It is stupefying that NSA contractors/employees would be genuinely copying classified information that is heavily related to national security, and then just loading it up on their personal Windows PC with no apparent encryption or access controls. For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine? Then there are issues like the NSA being so anxious and happy to leak this information, and then them indirectly 'wink wink' confirming it publicly completely destroying the purpose of we don't comment on speculation --- when you start commenting on certain speculation, it indirectly says something about other speculation that you actually choose not to comment on. They're also seemingly unconcerned that somebody is leaking information that, if true, shows the NSA to be incompetent and also exposes attack vectors for enemy actors. There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?
Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia. Or at the minimum start Red Scare 3.0. I have no idea why they would want to do this, but I tend to abide Occam's razor, and this all being true requires a lot more effort than this just being "Yellowcake 2.0."
Russia (and China and others) have an advantage here in having recently been run as controlled states and having much of the bureaucratic apparatus and social habits still in place (e.g. bring your passport to buy a train ticket to another town; little old lady stationed on every floor of a hotel keeping an eye on comings and goings etc).
That's a blast from the past. So, for those who haven't seen these, last century there used to be a set of "we're not like them, we have freedom!" examples, which were used in popular dialog to contrast the United States with the Soviet Union. Needing government papers to travel was one. The Soviet people feeling "why blame us for the actions of the government? - we don't control it" was another.
> Russia (and China and others) have an advantage here in having recently been run as controlled states
Well, we can't let them have that advantage over us! Googling "amtrack identification" yields "What Do You Need to Travel by Train in America? | USA Today" "Documents. [...] All travelers over age 18 and all unaccompanied minors age 15 and over must have a government issued I.D., such as a passport, driver's license or military I.D."
Like, foreign graduate students need to present their passports for inspection, in order to be permitted to enter my local Irish pub (Boston - minimum drinking age 21 - as required for federal highway funds).
Looking back, I don't recall anyone predicting, at the fall of the Soviet Union, that by losing a "them", for us to not be, we'd lose track of what we intended "us" to be.
Futhermore, if military base is located near or in the city the enemy can bring an IMSI catcher and record phone identifiers, or intercept calls.
I mean, there's verifiable evidence Russia tried to influence our election. That's pretty new for a lot of Americans. I imagine that's why the government and the media are running wild with it. Mueller is still investigating. I would say to wait till that report comes out before jumping to conclusions. I personally don't think the media and government are gearing up for some Russia conflict. This is just the first time Russia has been so involved in our politics since the Cold War, and the media is rightly running with that idea. Is it that unbelievable for some people that Russia was involved in trying to influence our election? I can't tell if you're rightly scared of the media or just can't believe Russia would do something bad.
With respect to the quality of work at the NSA?
"Never attribute to malice that which is adequately explained by stupidity"
And finally with respect to all the leaking... I think it's pretty clear that's just the NSA's lack of confidence in its leader.
That might be new for a lot of Americans, but not for anyone who has ever paid any sort of attention to international politics. In reality it would've been bigger news if Russia hadn't tried to influence our election. And that's not specific to Russia, I'd say that about any major economic power including allies.
>since the Cold War
We've been in a proxy hot war with Russia for years. Syria is a major Russian ally and a big part of our activity in Syria is to reduce the regional influence/power of Russia.
>I can't tell if you're rightly scared of the media
One would think that a group of people whose job it is to report on global politics would understand how much of a certainty it is that Russia would try to impact all of our elections. And yet they're pretending like this is shocking. I can forgive the general public, but any media outlet feigning shock is bold faced lying.
The revisionist, election hacking narrative is a massive thoughtform, propped up by some savvy scoop every couple of weeks just to die down and go nowhere. Everything the media covers is tainted by an air of sentimentality and idealism, hardly great elements of good journalism, but it sells papers.
