States, one of the world’s leading international shippers — were among those affected.

Kaspersky Lab, a Russian cybersecurity firm, said it had recorded at least 45,000 attacks in as many as 74 countries.

The New York Times turned to them for expert analysis?

Related: Apple iPatch

He ought to sue for defamation.

It was not clear who was behind the attacks, but the acts deeply alarmed cybersecurity experts and underscored the enormous vulnerabilities to Internet invasions faced by disjointed networks of computer systems around the world.

IoT in jeopardy?

“When people ask what keeps you up at night, it’s this,” said Chris Camacho, chief strategy officer at Flashpoint, a New York security firm tracking the attacks.

The attacks were reminiscent of those that took down dozens of websites in October, including Twitter, Spotify, and PayPal, byt exploiting devices linked to the Internet, including printers and baby monitors.

That must have been the Dyn Inc attack which exposed deep security flaws in all sorts of ways that you can now see. It's kind of a hobby now.

The hacking tool used Friday was ransomware, a kind of malware that encrypts data, locks out the user and demands a ransom to release it. Security experts say the tool exploited a vulnerability in Microsoft systems that was discovered and developed by the National Security Agency of the United States.

Developed by who again?

The tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen NSA hacking tools online since last year.

Microsoft rolled out a patch for the vulnerability in March, but hackers apparently took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems or had ignored advisories from Microsoft to do so.

The malware was circulated by e-mail. Targets were sent an encrypted file that, once loaded, allowed the ransomware to infiltrate its targets.

I check delete all and never look anymore.

Reuters reported that employees of Britain’s National Health Service had been warned about the ransomware threat earlier Friday.

But by then it was already too late. As the disruptions rippled through at least 36 hospitals, doctors’ offices and ambulance companies across Britain on Friday, the health service declared the attack a “major incident.”

Britain’s health secretary, Jeremy Hunt, was briefed by cybersecurity experts. Prime Minister Theresa said on television that “we’re not aware of any evidence that patient data has been compromised.”

Among the many affected institutions were hospitals and telecommunications companies across Europe and Asia, according to MalwareHunterTeam, a security firm that tracks ransomware attacks. Spain’s Telef√≥nica and Russia’s MegaFon were among the largest of the businesses targeted.

We will get to Spain and Russia below.

Other countries where attacks were reported included Japan, the Philippines, Turkey, and Vietnam. The computers all appeared to be hit with the same ransomware and similar messages demanding about $300 to unlock their data.

Camacho noted that security detection technology could not easily catch the ransomware attacks because the attackers encrypted the malicious file in e-mail attachments. Security experts advised companies to immediately update their systems with the Microsoft patch.

Then why are taxpayers and businesses shelling out billions for the stuff?


"Security experts scramble to contain cyberattacks’ fallout" by Mark Scott New York Times  May 13, 2017

Governments, companies, and security experts from China to the United Kingdom raced Saturday to contain the fallout from an audacious cyberattack that spread quickly across the globe, raising fears that people would not be able to meet ransom demands before their data files are destroyed.

The global efforts come less than a day after malicious software, transmitted via e-mail and stolen from the National Security Agency, exposed vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record.

In addition to the NSA command, the Pentagon also has a hacking unit.

The cyberattackers took over the computers, encrypted the information on them, and then demanded payment of $300 or more from users to unlock the devices. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx in the United States, and Britain’s National Health Service.

Why $300? Wouldn't they have demanded more from so many wealthy institutions and entities? This some kind of te$t run for something bigger?

As people fretted over whether to pay the digital ransom or lose data from their computers, experts said the attackers might pocket more than $1 billion worldwide before the deadline ran out to unlock the machines.

So far they have snagged 26K.

The coordinated attack was first reported in the United Kingdom and spread globally. It has set off fears that the effects of the continuing threat will be felt for months, if not years. It also raised questions about the intentions of the hackers: Did they carry out the attack for mere financial gain or for other unknown reasons?

Well, that will certainly create an ongoing concern and market for all the $ecurity $oftware firms. 


While most cyberattacks are inherently global, the current one, experts say, is more virulent than most. Security firms said the attacks had spread to all corners of the globe, with Russia hit the worst, followed by Ukraine, India, and Taiwan, said Kaspersky Lab, a Russian cybersecurity firm.

The attack is believed to be the first in which such a cyberweapon developed by the NSA has been used by cybercriminals against computer users around the globe.

Yeah, and look who was hit hardest. I think what we have stumbled upon here is basically an alliance between the Deep State and Jewish mafia. It's the only explanation that makes sense if you are wondering who could be behind this? The fact that their pre$$ mouthpieces are pushing the murky and mysterious Shadow Brokers only adds to the suspicion.

While US companies like FedEx said they had been hit, experts said computer users in the United States had been less affected than others after a British cybersecurity researcher inadvertently stopped the ransomware attack from spreading more widely. 

I rest my case, and what is this about the British kid?

As part of the digital attack, the hackers, who have yet to be identified, had included a way of disabling the malware in case they wanted to shut down their activities. To do so, the assailants included code in the ransomware that would stop it from spreading if the virus sent an online request to a website created by the attackers.

I have, but I doubt this will ever be solved -- like most of the hacks that occur. They fall down the memory hole, but still go shopping at Target.

This kill switch would stop the malware from spreading as soon as the website went online and communicated with the spreading digital virus.

Looking more and more like some government or state creation, complete with self-destruct button. It's the opposite of the trapdoors on your devices, readers.

When the 22-year-old British researcher saw that the kill switch’s domain name — a long and complicated set of letters — had yet to be registered, he bought it himself. By making the site go live, the researcher shut down the hacking attack before it could fully spread to the United States.


Related: "So, a single 22-year old was able to do what the NSA, CIA, FBI, etc. could NOR do?!? Does that mean the NSA, CIA, FBI, etc. are hopelessly inept? Or is WannaCry part of an operation to cripple the internet ahead of some grand was escalation? Or were NSA, CIA, FBI, etc. just stealing some party cash for themselves? Or all of the above?" -- whatreallyhappened

I go with the last choice there.

“The kill switch is why the US hasn’t been touched so far,” said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.”

As the fallout from the attack continued, industry officials said law enforcement would find it difficult to catch the ringleaders, mostly because such cyberattacks are borderless crimes in which the attackers hide behind complex technologies that mask their identities. At the same time, national legal systems were not created to handle such global crimes.


