–Britain’s GCHQ Hacked Belgian Telecoms Firm (September 20, 2013) According to slides obtained by NSA whistleblower Edward Snowden and supplied to German newspaper Der Spiegel, GCHQ planted malware in the systems of Belgacom, the largest telecommunications company in Belgium.

The attack involved planting an attack technology called “Quantum Insert”, which was developed by the NSA. The attack technique surreptitiously directs victims to spook-run websites where they are exposed to secondary malware infection.

http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html

http://www.theregister.co.uk/2013/09/20/gchq_belgacom_hack_link/

 –RSA Warns Customers Not to Use Cryptographic Component with NSA Backdoor (September 19, 2013) RSA Security has sent an advisory to some of its customers, urging them to stop using a cryptographic component that has been revealed to contain an NSA backdoor. Two of the company’s products, the BSAFE toolkit and Data Protection Manager, use the specification, known as Dual EC_DRBG, by default. RSA recommends that customers using the affected products switch to a different pseudo random number generator (PRNG).

http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/

[Editor’s Note (Murray): When the RSA patents expired, the BSAFE library was RSA’S stock-in-trade.  It is the basis of hundreds of implementations.  (“Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin.”  –John von Neumann)]

  –Brazil Wants to Reduce Dependence on US-Based Internet Services (September 18, 2013) As information about US intelligence data gathering continues to emerge, Brazil is considering ways it can reduce its dependence on US Internet services. Brazil does not plan to forbid citizens from using US-based services, but it does want companies to store Brazilians’ data within the country.

http://www.bbc.co.uk/news/technology-24145662

http://world.time.com/2013/09/18/brazil-looks-to-break-from-u-s-centric-internet/

  –NSA Deploying Security Controls to Prevent More Leaks (September 18, 2013) The NSA is taking steps to prevent more leaks like those conducted by former contractor Edward Snowden. The agency will digitally tag sensitive documents to limit access to specific analysts. The tags will also help NSA learn what people do with the data they access. NSA CTO Lonny Anderson said that what Snowden did could not be done today.

Systems administrators and other people who have privileged access to the NSA system will not do anything alone. The NSA is also limiting how employees store data on removable devices.

http://arstechnica.com/security/2013/09/nsa-aims-to-plug-holes-that-sprang-snowden-leaks/