NSA Director Faces Cybersecurity Community At Black Hat

  /     /     /  
Publicated : 22/11/2024   Category : security


NSA Director Faces Cybersecurity Community At Black Hat


Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots



LAS VEGAS -- BLACK HAT USA -- NSA director Keith Alexander in a keynote address here today spoke in rare detail about how the intelligence agencys recently leaked surveillance programs have helped the agency and the FBI connect the dots and stop terrorists and terrorist plots.
Alexander said the reason for his appearance was to set the record straight on reports about secret NSA spying activities and to solicit the security industrys input on how to balance national defense and the protection of civil liberties. I promise to tell you the truth about what we know and what were doing. What I cannot tell you ... is because we dont want to jeopardize our future defenses, he told attendees.
Alexanders appearance came on the day of yet another revelation from whistleblower Edward Snowdens leaks to The Guardian -- this time, of another tool reportedly called
XKeyScore
, which Snowden said collects everything a user does online, including email, social media, and browsing history. According to The Guardian report, NSA documents say the XKeyscore program encompasses nearly everything a typical user does on the internet. That includes the content of emails, websites visited and searches, as well as their metadata.
The NSA director did not mention XKeyScore in his presentation, nor did the program come up during the question-and-answer period when Alexander responded to queries that Black Hat organizers had gathered from the conference community in advance of the keynote. The issue that stands before us today is one of what do we do next -- how do we start this discussion on defending our nation and protecting our civil liberties and privacy? Alexander said. The reason Im here is you may have some ideas on how to do it better. We need to hear those ideas. But equally important from my perspective is that you get the facts.
NSAs additional surveillance programs came in the wake of the 9/11 terrorist attacks, which the independent 9/11 commissions report concluded was, in part, the result of a failure of the U.S. intelligence community to connect the dots.
So we had to come up with a way to help stop the attacks ... The Congress, administration, and the courts all joined together to come up with programs that meet our Constitution and help us connect those dots, Alexander said.
That led to the two now hotly debated programs, the so-called Section 215 Authority, a.k.a. the PRISM program, and Section 702 Authority, which allows the NSA to acquire content when needed. Alexander says the discussion surrounding those programs so far hasnt taken into consideration the oversight -- Congress, the courts, and the administration -- and compliance that goes hand in hand with them.
Its not true that we are collecting everything, he said. He showed a screenshot of what he says NSA analysts actually can see under the Section 215 Authority under FISA, for counterterrorism efforts: date and time of a phone call, the calling number, the called number, the duration of the call, and the origin of the metadata. No voice calls, SMS text messages, names, or location information, he said. This does not include the content of communications, your phone calls or mail, not my phone calls or emails.. There is no content: no names, addresses, in the database or locational information used, Alexander said.
A limited number of NSA employees can approve whether this information is gathered, he said. Only 22 people can approve that [phone] number has been proven to meet the standards set by the court that it has a counterterrorism nexus ... Only then is that number added to a list that can be queried, he said, and only phone numbers on that list can be queried in that database. And just 35 specially trained NSA analysts are authorized to run those queries, he said.
He offered up some data, including that the NSA got approval for querying 300 phone numbers in a case of a terrorist who was residing in California, he said. Those queries resulted in 12 reports to the FBI, Alexander said. Those reports take less than 500 [phone] numbers, not millions. The intent of this was to find a terrorist actor and identify him to the FBI.
As for concerns about NSA employees abusing the use of this information, Alexander noted that the agency closely monitors its employees. We can audit the actions 100 percent of our people, and we do, he said, on every query made.
The second program, FISA Amendment Act Section 702, of which PRISM is a part, is for intercepting communications of foreign threats. This is not targeting U.S. persons ... this is our lawful intercept program, he said.
Alexander also addressed questions over whether NSA is abusing its power. He said the NSA is not authorized to listen in on communications, and pointed to a four-year congressional review of the program that found no violations by the NSA of that program. They found no one at NSA has ever gone outside the boundaries of what weve been given. Thats the fact, he said. What youre hearing [in the press and other places] that they could -- but the fact is, they dont.
The agencys auditing tools would catch any such behavior, he said. Their intent is not to go after our communications. The intent is to find the terrorist that walks among us, he said. We have two programs that help us do that. One is on metadata, the least invasive method we could [use] ... it allows us to hone in and give the FBI greater insights into these actors, he said. And we have this content program, which also is audited, he said.
He said at times he asks whether the programs are too much. Our people say its the right thing to do. The nation needs to know were going to do the right thing, he said. We comply with the court orders and do this exactly right, and if we make a mistake, report it.
The New York City bomb plot case in 2009 is a prime example of what the NSA programs do, Alexander explained. The agency used the PRISM/702 program to get a service provider to hand over the communications of phone number, which the FBI later identified as belonging to Najibullah Zazi and discovered discussions in his emails about an imminent terrorist attack, Alexander said. That could have been the biggest attack in the U.S. since 9/11, he said. The ultimate capture of Zazi and his cohorts all started with an initial tip from PRISM data, he said.
Some 54 terrorist-related activities have been disrupted by the NSA programs, he said, 13 of which were in the U.S. and the rest in other nations.
Alexander, clad in his white military shirt, for the most part faced a mostly respectful audience, but was heckled by a couple of protesters who voiced their mistrust of the NSA. A carton of eggs was also confiscated from the sixth row prior to the commencement of the keynote.
Jeff Moss, the founder of Black Hat and former general manager of the hacking and security industry event, prior to Alexanders introduction applauded his coming to speak to the security community despite the rising tensions and debate over the scope of NSAs spying operations.
I havent sensed this much apprehension and tension in the community since the Clipper chip debate in the 90s, Moss said. A lot of us are wondering what comes next ... now we are starting to face those issues that had only been hinted at before. It would have been easy for [Alexander] to duck out and not speak to us. Hes not here because he has to be -- hes here because he wants to be. His interest is engaging with the community.
Alexanders speaking engagement at DEF CON last year actually began the conversation between NSA and the security community on shared values and civil liberties and privacy, Moss said.
[The Dark Tangents post stirs heated debate within the hacker, security community. See
DEF CON Founder Urges Feds To Take A Time Out From The Hacker Conference
.]
Mark Weatherford, the former deputy undersecretary for cybersecurity at the Department of Homeland Security, says Alexanders speaking before the Black Hat crowd was significant. Hes never done this before another large group. Thats pretty profound, says Weatherford, principal with The Chertoff Group in Washington, D.C.
Weve never seen some of that [information] before, Weatherford said of Alexanders presentation on the NSAs leaked surveillance programs. But there is still only so much he can talk about. I think it was a good conversation. Hes not used to talking to an audience like this, and one thats willing to say BS.
Marc Maiffret, chief technology officer at BeyondTrust, notes that information security basically monitors everything as well. We know the benefit of that, he says, but the worry among critics of the NSA has been what the NSAs monitoring means to our personal information and the potential abuse of that power, he says.
Maiffret says Alexanders providing specifics of what the NSA programs have actually done for good is key, and what has been missing thus far from the agency.
The full video recording of Alexanders keynote is available
here
on Black Hats website.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSA Director Faces Cybersecurity Community At Black Hat