That means all the data collection by the Five Eyes and beyond, all the spying by governments, all the data scooping by telecoms, all of it is worthless. 

Brian Lord, a former deputy director for intelligence and cyberoperations at Government Communications Headquarters, Britain’s equivalent to the NSA, said that any investigation, which would include the FBI and the National Crime Agency of Britain, would take months to identify the attackers, if it ever does....


I wouldn't be holding my breath waiting if I were you.


"Local firms fend off ransomware" by Hiawatha Bray Globe Staff  May 13, 2017

The hackers have demanded that ransom be paid using Bitcoin, a digital currency. Bitcoin transactions are anonymous, but they are publicly displayed, so it’s possible to track money going to the three Bitcoin account numbers provided by the criminals.


Relatively few of the victims have been based in the United States. Kurt Baumgartner, principal security researcher at Kaspersky Lab, a Russian cybersecurity firm with US headquarters in Woburn, noted that Microsoft Corp. issued a security patch in March that protects computers against WannaCry and similar attacks. He speculated that US companies and government agencies were quicker to install the patch than those in other countries.

Yuh-huh, and why does my pre$$ keep going back to experts the U.S. intelligence community said they wouldn't use or trust in sworn testimony to Congre$$?

However, the rapid spread of WannaCry was made possible by hacking tools developed by the US National Security Agency and leaked to the public by a mysterious group called the “Shadow Brokers.”


Baumgartner noted that the group has leaked other tools that could be used by cybercriminals.

“There is a lot of code in that dump,” he said. “We don’t know what we’re going to see from this in the future. . . . This could be an ongoing type of issue.”

I'll be getting into codes a little later.


Also seeCyberattack impact could worsen in ‘second wave’ of ransomware

Trump has ordered a search for who is responsible, and it then occurred to me to ask cui bono?


List of suspects:

"WikiLeaks reveals CIA files describing hacking tools" by Greg Miller and Ellen Nakashima Washington Post  March 07, 2017

WASHINGTON — A vast portion of the CIA’s computer hacking arsenal appeared to have been exposed Tuesday by the antisecrecy organization WikiLeaks, which posted thousands of files revealing secret cyber tools used by the agency to convert cellphones, televisions, and other ordinary devices into implements of espionage.

Oh, that is comforting.

The trove appeared to lay bare the design and capabilities of some of the US intelligence community’s most closely guarded cyber weapons, a breach that will probably cause immediate damage to the CIA’s efforts to gather intelligence overseas and place new strain on the US government’s relationship with Silicon Valley giants including Apple and Google.

Silicon Valley is CIA.

WikiLeaks, which claimed to have gotten the files from a former CIA contractor, touted the trove as comparable in scale and significance to the collection of National Security Agency documents exposed by former US intelligence contractor Edward Snowden.

But while the Snowden files revealed massive surveillance programs that gathered data on millions of Americans, the CIA documents posted so far by WikiLeaks appear mainly to unmask hacking methods that many experts already assumed the agency had developed.

What, nothing to see here?

US intelligence officials and experts said that details contained in the documents suggest that they are legitimate, although that could not be independently verified, raising new worries about the US government’s ability to safeguard its secrets in an era of cascading leaks of classified data.

They are the ones that left the holes and vulnerabilities in the software, so WTF?

The files mention pieces of malware with names like ‘‘Assassin’’ and ‘‘Medusa’’ that seem drawn from a spy film, describing tools that the CIA uses to steal data from iPhones, seize control of Microsoft-powered computers, or even make Internet-connected Samsung television sets secretly function as microphones.

The release of so many sensitive files appeared to catch the CIA, White House, and other government entities off-guard. A CIA spokesman would say only that ‘‘we do not comment on the authenticity of purported intelligence documents.’’

In a statement, WikiLeaks indicated that the initial stockpile it put online was part of a broader collection of nearly 9,000 files that would be posted over time describing code developed in secret by the CIA to steal data. WikiLeaks said it redacted lists of CIA surveillance targets, though it said they included targets and machines in Latin America, Europe, and the United States.

I'm sure the rest of the world will like knowing that. 

So the U.S. and Obama administration never quit spying on other world leaders after Snowden and 2013, huh?

The release was described by security experts and former US intelligence officials as a huge loss to the CIA. ‘‘It looks like really the backbone of their network exploitation kit,’’ said a former hacker who worked for the National Security Agency and, like others, spoke on the condition of anonymity, citing the sensitivity of the subject.

The breach could undermine the CIA’s ability to carry out key parts of its mission, from targeting the Islamic State and other terrorist networks to penetrating the computer defenses of sophisticated cyber adversaries including Russia, China, and Iran, former officials and tech specialists said.

‘‘Any exposure of these tools is going to cause grave if not irreparable damage to the ability of our intelligence agencies to conduct our mission,’’ a former senior US intelligence official said.

What mission would that be anyway? Fomenting wars, coups, and rebellions?

If legitimate, the release represents the latest major breach of sensitive US government data to be put on global display in humiliating fashion by WikiLeaks, which came to prominence in 2010 with the exposure of thousands of classified US diplomatic cables and military files. WikiLeaks founder Julian Assange has engaged in an escalating feud with the United States while taking refuge at the Ecuadoran Embassy in London from Swedish sexual assault allegations.

More on Assange below, but Wikileaks was already being touted by the ma$$ media as a whistleblower stop before they even went online. It honey pot, and Bradley Manning fell right into the trap. And what were their first releases? Iran working on a bomb and Pakistan's ISI supporting terrorists. Tells you jwho is at the bottom of the goo there, too.

WikiLeaks’s latest assault on US secrets may pose an early, potentially awkward security issue for President Trump, who has repeatedly praised WikiLeaks and disparaged the CIA.

Look at that, it's now an "assault" on the CIA.

Trump declared ‘‘I love WikiLeaks’’ last October during a campaign rally when he read from a trove of stolen e-mails about his Democratic opponent, Hillary Clinton, that had been posted to the organization’s website.

Oh, he's reversed himself on that, too.

White House press secretary Sean Spicer declined to comment when asked about the CIA breach Tuesday.

Rumors are he is on the way out.