Those who think they really know men like Putin, those who believe they really know and understand evil, you will never know them. People who think they know live in a world of black and white, right and wrong, living within society but not operating in the raw layers of society where people make civilization a reality. Men like Putin, they live in this space, desperately trying to keep their reality/world alive. The way they do this is the same how we keep ours alive, they lie. Russians tell very good lies, they are very good at making whole new truths, but if you look very closely, it starts to come apart.
I think it's pretty clear that's just the NSA's lack of confidence in its leader.
I'm shocked, shocked, shocked there's gambling going on here! Shocked! We are the only ones who are supposed to be doing that!
"Any sufficiently advanced incompetence is indistinguishable from malice."
No doubt, I don't think anyone argues that point. Russia and ex-Soviet Union's KGB have always tried to manipulate Western governments. Propaganda and planting stories in newspapers was one of their favorite methods.
Any developed country would be trying. US is too important for anyone with any power or resource to not try to influence it.
However I don't believe what they did had any meaningful effect on US elections. We would have found out by now. I didn't believe it since it came out and I still don't. So far I see a PR story that has gone out of hand, it was pushed and promoted in order to explain what happened. Heck, people tell that story to themselves. "Surely, my compatriots couldn't have voted this, way, it must have been some super villain spy thing".
> This is just the first time Russia has been so involved in our politics since the Cold War, and the media is rightly running with that idea.
When did Russia stop involved being in our politics. It sent undercover spies to live and try to infiltrate think tanks and such. Remember the spy ring that was uncovered. Literal KGB agents living illegally around NY and such. That stuff never stopped.
> Is it that unbelievable for some people that Russia was involved in trying to influence our election?
It is unbelievable that they singled out Russians and keep running with it for a year without any proof that the Russian did anything to change the result of the election. The amount of talk this received, it would seem they have proof the Russian changed the votes in those Rust Belt states' voting machines. Unless we think those states are full of KGB agents this is story is mostly a waste of time.
And yes, the tragedy here is the opportunity cost of wasting energy on something like this instead of focusing efforts and coming with a new platform for the Democrat party, starting a new party. Instead its Russia, Trump said a stupid thing, his taxes, more Russia, he ate 2 scoops of ice-cream, back to Russia.
Sure they tried, they deserve some credit:
http://www.cnn.com/2017/07/24/politics/democratic-agenda-unv...
---
"Schumer: Democrats' top priority is health care, not Russia"
The plan -- "A Better Deal: Better Jobs, Better Wages, Better Future" -- is a three-pronged approach that focuses on improving wages, lowering costs of everyday expenses and boosting job-training opportunities.
---
But compared to Russia and the piss dossier and scoops of ice-cream that doesn't seem to interest very many people (if we assume media reflects and presents to people what they really want to hear).
Or perhaps you are easily manipulated by the media.
I've been called Russian on various forums several times. I am actually British and have never even been to Russia. My crime was to point out the flimsy nature of so many of the allegations regarding Russian involvement in, well, pretty much everything.
There are lots of people in the world right now who psychologically can't accept the fact that Trump and Brexit won and have descended into a sort of group hysteria as a result.
This idea that the Russian government spends its time/money trying to influence US politics by posting to Hacker News of all places should fail any basic test of common sense and logic. But it's so tempting to believe in this conspiracy theory, because then difficult questions like "why did Trump win" and "why do people hate Hillary so much" and "are there Trump supporters in my own circle of friends and family" can all be ignored. It's not really America, it's actually some vast subtle manipulation by a foreign government! And if anyone questions the unreliability of US intelligence, that's just more proof that it's really happening!
I try to look at content and don't care much who the poster might be. Because everyone has motive even if it's just boredom or attention.
Uh, while there were some media collaborating with the government propaganda, the government's case for war was thoroughly and pretty completely debunked in the mainstream media, nearly in real-time.
Few people paid as much attention to that as what the government was saying, which the media reported as, well, what government officials were saying, but the media would have been negligent not to report that. They can hardly be responsible for the strong effect of confirmation bias combined with official-sources bias among the population.
