Websense is providing free source code, queries and lookups designed to help organizations use Microsoft Error Reporting to identify USB devices connecting to their networks.

Also known as Dr. Watson reports, the Microsoft Error Reporting feature was indirectly the source of controversy a few weeks ago when it was made public that the NSA had intercepted these reports and use them to gather information about its targets. With this data in hand, the spy agency could get a better read on the hardware on software on a given network and use that information to tailor its cyber-operations.

According to Websense, enterprises can use Dr. Watson reports for their own use as well – in this case, to identify when a storage device such as a USB drive or mobile phone is plugged into their network.  

“We were surprised to learn that a USB drive insertion considered a hardware change, and that detailed information about the USB device and computer that it was plugged into being sent to Microsoft,” blogged Websense Director of Threat Research Alex Watson. “These logs are sent to Microsoft via HTTP URL-encoded messages. Organizations can use knowledge about their content and how to decode these messages to detect USB drives and devices that could be a risk to the organization. This knowledge can help organizations detect USB drives and devices such as those used in the KCB and [Edward] Snowdn leaks, and automatically generate reports when they are plugged into a secure system.”

The error report is sent to Microsoft every time an application crashes, fails to update, or a hardware change happens to a PC running Windows. In Windows Vista and later, these reports are automated and part of an opt-out program Microsoft estimates nearly 80 percent of the PCs in the world participate in, Watson explained.

“These reports can be gathered in a variety of ways, either by examining outbound web proxy logs… creating an IPS rule in an open source intrusion prevention system such as Snort or Suricata, or by simply monitoring a SPAN port using a sniffer such as Wireshark,” Watson blogged. “In our last blog entry, we discussed an information leakage that can arise with these reports and suggested that organizations set up a group policy that sends reports to an on-premise server which then forces encryption before forwarding to Microsoft. In this case, the reports can be processed at the organization’s WER (Windows Error Reporting) collection server.”

The Dr. Watson reports have a specific report type for USB inserted devices. Organizations can start by filtering down to messages containing ‘PnPGenericDriverFound’. Using some lookup tables, the information that follows can be broken up into several fields, including date, USB device manufacturer and host computer BIOS version and UMI [unique machine identifier].

“It turns out the Vendor and Device ID lookups can be a little tricky – but map exactly to Windows and Linux driver databases,” Watson blogged. “To see an example for yourself, try typing “lsusb” from a Linux machine. After scraping some online driver databases, we put together a lookup script that you can use for vendors and device codes that you can download on GitHub. These will obviously need to be updated periodically to remain up to date. Feel free to add new device codes yourself, or check back to our site for updates.”

“Using Splunk or a similar SIEM tool, create lookups to map the vendor and product IDs that you see in the Watson logs above to the manuf_ids.csv and product_ids.csv files that have been attached,” he added. “Please note that our Product ID lookup contains the VID+PID (Vendor ID and Product ID) together – this is the one you’ll most likely want to use in your lookups.”

The next step is decoding the WER report structure. Websense has included some Splunk queries that can be used to detect USB device insertions and create reports. It is also possible to configure the SIEM tool to trigger a report every time a certain device is added to the network.

In an interview with SecurityWeek, Watson added that the crash reports can be fed into any SIEM tool or custom framework. Leveraging this information can allow business to better understand what devices, applications and applications versions are deployed on their network without needing a dedicated endpoint.

Organizations can also use this to help prevent data leaks by filtering the reports based on computer names or IP addresses from computers with sensitive data.  However, this is not meant to replace data loss prevention (DLP) products.

“DLP is an incredible technology that is really starting to gain traction in the security marketplace to enable businesses to protect their data,” Watson told SecurityWeek. “I view the example we provided as a way for businesses that have not deployed DLP to start to see the value that it can provide.”

Tags:

• NEWS & INDUSTRY
• Security Infrastructure

WASHINGTON – The United States agreed to give technology firms the ability to publish broad details of how their customer data has been targeted by US spy agencies, officials said Monday.

Facing a legal challenge and a furious public debate, Attorney General Eric Holder and Director of National Intelligence James Clapper said the companies would now be allowed to disclose figures on consumer accounts requested.