WikiLeaks indicated that it obtained the files from a current or former CIA contractor, saying that ‘‘the archive appears to have been circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.’’

But the counterintelligence investigation underway at the CIA is also likely to search for clues to whether Russia had any role in the theft of the agency’s digital arsenal. US intelligence officials allege that WikiLeaks has ties to Russian intelligence services. The website posted thousands of e-mails stolen from Democratic Party computer networks during the 2016 presidential campaign, files that US intelligence agencies concluded were obtained and turned over to WikiLeaks as part of a cyber campaign orchestrated by the Kremlin.

Not only is that a laugher, but have you noticed that the whole tone of the article shifted about a third of the way in from the CIA hacking tools to poor CIA, what are they going to do. 

I suppose they don't call the Washington Post the CIA's newspaper for nothing.

Experts said the files appeared to be authentic in part because they refer to code names and capabilities known to have been developed by the CIA’s cyber branch.

They referred to codes, 'eh? 

See: WikiLeaks Reveals "Marble": Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic...

So in other words, whatever code they claim to find could be frame job by the CIA.

That now has to be the default position regarding any hack job these days.


RelatedWikiLeaks claims Samsung TVs enable surveillance

The CIA worked with U.K. intelligence officials to turn microphones in TVs into listening devices.

"If the CIA can compromise our gadgets, can’t others do the same?" by Hiawatha Bray Globe Staff  March 08, 2017

Oh great. Now I have to worry the Central Intelligence Agency is spying on me through my Samsung television set, intercepting my text messages, and using the phone’s camera to secretly photograph me.

Not likely, but all too possible. According to the shocking data dump on Tuesday by the radical anti-secrecy organization WikiLeaks, the agency could infiltrate billions of devices worldwide. And here’s a bigger worry: If the CIA can compromise our gadgets, any reasonably bright foreign spy, cyber-crook, or terrorist will eventually be able to do the same. The WikiLeaks report suggests the CIA is doing nothing to prevent this — on purpose.

The CIA has declined to comment. But according to the WikiLeaks dump, the agency has collected dozens of “zero-day exploits.” These are security flaws in software operating programs such as Apple iOS, Android, and Microsoft Windows that let an intruder illicity seize control of a digital device. “Zero-day” is tech-speak for a flaw that no one else knows about. Spies love zero-days because they can infiltrate a system for days, weeks, or months before being detected.

WikiLeaks claims the CIA, in cooperation with the United Kingdom’s spy agency MI5, developed an attack that secretly activates the microphone on Samsung Corp.’s smart TV sets, allowing agents to remotely record conversations in hotel suites or conference rooms.

Other zero-day bugs allow spies to intercept text messages and voice calls sent on Apple or Android phones. These exploits represent extraordinary work by brilliant engineers, and frankly, it makes me proud to be an American. But it also poses a nasty problem. The same bugs that make these exploits possible could eventually be uncovered by America’s enemies, or even by common criminals.

Shouldn’t the intelligence community protect us by reporting the problems to the software makers?

“It’s a real conundrum,” said Stuart Madnick, cybersecurity expert and professor at the MIT Sloan School of Management. “Currently, the mission of the CIA and the NSA is to be spies,” not to help secure domestic data networks, Madnick said....

What do you think they were doing by hacking? Looks to me like they were carrying out their mission.


So who does he turn to for help and protection?

"Is it time to lay down the law about cybersecurity?" by Hiawatha Bray Globe Staff  November 02, 2016

Who’s up for government regulation of the Internet? Yes, my skin is crawling at the thought, just like yours.

Still, some kind of government action seems inevitable. Online vandals, thieves, and spies are running wild on the global network. Tougher, smarter laws may offer our only hope of fending them off.

What if.... they are also the criminals, for whatever $elf-$erving purpose? What then?

But what kind of laws?

Whatever we do, we’d better do it fast.

In recent months, we’ve seen hackers, probably working at the behest of Russia, interfering with the presidential election by publishing stolen e-mail messages and attacking voter registration databases. Some of the Internet’s most popular sites, like Twitter and Spotify, were inaccessible to millions of users during a major cyber attack less than two weeks ago. It’s possible that vandals could launch another such assault Tuesday, causing panic and outrage as millions of us head to the polls.

Yeah, keep repeating the lie.

Those latest attacks were launched by hackers who infiltrated security cameras, video recorders, and other common gadgets that were hooked up to the Internet and used them as launch pads. Millions more such devices are being added to the sprawling network called the Internet of Things, and many won’t have basic cyber protections that could prevent attacks.

And don’t expect the free market to fix the problem. Securing IoT gadgets costs lots of money but generates little revenue, so there’s no incentive to make the devices safer.

Except for the most effective incentives known to man: pain and fear, the kind best delivered by government.


Is there really any point in reading the rest?

You don’t want the standards set by Washington — that would take forever. Besides, most devices are made abroad, so this would require worldwide compliance. Luckily, there’s an alphabet soup of global organizations, such as the Institute of Electrical and Electronics Engineers and UL, that can handle the heavy lifting. The government need only choose which standards to enforce — a challenging job, still, but manageable.


On the downside, Corey Thomas, chief executive of the Boston data security firm Rapid7, told me that device regulation would mean fewer innovative gadgets from low-budget startups that can’t afford to meet the standards. This would help cement the dominance of giant tech companies that could easily afford to comply, like the networking titan Cisco Systems Inc. Fair point, but it’s a price we may have to pay.

With Rapid7 and the ilk reaping the rewards.

Besides, since the United States is one of the world’s biggest markets for digital gear, manufacturers would probably apply American standards to all of their products. So better US regulation is likely to mean better network security for the rest of the world, too.

If locking down our devices doesn’t fix the problem, we may have to redesign the Internet itself. For instance, a consortium of Internet engineers has developed software standards that would make it much harder for bad guys to launch attacks like the one that recently crippled Twitter. Some American Internet providers have adopted it; others have not. Perhaps the tougher standard should be mandatory.

Or shut it down, right?

I don’t much care for Internet regulation. But I’m hoping the mere suggestion of it throws a scare into some very smart engineers who will devise a far less intrusive way to protect us from Internet attacks. Otherwise, our security woes will become so severe that we’ll demand help from anyone, even Uncle Sam....

And things like that can kill the market for all the new gadgets coming out.


