Russian Hackers Stole NSA Data on U.S. Cyber Defense
wsj.comI find these allegations are deserving of some scrutiny. The entire story is quite bizarre when you begin to consider it. The NSA is apparently leaking like a broken pipe with this information. And it's peculiar because this is information that makes our intelligence agencies look completely inept. That is a very good thing if this story is fake, but a very bad thing if its true.
It is stupefying that NSA contractors/employees would be genuinely copying classified information that is heavily related to national security, and then just loading it up on their personal Windows PC with no apparent encryption or access controls. For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine? Then there are issues like the NSA being so anxious and happy to leak this information, and then them indirectly 'wink wink' confirming it publicly completely destroying the purpose of we don't comment on speculation --- when you start commenting on certain speculation, it indirectly says something about other speculation that you actually choose not to comment on. They're also seemingly unconcerned that somebody is leaking information that, if true, shows the NSA to be incompetent and also exposes attack vectors for enemy actors. There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?
Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia. Or at the minimum start Red Scare 3.0. I have no idea why they would want to do this, but I tend to abide Occam's razor, and this all being true requires a lot more effort than this just being "Yellowcake 2.0."
I'm going to take it that you've never done public sector contracting. The security rules are in reality less 007 and more school library, and this is totally believable. There is another story in the news now about soldiers smartphones being hacked in Eastern Europe. The troops are therefore made to go through water every day but some of them just put their phones in condoms. Defense contractors aren't even state employees and the security checks are basically akin to credit checks.
Russia (and China and others) have an advantage here in having recently been run as controlled states and having much of the bureaucratic apparatus and social habits still in place (e.g. bring your passport to buy a train ticket to another town; little old lady stationed on every floor of a hotel keeping an eye on comings and goings etc).
> Russia [...] controlled states [...] e.g. bring your passport to buy a train ticket to another town
That's a blast from the past. So, for those who haven't seen these, last century there used to be a set of "we're not like them, we have freedom!" examples, which were used in popular dialog to contrast the United States with the Soviet Union. Needing government papers to travel was one. The Soviet people feeling "why blame us for the actions of the government? - we don't control it" was another.
> Russia (and China and others) have an advantage here in having recently been run as controlled states
Well, we can't let them have that advantage over us! Googling "amtrack identification" yields "What Do You Need to Travel by Train in America? | USA Today" "Documents. [...] All travelers over age 18 and all unaccompanied minors age 15 and over must have a government issued I.D., such as a passport, driver's license or military I.D."
Like, foreign graduate students need to present their passports for inspection, in order to be permitted to enter my local Irish pub (Boston - minimum drinking age 21 - as required for federal highway funds).
Looking back, I don't recall anyone predicting, at the fall of the Soviet Union, that by losing a "them", for us to not be, we'd lose track of what we intended "us" to be.
Where your analogy falls apart is that in Soviet states, passports weren't granted automatically as they are in the United States, nor was inter-state travel approved in the Soviet Union except for cause. There is no authority in the United States that requires justification for interstate air or train travel.
An analogy? That my concrete examples seem analogorical, perhaps shows how much perspectives have changed? Or maybe I've just read too much into word choice.
Apropos change: Two decades ago, US inter-city air travel could be done anonymously - now it can't. US inter-city rail could be done anonymously - now it can't. US inter-city bus still can (though given credit cards, it's much less common), but I've seen "everyone must show identification to state/federal police to get on the bus" drills at bus depots. On intra-city subway and light-rail, it's been the (very infrequently exercised, except during a Democratic party convention) policy that state and federal officers with dogs can do random ID checks and bag inspections, or if someone refuses, require them to leave the train. Years ago, that was unimaginable. Around Boston and Manhattan, office buildings often had no ground floor security at all, or it was concierge - you'd just wander in and up to some office, and talk first with some receptionist, or if they weren't there, maybe hit a desk bell, or maybe wander around the office asking for directions. Now you usually hit security just inside the building door, and often have to present state identification, which is sometimes scanned or typed in. And get buzzed into offices. Office workers badge themselves through turnstiles and doors. Locked doors are more of a thing than they used to be. Before laptops, what is someone going to steal? Office supplies? A heavy typewriter? Large CRTs? MIT used to emphasize it was an "open campus", and students felt guilty about not doing enough wandering around in the evening/night, visiting labs and talking with people. Now that seems no longer a thing - lab doors and even whole buildings are locked to them, even with cards, even during the day. If you walk by a bar in Boston on a busy night, you will see someone standing there, checking government-issued identification. A few decades back, pre-MADD, that wasn't a thing.
We become used to "the way things are" so very rapidly, that it's easy to forget that the same familiar place, a few decades offset in time, could have had startlingly different attitudes and practices. As much as living in a foreign culture today.
> [...] On [Boston] intra-city subway and light-rail [...]
The reqiurement of an ID to buy a ticket or board a train might be also used to prevent buying out and reselling tickets later. And of course to prevent people who are wanted by the police from travelling.
Phones transmit signal so soldiers can be easily detected: if you see a large number of signal sources somewhere in the forest the probability is high that a military squad is hiding there. Soldiers should not have a phone when on duty.
Futhermore, if military base is located near or in the city the enemy can bring an IMSI catcher and record phone identifiers, or intercept calls.
umm I think the point is that soldiers are sneaking phones in, and this is an example of bad security enforcement within the defense services, not that defense services shouldn't be heavily regulated internally..
Wait, are you saying the commanders are trying to destroy the soldiers' personal hidden phones by making them swim with their gear?
Yes, they are banned of course as per regulations but that is hardly going to stop the hardened phone addicts
Well other soldiers should stop them if they see it since the phone addict is putting everyone at risk by shrieking for cell towers
From the soldiers’ perspective, when there are rules dictating every aspect of your life from the type of haircut you can have to the types of food you can eat (no hemp seeds for example) it becomes difficult to recognize which rules are actually important.
+1 having done this and having witnessed the staggering waste and incompetence on the part of people who should know better, I now feel really bad when paying my taxes. Truly, it’s better to not know how sausage is made.
> Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia
I mean, there's verifiable evidence Russia tried to influence our election. That's pretty new for a lot of Americans. I imagine that's why the government and the media are running wild with it. Mueller is still investigating. I would say to wait till that report comes out before jumping to conclusions. I personally don't think the media and government are gearing up for some Russia conflict. This is just the first time Russia has been so involved in our politics since the Cold War, and the media is rightly running with that idea. Is it that unbelievable for some people that Russia was involved in trying to influence our election? I can't tell if you're rightly scared of the media or just can't believe Russia would do something bad.
With respect to the quality of work at the NSA?
"Never attribute to malice that which is adequately explained by stupidity"
And finally with respect to all the leaking... I think it's pretty clear that's just the NSA's lack of confidence in its leader.
>I mean, there's verifiable evidence Russia tried to influence our election. That's pretty new for a lot of Americans.
That might be new for a lot of Americans, but not for anyone who has ever paid any sort of attention to international politics. In reality it would've been bigger news if Russia hadn't tried to influence our election. And that's not specific to Russia, I'd say that about any major economic power including allies.
>since the Cold War
We've been in a proxy hot war with Russia for years. Syria is a major Russian ally and a big part of our activity in Syria is to reduce the regional influence/power of Russia.
>I can't tell if you're rightly scared of the media
One would think that a group of people whose job it is to report on global politics would understand how much of a certainty it is that Russia would try to impact all of our elections. And yet they're pretending like this is shocking. I can forgive the general public, but any media outlet feigning shock is bold faced lying.
Where is this verifiable evidence so I can actually verify it?
It's only been ~1yr since the election. You have to be patient for big cases like this.
Until then we have to trust the US intelligence community. Their messaging has been consistent that their arch-enemy they've been competing with for decades pulled a fast one on them and was unexpectedly effective at influencing an election.