“The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers,” the officials said in a joint statement.

In a letter to tech giants Facebook, Google, LinkedIn, Microsoft and Yahoo, the Justice Department freed them to release the approximate number of customer accounts targeted.

President Barack Obama’s administration has faced pressure from the tech sector following leaked documents outlining vast surveillance of online and phone communications. The companies have said the reports have already begun to affect their business.

Facebook, Google, LinkedIn, Microsoft and Yahoo, which sued for the right to publish more data, said in a joint statement they were pleased with the settlement.

“We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive,” the companies said.

“We’re pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”

Under the agreement filed with the secretive Foreign Intelligence Surveillance Court the companies will be able to disclose the numbers, within ranges.

They will have an option to reveal within bands of 1,000 the numbers of “national security letters” and specific court orders. Another option will be to disclose, in bands of 250, all the national security requests, lumped together.

The reports will have a six-month lag time, so data for the second half of 2014 may be published in mid-2015, according to the agreement.

Previously, the existence of orders made by the secret for access to private online data was itself classified, to the outrage of the firms.

In addition to the bare numbers of targeted consumers, the companies will also be permitted to disclose the number but not the nature of selection criteria for broader Internet sweeps.

Civil liberties groups welcomed the deal, while arguing for even more transparency.

“This is a victory for transparency and a critical step toward reining in excessive government surveillance,” said Alex Abdo, an ACLU attorney.

But Abdo said more is needed: “Congress should require the government to publish basic information about the full extent of its surveillance, including the significant amount of spying that happens without the tech companies’ involvement.”

Kevin Bankston of the New America Foundation’s Open Technology Institute, called the news “an important victory in the fight for greater transparency around the NSA’s surveillance programs” but said the agreement “falls far short of the level of transparency that an unprecedented coalition of Internet companies, privacy advocates and civil liberties organizations called for this summer.”

“Meaningful transparency means giving companies the ability to publish the specific number of requests they receive for specific types of data under specific legal authorities,” Bankston said.

“Fuzzing the numbers into ranges of a thousand — and even worse, lumping all of the different types of surveillance orders into a single number — serves no national security purpose while making it impossible to effectively evaluate how those powers are being used.”

US tech firms have claimed that reports on the US government’s secretive data collection programs have distorted how they work with intelligence and law enforcement. The firms have been asking for permission to disclose more on the nature of the requests and what is handed over.

Google’s petition said that despite reports to the contrary, the US government “does not have direct access to its servers” and that it only complies with “lawful” requests.

The issue caught fire after Edward Snowden, a former IT contractor at the National Security Agency, revealed that US authorities were tapping into Internet user data.

[Updated]

Tags:

• NEWS & INDUSTRY
• Tracking & Law Enforcement

Recent Phishing Attacks Compromised Employee Email, Social Media Accounts at Microsoft

Microsoft on Friday said that attackers breached the email accounts of a “select number” of employees, and obtained access to documents associated with law enforcement inquiries.

According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts, and in some cases, the attacks were successful.

“While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,” Adrienne Hall, General Manager at Microsoft’s Trustworthy Computing Group, wrote in a blog post. 

“It appears that documents associated with law enforcement inquiries were stolen,” Hall said.

“If we find that customer information related to those requests has been compromised, we will take appropriate action,” Hall continued. “Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents.”

The software giant did not say how many documents might have been obtained or exposed as a result of the attacks, or who they believe may have been behind the attacks.

Targeted attacks like this are not uncommon, especially for an organization like Microsoft. What’s interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers—which may be the case if this was a “hacktivist” attack.

“In terms of the cyberattack, we continue to further strengthen our security,” Hall continued. “This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation.”

In a Microsoft Law Enforcement Requests Report that covered the first half of 2013, Microsoft (including Skype) said that it received 37,196 requests from law enforcement agencies potentially impacting 66,539 accounts.  

Microsoft has recently faced a barrage of attacks claimed by the Syrian Electronic Army (SEA), hackers who support President Bashar al-Assad’s regime. While no attacks have resulted in any significant data loss or company-wide impact, the company did have social media accounts and blogs compromised this month.

It is unclear if the attacks may be related to the Syrian Electronic Army.