A couple of asides are that it's very interesting to do the same sort of thing with "Russia" in more contemporary times. Our minds do very strange things when reconstructing the past. At the eve of the Iraq war, 72% [2] of Americans supported war. Now nearly half [3] of Americans claim they opposed the war. And the interesting thing is that people probably do genuinely believe this. Our brains do an absolutely phenomenal job of letting us lie to ourselves. Probably the one thing that inhibits progress more than any other!
[1] - https://www.google.com/search?q=iraq&dcr=0&tbs=cdr:1,cd_min:...
[2] - http://news.gallup.com/poll/8038/seventytwo-percent-american...
[3] - https://today.yougov.com/news/2015/05/21/americans-remember-...
I'm willing to bet that as the NSA continues to expand its digital monitoring divisions, it has increased the use of contractors a lot. And not all of them might be aware of the supremely sensitive nature of the information they are dealing with.
The thing that makes me even more convinced that this is what's going on is that you don't see a lot of leaks/breaches from NSA officers(agents? not sure what the correct terminology is) but mostly from contractors. Hell, Snowden was also a contractor and not a member of the NSA. Maybe they need to realize that this kind of cost cutting is just not worth it.
Or the current globe.
A 25 day old anonymous HN acct is controlled by a shill attempting to deflect attention in readers minds (which we know Russia does along with every other nation state)
Or
WSJ made the whole thing about Russia hacking computers up, which really we already know their intel community does, just like every other nation states
Occams Razor again:
Google, Equifax, Yahoo, NSA are incompetents with technology as they have all suffered data breaches recently (waymo+uber is a breach in the same sense the NSA contractor took home data they were vetted to access and it was used outside its scope of access)
Or
We’re suffering a mass delusion driven by marketing and fear that perfect security is possible, just these very good tech groups sucked at it (of course no one out there benefits from the public doubting these groups abilities right?)
Given humans long history of buying in to mass delusions (religion, nationalism, what brands one buys matters), Occam’s razor seems clear on this
First, even if they were giving access to their genuine source code repository, there's absolutely no guarantee that the binaries aren't backdoored by Kaspersky, FSB, or both. Alternatively, they could just hand over a phony copy of the source.
It's kind of a pointless offer. There's no real reason to deny, but there's also no reason to accept. If the fear is that their products might be influenced or backdoored by hostile intelligence agencies, the only reasonable solution is a total boycott.
(And yes, I very much understand the exact same could be said of the NSA and a lot of US-made software.)
For that matter, they could still do that to this day. Pick the time frame that the alleged hack happened and examine the source. And again you can compare the binary output to ensure that you actually have the real thing.
Remember Vietnam? Same thing happened. GoT Incident was a joke.
At some point you have to actually use your exploits, they can't all stay in secure airgapped machines. Malware is made to be used and to be used it must be copied. Obviously taking it home is egregious, but it's not like securing a private key or launch codes.
Russia invaded Ukraine & Crimea, ended up downing a civilian airliner killing them all.
Slaughtered hospital workers in Syria after following victims of regime chemical weapons attack to the facilities.
Has been funneling heavy weapons like T90 tanks into sub-state militias, including the designated terrorist org Hezbollah.
Is currently attacking people who have documented all of this, regardless of what nation they live in. Has attempted to get Canada to take down and expose citizens using their services to publicize Russia's actions.
What will it take to get you to understand Russia is at war with the world? Does another civilian airliner need to be downed? Should another analyst/journalist get kidnapped and brought into Russia to be disappeared?
What is your threshold of acknowledgement here?
Does that mean USA is war with the world (under trump now, yes, but I am implying before that)?
How many other nations elections has USA undermined, accidental civilian casualties(including downing of a civilian plane) and funding to terrorists (directly funding Taliban and supporting terrorist groups.. not to forget Saudi Arabia)
As a non American, looking from the outside, it's hypocrisy that the US is offended someone else doing what they have been doing... Just Russia got caught and is being called out.