Government sources have been leaking a bunch of stuff to the press in the meantime. This week it was alleged "Russian-linked" sources supporting the Republican party had bought Facebook ads [1] in the critical swing states:
> A number of Russian-linked Facebook ads specifically targeted Michigan and Wisconsin, two states crucial to Donald Trump's victory last November, according to four sources with direct knowledge of the situation.
Two states which Clinton's $500 million campaign reportedly neglected [2] despite the pleas of her former-president husband and advisors:
> Clinton made no visits to Wisconsin as the Democratic nominee, and only pushed a late charge in Michigan once internal polling showed the race tightening.
The other big leak was that of the hundreds of people the Trump campaign staff met and had phone calls with in 2016, it turns out 2-3 of them had connections to the Russian government. But it's not clear if they had any follow up meetings.
I'm looking forward to the full report showing the "critical role" Russia played in getting him elected...
[1] http://www.cnn.com/2017/10/03/politics/russian-facebook-ads-...
> You have to be patient for big cases like this
So in other words, no “verifiable“ proof at all, just rumors, hearsay, and unbacked assertions.
> Until then we have to trust the US intelligence community.
Sorry, no. Their success rate and overall trustworthiness is abysmal, let alone it's foolish to trust secret data even if it weren't the case.
You are out there every day pushing back against anonymous voting then?
Who voted for which candidate is secret and we rely on counts that aren’t broadcast live
Anonymous doesn't mean secret. If the governor of Ohio says his people want Trump over Hilary, just trust him, you don't need to know how he knows would you? I mean, I don't trust unauditable electronic voting machines. I certainly wouldn't trust someone who couldn't even point to the machine he got his info from.
Much of the voting system is an exercise of trust. The most reliable part of it, besides the fact that election officers are publicly known and accountable, is that officers from both parties oversee each voting center. Your trust is that the adversarial nature of the political parties will raise alarms if the ballots are tampered with.
It's odd that people keep saying to trust the intel agencies, since much of the best research on the propaganda side is done in academia, and the data is out there.
Here's a Tableau of the influence of just 6 of the ~200 recently banned Russian-run groups on Facebook: https://public.tableau.com/profile/d1gi#!/vizhome/FB4/TotalR...
Here's the raw data: https://data.world/d1gi/missing-fb-posts-w-share-stats
Here's some analysis: https://www.washingtonpost.com/news/the-switch/wp/2017/10/05...
I also like http://dashboard.securingdemocracy.org/
If you want to look at research, Oxford is doing some good work in this area. They have a whole research group on computational propaganda: http://comprop.oii.ox.ac.uk/category/publishing/academic-art...
I read through each of your links and there's some interesting stuff there. Overall it looks like Russia basically ran a full-time campaign marketing team with access to a few million dollars for ad and social media sharing buys.
That said, the breathlessly covered "tens of millions of ad impressions" isn't that much on Facebook. From my experience getting 0.1% of viewers to care would be a significant number.
Being familiar with online marketing makes a lot of this sound less scary.
What I'd love to see is the Russian ad spending in the great context of the entire campaign. Considering both sides spent $1 billion on their combined campaigns it's entirely possible that the ~200 PR stories and 10M ad impressions are a minor blip in the wider scale.
What's interesting is how many people voluntarily shared these posts because it struck a chord with them (although it's equally as easy to buy fake likes/shares). And the fact they were focusing on critical swing states that Hillary's massive campaign failed to hit, basically non-english foreigners outperforming the most expensive American consultants...
The leaked data is another story and Wikileaks will never be proven, which means 50% of the leaked data is very likely via Russia.
For each of these, there were plenty of moving pieces out of Russia's control (the FBI and media's handling of pretty insignificant stuff, the highly receptive audience sharing the propaganda, etc) that all worked in their favour. Even if their contributions were minor, the US political environment played a huge role in amplifying it into something far bigger than they could ever do themselves.
Outside of some future smoking gun connection with the Trump campaign (which seems highly unlikely so far) it's going to be very difficult to measure exactly how much meaningful influence Russia really had on the elections. But it's an interesting lesson for the future regardless and the vagueness will offer plenty of leeway for the Clinton's campaign to sidestep responsibility for both running a bad campaign and for being a generally unlikable person (which matters more in these popularity contests than capability).
And if you didn't notice my entire original comment was satirizing mainstream discourse. I don't think you need or should trust intel agencies nor the media's uncritical interpretation here. I left it purposefully vague for those smart enough to see through the popular narratives.
Measurement of effectiveness is pretty hard, I agree. And as I point out elsewhere, the Russians promoted diversive left-wing causes as well.
But I wish people would stop making claims that it didn't happen just because they (reasonably!) doubt the intel agencies. This stuff is trivially verifiable by anyone with the desire to do so.
Wow I wasn't aware this was so directly available.
Thanks!
No problem. It's a bit sad how rarely people bother to look into this.
People spend hours arguing on HN about this, and it takes a lot less time to take a look at the data.
You don't even have to be anti-Trump to agree with what the data shows: That set I linked to had strongly anti-Trump groups like "Blacktivists", "United Muslims of America" and "LGBT United".
Don Jr. personally admitted to meeting with Russians.
[1] http://www.npr.org/2017/07/12/536782047/donald-trump-jr-admi...
"A lawyer who happened to be Russian" is not the same thing as "the Russians", the latter implying some sort of official Russian government conspiracy - presumably at vast scale, to affect something as large as the US election.
I too would like to see this verifiable evidence. So far all evidence presented of so-called Russian "interference" isn't even remotely credible.
"A lawyer who happened to be Russian" is an extraordinarily significant misrepresentation of who Natalia Veselnitskaya is.
She's "former" FSB. And there's no such thing as "former" FSB.
> I too would like to see this verifiable evidence.
He went to the meeting because Russians said they have dirt on Hilary and admitted it.
Also, There was at least one Russian troll farm targeting voters.
https://www.washingtonpost.com/politics/facebook-says-it-sol...
Russia also has a history of influencing elections in other countries.
"Russians" didn't. A woman did. It turned out she had nothing and the meeting was a waste of time. Very far from what the phrase "meeting with the Russians" implies - some sort of large, organised group engaged in official Russian state business.
Veselnitskaya is a paid member of a group registered to lobby against the Magnitsky act[1]. The group paying her was organized by a former GRU agent[2] and paid for by a Russian oligarch Denis Katsyv.
Reversing the Magnitsky act is pretty much the number one thing the Russian government would like.
Of course there is nothing wrong with this in itself. But while Veselnitskaya may not have been a Russian official, she was promoting official Russian policy and paid by politically connected Russian interests.
[1] https://en.wikipedia.org/wiki/Natalia_Veselnitskaya#Advocacy...
[2] https://www.grassley.senate.gov/sites/default/files/judiciar... (Note this complaint was made in 2016, before the election)
It’s odd how you are trying to misrepresent and confuse other people about the truth.
We are witness to the return of menace and mischief by a motivated adversary, nonetheless they have always had their hand in US and EU politics.
The revisionist, election hacking narrative is a massive thoughtform, propped up by some savvy scoop every couple of weeks just to die down and go nowhere. Everything the media covers is tainted by an air of sentimentality and idealism, hardly great elements of good journalism, but it sells papers.
Those who think they really know men like Putin, those who believe they really know and understand evil, you will never know them. People who think they know live in a world of black and white, right and wrong, living within society but not operating in the raw layers of society where people make civilization a reality. Men like Putin, they live in this space, desperately trying to keep their reality/world alive. The way they do this is the same how we keep ours alive, they lie. Russians tell very good lies, they are very good at making whole new truths, but if you look very closely, it starts to come apart.
What non-fringe authorities or publications are claiming that the election was hacked?