SecurityWeek has reached out to Microsoft for additional details and this story will be updated when a response is received.

Related: Yes, Virginia, There Really is Social Engineering

Related: Social Engineering is Alive and Well. How Vulnerable is Your Organization?

Tags:

• NEWS & INDUSTRY
• Cybercrime

Slovenia Frees Hacker Despite US Extradition Order

LJUBLJANA  – A Slovenian higher court on Wednesday rejected an United States extradition request and released a Romanian citizen charged with hacking into NASA computers in 2006.

Maribor’s higher court rejected the extradition request taking into account that Romanian citizen Victor Faur could not be tried again for the same charges for which he had already been sentenced in Romania in 2008 to 16 months of suspended prison time and a 238,000 dollar (EUR176,000) fine.

“I want to thank the Slovenian authorities for taking the right decision and not bowing to the American pressure,” Faur told Slovenian journalists after being released in the northeastern town of Murska Sobota.

He added “I’m sure they (the US government) knew they had no chance of extradition yet they wanted to keep me here as long as possible.”

Slovenian police detained 34-year-old Faur during a routine road control in October and kept him until the local authorities decided on the US international arrest warrant.

The US authorities charged Faur with hacking into NASA computers and causing more than 1.5 million dollars of damage to the US space agency and of breaking into the computers of the US Navy and Department of Energy between November 2005 and September 2006.

Faur has admitted the intrusions but said he wanted to prove that many computers are vulnerable to IT attacks and maintained he did not try to obtain material for personal gain.

Related: NASA Inspector General Said Hackers Had Full Functional Control Over NASA Networks

Tags:

• NEWS & INDUSTRY
• Tracking & Law Enforcement
• Cybercrime

WASHINGTON – Edward Snowden may have acted in concert with a foreign power in exposing US surveillance programs, two Republican lawmakers suggested Sunday.

“I think there are some interesting questions we have to answer that certainly would lend one to believe that the Russians had at least in some part something to do” with the affair, House Intelligence Committee chairman Mike Rogers told CBS’s “Face the Nation.”

Rogers, a Republican, said “everything from how he prepared to leave, his route of departure and how he quickly ended up in Moscow” put Snowden’s ties at question.

Fugitive NSA Leaker Edward Snowden

The “vast majority” of the information leaked by Snowden, Rogers said “had nothing to do with the NSA program and everything to do with our military capabilities, army, navy, air force, marines.”

Rogers, appearing in a second interview on NBC’s “Meet the Press,” said he didn’t think “it was a gee-whiz luck event that he ended up in Moscow under the handling of the FSB” state security agency in Russia.

Michael McCaul, chairman of the House Homeland Security Committee, told ABC’s “This Week” that he didn’t believe “Mr Snowden was capable of doing everything himself.

“I believe he was helped by others,” the congressman said in an interview from Moscow.

McCaul, a Republican, said he could not say “definitively” that Russia was involved, “but I believe he was cultivated.”

US President Barack Obama curtailed the reach of massive US National Security Agency phone surveillance sweeps Friday, in a long-awaited speech designed to quell a furor over the programs exposed by Snowden.

The president, however, also said bulk data collection must go on to protect America from terrorists.

Tags:

• NEWS & INDUSTRY
• Privacy
• Tracking & Law Enforcement
• Cybercrime

WASHINGTON – President Barack Obama will Friday announce plans to stop the National Security Agency hoarding hundreds of millions of telephone call records, among reforms to US surveillance programs exposed by Edward Snowden.

A senior US official, speaking ahead of Obama’s speech on NSA programs, said that Obama believed trawling for telephone “metadata” was vital to fighting terrorism, but needed to be reformed to preserve civil liberties.

“In his speech, the president will say that he is ordering a transition that will end the Section 215 telephone metadata program as it currently exists,” the senior official told AFP.

The president foresees a move to a program “that preserves the capabilities we need without the government holding this bulk metadata.”

“The president believes that the 215 program addresses important capabilities that allow us to counter terrorism, but that we can and should be able to preserve those capabilities while addressing the privacy and civil liberties concerns that are raised by the government holding this metadata.”

It was not immediately clear how Obama would accomplish the reform or whether he would leave it up to Congress to decide which entity should hold the call data.