This is the same guy who isn't worried about Alexa listening in (apparently the public is) or the government watching every cent you spend. And now he is worried about data leaks?

What do they think we are smoking out here (too bad they mostly deal in cash. Another reason they are trying to do away with that, too)?

"WikiLeaks pledges to release software code of CIA hacking tools to tech firms" by Ellen Nakashima, Elizabeth Dwoskin and Devlin Barrett Washington Post  March 10, 2017

WASHINGTON — WikiLeaks founder Julian Assange’s remarks come two days after the radical transparency site put up a cache of files describing secret CIA hacking techniques and tools aimed at, for example, seizing control of iPhones and Google’s Android phones, turning some Samsung television sets into bugging devices, and getting data from devices not connected to the Internet. The release stopped short of releasing the code itself.

The CIA continues to have no comment on the authenticity of the documents released, which WikiLeaks said is the first tranche of more to come. Independent experts have said the files appear to describe authentic ‘‘exploits,’’ or tools that hackers can use to penetrate a device, but many of them are dated and appear to have already been patched by tech firms. And researchers said they have been long aware of a number of the techniques. 

And we are just being told now thanks to a Wikileaks; otherwise, you wouldn't have a clue.

A CIA spokesman, Jonathan Liu, suggested that WikiLeaks’ pronouncements of the scale and impact of its Tuesday ‘‘Vault 7’’ release are exaggerated. ‘‘As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity,’’ Liu said. ‘‘Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states, and other adversaries.’’ 

Since when do they comment, and if you look at it closely, it is a non-denial denial.

US laws and policies bar the CIA from conducting electronic surveillance of individuals on US soil. ‘‘And CIA does not do so,’’ Liu said.

Remember, they are trained to lie.

Within the CIA, officials were aware before the WikiLeaks release of a loss of sensitive data, according to people familiar with the matter. The CIA’s internal security personnel, who apparently had not told the FBI, were pursuing the matter, but the scope and severity of the problem was unclear until WikiLeaks posted online the roughly 9,000 documents on Tuesday, these individuals said.

Those 9,000 documents are only 1% of the stuff.

An immediate challenge for FBI investigators hunting for a possible mole is to pare down a list of suspects from the pool of people who had access to the information leaked — a challenging task, given that hundreds and potentially thousands of people had access to the data.

Obama's wiretaps? Gonna get 'em all and the antiTrump treasonists.

After Assange’s news conference Thursday, tech companies questioned whether Assange was attempting to further drive a wedge between the technology industry and the US government.

Some national security experts wondered why WikiLeaks had not already shared the software flaws.


‘‘If WikiLeaks were really concerned about user security, they could’ve handed these vulnerabilities over to vendors immediately upon receiving this archive,’’ said Adam Klein, a senior fellow at the Center for a New American Security and an expert on national security and digital surveillance. ‘‘But we know they’ve had it for some time and haven’t done so.’’

Unbelievable spin.

And Alex Rice, chief executive of HackerOne, the startup that enlists hackers to share security flaws with tech companies for a profit, said, ‘‘This is a critical step that WikiLeaks should have taken immediately upon receipt of such information.’’

But others praised WikiLeaks’s vow to share data with tech companies. ‘‘It’s incredibly good news’’ for personal cyber security, said Nathan White, senior legislative manager for Access Now, a digital rights group. He noted how WikiLeaks also stands to gain from the move, since it has been criticized for publishing information without vetting it for privacy and security in the past.

Apple declined to comment on Assange’s statements. The company said earlier this week that ‘‘many’’ of the vulnerabilities identified in the WikiLeaks documents had already been patched, and encouraged customers to download the most recent security update. Roughly 80 percent of customers using Apple’s iOS software have downloaded the latest update, the company said.

Complete with NSA trapdoor?

Google declined to comment.

The CIA dismissed any suggestion that WikiLeaks’ release served the interests of privacy and security.

‘‘The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,’’ Liu said. ‘‘Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.’’

Which is what they were doing with the same tools, but you know.

Senator Ben Sasse, a Nebraska Republican and a Judiciary Committee member, on Thursday sent a letter to Attorney General Jeff Sessions on the issue. He asked if the Justice Department believed that Assange broke the law by releasing the CIA materials. Sasse said he looked forward to a ‘‘prompt response.’’

Obama wiretaps, CIA hack and frame Marble? 

Nothing, nothing, nothing.


I'm told Assange is "attempting to position himself as a defender of cyber security and probably further antagonizing the intelligence community."


"WikiLeaks has published damaging and confidential information from the United States and many other governments. Before last week’s presidential election, WikiLeaks distributed hacked e-mails from the Democratic National Committee, while Assange has excoriated Hillary Clinton, the Democratic nominee. No formal charges have been filed against Assange, a 45-year-old native of Australia. He denies the rape accusation, originally made in 2010, but has refused to go to Sweden to face questioning because he says he fears he would then be extradited to the United States. Swedish officials say those fears are ungrounded...."

Yeah, thanks for "giving us" Trump -- who is preparing an arrest warrant for you (did you notice they never received anything regarding his taxes? Must be because casinos are money-laundering operations for organized crime and Wikileaks a CIA/Mossad honeytrap or else Obama's IRS would have leaked it. Come to think of it, Wikileaks never leaked anything regarding Clinton's meetings with Zionists; it was all Clinton Foundation money coming from the odious Sunni Arab sheikdoms and anti-gay, anti-woman African nations).

WikiLeaks says Assange’s Internet link ‘severed’
Ecuador may evict Assange from embassy in London

Sure is taking them long enough. All depended on the election, and I guess the wrong guy won despite the pressure.

CIA was only doing it to catch pedophiles anyway.


"Yahoo issues another warning in fallout from hacking attacks" by Raphael Satter Associated Press  February 16, 2017

LONDON — Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest development in the internet company’s investigation of a mega-breach that exposed 1 billion users’ data several years ago.

Yahoo confirmed Wednesday that it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.

Little late, isn't it?

In a statement, Yahoo tied some of the potential compromises to what it has described as the ‘‘state-sponsored actor’’ responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014. The stolen data included e-mail addresses, birth dates, and answers to security questions.

The catastrophic breach raised questions about Yahoo’s security and destabilized the company’s deal to sell its e-mail service, websites, and mobile applications to Verizon Communications.