But I can understand the outrage, and in no way condoning Russia's actions... They have taken it to publicized extremes stoking aggressive behaviour to other nations and particularly the US
> Russia invaded Ukraine & Crimea, ended up downing a civilian airliner killing them all.
The US invaded Afghanistan and Iraq, pretty much paved the way for the rise of ISIS.
> Slaughtered hospital workers in Syria after following victims of regime chemical weapons attack to the facilities.
The US bombed a civilian hospital in Syria, killed about 30 people.
> Has been funneling heavy weapons like T90 tanks into sub-state militias, including the designated terrorist org Hezbollah.
The US has been selling weapons to some lovely places. The terrorist factory of Saudi Arabia for one.
> What will it take to get you to understand Russia is at war with the world?
What will it take to get you to understand that the US is the new Empire, at war with the world?
> Does another civilian airliner need to be downed? Should another analyst/journalist get kidnapped and brought into Russia to be disappeared?
Does another hospital need to be bombed by US airstrikes? Do some more journalists and civilians need to be murdered by some dumb-ass American shitheels in a gunship that thinks its funny to do what they did?
Dude the lack of self-awareness in your post is astounding. People in glass houses and all that jazz.
Our current president has never had a critical thought enter his mind and not have it escape his lips, or his tweeting fingertips – yet Russia (and Putin in particular) have never been in his crosshairs. I think that this fact directly contradicts your hypothesis. Then there is also the mysterious change to the GOP platform around the time of the convention.
What Trump disrespects tends to be predictable: not tough enough, too friendly to foreigners, not conservative enough etc. Putin happens to be tough, conservative and not especially friendly to foreigners, all attributes that Trump respects and yet which are not very common amongst world leaders.
It helps that Putin doesn't speak English and - fantasies by Clintonites aside - isn't actually doing much around the world outside of Syria, a place where they mostly spend their time bombing ISIS (something Trump approves of). So there isn't much reason for Trump to talk about them, beyond the constant Russia-linked attacks on him.
"New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats"
https://twitter.com/e_kaspersky/status/915946040561487875
Edit: Kaspersky press release https://usa.kaspersky.com/about/press-releases/2017_kaspersk...
So as a defacto agent of the Russian government, Kaspersky certainly considers the NSA (and other Western gov't agencies) to be an adversary.
Agreed that it's crazy that the US govt ever used Kaspersky software.
https://www.extremetech.com/internet/252421-russian-cybersec...
"According to emails obtained by Bloomberg Businessweek (and confirmed by Kaspersky Lab as genuine), Kaspersky’s ties to the Russian FSB (the successor to the KGB) are much tighter than have previously been reported. It has allegedly worked with the government to develop security software and worked on joint projects that “the CEO knew would be embarrassing if made public.”
It's not clear to me if it matters what country they are working from. If the NSA has a credible threat in the USA, they can be authorized to assist with domestic intelligence services to infiltrate services required to get their job done.
One specific attack he claimed happened was a MITM of LinkedIn connections at foreign ISPs. I don't think it's a stretch to call them a "cyberthreat", especially if you are a Russian citizen or are trying to secure computer systems outside of the USA (I'm giving Kaspersky a generous benefit of the doubt).
The DoD's hyper-innefficient contracting system rewards DC insiders and effectively limits the department's ability to invest where investment is needed while draining the public coffers of unfathomable amounts of money.
The DoD's hyper-ineffective personnel system inhibits personal development while at the same time making it nearly impossible to move laterally within the organzation, thus preventing thousands of experts in many fields (that is, many thousands of experts) from self-organizing into effective functional units.
These two issues have made the DoD ripe for attack in the digital domain, an area that has nothing to do with their other core missions areas which are all organized around delivering kinetic energy to adversaries.