Telecommunications companies have balked at suggestions that data on the destination and duration of calls should be held within their servers and be accessed by US spies armed with court permission.

Some activists have suggested a third party company could be charged with holding the data.

Obama will also order Friday another immediate change to the system of telephone data dragnets, requiring a judicial finding before the NSA can query the database, the official said.

Obama has also asked Attorney General Eric Holder and the intelligence community to report to him by March 28 on how the program can be preserved without the government holding the metadata.

Snowden, a fugitive US contractor now exiled in Russia, has fueled months of revelations by media organizations over data mining and spying on foreign leaders by the NSA in one of the biggest security breaches in US history.

The disclosures have infuriated US allies, embarrassed Obama administration diplomats and shocked privacy campaigners and lawmakers.

The White House has assured Americans that data on phone calls and Internet use is only collected to build patterns of contacts between terror suspects — and that US spies are not listening in.

But Obama has said that one of his goals in Friday’s speech at the US Justice Department is to restore public confidence in the clandestine community.

His appearance follows a prolonged period of soul-searching and policy reviews by the White House.

On the eve of the speech, Britain’s Guardian newspaper and Channel 4 News splashed the latest revelations from Snowden.

Their reports said the NSA had collected almost 200 million mobile phone text messages a day from around the world, and used them to extract data on the location, contact networks and credit card details of mobile users.

Civil liberties activists are bracing themselves for disappointment.

Michelle Richardson, legislative counsel for the American Civil Liberties Union, said Thursday that Obama would likely neither outlaw nor significantly reform bulk collection of telephone and Internet metadata.

“We are looking to the president tomorrow to make a very bold statement about reclaiming privacy. We are looking to him to take leadership about reining in this programs,” she said.

“Will our government continue to spy on everyday Americans?”

Kevin Bankston, policy director of the Open Technology Institute at the New America Foundation, warned that if Obama did not announce specific reforms, the battle would shift to Congress.

“President Obama’s trajectory on these issues from reformer to supporter of these programs has been very dispiriting,” Bankston said.

“If he does fail to take a stand and exercise the bold leadership that is necessary, it will become Congress’s responsibility to step into the breach and we look forward to working with them to do so.”

Intelligence chiefs say the programs are perfectly legal, but their opponents say they are unconstitutional.

Obama is also expected to back extra privacy protections for foreigners swept up by the programs and limits to spying on friendly world leaders.

His challenge will be to prove that data mining programs, made possible by swift advances in technology, can enhance national security while restoring public confidence that individual freedoms are safe.

During his deliberations, Obama has had to reconcile his duties as a commander-in-chief sworn to keep Americans safe and his oath to uphold the US Constitution.

Not to mention guard his political flank — Obama knows his Republican enemies would pounce if a future terror attack could be pinned on restrictions he placed on spy agency capabilities.

The president’s speech will also be closely watched for any changes to the PRISM program, which mainly sweeps up Internet data on foreigners, based on records acquired from Internet companies like Google, Yahoo and Apple.

Tags:

• NEWS & INDUSTRY
• Privacy
• Tracking & Law Enforcement

BlackBerry today warned that its newest smartphones and tablets are at risk of remote code execution attacks via vulnerabilities in Adobe Flash Player.

According to a BlackBerry advisory, a malicious hacker could booby-trap Adobe Flash content and lure users into visiting rigged Web pages or downloading Adobe Air applications.

“If the requirements are met for exploitation, an attacker could potentially execute code with the rights of the application that opens the specially crafted malicious Flash content,” BlackBerry warned.

From the BlackBerry advisory:

Vulnerabilities exist in the Flash Player version supplied with affected versions of the BlackBerry 10 OS and PlayBook OS. The Flash Player is a cross-platform, browser-based application runtime.

Successful exploitation of these vulnerabilities could potentially result in an attacker executing code in the context of the application that opens the specially crafted Flash content (typically the web browser). Failed exploitation of this issue might result in abnormal or unexpected termination of the application.