The leak addressed in this article stems from 2015.I think it's pretty clear that's just the NSA's lack of confidence in its leader.I think he meant Obama. By 2015 many have given up on hope and change. Unless the hope was to drop over 20k bombs on countries we were not even at war with after receiving a Nobel Peace prize. Overthrow governments in Middle East and arm dangerous rebels in that region.
Don't forget state sanctioned extrajudicial killing of U.S. citizens.
> I mean, there's verifiable evidence Russia tried to influence our election. That's pretty new for a lot of Americans. I imagine that's why the government and the media are running wild with it. Mueller is still investigating. I would say to wait till that report comes out before jumping to conclusions.
I'm shocked, shocked, shocked there's gambling going on here! Shocked! We are the only ones who are supposed to be doing that!
I crush your Hanlon's Razor with my Grey's Law:
"Any sufficiently advanced incompetence is indistinguishable from malice."
> I mean, there's verifiable evidence Russia tried to influence our election.
No doubt, I don't think anyone argues that point. Russia and ex-Soviet Union's KGB have always tried to manipulate Western governments. Propaganda and planting stories in newspapers was one of their favorite methods.
Any developed country would be trying. US is too important for anyone with any power or resource to not try to influence it.
However I don't believe what they did had any meaningful effect on US elections. We would have found out by now. I didn't believe it since it came out and I still don't. So far I see a PR story that has gone out of hand, it was pushed and promoted in order to explain what happened. Heck, people tell that story to themselves. "Surely, my compatriots couldn't have voted this, way, it must have been some super villain spy thing".
> This is just the first time Russia has been so involved in our politics since the Cold War, and the media is rightly running with that idea.
When did Russia stop involved being in our politics. It sent undercover spies to live and try to infiltrate think tanks and such. Remember the spy ring that was uncovered. Literal KGB agents living illegally around NY and such. That stuff never stopped.
> Is it that unbelievable for some people that Russia was involved in trying to influence our election?
It is unbelievable that they singled out Russians and keep running with it for a year without any proof that the Russian did anything to change the result of the election. The amount of talk this received, it would seem they have proof the Russian changed the votes in those Rust Belt states' voting machines. Unless we think those states are full of KGB agents this is story is mostly a waste of time.
And yes, the tragedy here is the opportunity cost of wasting energy on something like this instead of focusing efforts and coming with a new platform for the Democrat party, starting a new party. Instead its Russia, Trump said a stupid thing, his taxes, more Russia, he ate 2 scoops of ice-cream, back to Russia.
Sure they tried, they deserve some credit:
http://www.cnn.com/2017/07/24/politics/democratic-agenda-unv...
---
"Schumer: Democrats' top priority is health care, not Russia"
The plan -- "A Better Deal: Better Jobs, Better Wages, Better Future" -- is a three-pronged approach that focuses on improving wages, lowering costs of everyday expenses and boosting job-training opportunities.
---
But compared to Russia and the piss dossier and scoops of ice-cream that doesn't seem to interest very many people (if we assume media reflects and presents to people what they really want to hear).
I'm so skeptical now of skeptical Russia posts. A 25 day old account who's first comment [0] was about media and divisiveness.
And you signed up about a year and a half ago - just the right time to try and influence the US election. Perhaps you work for a western intelligence agency.
Or perhaps you are easily manipulated by the media.
I've been called Russian on various forums several times. I am actually British and have never even been to Russia. My crime was to point out the flimsy nature of so many of the allegations regarding Russian involvement in, well, pretty much everything.
There are lots of people in the world right now who psychologically can't accept the fact that Trump and Brexit won and have descended into a sort of group hysteria as a result.
This idea that the Russian government spends its time/money trying to influence US politics by posting to Hacker News of all places should fail any basic test of common sense and logic. But it's so tempting to believe in this conspiracy theory, because then difficult questions like "why did Trump win" and "why do people hate Hillary so much" and "are there Trump supporters in my own circle of friends and family" can all be ignored. It's not really America, it's actually some vast subtle manipulation by a foreign government! And if anyone questions the unreliability of US intelligence, that's just more proof that it's really happening!
I'm just saying I based my judgement on the content before, but having seen others dig through other posters' comment history to find pro-Russia patterns gives me pause now.
And even if it is still just about content, it's a lot easier to spread BS than it is to refute it.
> This idea that the Russian government spends its time/money trying to influence US politics by posting to Hacker News of all places should fail any basic test of common sense and logic. But it's so tempting to believe in this conspiracy theory, because then difficult questions like "why did Trump win" and "why do people hate Hillary so much" and "are there Trump supporters in my own circle of friends and family" can all be ignored. It's not really America, it's actually some vast subtle manipulation by a foreign government! And if anyone questions the unreliability of US intelligence, that's just more proof that it's really happening!
I am not totally disconnected from people who support Trump, unlike the stereotypical liberal coastal megalopolis dweller. But it seems pretty clear at this point that Russia has, and is continuing to, sow dissent in America. Not by hacking election machines or anything clearly aggressive, but by thousands of twitter, disquss, and facebook troll accounts. I do not ignore any "difficult" questions because of it.
but by thousands of twitter, disquss, and facebook troll accounts.
Actually no, that's not pretty clear.
For one, where's the evidence that spamming Twitter can affect anything politically at all, in any country? The entire belief that elections are decided by robo-Twitter accounts revolves around the idea that a lifetime of experiences, beliefs, news consumption and discussions with friends/family goes out the window the moment someone opens Twitter and reads 140 characters.
I don't think this is a real phenomenon. I don't believe in it because it's such an obvious and minor riff on a more general theme that is always so pervasive in politics; the idea that people who disagree with you politically aren't "really" disagreeing, they're just brainwashed and not thinking for themselves.
If you look at European politics, before the current wave of Russia hysteria the EU and its fans liked to explain Euroscepticism as something driven by tabloid newspapers. To quote Martin Schulz (head of the EU Parliament), "UK tabloids have performed mass brainwashing" which "force fed their readers with intolerance". In other words, stupid people read simplistic messages and automatically start to agree with them - that's why they don't vote for things the educated elites like.
That's an almost identical rationale to the idea that people didn't vote the right way in the USA because there was "mass brainwashing" that "force fed them intolerance", except now it's Twitter instead of newspapers and the evil Russians instead of tabloid journalists. But the premise is the same: bad people are brainwashing the ignorant masses.
I was just called a Russian shill here the other day. Then they started to dig through my post history and proved that I speak Russian. They found a post from 340 ago, kind of an admirable effort but also kinda creepy. I probably mention something "back in the old Soviet Union" every week or so. Not sure they had to go back a year.
The plot twist is that I am not Russian (people speaking multiple languages though are suspicious, gotta agree there). Even a better twist, I have more reason to hate Russians (as a country, never personally) than any most of the posters here. But you know, KGB agents hiding in the bushes, and all.
If you've ever lived in Russia for any length of time and not been sheltered, the Kremlin stories coming out are not only totally believable but predictable. I think it's being massively downplayed in fact, because the reality of what's going on is simply so disturbing that nobody in power wants to accept it and have to act on it.
Maybe that's the first part of the evil plan? Make people see Russians everywhere.
I try to look at content and don't care much who the poster might be. Because everyone has motive even if it's just boredom or attention.
When the number one tactic involves paying people to troll and influence on social media it's being willfully ignorant to look at every post in a vacuum and to not look for patterns.
Let us also recognize that Russia is just one of hundreds of interests that are trying to influence conversation online, not discounting several factions in the US government.
It is very easy to spot them, especially on platforms like Twitter where they spread obvious, blatant lies. No one is immune, especially with disinformation campaigns being waged by domestic parties, corporate interests, PR firms.