Fuck these people and their "free market" lies as a cover for outright theft of public funds.
It's not just in the cyber domain that this is a problem, but the cyber domain is one in which the corner-cutting, half-assed nature of the corruption is most visible because the damage is most easily exploited by foreign powers.
Economically how it works is that the DoD secures assets and locations around the world relating to the means of production of consumer components. American interests, especially the interests of the American consumer are definitely protected and represented for.
Where this model has failed for us is put a huge deficit in our self reliance with regards to consumer production. Due to globalization, American politicians have no urgent need to educate the workforce more than they already have, they can provide security and investment to produce a source of worldwide talent, all thanks to the contractors playing their crucial role in the ecosystem of American security.
What people fail to understand is that no organization or system is perfect. The DoD isn't organized for the new kinds of warfare being performed. The main job of the DoD is to protect American interests abroad, not operate in the background on American soil against hundreds, thousands of nation-state and criminal organizations.
The FBI does this job, they successfully work with hundreds of private contractors. You'd be surprised by the scale on which they are resourceful and helpful.
Actually, this space, this sphere of influence, is well recognized and the problem has been well described by the senior folks involved since at least 2001:
* Ash Carter (SecDef) Keeping the Edge: https://mitpress.mit.edu/books/keeping-edge
* Michael Hayden (chief of NSA and CIA): Playing to the Edge: https://www.amazon.com/Playing-Edge-American-Intelligence-Te...
Access via Archive: https://archive.fo/szjBQ
What if an adversary where to hack the NSA warehouses were all communications swept up by their eavesdropping efforts are stored?
Re: Spying on the homeland, governments generally regard the domestic population as a threat and and enemy.
Spying on Americans traditionally would be done by our allies, so we can trade info with them and have it all be "legal." The NSA is simply optimizing that chain away. :-P
Makes me think of the claim Cuba is using some kind of new radio brain weapon on US consulate workers in Cuba.
Now Kaspersky is the next 'unsafe' non-American company... There are only allegations from an unreliable source: the agencies have lied regularly.
I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
They had exploits for both Cisco and Huawei actually.
> There are only allegations from an unreliable source: the agencies have lied regularly.
I don't recall that happening, do you have a few specific examples?
> I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
Sounds like a very bold claim to make, but no substantiation.
https://www.salon.com/2013/06/11/500000_contractors_can_acce...
Also, I believe I read a recent article about them allowing even more private companies access to this stuff, but I can't find a link right now.
Full time federal employees take a different oath and generally feel more loyalty to the agency.
https://20committee.com/2014/11/24/how-many-snowdens-are-the...
Nov 15, 2017, to Congress: "I can categorically deny that there were any leaks of this nature during my tenure as Director of National Intelligence."
June 22, 2020: "Well, yes, I did say at the time that I denied it. But I said 'categorically denied'- that is to say, under certain conditions, or categories, this could be denied. That is what I meant and I stand by that. I also used the word 'can,' which is a sort of conditional; look it up in your grammar books. I did not say 'I do deny,' but 'I can deny.' There are conditions that might allow one to deny this assertion: i.e. what exactly is a Russian, what does it mean to leak, or to have leaked, or to have an inadvertant leak. That is what I meant and I stand by that also."
For it to hit the news and the government to ban it, took many years of balancing and finally something internal broke the camels back so to speak. I'm not sure if this was it, but I'm going to go out on a limb and say it's probably not an isolated case.
Brilliant
Most OS comes with hundreds of drivers, many created by hardware makers all over the world, running with root privileges / kernel mode. And then you add to that all of the software that you install, developed by companies or volunteers all over the world, and running all sort of third party libraries, etc.
The chain of trust is huge. I'd be shocked if there was any computer in any US administration that wasn't running some piece of code written by a russian national.
Defense is not hopeless. Some threats are more immediate than others.
note: this is not an endorsement of the gp comment. I merely think that discussion of the gp comment should be focused on its own merits rather than nihilistic dismissals of it.
