Welcome to the National Cryptologic Museum Foundation. The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community.

Did you know?

Polish mathematicians & code breakers made the first breakthroughs against Nazi Germany's Enigma code.......

Cybersecurity News: The Internet is Making Us Vulnerable; FISA Section 702 Delay; Wordpress Vulnerability & Breaches at Ancestry.com; and more

Cybersecurity News Bytes for the Week Ending 29 Dec 2017

North Korea Demands U.S. Evidence for WannaCry Attribution

The North Korean UN delegation demanded proof from the U.S. for the attribution of the WannaCry ransomware to North Korea. This demand was in reaction to a Wall Street Journal op-ed by White House Homeland Security Adviser Tom Bossert in which he attributed WannaCry to North Korea. Bossert based his statements on similar conclusions reached by the British Government and Microsoft. North Korea has denied the allegation, calling Bossert’s claims a “grave political provocation” and threatening retaliation. The Fifth Domain- 26 Dec 2017

FBI Fingerprint Software Made in Russia?

According to an explosive BuzzFeed report in late December, whistleblowers who worked for a French company, Morpho, have alleged in a lawsuit that the software Morpho sold to the FBI in 2011 for use in fingerprint analysis contains algorithms developed by the Russian company Papillon Systems under a secret licensing arrangement. Papillon also supplies software to Russian law enforcement agencies including the FSB. The fingerprint software in question is part of the FBI’s Next Generation Identification initiative and is relied on by more than 18,000 U.S. law enforcement agencies and TSA. Morpho, a subsidiary of Safran Group, won the FBI contract in 2009 against competition that included an American company. In court filings, Safran claimed no responsibility for actions of a subsidiary company, but did not deny the allegations by the whistleblowers. Congressional concerns about the contract with a French company were raised to the Director of the FBI at the time, but the award to Morpho went ahead. The FBI issued a statement to BuzzFeed saying that all commercial software is subjected to security testing before being used operationally. Morpho was subsequently sold to a U.S. private-equity firm and renamed Idemia. Idemia has provided fingerprint-recognition software to, among others, the Department of Defense and TSA for use in its traveler pre-check program. BuzzFeed- 26 Dec 2017

WordPress Vulnerable to Malicious Plugins

Security researchers at White Fir Design, a web design, security and marketing firm, have discovered the existence of potential malware on WordPress plugins that allows an attacker to insert Search Engine Optimization (SEO) spamware by providing access to a hacked website’s URL. This vulnerability was discovered in 2014 and corrected at that time by WordPress. However, according to White Fir, hundreds of websites still contain the infected plugins, allowing spammers to continue their exploits. Bleeping Computer - 26 Dec 2017

FISA Section 702 Authority Renewal Delayed

Section 702 of the US Foreign Intelligence Surveillance Act, the legal authority for much U.S. electronic surveillance, will not be renewed before it sunsets at the end of December. Congress has deferred consideration of reauthorization until it reconvenes in January. The Department of Justice has offered an opinion that the Act as it stands permits current surveillance operations to continue into April, which is thought to give the Intelligence Community sufficient legal authority to go on as it has, at least for a few months. But final Congressional action is likely in the first months of 2018. (TheCyberWire, 28 December 2017)

Ancestry.com RootsWeb Server Breached

A data breach on Ancestry.com’s RootsWeb server exposed 300,000 passwords, email addresses, and user names, but no credit card information. Ancestry.com discovered the breach on the RootsWeb infrastructure and believes it dates to November 2015. Most of the information exposed was from users taking advantage of free trial offers on Amazon and RootsWeb. Ancestry.com says there is no evidence that the data was collected or used by malicious actors, but that all affected users are being notified of the breach. ThreatPost- 27 Dec 2017

The Internet is Making Us Vulnerable

Security journalist Tim De Chant summarized 2017 as a year in which Americans became more vulnerable due to data breaches, ransomware attacks, social media manipulation, and the leaks of NSA and CIA cyber tools that were weaponized by cyber criminals. He describes well-known breaches such as Equifax and Uber as well as a little-publicized breach of Amazon’s cloud that was storing Republican Party data on 198 million Americans. Names, addresses and other sensitive voter information was exposed on-line for two weeks. The year ended with Facebook founder Sean Parker ruminating about the possibility that social media is “exploiting a vulnerability in human psychology.” Another Facebook executive commented on the prospects of social media “ripping apart the social fabric of how society works.” Nova Next- 28 Dec 2017

Return to our HOME PAGE

THIS MONTH on the

On This Day In History

Calendar

  • Confederate Signal Corps was established. The Confederate Signal Corps accomplished tactical and strategic communications for the warring armies, including electromagnetic telegraphy and aerial telegraphy ("wig-wag" signaling). It included a covert intelligence agency known as the Secret Service Bureau. Remember to explore the NCM's Revolutionary Secrets exhibit during your next visit.

About Us

The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community. We think you will agree it is truly a "museum like no other."

Located adjacent to the National Security Agency (NSA) in Maryland, the NCM houses a priceless collection of artifacts that represent our Nation's history in code making and code breaking, as well as a world class library of cryptologic media. The NCMF acquires the best artifacts for the NCM and supports new educational and interactive exhibits.

The NCMF provides exceptional cryptologic programs throughout the year, encourages young minds to explore cryptology and innovation through valued awards, and hosts educational, cryptology-related exhibits at various community events.

As part of the Foundation's partnership with NSA to build the Cyber Center for Education and Innovation - Home of the National Cryptologic Museum (CCEI-NCM), the NCMF also serves as a leader in the field of cybersecurity - striving to provide the best in educational resources and programs.

The NCMF and NCM share a joint three-fold mission to Educate, Stimulate, and Commemorate. Learn more about our MISSION.