It has always been a reality that the internet attracts misinformation and conspiracy, even more so in the past than now. And yet, we continue to evolve from a technology that doesn't allow for us to distinguish fantasy from reality.
We aren't North Korea who is so threatened by outside messages they have to block foreign radio broadcasts and are susceptible to leaflet propaganda drops.
Or we shouldn't be.
We shouldn't be threatened by foreign posters claiming this or that. If legitimate problems are brought up they should be acknowledged in a free society. If lies are brought up they should be ignored or addressed. But this OMG Russian Posters Everywherez is disturbing. It signals fear and weakness. It's more disturbing than the actual existence of Russian posters. Let them post. Listen to what they say if you care. It should not be a real threat if we are right. If we are not right we should get right.
I'm not saying the original poster isn't Russian, maybe they are. Does it really matter? If what they are saying isn't true we can contradict it or ignore it right?
However if what is being said is true maybe the bigger problem is not _who_ is saying what but rather that this truth exists to be said and maybe we should do something about that rather than ascribing motives which may or may not be accurate.
If I can’t trust the messenger there is little point in my verifying their claims
If you can't separate a message from who you suspect the messenger might be there is little point in verifying claims either.
> Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war.
Uh, while there were some media collaborating with the government propaganda, the government's case for war was thoroughly and pretty completely debunked in the mainstream media, nearly in real-time.
Few people paid as much attention to that as what the government was saying, which the media reported as, well, what government officials were saying, but the media would have been negligent not to report that. They can hardly be responsible for the strong effect of confirmation bias combined with official-sources bias among the population.
There's a useful tool in search engines that I think are desperately underused. This [1] is a search for "Iraq" on Google with results from January 1st to March 1st, 2003. We would invade on March 20th. I'll leave the results without comment. I think they speak for themselves.
A couple of asides are that it's very interesting to do the same sort of thing with "Russia" in more contemporary times. Our minds do very strange things when reconstructing the past. At the eve of the Iraq war, 72% [2] of Americans supported war. Now nearly half [3] of Americans claim they opposed the war. And the interesting thing is that people probably do genuinely believe this. Our brains do an absolutely phenomenal job of letting us lie to ourselves. Probably the one thing that inhibits progress more than any other!
[1] - https://www.google.com/search?q=iraq&dcr=0&tbs=cdr:1,cd_min:...
[2] - http://news.gallup.com/poll/8038/seventytwo-percent-american...
[3] - https://today.yougov.com/news/2015/05/21/americans-remember-...
Internal wars about slavery, Japanese American camps during WW2, McCarthyism, an plainly obvious global imperialism schemes for over a generation....
America’s entire history is a shitshow of hypocrisy
It’s a truism of humanity; each of us is ignorant and naive in our own ways
Welcome to reality
While I agree with your assessment of the Establishments role in the promotion of the Iraq war, I don't think an actual conflict with Russia is either desirable or possible without severely wrecking the current global order. It seems more like the kind of behavior I've seen when you impose tedious security protocols universally without explaining it properly to those expected to follow it.
I'm willing to bet that as the NSA continues to expand its digital monitoring divisions, it has increased the use of contractors a lot. And not all of them might be aware of the supremely sensitive nature of the information they are dealing with.
The thing that makes me even more convinced that this is what's going on is that you don't see a lot of leaks/breaches from NSA officers(agents? not sure what the correct terminology is) but mostly from contractors. Hell, Snowden was also a contractor and not a member of the NSA. Maybe they need to realize that this kind of cost cutting is just not worth it.
I thought the reason they used contractors was certain government rules made it a pain in the ass to hire a new employee at 100-150k.(a lowish level for a quality devs with security clearance)
This has a strong weight in truth at least within the CNO world. Simply can't compete with commercial salaries (which for those with unique experiences are commanding even greater than the average SV salary).
> I don't think an actual conflict with Russia is either desirable or possible without severely wrecking the current global order.
Or the current globe.
Occam’s Razor:
A 25 day old anonymous HN acct is controlled by a shill attempting to deflect attention in readers minds (which we know Russia does along with every other nation state)
Or
WSJ made the whole thing about Russia hacking computers up, which really we already know their intel community does, just like every other nation states
Occams Razor again:
Google, Equifax, Yahoo, NSA are incompetents with technology as they have all suffered data breaches recently (waymo+uber is a breach in the same sense the NSA contractor took home data they were vetted to access and it was used outside its scope of access)
Or
We’re suffering a mass delusion driven by marketing and fear that perfect security is possible, just these very good tech groups sucked at it (of course no one out there benefits from the public doubting these groups abilities right?)
Given humans long history of buying in to mass delusions (religion, nationalism, what brands one buys matters), Occam’s razor seems clear on this
The problem is that people are fallable, often wrong, and always overconfident. Many presidents believe they can delegate the work of actually being president by blindly trusting those below him. In practice, you find the government to be filled with normal human beings doing their best in an organization where the shareholders are insane and irrational.
>There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?
First, even if they were giving access to their genuine source code repository, there's absolutely no guarantee that the binaries aren't backdoored by Kaspersky, FSB, or both. Alternatively, they could just hand over a phony copy of the source.
It's kind of a pointless offer. There's no real reason to deny, but there's also no reason to accept. If the fear is that their products might be influenced or backdoored by hostile intelligence agencies, the only reasonable solution is a total boycott.
(And yes, I very much understand the exact same could be said of the NSA and a lot of US-made software.)
The same code compiled by the same compiler with the same settings compiles to the same binaries. So you can indeed verify that what you're running and what you have the source code to are indeed one and the same.
For that matter, they could still do that to this day. Pick the time frame that the alleged hack happened and examine the source. And again you can compare the binary output to ensure that you actually have the real thing.
In practice, this isn't really possible, though. The binary is usually going to be slightly different. In theory you could RE the differences and potentially disprove a backdoor, but it's not easy.
Also, it's not necessarily that hard to slip a very subtle backdoor into the source.
> Our media and our government lied to generate a case for war
Remember Vietnam? Same thing happened. GoT Incident was a joke.
> For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine?
At some point you have to actually use your exploits, they can't all stay in secure airgapped machines. Malware is made to be used and to be used it must be copied. Obviously taking it home is egregious, but it's not like securing a private key or launch codes.
>And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia.
Russia invaded Ukraine & Crimea, ended up downing a civilian airliner killing them all.
Slaughtered hospital workers in Syria after following victims of regime chemical weapons attack to the facilities.
Has been funneling heavy weapons like T90 tanks into sub-state militias, including the designated terrorist org Hezbollah.
Is currently attacking people who have documented all of this, regardless of what nation they live in. Has attempted to get Canada to take down and expose citizens using their services to publicize Russia's actions.
What will it take to get you to understand Russia is at war with the world? Does another civilian airliner need to be downed? Should another analyst/journalist get kidnapped and brought into Russia to be disappeared?
What is your threshold of acknowledgement here?
Minus the taking of land, Crimea by Russia, and the civilian abduction (US just more secretive)same can be said for US actions over the past decades.
Does that mean USA is war with the world (under trump now, yes, but I am implying before that)?
How many other nations elections has USA undermined, accidental civilian casualties(including downing of a civilian plane) and funding to terrorists (directly funding Taliban and supporting terrorist groups.. not to forget Saudi Arabia)
As a non American, looking from the outside, it's hypocrisy that the US is offended someone else doing what they have been doing... Just Russia got caught and is being called out.
But I can understand the outrage, and in no way condoning Russia's actions... They have taken it to publicized extremes stoking aggressive behaviour to other nations and particularly the US
>same can be said for US actions over the past decades
Is this really the best response? A deflection? Do you know how tiring it gets? How little it advances discussion?
My peers are being hunted for documenting war crimes but OK US did similar stuff some decades ago so I guess the topic is resolved for good. Wrapped up nicely with a bow for eternity.