The malicious activity that was the subject of the user warnings revolved around the use of ‘‘forged cookies’’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.

RelatedForgers use fake web users to steal real ad revenue

White Ops discovered them.

Joshua Plotkin, a biology professor at the University of Pennsylvania, said in a telephone interview that he wasn’t concerned because he used his Yahoo e-mail for messages that were ‘‘close to spam.’’ In the message he posted to Twitter, he joked that ‘‘hopefully the cookie was forged by a state known for such delicacies.’’

Ha-ha, it's all a joke!

Now on to more important matters:

Meanwhile, Verizon is close to a renegotiated deal for Yahoo Inc.’s Internet properties that would reduce the price of the $4.8 billion agreement by about $250 million after the revelation of security breaches, according to people familiar with the matter.

In addition to the discount, Verizon and the entity that remains of Yahoo after the deal, to be renamed Altaba Inc., are expected to share any ongoing legal responsibilities related to the breaches, said the people, who asked not to be identified discussing private information. An announcement of the new agreement could come in a matter of days or weeks, said the people. The revised agreement isn’t final and could still change, they said.

Yahoo, based in Sunnyvale, Calif., erased an earlier decline on the news, climbing 1.4 percent to $45.65 while Verizon slid 0.37 percent to $48.08. Shareholders would have to approve a revised deal.

‘‘It looks like they’re going to get a price cut — but it’s not dramatic,’’ said Brett Harriss, an analyst at Gabelli & Co. There is ‘‘more certainty around there actually being a sale.’’

Yahoo said in December that cyberthieves in 2013 siphoned information including users’ e-mail addresses, scrambled account passwords, and dates of birth. The stolen data may allow criminals to go after more sensitive personal information elsewhere online. The announcement followed news in September of a 2014 breach that affected at least 500 million customer accounts.

Representatives of Yahoo, Verizon, and Verizon’s AOL unit declined to comment.

Last month, Yahoo said the sale would be delayed to the second quarter as the company assesses the impact from the breaches and meets closing conditions.

The deal was first announced in July and had been set to wrap in the first quarter of 2017.

By the end of my print article I $aw what wa$ more important than the hack.

The potential reworked deal signals that investigations into the breaches have been completed -- a key concern for investors, according to a note from Kunal Madhukar, an analyst at SunTrust Robinson Humphrey.

Verizon, based in New York, is buying Yahoo for its billion users as it tries to expand beyond a maturing wireless and landline business into mobile media and advertising ventures. Verizon had been seeking either a discount or termination of the deal in the wake of the hacks.

Yahoo Chief Executive Officer Marissa Mayer is under pressure to conclude the deal. Her failure to turn around the company led to a bidding process that Verizon won in July. Mayer was running the company when both of the hacks took place.

Yahoo had said it hadn’t been able to identify the ‘‘intrusion’’ associated with the theft by a third party in August 2013. The event was unearthed by forensic experts after law enforcement investigators warned the company about a potential breach.

The attacks on Yahoo’s system have sparked concerns from regulators and prompted lawsuits. In November, the company said it was cooperating with federal, state, and foreign governmental officials and agencies seeking information about the 2014 hack, including the Federal Trade Commission and the U.S. Securities and Exchange Commission. In December, following the admission of a second hack, a White House spokesman said the FBI was probing the Yahoo hack as well.



Yahoo says 1 billion accounts were hacked in 2013

US wants to know why Yahoo delayed report of data breach

No doubt the Yahoo hack was the Russians, right? 

And how long has this been going on

Hope it won't hurt the sale

Yahoo scanned all users’ incoming e-mails on behalf of US intelligence officials

For who? 

What a headache, huh?

Makes you WannaCry.

Russian hacker, wanted by FBI, is arrested in Prague, Czechs say

Suspected Russian spam boss arrested in Spain at US request

Spain nothing but a U.S. tool, and you better watch where you step.

"Russian agents behind Yahoo breach, US says" by Vindu Goel and Eric Lichtblau New York Times  March 15, 2017

In a development that can only heighten the distrust between US and Russian authorities on cybersecurity, the Justice Department on Wednesday charged two Russian intelligence officers with directing a sweeping criminal conspiracy that broke into 500 million Yahoo accounts in 2014.

The Russian government then used the information it obtained from the intelligence officers and two others named in the indictment — a Russian hacker and a Kazakh national living in Canada — to focus on foreign officials, business executives, and journalists, federal prosecutors said. The targets included numerous financial executives, executives at a US cloud computing company, an airline official, and even a casino regulator in Nevada.

Details of the wide-ranging attack come as the US government is investigating other Russian cyberattacks against American targets, including the theft of e-mails last year from the Democratic National Committee and attempts to break into state election systems. Investigators are also examining communications between associates of President Trump’s and Russian officials that occurred during the presidential campaign.

No Obama wiretaps though.

That US and Russian authorities are often at loggerheads in their approaches to criminal breaches was made clear in the indictment. The two Russian agents were supposed to be helping Americans hunt for hackers but were instead working against them.

And one of the outside hackers, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies and had been arrested in Europe, but he escaped to Russia before he could be extradited. Prosecutors said they received no response to their requests to the Russian government to turn over Belan to US authorities.

The hackers also used the Yahoo data to send spam and steal credit card and gift card information. In addition, they sought to break into at least 50 Google accounts, including those of Russian officials and employees of a Russian cybersecurity firm.

On Wednesday, prosecutors unsealed an indictment containing 47 criminal charges against the two agents of Russia’s Federal Security Service, or FSB, as well as two outside hackers with whom they worked on the scheme, one of the largest known thefts of data from a private corporation.

This is the first time officials of Russia’s FSB have been indicted on cybercrime charges in the United States, said Jack Bennett, special agent in charge of the FBI’s San Francisco office. Yahoo worked with the FBI on the investigation for two years, he said.

The four men together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets, and aggravated identity theft, the Justice Department said in a news release.

The two agents of the FSB who were charged are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident, and Igor Anatolyevich Sushchin, 43, a Russian national and resident. The other two defendants are Belan, 29, a Russian national and resident; and Karim Baratov, 22, a Canadian and Kazakh national and a resident of Canada. Baratov was arrested Tuesday in Canada.

Who are those guys?

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” the acting assistant attorney general, Mary B. McCord, said in a statement.


