Ever since Edward Snowden leaked his unprecedented collection of NSA secrets three years ago, tech firms have scrambled to protect their users from the surveillance he revealed, in many cases adding robust encryption to consumer products. But as a new email spying scandal unfolds around Yahoo, it’s clear that the post-Snowden encryption push not only failed to protect the company’s hundreds of millions of email accounts from American intelligence agencies. It also seems to have driven those spies to demand more pervasive access to Yahoo’s systems than ever—and Yahoo complied.

On Tuesday, Reuters broke the news that Yahoo in 2015 created a tool for scanning its trove of user webmail on behalf of the FBI or the NSA, scouring hundreds of millions of arriving emails for specific search terms the agencies provided. The revelation marks the first time this sort of large-scale, real-time email scanning by a tech firm is known to have been done on behalf of surveillance agencies, and the practice reportedly led Yahoo’s chief information security officer at the time, Alex Stamos, to resign over the security and privacy issues it introduced.

The spying scandal is surprising, in part, because it follows years of improvements to Yahoo’s email encryption practices. And from a broader perspective, it shows how law enforcement and intelligence agencies are aggressively responding to the spread of encryption in the services provided by companies like Yahoo, Apple, and perhaps other Silicon Valley stalwarts: When surveillance operations are stymied by uncrackable crypto, they increasingly respond by demanding that tech companies perform intrusive operations themselves. 

A New Prism

“The webmail providers have encrypted everything that comes to them and leaves them,” explains Stewart Baker, a former general counsel for the NSA in a phone call with WIRED. “I expect that what happened here is that the government went to Yahoo and said, ‘we can’t find this particular target anymore, but we believe he’s communicating using your servers, so we’re asking you to do what we used to do when we had access to your traffic.'”



Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive.

The malware, called Mamba, has been found on machines in Brazil, the United States and India, according to researchers at Morphus Labs in Brazil. It was discovered by the company in response to an infection at a customer in the energy sector in Brazil with subsidiaries in the U.S. and India. Related Posts Malware Evades Detection with Novel Technique September 22, 2016 , 9:00 am Android Banking Trojan First to Gain Root Privileges September 20, 2016 , 11:40 am FBI Encouraging Ransomware Victims To Report Infections September 16, 2016 , 2:46 pm Renato Marinho, a researcher with Morphus Labs, told Threatpost that the ransomware is likely being spread via phishing emails. Once it infects a machine, it overwrites the existing Master Boot Record with a custom MBR, and from there, encrypts the hard drive.

“Mamba encrypts the whole partitions of the disk,” Marinho said. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.” The malware is a Windows threat, and it prevents the infected computer’s operating system from booting up with out a password, which is the decryption key. The victims are presented with a ransom note demanding one Bitcoin per infected host in exchange for the decryption key and it also includes an ID number for the compromised computer, and an email address where to request the key.



Unknown attackers have been testing the defenses of companies that run critical parts of the Internet, possibly to figure out how to take them down, cybersecurity expert Bruce Schneier warned Tuesday.

Large nation states -- perhaps China or Russia -- are the likely culprits, he suggested.

"Nation state actors are going to probe to find weaknesses in all of our technologies," said Travis Smith, senior security research engineer at Tripwire.

They "want to know what can be done not only in the event of a cyberwar but a kinetic war as well," he told TechNewsWorld

The Growing DDoS Threat 

The easiest way to take a network off the Internet is with a distributed denial of service attack, Schneier said, and some of the targeted companies recently have been hit with DDoS attacks that are significantly larger, longer lasting, and more sophisticated than before.

The attacks typically ramp up to a particular level then stop. They resume at that higher level and then continue ramping up, as if the attackers are looking for the network's exact point of failure, Schneier speculated. The attacks use multiple vectors, forcing targets to deploy all of their defenses, thus disclosing their capabilities.

Because the attackers' whereabouts are unknown, potential targets can do nothing to ward them off, Schneier said. The data seems to indicate China is behind them, but it's possible to disguise the country of origin.

DDoS and other attacks hit record heights in the second quarter of this year, Akamai reported. DDoS attacks rose 23 percent over the number recorded in Q4, 2015, and Web application attacks increased 26 percent.

Targets suffered a greater number of repeat DDoS attacks -- 29 on average. Multivectored attacks increased, as did mega-attacks of more than 100 Gbps using simple attack vectors.

Possible or Not?

State actors "are probably looking at a number of different ways to disable parts or all of the Internet," commented Paul Mockapetris, coinventor of the domain name system, currently chief scientist at ThreatStop.



The British intelligence agency GCHQ is planning to create to protect the country from cyber attacks by creating a national firewall.

The news was announced, during the Billington CyberSecurity Summit held in Washington DC, by the GCHQ director general of cyber security Ciaran Martin.

The British GCHQ recently created the National Cyber Security Centre, led by Martin, that has the task to protect national infrastructure from attacks originated on the Internet.

“The NCSC will be based in London and will open in October. Ciaran Martin, currently Director General Cyber at GCHQ will lead it. Dr Ian Levy, currently Technical Director of Cyber Security at GCHQ, will join the organisation as Technical Director.” reads a press release issued by the UK Government.

“The UK faces a growing threat of cyber-attacks from states, serious crime gangs, hacking groups as well as terrorists. The NCSC will help ensure that the people, public and private sector organisations and the critical national infrastructure of the UK are safer online.” 

In March 2016, then Minister for the Cabinet Office, Matt Hancock highlighted the importance of the Centre.

“It will be the authoritative voice on information security in the UK and one of its first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively.” said Hancock.