My comment was in response to specifically your questioning implying it was very obvious Russia is at war with the entire world for said reasons.
I pointed out USA has done similar things Russia has done/being accused of (And it's not just decades ago, funding of terrorists, undermining regimes is still ongoing today. By USA Russia and many other nations).
At the same time, I am NOT saying tit for tat means problem resolved... You are taking it to extremes implying something I did not say.
Your comment doesn't advance the discussion either if u want to be a stickler with the "isn't it obvious, what else do you need" type of response I was replying to when: no it isn't obvious, and your statements are not clear indicator of that as much can be said about other nations including USA. Not that actions balance each other out so nothing to worry about
> Is this really the best response? A deflection? Do you know how tiring it gets? How little it advances discussion?
What you posted is also a deflection. You are turning false equivalency into a logical fallacy here.
How about you address the similarities instead of dismissing uncomfortable truths about your own country while simultaneously attacking others.
It is the worst type of jingoism.
>How about you address the similarities
Because it diverts the topic. It is literally introducing the fallacy seen in "And you are lynching Negroes[1]" to avoid the subject. Because of people like you we cannot discuss being victimized today because of deeds in the past made by unrelated entities.
[1] https://en.wikipedia.org/wiki/And_you_are_lynching_Negroes
> Because of people like you we cannot discuss being victimized today because of deeds in the past made by unrelated entities.
And because of people like you we will continue to make the same mistakes over and over again because analysis of past injustices has become taboo, and identification of irony and hypocrisy in the actions of nations has become too uncomfortable for you to handle, because you still buy into the good guys versus bad guys cartoon rhetoric so prevalent in US propaganda that even grown fucking adults buy into.
See, I can make dumb comments too.
You say these things like the US isn't doing the same things;
> Russia invaded Ukraine & Crimea, ended up downing a civilian airliner killing them all.
The US invaded Afghanistan and Iraq, pretty much paved the way for the rise of ISIS.
> Slaughtered hospital workers in Syria after following victims of regime chemical weapons attack to the facilities.
The US bombed a civilian hospital in Syria, killed about 30 people.
> Has been funneling heavy weapons like T90 tanks into sub-state militias, including the designated terrorist org Hezbollah.
The US has been selling weapons to some lovely places. The terrorist factory of Saudi Arabia for one.
> What will it take to get you to understand Russia is at war with the world?
What will it take to get you to understand that the US is the new Empire, at war with the world?
> Does another civilian airliner need to be downed? Should another analyst/journalist get kidnapped and brought into Russia to be disappeared?
Does another hospital need to be bombed by US airstrikes? Do some more journalists and civilians need to be murdered by some dumb-ass American shitheels in a gunship that thinks its funny to do what they did?
Dude the lack of self-awareness in your post is astounding. People in glass houses and all that jazz.
Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia
Our current president has never had a critical thought enter his mind and not have it escape his lips, or his tweeting fingertips – yet Russia (and Putin in particular) have never been in his crosshairs. I think that this fact directly contradicts your hypothesis. Then there is also the mysterious change to the GOP platform around the time of the convention.
He's not criticised New Zealand either, as far as I know. So what?
What Trump disrespects tends to be predictable: not tough enough, too friendly to foreigners, not conservative enough etc. Putin happens to be tough, conservative and not especially friendly to foreigners, all attributes that Trump respects and yet which are not very common amongst world leaders.
It helps that Putin doesn't speak English and - fantasies by Clintonites aside - isn't actually doing much around the world outside of Syria, a place where they mostly spend their time bombing ISIS (something Trump approves of). So there isn't much reason for Trump to talk about them, beyond the constant Russia-linked attacks on him.
I think you'll find Russia is doing a bit world wide.
They've just finished up the Zapad war games again, denounced Georgia having war games with the US. Getting back into Uzbekistan now that Karimov is gone. Russian companies are now supplying internet and phone service to North Koreans. Crimea is still going on with continuing threats to Ukranian sovereignty. Russian gov has just committed more funds to Kalningrad and the Far East. Two regions with some fairly significant strategic value. Russian has been funding the Venezuelan regime and doing so in a way that dodges US sanctions. Russian government is attempting to put Belarusian military units under their control. Russians have alledgedly been involved with the Catalonian independence movement.
This is not to say other countries aren't busy too but I think it's false to believe that Putin and the Russian government is only involved in Syria.
Russians have alledgedly been involved with the Catalonian independence movement
Lol, here we go ahead. And where's the evidence of that?
I mean damn, those darn Ruskies! Trump, Brexit and Catalonia too! Is there anything happening in western politics that isn't their fault?
Wait, I thought the reason Russia allegedly did something to support Leave in the Brexit referendum was because they wanted countries to leave the EU, but the Catalonian independence movement wants to remain in the EU. So what's the logic there?
And where's the evidence of that?
https://medium.com/dfrlab/electionwatch-russia-and-referendu...
http://www.politico.eu/article/russia-catalonia-referendum-f...
Summary: there's been some attempts, but not as well organized or concentrated as the US, French or German election campaigns.
For anyone who can't be bothered to click through, the "evidence" is a report from El Pais which says:
1. RT reported on Catalonia in ways which El Pais didn't like.
2. Julian Assange is guilty of tweeting "opinions" and "half truths". The idea that Assange has something to do with Russia is taken as given, although it's about as credible as the rest of it.
3. "Bots" which re-tweeted the famously Russian American Edward Snowden. No evidence that any such bots exist is provided, nor that anyone in Catalonia cares what Snowden thinks.
4. "Pro Kremlin websites" spread "biased news".
In other words, there's absolutely fuck all evidence of the Russian government doing anything in Catalonia. Rather, El Pais was disgusted to discover that there are people in the world - like Australians and Americans - who don't agree with what Spain is doing. And once more, instead of accepting that the world is full of people who disagree with them, they invented a Russian conspiracy!
This entire episode is truly pathetic.
That's a weird response - the links basically support your position that Russian intervention was minimal.
But your response makes it seem like you didn't read it at all! For example, they provide links to some of the Russian twitter accounts:
For example, @DYGq72pblsGauqv (screen name Магаданец Р.Ф.) retweeted a post from Assange comparing events in Catalonia with those on Tiananmen Square in Beijing. This account posts almost exclusively in Russian, and focuses on propaganda accounts, including from the self-proclaimed territory of “Novorossiya” in Ukraine. The great majority of its posts are retweets, marking it as a probable bot.
They also point out these are minority of the amplification: It should be pointed out that these were a minority, compared with the many apparently Catalan and American accounts, both bot and human, which retweeted Assange.
Far from pathetic, I thought they were fairly balanced assessments of the claims.
That's a weird response - the links basically support your position that Russian intervention was minimal.
They support my position that there was no such intervention at all: i.e. that your claims are false. It is not that "there have been some attempts but not well organised", as you said. It's that there's no actual evidence of any attempts by the Russian government to do anything in Catalonia at all.
Why would pointing that out be a weird response?
As for "omg tweets", who cares? They present no evidence that such an account is a bot, or Russian, even though the random username makes it a possibility (possibilities not being the same thing as evidence).
But more importantly, how many people speak Russian in Catalonia to begin with, do you think? Surely a plot to somehow influence Catalonia events would involve doing things in Catalan or Spanish, not Russian?
The entire hypothesis falls apart the moment anyone inspects it. That's why it's pathetic.
The unifying motive in Russian propaganda efforts of the last several years is to destabilize other centers of power by exacerbating divisions between and within countries Russia considers less than friendly, particularly in NATO.
Their manipulation with regard to Brexit, Catalonia, and multiple and ideologically-opposed sides in the 2016 US Presidential campaign, among others, all fit this pattern.
OK, so in the space of one post now a Russia-Catalonia connection has progressed from being "alleged" to being stated simply as fact, as if it doesn't even need substantiation at all.