Yahoo disclosed the theft of the data last September and said it was working with law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that let them access 32 million accounts.

That means nothing; the CIA simply could have left fingerprints implicating them.

In a statement, Yahoo thanked the FBI and Justice Department for its work.

Yahoo has said for months that it believed that hackers sponsored by a foreign state were behind the attack, but it had refused to provide details of what occurred because the federal inquiry was ongoing.

However, an internal investigation by the internet company’s board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but “failed to properly comprehend or investigate” the situation. Two weeks ago, the company’s top lawyer, Ronald S. Bell, resigned over the incident, and its chief executive, Marissa Mayer, lost her 2016 bonus and 2017 stock compensation.

The poor dears!

A separate, larger breach of 1 billion accounts occurred in 2013 but was only disclosed by the company three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm.

That theft included phone numbers, birth dates, and weakly encrypted passwords and compromised the accounts of several million military and civilian government employees from dozens of nations, including more than 150,000 Americans.

The two thefts, the largest known breaches of a private company’s computer systems, had threatened to scuttle a deal that Yahoo struck last summer to sell its internet businesses to Verizon Communications.

Verizon sought to shave $925 million from the original $4.8 billion deal following news of the attacks, according to a securities filing Monday. Last month, the two companies finally agreed to a $350 million price reduction.


CIA wipe their prints clean on that one?

Also see: 

Vermont utility finds malware code attributed to Russians

No doubt authorized by Putin.

Vermont utility apparently was not a target of Russian hacking

I was lied to again?

"2 men arrested, charged with hacking senior US officials" by MATTHEW BARAKAT Associated Press  September 09, 2016

ALEXANDRIA, Va. — Two North Carolina men were arrested Thursday and charged in connection with a computer hacker network that allegedly targeted CIA director John Brennan and other senior government officials.

Federal prosecutors in Alexandria said Andrew Otto Boggs, 22, known online as ‘‘INCURSIO,’’ of North Wilkesboro, and Justin Gray Liverman, 24, also known as ‘‘D3F4ULT,’’ of Morehead City, were charged and will make initial appearances next week.

Prosecutors say Boggs and Liverman were members of a hacking group called Crackas With Attitude. Beginning in October, the hackers gained access to personal online accounts of senior US government officials. The officials are not identified in a 37-page affidavit.

Earlier this year, British authorities arrested a 16-year-old boy who they said used the name Cracka’ to target Brennan and others. Indeed, the affidavit states that three British teens, ranging in age from 15 to 17, are members of the conspiracy.

Right. Teenage hackers are running rings around government and industry. I suppose the more ridiculous the excuse the more you are likely to believe it. Sigh.

The affidavit cites e-mail exchanges in which Boggs tells another individual, ‘‘I want to carry on [Cracka’s] legacy if or when he is arrested. I know he’ll receive a harsh sentence because our government doesn’t like being embarrassed.’’

According to the affidavit, Boggs and Liverman lived in their parents’ homes. They used the hacked accounts to send harassing messages to their victims.

While Brennan is not named in the affidavit, he appears to be ‘‘Victim 1.’’ The affidavit states that Victim 1’s e-mails were released by WikiLeaks on Oct. 21, 2015, which corresponds with a WikiLeaks disclosure pertaining to Brennan.

The leaked e-mails included a memo addressed to President Obama in 2009 advising him to tone down rhetoric against Iran.

The peace people don't need your help, thanks.

In one exchange, Boggs tells ‘‘Cracka’’ that he wants to hack Victim 1’s agency because ‘‘I’ve been looking for evidence of aliens,’’ according to the affidavit. 

Yup, they are a couple of crazy crackas fulfilling their psy-op roles.



And look who will be making themselves more $ecure:

"Long-distance duo take wraps off their second cybersecurity startup" by Lindsay Berra Globe Correspondent  January 11, 2017

The 5,500 miles between Boston and Tel Aviv don’t hamper the 11-year partnership between Rakesh Loonkar and Mickey Boodaei in any of the ways you’d expect from a long-distance relationship. Though they see each other only every few months, there is no jealousy, no lack of communication or support, no shortage of trust. Instead, the pair packs one of the most powerful one-two punches in the cybersecurity industry, and on Wednesday they will formally launch their second startup together.

Transmit Security, funded with $40 million of the cofounders own capital and based in Boston and Tel Aviv, is aiming to disrupt the large and rapidly growing market for software that validates the identity of users before allowing them access to websites run by banks and other companies.

RelatedWho owns blockchain? Goldman, BofA amass patents for coming wars

“Authentication and identity is a huge market in which there really hasn’t been a lot of innovation,” Loonkar said.

Transmit Security’s software platform has already been adopted by several major banks, health care providers, and other large enterprises. One of its newest customers: TD Bank, which signed on in late 2016.

“Transmit is a very agile way to seamlessly and continuously strengthen our authentication,” said Rizwan Khalfan, executive vice president and chief digital officer of TD Bank in Toronto. “The software allows us to continuously build new mechanisms to authenticate without having to go in and rip apart what we’ve done previously.”

Transmit says customers can quickly plug its technology into their existing systems, and that its software combines the historically separate functions of authenticating users and preventing unauthorized users from gaining access.

For the consumer, Transmit says this means considerably less hassle: no more declined cards when you’re more than a few hundred miles from home, no more locked accounts when you can’t remember the name of your first-grade teacher, no more painfully long hold times when you need an actual human banking associate to unclog the works.

Moreover, Transmit says its system can turn your smartphone into a universal authenticator, eliminating the need for passwords through the use of eye, face, voice, and fingerprint recognition and one-time passwords.

So someone can hack and steal those, too? Where does that data go?

Loonkar and Boodaei are funding Transmit with money made from the sale of Trusteer, a fraud-prevention tech company that Boodaei started with Loonkar in 2006. International Business Machines Corp. bought Trusteer for more than $850 million in 2013.

Their careers trace the rise of the booming cybersecurity business.

And who benefits from the hacking again?

Loonkar graduated from Rensselaer Polytechnic Institute with a chemical engineering degree, then switched gears, landing a job at Pfizer Inc. installing Lotus Notes on the drug company’s computers. He later founded the network security company OneSecure, which was acquired by NetScreen Technologies and then Juniper Networks.

