Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

NSA Director’s Defense of PRISM, Surveillance Programs at Black Hat Draws Mixed Reviews

A year ago, NSA Director Gen. Keith Alexander spoke at the DefCon security conference and made a direct appeal for the hacker community to help secure the Web.

A year ago, NSA Director Gen. Keith Alexander spoke at the DefCon security conference and made a direct appeal for the hacker community to help secure the Web.

Twelve months and several leaks of classified data later, the feds were discouraged from attending DefCon, and Alexander took the stage at Black Hat USA to defend his agency’s electronic surveillance programs.

“I think that it is important for you…to understand what these people have to do in order to do their job to defend this nation,” he told the crowd at Black Hat, being held this week in Las Vegas.

“The assumption is that people are out there just wheeling and dealing, and nothing could be further from the truth,” he said.

His appearance comes in the aftermath of disclosures about NSA surveillance by fugitive Edward Snowden. Earlier today, the Obama administration released formerly classified documents about the programs. According to the New York Times, the documents included a ruling by the Foreign Intelligence Surveillance Court requiring a Verizon subsidiary release all of its customers’ phone logs for a three-month period. The government was ordered to follow certain rules when accessing the data.

Other documents included two declassified briefing papers to Congress from 2009 and 2011 that outline the collection of metadata logging all domestic phone calls and emails of Americans, according to the New York Times. The program was portrayed as an “early warning system” in the documents. 

On stage, Alexander said the NSA’s intelligence gathering efforts are subject to high levels of scrutiny. For example, while telephone metadata is collected, only 35 analysts at NSA are authorized to run queries on the database. Only certain information is collected, and that does not include the content of conversations, SMS messages or other communication.

The intent is to provide information to the FBI to help identify and track terror suspects, he said. He also repeated a recent claim by former FBI Director Robert Mueller III that the NSA programs would have been able to help prevent the terrorist attacks on Sept. 11, 2001, had they been in place at the time. However, some have called that claim into question, saying that the failure to stop the plot resulted more from a lack of information sharing between agencies than a lack of surveillance capability.

Advertisement. Scroll to continue reading.

According to Alexander however, the NSA has been able to thwart 54 terrorist attacks with the programs, including 13 in the United States.

Alexander’s talk was met with a mixed response from the audience. There was some heckling, but also appreciative applause during and after his talk.

“While the General’s remarks were reassuring, I would echo the comments made by Senator Al Franken this morning in a Senate Judiciary Committee Hearing about this topic – “ad-hoc transparency does not engender trust,” said Tom Cross, director of security research at Lancope, in a statement. “These revelations have created concerns about what other programs might exist that haven’t been disclosed and what sort of civil liberties protections exist around those programs.”

Whatever your opinions are about the programs themselves, it was laudable the general came to Black Hat and asked the crowd for help, said Andy Grolnick, CEO of LogRhythm.

“He urged the vendor and hacker communities to offer their own suggestions,” Grolnick said in as statement. “No doubt many will take him up on that offer.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...