In order to exploit these vulnerabilities, an attacker must craft Flash content in a stand-alone Flash (.swf) application or embed Flash content in a website. The attacker must then persuade the user to access the Flash content by clicking a link to the content in an email message or on a webpage, or loading it as part of an AIR application. The email message could be received at a webmail account that the user accesses in a browser on BlackBerry Z10 and BlackBerry Q10 smartphones and BlackBerry tablets.

Affected products include the BlackBerry Z10 and BlackBerry Q10 smartphones and the BlackBerry PlayBook tablet.

The company said it was not aware of any active exploitation of the Flash Player vulnerabilities.

Separately, Adobe shipped a cross-platform Flash Player update to fix at least four vulnerabilities that expose users to hacker attacks. Adobe said the vulnerabilities could be exploited to cause a crash and potentially allow an attacker to take control of the affected system.

Tags:

• Mobile Security
• NEWS & INDUSTRY
• Fraud & Identity Theft
• Wireless Security
• Malware
• Vulnerabilities

WASHINGTON – US President Barack Obama will unveil reforms to the country’s spying activities on January 17, his spokesman said Friday, following a review of the National Security Agency (NSA).

White House spokesman Jay Carney said that Obama’s remarks next Friday would show the “outcomes of the work that has been done on the review process.”

The White House said on Thursday that the president was nearing the end of his soul searching about US spying reforms as he met lawmakers who oversee the intelligence community.

Obama met the delegation in Washington as part of consultations with players on all sides of the debate on how best to balance US security and privacy rights, following revelations of massive spy agency snooping by fugitive contractor Edward Snowden.

The meeting included several prominent critics of NSA phone and data sweeps. Obama says revelations over the program by Snowden have undermined public confidence in the work of the US intelligence community and reforms are needed.

Republican House Judiciary Committee Chairman Bob Goodlatte, who was one of the lawmakers in the meeting, called on the president to explain why such vast data mining programs — which spy chiefs say help piece together links between terror suspects worldwide — were necessary.

Senior US officials have indicated Obama is considering whether to permit the programs to continue while requiring data to be held either by technology companies or a third party instead of the NSA. Intelligence officers would have to obtain court permission to access the phone records.

Tags:

If nothing else, the breach at Target brought this point home – point-of-sale [POS] systems are firmly on the radar of attackers.

So much so that US-CERT just recently warned retailers to do a better job of protecting their systems.

“In some circumstances, criminals attach a physical device to the POS system to collect card data, which is referred to as skimming,” the organization noted. “In other cases, cyber criminals deliver malware which acquires card data as it passes through a POS system, eventually exfiltrating the desired data back to the criminal. Once the cybercriminal receives the data, it is often trafficked to other suspects who use the data to create fraudulent credit and debit cards.”

“As POS systems are connected to computers or devices, they are also often enabled to access the internet and email services,” the advisory continued. “Therefore malicious links or attachments in emails as well as malicious websites can be accessed and malware may subsequently be downloaded by an end user of a POS system. The return on investment is much higher for a criminal to infect one POS system that will yield card data from multiple consumers.”

In the case of Target, malware was discovered on the company’s POS systems Dec. 15. At that point, Target disabled the malicious code and began the process of notifying card processors and payment card networks. As many as 40 million debit and credit card accounts may have been impacted. But that was just the most recent example of an attack. For example, in 2012, hackers hit the point-of-sale systems at Barnes & Noble and compromised credit card readers at 63 stores.

“In use, POS systems should be isolated from other networks to restrict access to payment data flows, but often are connected to many systems,” said Mark Bower of Voltage Security.

These systems are in constant use around heavy shopping periods like Black Friday, when they are often less frequently patched and updated, he added. To take the profit out of the attacks, savvy retailers are utilizing point-to-point encryption to protect data before it even gets to the POS system, he said.

“If the POS is breached, the data will be useless to the attacker,” he said. “Tokenization can eliminate live data from post authorization retail processes like warranty and returns yet enabling the retail business to still operate as before – even at Black Friday scale. No live data means no gold to steal. Attackers don’t like stealing straw.”

Organization need to take stock of what devices they have running and what gaps they need to close, said Chris Strand, compliance consultant at Bit9.

“Taking a better approach to automating the vulnerability analysis to get better visibility of the threat landscape and find a solution that allows organizations to see where high priority and critical areas are on those systems,” Strand said.  