Boodaei spent six years in the Israeli military, studying civilian cybersecurity technologies and their implications for military networks, and managing large cybersecurity projects. In 2002, he cofounded Imperva, a database security company that now has a market value of $1.3 billion; he left in 2006.

What more is there to say, really. You see jwho is once again at the bottom of things.

Though on different continents, the two crossed paths, at least virtually, several times early in their somewhat parallel careers. In the winter of 2006, they were reintroduced by mutual venture-capitalist friends who thought the two — both forward-thinking, modest mavens of cybersecurity, both in their early 30s and millionaires many times over — might be interested in working together.

They met on a chilly morning at New York City’s famed Balthazar Restaurant, in what unfolded like so many Internet-initiated blind dates. Boodaei sat, drinking his coffee, armed with a photo he had found of Loonkar online. Loonkar arrived his customary 10 minutes late and approached Boodaei, hand extended, a wide grin on his face.

“I had no idea who he was,” Boodaei recalled. “The guy in the picture was thin with a lot of hair and this guy was bald and a bit chubby.”

Boodaei also made a lasting first impression.

“He was wearing a white jacket with fur on it,” Loonkar said. “He looked like a pimp.”

The partners said Trusteer was a rousing success for a small technology startup based on two continents.

“Mickey is in Israel and I’m here, and there are things you just can’t communicate, things that don’t translate when you’re not physically there,” Loonkar said. “I think the defining part of our relationship is this amazing trust where we just defer to each other on every decision. We challenge each other to support each other.”

To Loonkar, a Boston-based company makes perfect sense over cybersecurity hotbed Silicon Valley; the majority of Fortune 500 companies, along with many banks and other large enterprises, are headquartered within a three-hour flight from Boston. It is also closer to Europe, and keeps Loonkar close to his wife, who is a pediatrician at Boston Medical Center. “Basically, my wife ordered me to live here.”

Without venture capital, though, Loonkar’s wife is the only person he has to take orders from. David Fialkow, cofounder of the Boston-based venture capital firm General Catalyst, tried to invest in Transmit when Loonkar, a friend, first told him about the idea.

“They want to build their business their way, without any obligations to anyone,” Fialkow said. “As much as I’d love to be involved with them, this is as good a team as ever has come to market. They have all the money they need, they have the gravitas and the credibility, and they have the wherewithal to make this work.”


RelatedAkamai to expand in Cambridge

They are getting how many tax dollars to do it?

Akamai breaks ties with security expert

They have a case of the Krebs after his website became the target of a massive worldwide digital attack and they couldn't protect it!

"As artificial intelligence evolves, criminals won’t be far behind" New York Times  October 24, 2016

Imagine a phone call from your mother, seeking help because she forgot her bank password. Except it’s not your mother. The voice is computer-synthesized, a tour-de-force of artificial intelligence technology.

Yes, can you imagine such a thing?

Such a situation is still science fiction — but just barely.

Haven't got very far in 17 years, 'eh?

Software components to make such masking technology widely accessible are advancing rapidly. Recently, for example, DeepMind, an Alphabet subsidiary, said it had designed a program that “mimics any human voice.”

Adds a different perspective to leaving a voice mail on the phone, doesn't it?

“The thing people don’t get is that cybercrime is becoming automated and it is scaling exponentially,” said Marc Goodman, author of “Future Crimes.”

The alarm about AI was sounded this year by James R. Clapper, director of national intelligence. He underscored the point that while AI would make some things easier, it would also expand the online world’s vulnerabilities.

Consider the Internet’s omnipresent Captcha — Completely Automated Public Turing test to tell Computers and Humans Apart — to block automated programs from stealing accounts. Criminals have had software to subvert Captchas for more than five years, said Stefan Savage, a computer security researcher.

So what’s next? Criminals, for starters, can piggyback on new technology. Voice recognition is now used extensively to interact with computers. Often, when an advancement like voice recognition starts to go mainstream, criminals aren’t far behind.

“I would argue that companies that offer customer support via chatbots are unwittingly making themselves liable to social engineering” — the practice of manipulating people into performing actions or divulging information — said Brian Krebs, an investigative reporter.

That's what newspapers were for.


Chinese hackers charged with trading on stolen law firm data

The case places law firms among the widening group of targets for cybercriminals seeking to profit from insider information. Last year, federal officials broke up an international ring of hackers who allegedly infiltrated the computer servers of PRNewswire Association LLC, Marketwired, and Business Wire and stole market-moving press releases before they were published. According to the SEC, the group, which included Ukrainians and a Georgian, made more than $100 million from trading on the information.

Looks like the Jewish mafia to me.

Former psychiatric patient posted private data online, officials say

Boston company says some insulin pumps open to cyberattack

Can that kill you?

Hope they have a good lawyer.


So who could have leaked those tools?

"Government contractor arrested for stealing top secret data" by Matt Zapotosky Washington Post  October 06, 2016

A federal contractor suspected of leaking powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the US government, according to court records and a law enforcement official familiar with the case.

Harold Thomas Martin III, 51, who worked for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. He was arrested in August after investigators searched his home in Glen Burnie, Md., and found documents and digital information stored on various devices that contained highly classified information, authorities said.

The breadth of the damage Martin is alleged to have caused was not immediately clear, though officials alleged some of the documents he took home ‘‘could be expected to cause exceptionally grave damage to the national security of the United States.’’ Investigators are probing whether Martin was responsible for an apparent leak that led to a cache of NSA hacking tools appearing online in August, an official familiar with the case said. 

So he is the scapegoat for the Shadow Brokers, 'eh?

Those tools included ‘‘exploits’’ that take advantage of unknown flaws in firewalls, for instance, allowing the government to control a network.

The NSA and Booz Allen are no strangers to having classified material removed by one of their own. In 2013, contractor Edward Snowden passed a massive trove of documents to journalists, embarrassing the agency and shedding light on massive government surveillance programs that have faced criticism since they were revealed. Snowden also was charged criminally but has successfully sought asylum in Russia.

An NSA spokesman declined to comment. In a statement attached to an SEC filing, Booz Allen said that when it learned one of its employees was arrested, ‘‘we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee. We continue to cooperate fully with the government on its investigation into this serious matter.’’ The company said there had ‘‘been no material changes to our client engagements as a result of this matter.’’