Your post is kind of reminds me of this:
http://media.timeout.com/blogimages/wp-content/uploads/2012/...
A vast shadowy conspiracy which is connected to absolutely everything, even when there are obvious long term political trends that made all these outcomes predictable. Nope, not crazy at all!
> Russians have alledgedly been involved with the Catalonian independence movement
Of all the unsubstantiated and ridiculous "Russia did a bad thing" allegations I have heard, this one is the most ridiculous (so far).
A deeper understanding of geopolitics would be gained by studying actual things that have really happened.
[0] https://news.bitcoin.com/moscow-stock-exchange-trade-cryptoc...
[1] http://www.foxbusiness.com/features/2017/09/13/venezuela-sto...
[2] https://www.rt.com/business/403804-russian-sea-ports-ruble-s...
[3] https://www.reuters.com/article/us-saudi-china/saudis-may-se...
[4] https://www.weare121.com/blog/strong-russian-gold-reserve-in...
Kaspersky preempting (presumably) this story:
"New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats"
https://twitter.com/e_kaspersky/status/915946040561487875
Edit: Kaspersky press release https://usa.kaspersky.com/about/press-releases/2017_kaspersk...
Heh, an extreme interpretation of that statement could be that Kaspersky considers the NSA to be a "cyberthreat"...
Kaspersky was trained by the FSB (former KGB). (Putin has been quoted as saying "there's no such thing as a /former/ KGB officer").
So as a defacto agent of the Russian government, Kaspersky certainly considers the NSA (and other Western gov't agencies) to be an adversary.
Agreed that it's crazy that the US govt ever used Kaspersky software.
https://www.extremetech.com/internet/252421-russian-cybersec...
"According to emails obtained by Bloomberg Businessweek (and confirmed by Kaspersky Lab as genuine), Kaspersky’s ties to the Russian FSB (the successor to the KGB) are much tighter than have previously been reported. It has allegedly worked with the government to develop security software and worked on joint projects that “the CEO knew would be embarrassing if made public.”
> Kaspersky was trained by the FSB (former KGB).
No, he was trained by the KGB, the predecessor to the FSB, SVR RF, and , I think, a couple other organizations. (That is, he was trained while the Soviet Union and the KGB existed, and before the Russian Federation became independent and existing and new Russian institutions succeeded to the roles of the former Soviet organs.)
Sorry, should have said
"Eugene Kaspersky was trained by the KGB."
More specifically, Kaspersky studied at Institute of Cryptography, Telecommunications and Computer Science, which was administered by the KGB, and "offered the best mathematics courses available in the old USSR" [0].
It is disingenuous and misleading (like so much of the anti-Russia narrative) to state that he was "trained by the KGB", as though they taught him everything they know about spy-craft and espionage.
[0] http://www.theage.com.au/it-pro/security-it/meet-eugene-kasp...
Well the Pentium chip itself was a Russian design so why not use their AV - https://www.theregister.co.uk/1999/06/07/intel_uses_russia_m...
Cause the Pentium chip doesn't send info back to Russian intelligence services?
The US has a lot to lose by linking tech firms to intelligence services, but in this case - when an agent of one gov't is hacking another gov't, links to intelligence services are suitable for discussion.
The Pentium was not a Russian design. Seriously, anytime The Register makes a claim, it's generally more accurate to assume the opposite.
Jacob Applebaum publicly claimed (at the Chaos Computer Club, Germany, in the mid-2010s) that the Five Eyes and other intelligence services, for better or worse, attack employees of network providers, SaaS providers, and likely native software providers.
It's not clear to me if it matters what country they are working from. If the NSA has a credible threat in the USA, they can be authorized to assist with domestic intelligence services to infiltrate services required to get their job done.
One specific attack he claimed happened was a MITM of LinkedIn connections at foreign ISPs. I don't think it's a stretch to call them a "cyberthreat", especially if you are a Russian citizen or are trying to secure computer systems outside of the USA (I'm giving Kaspersky a generous benefit of the doubt).
Yes, the NSA and other Five Eyes agencies go after foreign ISPs.
There are strong legal protections keeping the NSA from spying on Americans without very strong evidence. Lawfare has covered this extensively. Here's an example from Wittes (even stronger because he's basically a neocon). https://twitter.com/benjaminwittes/status/911231805302480896
Is not NSA a threat? They have tools to break into any computer and steal data therefore they are a threat.
Aren't they?
I'm going to go out on a limb and propose a hypothesis:
The DoD's hyper-innefficient contracting system rewards DC insiders and effectively limits the department's ability to invest where investment is needed while draining the public coffers of unfathomable amounts of money.
The DoD's hyper-ineffective personnel system inhibits personal development while at the same time making it nearly impossible to move laterally within the organzation, thus preventing thousands of experts in many fields (that is, many thousands of experts) from self-organizing into effective functional units.
These two issues have made the DoD ripe for attack in the digital domain, an area that has nothing to do with their other core missions areas which are all organized around delivering kinetic energy to adversaries.
Contracting instead of developing in-house capabilities is completely destroying the DoD and American military effectiveness. The corruption around that is posing a real, impactful threat to national security.
Fuck these people and their "free market" lies as a cover for outright theft of public funds.
It's not just in the cyber domain that this is a problem, but the cyber domain is one in which the corner-cutting, half-assed nature of the corruption is most visible because the damage is most easily exploited by foreign powers.
Was selling to the DoD before and agree with you. We just sold a product but interacted with contractors and various agencies. It's a hot mess, the corruption, nepotism, stuff like request for quotes for a project and specs made to meet exactly only one vendor and nobody else and so on.
The power on the inside is more of a effective deterrent and great asset than a deficit for the DoD.
Economically how it works is that the DoD secures assets and locations around the world relating to the means of production of consumer components. American interests, especially the interests of the American consumer are definitely protected and represented for.
Where this model has failed for us is put a huge deficit in our self reliance with regards to consumer production. Due to globalization, American politicians have no urgent need to educate the workforce more than they already have, they can provide security and investment to produce a source of worldwide talent, all thanks to the contractors playing their crucial role in the ecosystem of American security.
What people fail to understand is that no organization or system is perfect. The DoD isn't organized for the new kinds of warfare being performed. The main job of the DoD is to protect American interests abroad, not operate in the background on American soil against hundreds, thousands of nation-state and criminal organizations.
The FBI does this job, they successfully work with hundreds of private contractors. You'd be surprised by the scale on which they are resourceful and helpful.
> not operate in the background on American soil against hundreds, thousands of nation-state and criminal organizations.
Actually, this space, this sphere of influence, is well recognized and the problem has been well described by the senior folks involved since at least 2001:
* Ash Carter (SecDef) Keeping the Edge: https://mitpress.mit.edu/books/keeping-edge
* Michael Hayden (chief of NSA and CIA): Playing to the Edge: https://www.amazon.com/Playing-Edge-American-Intelligence-Te...
Access via Facebook: https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fwww.wsj.c...
Access via Archive: https://archive.fo/szjBQ
Access via Outline: https://outline.com/https://www.wsj.com/articles/russian-hac...
Thanks! A note: go incognito if it doesn't work on its first try.
I hope NSA is doing the same with Russian Cyber Defense systems. This is what NSA should be focused on and not on turning its eavesdropping capabilities towards the homeland.
What if an adversary where to hack the NSA warehouses were all communications swept up by their eavesdropping efforts are stored?
I've been thinking about writing a spy thriller based on that premise, ever since the Snowden leaks. At this point I'd assign 30% probability that it's already happened.
That's part of the plot for Dan Brown's Digital Fortress, although like other Dan Brown books it certainly leaves room for someone else to tell the same story better.
what's wrong with ending
every chapter
in a
cliff
?