In my personal life, I've been wrestling with the decision to "do the right thing" and, for example, pay for digital media I consume. Help a friend in need, who doesn't really reciprocate (because, "the children", among other things). Purchase the health care insurance that takes away money I could otherwise spend on immediate treatment.
In each area, I've felt increasingly screwed over.
Shrinking catalogs, and money I paid spent on lawyers ensuring ever-greater rent-seeking as opposed to actual access to content.
My friend's health on the rebound, while mine has suffered, including from the depression induced by their abandonment of our friendship once I was, apparently, no longer necessary.
A health care system that keeps jacking prices and trying also by legislative manipulation to push me out the door of coverage, regardless of my best efforts to work with it.
In all these matters, I'm coming to think that part of my failed response comes down to a simple matter: Don't pay. Stop paying the very systems and people that or who are screwing you over.
So, here we have the NSA, that is (who are) ever more showing themselves to be incompetent with regard to what we hope they would accomplish, and outright aggressive and abusive with regard to us and matters that we consider commercial contract law, not their business, distracting rather than helpful, etc.
Helping prop up private IP rights and rent-seeking. Domestic spying. Accumulating so much data on everything that they can't see the needle for the haystack -- so, grow the haystack!
I'm hardly one of these bullsh-t "Conservative" (that's with a big "C", to differentiate from the actual noun/adjective, "conservative"), "shrink/starve the government" types. Government plays an essential role: It is the definition of our collective organization and governance.
But in some areas, I really want to say, let's simply stop paying for this shit.
Because when we pay for it, we only make it stronger. Not the effective governance we aspire to. Instead, this incompetence that also threatens aggression against its own society.
I knew the whole "Putin ate my election" angle was getting completely out of control when I started seeing people claim, with a straight face, that Russian interference was somehow behind Brexit. It's the same people making the same tenuous claims about any political change they hate - it's not legitimate because anyone who disagrees with me has been brainwashed by tweets.
No News Corp outlet is aligned with pro-Clinton anything.
I've read plenty of non-fiction espionage books and it's a safe bet to expect the American ones to be dripping with Russian paranoia. Warranted or not. They never gave that up after the cold-war, unlike the public. And non-technical journalists rely heavily on their sources expertise, more so than most subjects.
I prefer getting my infosec news from infosec people: https://twitter.com/matthew_d_green/status/91601649974720512...
And another thought, if we cannot trust foreign AV software, does it mean that every country must have at list one national AV product? Or maybe it would make sence to make some special API for AV software so that it can check files and processes but cannot send data to the Internet?
That also goes for pretty much every online platform from search to shopping to social. N.B. The Russians and Chinese are already doing precisely this
How do we know it's not another piece of fake news riding the wave of "Russia did it"?
For the reason why people are trying to redefine the term "fake news" into being stuff in real outlets with real journalists like WSJ (this article), read this great piece from Masha Gessen: http://www.nybooks.com/daily/2017/05/13/the-autocrats-langua...
I want you to think your cunning plan through. What do you think would happen if journalists actually lied?
It isn't easy but if tens of thousands people have access to something, it's just a matter of time. And they need access "to connect the dots" so it's a losing game.
Do you have a number of reliable sources for this, or is it just unsubstantiated us-vs-them jingoism?
You want a source to back up that Russia is always looking to hack us, and USA is always looking to hack the Russians?
He used Kaspersky on his home computer.
Russian government hackers stole the documents."
https://twitter.com/ericgeller/status/915983591737319427
So, yah, avoid Kaspersky AV software.
Assuming you trust Keybase (or if not fully trust at least consider it part of a more general trust network) then the key can be verified against that. That it's hosted over HTTP or any other protocol is irrelevant if it's also attached to some trust network. You can obtain it, check the fingerprint and/or value against his Keybase information and determine then whether or not you trust the key.