Tag Archives: National Security Agency

Cracking the code: Workshop gives journalists a crash course in encryption

  • TestBed's Aaron Rinehart lectures to seminar attendees prior to the hands-on portion of the day on April 3, 2015. (Jennifer-Leigh Oprihory/MEDILL NSJI)

WASHINGTON — The minds behind TestBed, Inc., a Virginia-based IT consulting firm specializing in IT planning, analytics, testing, prototyping and business advice for the public and private sectors, gave journalists a crash course in digital safety and encryption techniques at an April 3 seminar in Washington.

The daylong event, “Cyber Security Skill Workshop for Journalists: Sending Secure Email,” was co-sponsored by the Medill National Security Journalism Initiative and the Military Reporters & Editors Association, and held in the Medill Washington newsroom.

The seminar began with an introductory lecture on cybersecurity basics and common misconceptions about online privacy and security. Security-related superstitions, such as the idea that browsing in so-called “incognito” or “invisible” modes will keep your digital whereabouts truly hidden, were promptly dispelled.

TestBed’s Aaron Rinehart and David Reese then transformed the event into a hands-on lesson in PGP – an acronym for “Pretty Good Privacy” – as well as understanding other aspects of digital fingerprints (including how to create a public key, how to register it in the Massachusetts Institute of Technology’s PGP directory so that you are more widely contactable by those in the encryption know and how to revoke (or deactivate) a key for security reasons.

The program also included a brief introduction to the Tor network, a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor, originally developed by the U.S. Navy, hides the route taken from a computer’s IP address to its eventual browsing destination.

Learn how Tor works via Medill reporter William Hicks’ helpful primer and infographic here.

When asked for the top three lessons he hoped attendees would take away from the event, Rinehart emphasized the importance of “good key management,” or not sharing your private PGP key with anyone, operating “under good security practices”(such as updating software and antivirus programs) and making email encryption a regular habit.

“Don’t compromise convenience for security,” Rinehart said in a post-workshop interview. “Try to make this something you can use everyday.”

The event drew a mix of reporters, security experts and students, which included military veterans and defense journalists.

Northwestern University in Qatar journalism student James Zachary Hollo attended the event to research encryption resources available for foreign correspondents and to report on the workshop for the Ground Truth Project in Boston, where he is currently completing his Junior Residency.

Hollo said the seminar gave him a better understanding of how to use PGP.

“I had sort of experimented with it before I came here, but this gave me a much better and deeper understanding of it, and I got to sort of refine my ability to use it more,” he said.

Hollo said he was surprised that many attendees came from military service or military reporting backgrounds, since, in his view, “one of the blowbacks against the NSA story [involving whistleblower Edward Snowden] was that it’s like reporting is like betraying your country.”

 

AP reporters discuss investigation into nuclear arsenal security lapses

WASHINGTON — Two journalists from The Associated Press say recent AP disclosures about personnel problems among the military personnel in charge of the U.S. U.S. nuclear arsenal say the stories raised questions about the Air Force’s commitment to mission.

Robert Burns, national security reporter from the AP, and Wendy Benjaminson, AP Washington assistant bureau chief, spoke at a Newseum panel discussion about Burns’ series of reports exposing systemic issues with the Air Force personnel managing America’s nuclear weapons, including burnout, disciplinary problems, allegations of drug use and cheating on proficiency tests.

Since May 2013, Burns has reported on numerous transgressions at the nuclear base that put the nation’s security at risk, including leaving a blast door open on two occasions, failing security tests and poor handling of the weapons, which have the capacity to cause massive amounts of destruction.

An unprecedented 17 people were initially decertified due to the problems, which strained the unit’s capabilities, Burns said. That number later rose to 34 decertified launch officers. The AP series resulted in Defense Secretary Chuck Hagel ordering a full investigation into the unit managing the missiles.

The series also exposed poor morale among those managing the missiles, which first came to light when Burns obtained an internal Air Force email last year. Much of the infrastructure related to the missiles and their capsules are out of date, having been first deployed in 1970, Burns said.

“The people who are doing these jobs are questioning whether the Air Force has a proper commitment to doing it, when they look at this stuff and say, ‘It’s so old. Why don’t you upgrade it?’” Burns said.

With the 9/11 terrorist attacks and the recent revelations of the National Security Agency collecting Americans’ phone records and other online data at the forefront of most people’s minds, the problems at the arsenal may not be getting the attention they deserve, Benjaminson said.

“America isn’t scared of nuclear weapons anymore,” she said. “Our children, grown and not grown, don’t even think of nuclear weapons. They’re something from an old movie.”

However, the recent appointment of a new secretary of the Air Force, Deborah Lee James, shows promise for resolving some of the issues plaguing the unit, Burns said.

“[James] called it a systemic problem, meaning not just an episodic, random problem,” he said. “It’s a problem that’s ingrained, it’s widespread, it’s real and we need to do something about it. And we never heard that from the Air Force until she said that.”

PRISM is bigger than anything that came before it—but no-one knows how much bigger

The mystery surrounding how much domestic spying the US government has been conducting on its own citizens will only intensify in the coming days, as a growing number of the nine major internet companies linked to an alleged top-secret data-mining program deny they had anything to do with it.

The stories in the Guardian and Washington Post contend that the National Security Agency and FBI were jacking directly into the central servers of the companies and scooping up all sorts of personal data in a hunt for terrorist activity. Publicly, these agencies insist that they only do that overseas, to foreigners, while the tech firms concerned insist they aren’t involved and have never heard of such a scheme.

That may or may not be true, and finding out the gritty details is sure to become the next parlor game in Washington. One thing is for sure, though. If PRISM is what the two newspapers say it is, it is the biggest domestic spying program that the United States has ever conducted, and by orders of magnitude.

“It looks from what I’ve seen to be larger than anything I thought we were doing,” says Paul Rosenzweig, author of a recent book, Cyber Warfare.

Rosenzweig should know. As a former acting assistant secretary at the Department of Homeland Security, he was one of those people given the kind of Top Secret / Sensitive Compartmented Information clearances needed to work on any project as sensitive as this. But, he says, “I wasn’t read in on this.” (He wouldn’t comment on what he was “read in on”).

The reports about PRISM come a day after The Guardian reported on another data mining program that allowed the US government access to metadata about every single phone call flowing through the trunk lines at Verizon, one of the country’s biggest wireless carriers. The Wall Street Journal has since reported (paywall) that secret court orders also enable such surveillance at AT&T and Sprint, the other two big carriers, and that the orders are renewed every three months; NBC says it has been happening on every call in the US for the last seven years.

James Bamford, author of three books on the NSA, says the disclosures have certainly raised a lot of questions about what’s going on out at the agency’s headquarters in Fort Meade, Maryland. But Bamford says the two programs have may solved another mystery that he’s been wrestling with for a year now—why the NSA needed to build such a cavernous and secret complex way out in Bluffdale, Utah. “They need that data center to store all of this stuff,”  Bamford told Quartz.

Bamford said that he and other security experts familiar with the NSA have long snickered about how the NSA’s spooks and engineers were vacuuming up their emails and everything else they were doing. “It used to be a joke,” he said. “Now, it’s not a joke at all.”