Of course they are. They have teams of hackers and security experts working on offensive and defensive cyberwarfare.
Re: Spying on the homeland, governments generally regard the domestic population as a threat and and enemy.
> This is what NSA should be focused on and not on turning its eavesdropping capabilities towards the homeland.
Spying on Americans traditionally would be done by our allies, so we can trade info with them and have it all be "legal." The NSA is simply optimizing that chain away. :-P
They've already stolen a bunch of NSA's spying and mass hacking tools, so we're probably years away until stored data is stolen, too, if we'll even find out about it.
For all we know this story could be false. Perhaps this story is to bait them into stealing from the NSA or more.
Count me as a skeptic on this one. NSA employee/contractor takes home classified docs and I am assuming hacking tools, Kaspersky detects the hacking tools and uploads them to Kaspersky, Kaspersky determines it's NSA tools, notifies the Russian government, Russian government hacks the computer and gets all files. Then somehow NSA is able to deduce all this information. I'm not saying this is not possible, but I think their level of conviction on this is too high. A home computer is not going to have access logs. So let's say they see NSA malware in the Kaspersky quarantine folder, and there is also other malware on the computer. They of course have to assume the worst, that Russia got all the files. But they are making a couple big logical jumps without proof. This article is just to sketchy on details for me to take it credibly.
Makes me think of the claim Cuba is using some kind of new radio brain weapon on US consulate workers in Cuba.
Remember the Chinese network equipment allegations? The agencies said hey had backdoors. That was never proven but what we know is that the agencies had access over nearly all Cisco equipment.
Now Kaspersky is the next 'unsafe' non-American company... There are only allegations from an unreliable source: the agencies have lied regularly.
I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
> Remember the Chinese network equipment allegations? The agencies said hey had backdoors. That was never proven but what we know is that the agencies had access over nearly all Cisco equipment.
They had exploits for both Cisco and Huawei actually.
> There are only allegations from an unreliable source: the agencies have lied regularly.
I don't recall that happening, do you have a few specific examples?
> I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
Sounds like a very bold claim to make, but no substantiation.
Another damn NSA contractor took confidential information home. Epic fail.
It's of their own doing:
https://www.salon.com/2013/06/11/500000_contractors_can_acce...
Also, I believe I read a recent article about them allowing even more private companies access to this stuff, but I can't find a link right now.
It's partially George Bush's doing - he put a rule into place saying the government had to hire more contractors. Fits with the GOP plans to weaken the govt to enable tax cuts for the wealthy, but the increasing use of contractors has been bad for security.
Full time federal employees take a different oath and generally feel more loyalty to the agency.
Ah, maybe not. Watch the film "A Good American". It's out on Netflix.
People are people. Govt employees can have agendas that are bad for the rest of us just like contractors.
I had trouble taking that article seriously. It was really preachy and everybody but Snowden is apparently a mindless idiot.
Yup. Here's an article on issues with contractors and the way the US gov't hires:
https://20committee.com/2014/11/24/how-many-snowdens-are-the...
WWCS (What would Clapper Say):
Nov 15, 2017, to Congress: "I can categorically deny that there were any leaks of this nature during my tenure as Director of National Intelligence."
June 22, 2020: "Well, yes, I did say at the time that I denied it. But I said 'categorically denied'- that is to say, under certain conditions, or categories, this could be denied. That is what I meant and I stand by that. I also used the word 'can,' which is a sort of conditional; look it up in your grammar books. I did not say 'I do deny,' but 'I can deny.' There are conditions that might allow one to deny this assertion: i.e. what exactly is a Russian, what does it mean to leak, or to have leaked, or to have an inadvertant leak. That is what I meant and I stand by that also."
This came up in congress a couple weeks ago didn't it? I think Rubio had mentioned Kapersky it knowing that it was a public hearing... some speculated that this was perhaps because he was privy to some classified things he couldn't say publicly but wanted to get the word out that they can't be trusted.
There's always been a strong narrative, but for a government to call out another commercial entity and or government for spying is a dangerous game and only played when it's a big enough issue. It's all politics, they're spying, we're spying, it's when that crosses the line and we need to slap hands that matters. Further the public disclosure of facts to support are risky in that they can give away, tools, capabilities, or accesses that may be unknown to the foreign actors.
For it to hit the news and the government to ban it, took many years of balancing and finally something internal broke the camels back so to speak. I'm not sure if this was it, but I'm going to go out on a limb and say it's probably not an isolated case.
Government drone copies NSA malware onto a system with Kaspersky security software installed for the purpose of detecting malware.
Brilliant
how Kaspersky was ever thought to be "okay" in the US enterprise/government market has always been perplexing to me. Antivirus, something which literally inspects all of your files and network activity, made in the country that's a hotbed of blackhat activity and home one of the most aggressive cyber-espionage militaries outside the US. yea okay great, sign me up.
In general there is much to be said about the huge amount of code that runs from thousands of sources on every machine.
Most OS comes with hundreds of drivers, many created by hardware makers all over the world, running with root privileges / kernel mode. And then you add to that all of the software that you install, developed by companies or volunteers all over the world, and running all sort of third party libraries, etc.
The chain of trust is huge. I'd be shocked if there was any computer in any US administration that wasn't running some piece of code written by a russian national.
Downvoted, not because your general sentiment is wrong, but rather that this comment what-about's a specific threat identification. It is useful to raise awareness of general threats or wide-spread operational malpractice, but doing so in direct response to the identification of a specific threat is a distraction that primarily serves to engender a sense of nihilism about defense in general. That is counter-productive, and a specific strategy in propoganda.
Defense is not hopeless. Some threats are more immediate than others.
note: this is not an endorsement of the gp comment. I merely think that discussion of the gp comment should be focused on its own merits rather than nihilistic dismissals of it.
Well, at this point, which anti-virus product you use is gradually devolving to "which state do you want to spy on you?". And the problem is, the answer may not be "the state I live in", since that state is the most likely to tax and otherwise regulate you.
In this day and age of FUD, what are the odds that said open source software has a vulnerability or malicious code inserted by some state actor (ours included)?
Probably low.
Maybe rather than playing cat and mouse over taxes, a person who avoids taxes should be more fairly and simply designated as a foreign national or stateless?
Sorry. I have a point -- towards the end. Even if it's one that gets me downvoted:
In my personal life, I've been wrestling with the decision to "do the right thing" and, for example, pay for digital media I consume. Help a friend in need, who doesn't really reciprocate (because, "the children", among other things). Purchase the health care insurance that takes away money I could otherwise spend on immediate treatment.
In each area, I've felt increasingly screwed over.
Shrinking catalogs, and money I paid spent on lawyers ensuring ever-greater rent-seeking as opposed to actual access to content.
My friend's health on the rebound, while mine has suffered, including from the depression induced by their abandonment of our friendship once I was, apparently, no longer necessary.
A health care system that keeps jacking prices and trying also by legislative manipulation to push me out the door of coverage, regardless of my best efforts to work with it.
In all these matters, I'm coming to think that part of my failed response comes down to a simple matter: Don't pay. Stop paying the very systems and people that or who are screwing you over.
So, here we have the NSA, that is (who are) ever more showing themselves to be incompetent with regard to what we hope they would accomplish, and outright aggressive and abusive with regard to us and matters that we consider commercial contract law, not their business, distracting rather than helpful, etc.
Helping prop up private IP rights and rent-seeking. Domestic spying. Accumulating so much data on everything that they can't see the needle for the haystack -- so, grow the haystack!
I'm hardly one of these bullsh-t "Conservative" (that's with a big "C", to differentiate from the actual noun/adjective, "conservative"), "shrink/starve the government" types. Government plays an essential role: It is the definition of our collective organization and governance.
But in some areas, I really want to say, let's simply stop paying for this shit.