Military records and an online profile show that Martin was a decorated former naval officer and reservist with a broad interest in cyber issues. His attorney said he was a Navy lieutenant, and records show he served for more than a decade, spending some years on the USS Seattle before ultimately ending his military career in the inactive reserves. Among the awards he received were a Joint Meritorious Unit Award, a Navy Expeditionary Medal, and a National Defense Service Medal.

According to his LinkedIn profile, Martin was in a computing PhD program at University of Maryland Baltimore County, and he had studied software and security engineering at George Mason University and economics and math at the University of Wisconsin. He wrote that his goal was ‘‘to advance state of the art in several areas of computing practices in the public/private sector.’’

Federal public defender Jim Wyda and first assistant federal public defender Deborah Boardman, who are representing Martin, said in a statement that the charges against Martin were ‘‘mere allegations’’ and they had not yet seen prosecutors’ evidence.

‘‘There is no evidence that Hal Martin intended to betray his country. What we do know is that Hal Martin loves his family and his country,’’ the attorneys said. ‘‘He served honorably in the United States Navy as a lieutenant and he has devoted his entire career to protecting his country. We look forward to defending Hal Martin in court.’’

Prosecutors did not reveal in the criminal complaint against Martin what precisely they recovered, though they alleged that some documents were produced in 2014 and were ‘‘critical to a wide variety of national security issues.’’ Martin’s motive, if he in fact removed the materials, also was unclear. The complaint alleged that Martin initially denied to investigators he took documents home, but once confronted with specific examples, admitted he did so and that he knew the materials were classified. The complaint alleged Martin ‘‘stated that he knew what he had done was wrong.’’

If convicted, Martin would face a maximum of 11 years in prison. The US Attorney’s Office in Maryland said he appeared in court Aug. 29 and remains detained. The charges against him were unsealed Wednesday. Efforts to reach family members were unsuccessful.


Another Snowden?

"Government alleges massive theft by NSA contractor" by Ellen Nakashima Washington Post  October 20, 2016

Federal prosecutors in Baltimore on Thursday said they will charge a former National Security Agency contractor with violating the Espionage Act, alleging that he made off with ‘‘an astonishing quantity’’ of classified digital and other data in what is thought to be the largest theft of classified government material ever.

In a 12-page memo, US Attorney Rod Rosenstein and two other prosecutors laid out a much more far-reaching case against Harold Martin III than was previously outlined. They said he took at least 50 terabytes of data and ‘‘six full banker’s boxes worth of documents,’’ with many lying open in his home office or kept on his car’s back seat and in the trunk. Other material was stored in a shed on his property.

One terabyte is the equivalent of 500 hours’ worth of movies.

The prosecutors also said Martin had an ‘‘arsenal’’ of weapons in his home and car, including an assault-rifle-style tactical weapon and a pistol-grip shotgun with a flash suppressor.

Martin, who will appear at a detention hearing in US District Court in Baltimore on Friday, also took personal information about government employees and dozens of computers, thumb drives, and other digital storage devices over two decades, the government alleged.

In a complaint unsealed earlier this month, the government charged him with felony theft of government property and the unauthorized removal and retention of classified materials, a misdemeanor. Conviction under the Espionage Act could send Martin to prison for up to 10 years on each count and is considered the most serious of the three charges.

Prosecutors will argue Friday that Martin, 51, of Glen Burnie, Md., presents ‘‘a high risk of flight, a risk to the nation and to the physical safety of others,’’ and that he should not be released from jail.

Don't want him talking to anyone, either.

‘‘The case against the defendant thus far is overwhelming, and the investigation is ongoing,’’ Rosenstein said. ‘‘The defendant knows, and, if no longer detained, may have access to, a substantial amount of highly classified information, which he has flagrantly mishandled and could easily disseminate to others.’’

Martin’s attorneys are expected to file their own memo before Friday’s hearing.

That's where my print cut the transcript.

Continued detention without bail is necessary, prosecutors said, because of ‘‘the grave and severe danger that pretrial release of the defendant would pose to the national security of the United States.’’ 

Won't you guys be watching him like a hawk?

The government also alleged that he took a top-secret document detailing ‘‘specific operational plans against a known enemy of the United States.’’ Prosecutors did not name the enemy. The document, prosecutors said, contained a warning, in capital letters, that said: ‘‘This conop [concept of operations] contains information concerning extremely sensitive U.S. planning and operations that will be discussed and disseminated only on an absolute need to know basis. Extreme opsec [operational security] precautions must be taken.’’

Martin was not involved in the operation, the government said, and had no need to have the document or know its specifics.

Another document found in his car contained handwritten notes describing NSA’s classified computer systems and detailed descriptions of classified technical operations, the prosecutors said. The notes also included descriptions of basic concepts associated with classified operations, as though intended for a general public audience, they said.

In an interview before his arrest, Martin initially lied to investigators, prosecutors said, denying having taken classified material. Only when confronted with specific documents did he admit that he took what he knew to be classified files and that ‘‘such actions were unauthorized and wrong,’’ they said.

Martin had access to classified data beginning in 1996, when he was with the US Navy Reserve, and that access continued through his employment with seven private government contractors.

The government alleged that Martin, ‘‘as a trusted insider,’’ was able to defeat ‘‘myriad, expensive controls placed’’ on classified information. He was trained how to properly handle and store such data, but violated his oath and duty to do so, prosecutors said.

They said the devices seized show he made extensive use of sophisticated encryption and anonymization technologies. He also used a sophisticated software tool that runs without being installed on a computer and provides anonymous Internet access, ‘‘leaving no digital footprint on the machine,’’ they said.

Please remember these are all U.S. government tools and methods.

Then they come at you and tell you it was the Russians, Chinese, Iranians, Koreans, or whomever happens to be the enemy du jour.

In August, a cache of highly sensitive NSA hacking tools mysteriously appeared online. Although investigators have not found conclusive evidence that Martin was responsible for that, he is the prime suspect, said US officials, who spoke on the condition of anonymity because the investigation is ongoing.

That is the event that set off the search that turned up Martin, the officials said.

Just as the $hadow brokers search turned up these.


Just better Face up to the loss of free speech and look at your new pet.

So who do you think is sending the spam?

You know what the answer might be?

UPDATE: Party money up to $59K.