US-CERT also recommends organizations restrict POS access to the Internet, disable remote access and update POS software applications.

Then there is the prospect of more secure EMV cards, which security experts say may have made the attack on Target a non-starter for those behind it.

“EMV is a big part of the answer and would likely have prevented the Target breach,” noted Chester Wisniewski, senior security advisor at Sophos. “Merchants have been resistant as it requires newer payment terminals, but Target is one of the few who were already EMV-ready. It is currently scheduled to roll out (for most transactions) in the US in the autumn of 2015. It took us about 18 months to fully embrace it here in Canada; let’s hope the US can one-up us.” 

Related Reading: PCI DSS 3.0 – The Impact on Your Security Operations

Tags:

• NEWS & INDUSTRY
• Cybercrime

WASHINGTON – The US government said Friday it is appealing a judge’s ruling that the National Security Agency’s bulk collection of phone records is unconstitutional and “almost Orwellian.”

The Justice Department filed a notice of appeal with the court following last month’s ruling by Judge Richard Leon.

Arguments and briefs in the case will be filed at a later date.

The scathing December 16 ruling by the federal judge in Washington was stayed pending appeal, but if upheld it could lead to the spy agency being barred from indiscriminately monitoring millions of private calls.

“I cannot imagine a more indiscriminate and arbitrary invasion than this systematic and high-tech collection and retention of personal data on virtually every single citizen,” Leon said in his opinion.

It is among several court cases pending which challenge the vast surveillance programs spearheaded by NSA and disclosed in documents leaked by fugitive former NSA contractor Edward Snowden.

On December 27, Federal Judge William Pauley in New York dismissed a petition from the American Civil Liberties Union and said the NSA program on phone data was a vital tool to help prevent an Al-Qaeda terror attack on American soil. The ACLU said it would appeal that decision.

The apparently contradictory rulings make it likely the US Supreme Court will decide on the constitutionality of the NSA programs.

Separately Friday, a civil rights group asked the US Supreme Court to review a case challenging the authority of NSA surveillance.

The Center for Constitutional Rights petitioned the Supreme Court said the Snowden revelations provide new information which should lead the justices to revisit the matter.

“We have always been confident that our communications — including privileged attorney-client phone calls — were being unlawfully monitored by the NSA, but Edward Snowden’s revelations of a massive, indiscriminate NSA spying program changes the picture,” said CCR attorney Shayana Kadidal.

“Federal courts have dismissed surveillance cases, including ours, based on criteria established before Snowden’s documents proved that such concerns are obviously well-founded.”

In a related matter, more than 250 academics from around the world signed an online petition this week calling for an end to “blanket mass surveillance” by intelligence agencies.

The petition said revelations of mass surveillance in documents leaked Snowden violate “a fundamental right” protected by international treaties, including the International Covenant on Civil and Political Rights and the European Convention on Human Rights.

“This has to stop,” said the petition (academicsagainstsurveillance.net), an initiative of four academics from the University of Amsterdam.

“Without privacy people cannot freely express their opinions or seek and receive information. Moreover, mass surveillance turns the presumption of innocence into a presumption of guilt… secret and unfettered surveillance practices violate fundamental rights and the rule of law, and undermine democracy.

“The signatories of this declaration call upon nation states to take action. Intelligence agencies must be subjected to transparency and accountability. People must be free from blanket mass surveillance conducted by intelligence agencies from their own or foreign countries.”

The signatories include academics in the Netherlands, Britain, Germany and the United States.

Among them are Oxford University’s Joss Wright, Alessandro Acquisti of Carnegie Mellon University, Aleecia McDonald of the Center for Internet & Society at Stanford University and Bruce Schneier of the Berkman Institute for Internet and Society at Harvard Law School.

Other signatories included academics from Australia, Hong Kong and New Zealand.

On Thursday, a report indicated that the NSA is making strides toward building a “quantum computer” that could break nearly any kind of encryption.

The Washington Post said leaked documents from Snowden indicate the computer would allow the secret intelligence agency to break encryption used to protect banking, medical, business and government records around the world.

Tags:

• NEWS & INDUSTRY
• Privacy
• Tracking & Law Enforcement