Because when we pay for it, we only make it stronger. Not the effective governance we aspire to. Instead, this incompetence that also threatens aggression against its own society.
Has anyone else noticed the influx of anti-Russia articles on the WSJ lately?
WSJ and any other media outlet aligned with the globalist, pro-Clinton, pro-EU world view.
I knew the whole "Putin ate my election" angle was getting completely out of control when I started seeing people claim, with a straight face, that Russian interference was somehow behind Brexit. It's the same people making the same tenuous claims about any political change they hate - it's not legitimate because anyone who disagrees with me has been brainwashed by tweets.
> WSJ and any other media outlet aligned with the globalist, pro-Clinton
No News Corp outlet is aligned with pro-Clinton anything.
If the article contains the words 'cyber' you can pretty much be assured they've got plenty of 'authoritative' government sources who are inherently anti-Russian. From my experience it's certainly not new, even for WSJ.
I've read plenty of non-fiction espionage books and it's a safe bet to expect the American ones to be dripping with Russian paranoia. Warranted or not. They never gave that up after the cold-war, unlike the public. And non-technical journalists rely heavily on their sources expertise, more so than most subjects.
I prefer getting my infosec news from infosec people: https://twitter.com/matthew_d_green/status/91601649974720512...
Is it just me, or is this possibly related to the Vault 7 materials on Wikileaks, and thus the WannaCry attacks that brought the NHS to its knees this past year?
I remember that Kaspersky helped to investigate some of cyberattacks perfromed allegedly by western agencies. Could not these articles be a part of revenge campaign to punish them?
And another thought, if we cannot trust foreign AV software, does it mean that every country must have at list one national AV product? Or maybe it would make sence to make some special API for AV software so that it can check files and processes but cannot send data to the Internet?
> if we cannot trust foreign AV software, does it mean that every country must have at list one national AV product
That also goes for pretty much every online platform from search to shopping to social. N.B. The Russians and Chinese are already doing precisely this
Also, every country needs their own operating system; and in fact, also CPU and fab facilities.
For whom do those hackers specifically work for (SVR, GRU, or Spetssvyaz)?
KGB, obviously.
Does anyone really think the NSA isn't trying to hack the Kremlin as well?
Putin is screwed the minute Trump leaves.
No confirmation from the NSA, only "leaks" from anonymous "multiple people with knowledge of the matter."
How do we know it's not another piece of fake news riding the wave of "Russia did it"?
By fake news you mean the stuff that Russia created in the US, and Sputnik and RT and Breitbart and Fox, right? That's the true fake news.
For the reason why people are trying to redefine the term "fake news" into being stuff in real outlets with real journalists like WSJ (this article), read this great piece from Masha Gessen: http://www.nybooks.com/daily/2017/05/13/the-autocrats-langua...
I agree that there is a lot of Russia blaming and such but this article is pretty credible. Only of course US newspapers aren’t gonna be writing about the hacks that they succeed in.
Because you trust journalists to do their job in verifying sources, which maintains their credibility.
I want you to think your cunning plan through. What do you think would happen if journalists actually lied?
You have GOT to be fucking kidding. Have you actually been asleep for the last 6 years?
Were you under the impression that credible journalists are in the business of "fake news"?
I want you to think about what would happen if that were actually the case.
You're the only one in this thread that's incredulous about a major publication posting a researched article.
Clearly we are all out to get you.
pdx is certainly not the only one. Many of us who consider the entirety of Western Media to be a wholly controlled narrative fabrication oligopoly simply keep our mouths shut about it.
As they should, since they won't be able to back up their claims with facts.
NSA /CIA and our National Security is as secure as the weakest link. They need not be traitors, just people that got too complacent...while Russia never sleeps (Like NSA does when Russians and others screw up.)
It isn't easy but if tens of thousands people have access to something, it's just a matter of time. And they need access "to connect the dots" so it's a losing game.
This is an oddly one-sided comment on a complex issue. A computer is an incredibly complex, incredibly large attack surface, and when you have millions of computers exposed to the internet and exchanging data, the chances of a state actor gaining a foothold in a government system is almost 100%. This goes for both sides: Russia has likely hacked the US a thousand times over, and the US has likely hacked Russia a thousand times over.
How is it one sided? The parent said exactly what you just said. Literally the exact same thing. "It's just a matter of time" precisely because of the large attack surface.
> Russia never sleeps (Like NSA does when Russians and others screw up.)
Do you have a number of reliable sources for this, or is it just unsubstantiated us-vs-them jingoism?
Do you have a number of reliable sources for this
You want a source to back up that Russia is always looking to hack us, and USA is always looking to hack the Russians?
I believe the author is asking for a source for your claim that "Russia never sleeps but the NSA does". That seems like an apocryphal claim unless you have high-level knowledge of the inner workings of both Russia's and America's intelligence communities (and are willing to share it here).
He explicitly quoted what he wanted sources for. Don't try to be cute.
In other words, what makes you say the NSA is complacent and that Russia is ahead.
while Russia never sleeps (Like NSA does when Russians and others screw up.)
Easy there...meant to say that NSA does the same, or never sleeps. I am 100% sure that NSA is extremely effective.
My apologies - I read your meaning as 'we are falling behind the Russians!'
It's a legitimate argument that could have been made (As the capabilities of both countries are obviously different), but not one that I've seen convincing evidence for.
"An NSA contractor brought home documents about U.S. offensive cyber capabilities.
He used Kaspersky on his home computer.
Russian government hackers stole the documents."
https://twitter.com/ericgeller/status/915983591737319427
So, yah, avoid Kaspersky AV software.
Funny how this Cybersecurity reporter publish his PGP key using unsecured protocol. http://www.ericjgeller.com/pgp_ejg.txt
Uhmm... that's a public key. So it doesn't matter. He could put it on a billboard in Times Square.
I believe keda's point is it's served over HTTP not HTTPS so there's no way to verify you're not being MITM'd when looking at it.
(A possible workaround is to check via multiple connections, check Google's cache, etc)
I mean, sure, but if you're sending him a PGP encrypted message, and his public key was messed with, the end result would just be his inability to open the message.
I think his actual point was to try and discredit the messenger.
The attacker would then be able to read your encrypted messsage (and possibly re-encrypt it with the original key before forwarding it)
Also, PGP keys may also be used to sign software or other public messages (not a typical use-case for journalists, though)
You're kind of out in the weeds now.
Also, you don't sign software or whatever with a public key, so I'm not 100% sure you understand how this works.
HTTPS won't help against attacker that has a jurisdiction over CA and can force them to issue a certificate.
It does matter. Someone could replace his public key with a fake one. Everything that would be encrypted so that only he could see it could end up in wrong hands, because somebody would trust "I'm encrypting using his public key, I can tell anything to that guy", and the bad guy would read it.
I'm confused how you think transferring the PGP key through secure means would prevent that. It only (mostly) ensures the message you receive is valid.
They could far more easily gain access to his server through a variety of means and upload a different copy of his key than try and do a MITM or whatever. It's not like he's going to notice if the key changes.
What you're proposing is that an intelligence service is going to MITM you and gain access to the journalist's computer or email server to read the messages you may send him? Why? The messages are unencrypted when read on his system and when typed on yours, so there are far easier ways to get at their contents.
His page (http) -> MITM -> page you get with another public key
You write him something -> he doesn't read.
You write him -> emails is intercepted -> he doesn't read it but who intercepted the email reads.
So his computer is never compromised. But his email server (some provider) is.
Assuming you trust Keybase (or if not fully trust at least consider it part of a more general trust network) then the key can be verified against that. That it's hosted over HTTP or any other protocol is irrelevant if it's also attached to some trust network. You can obtain it, check the fingerprint and/or value against his Keybase information and determine then whether or not you trust the key.