Confessions of a Cyber Warrior

← Back to Stories (view on slashdot.org)

Confessions of a Cyber Warrior

Posted by Soulskill on Tuesday July 9, 2013 @08:14AM from the he-hacked-the-last-donut dept.

snydeq writes "InfoWorld's Roger Grimes interviews a longtime friend and cyber warrior under contract with the U.S. government, offering a fascinating glimpse of the front lines in the ever-escalating and completely clandestine cyber war. From the interview: 'They didn't seem to care that I had hacked our own government years ago or that I smoked pot. I wasn't sure I was going to take the job, but then they showed me the work environment and introduced me to a few future co-workers. I was impressed. ... We have tens of thousands of ready-to-use bugs in single applications, single operating systems. ... It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'"

121 of 213 comments (clear)

Min score:

Reason:

Sort:

saber rallying by ThorGod · 2013-07-09 08:18 · Score: 5, Insightful

Does this sound like boasting to anyone else? It's like a more modern version of having the press watch an explosion of their latest bomb.

--
PS: I don't reply to ACs.
1. Re:saber rallying by Anonymous Coward · 2013-07-09 08:26 · Score: 1
  
  So nice that Junis found a job where he can put the '133t h4xx0r1n9 skills he learned on the C= 64 to use for society's benefit.
2. Re:saber rallying by Crudely_Indecent · 2013-07-09 08:29 · Score: 5, Insightful
  
  Makes sense to me. Software/hardware vulnerabilities are worthless once patched. If this group is tasked with having a way into any system, their main focus is going to be to not-only find exploits, but also to protect those exploits for future use. I have no doubt that such a group exists, and that their collection of exploits is extensive.
  Hopefully those exploits are used against our enemies and not against us, but that's probably just a silly hope.
  
  --
  
  "Lame" - Galaxar
3. Re:saber rallying by stanlyb · 2013-07-09 08:37 · Score: 2
  
  What enemy? China? Don't make me laugh.
4. Re:saber rallying by Intrepid+imaginaut · 2013-07-09 08:39 · Score: 2
  
  I have no doubt that such a group exists, and that their collection of exploits is extensive.
  Oh yeah, and they make big money too.
5. Re:saber rallying by Dan+East · 2013-07-09 08:41 · Score: 5, Interesting
  
  If it's used against "us" then the likelihood of it being detected and disclosed is too high. They can't utilize these exploits carte blanche, but would have to save them only for specific targets, and still they face the risk of compromising an exploit every time it's used. Any evidence collected in this manner is not usable in court either, so it's really only useful for the spy game against high value foreign targets.
  
  --
  Better known as 318230.
6. Re:saber rallying by Savage-Rabbit · 2013-07-09 08:42 · Score: 1
  
  Does this sound like boasting to anyone else? It's like a more modern version of having the press watch an explosion of their latest bomb.
  It sounds like obscurity really is the only security.
  
  --
  Only to idiots, are orders laws.
  -- Henning von Tresckow
7. Re:saber rallying by Anonymous Coward · 2013-07-09 08:44 · Score: 1
  
  My concern would be what employees do with those exploits in their free time. If they have access to such an extensive database, they'd have a formidable tool to use against anyone they had personal grievances with. Obviously they could do malicious things on their own, but if you have to sit and search and for an exploit on your own, that is time consuming in itself, not to mention then deploying an attack using that exploit. If you've already got a wide set of unpatched exploits at hand, you could really have a field day.
8. Re:saber rallying by AmiMoJo · 2013-07-09 08:45 · Score: 1
  
  Sounds like an invitation for a drone strike. Of course it will be a US drone, probably one operated by a police department or other less tech savvy agency. Someone on the other side of the cyber-war will take control and crash it into his house.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
9. Re:saber rallying by Nrrqshrr · 2013-07-09 08:47 · Score: 1
  
  But... we are the enemy.
10. Re:saber rallying by Anachragnome · 2013-07-09 08:50 · Score: 2, Informative
  
  "Does this sound like boasting to anyone else?..."
  Boasting or not, I think everyone that speaks out about pervasive surveillance techniques should be paid attention. Whether or not their information is accurate, relevant or factual should be decided by ourselves. The NSA has shown us that they cannot be trusted to do anything but lie. If we are to get any accurate information, we have to start taking all perspectives into account, even those of the NSA shills, as they provide contrast.
  And, if anyone is interested, "ThorGod" is an account I suspect of being associated with "Cold Fjord". He seems to like using Northern European references in his user names--there are others following the pattern, but I suspect those accounts are being used to "bank" moderation points. Look at my previous posts if you don't know what I am referring to.
  And, again, please read the document linked in my signature--this is information that every single poster here on Slashdot needs to at least be aware of.
11. Re:saber rallying by jc42 · 2013-07-09 08:51 · Score: 5, Insightful
  
  Hopefully those exploits are used against our enemies and not against us, but that's probably just a silly hope.
  What enemy? China? Don't make me laugh.
  Nah; anyone who has been following security-related news stories for at least a few years understands that the primary enemy of any government is its own citizens. They're nearby, where they can vote against you, take you to court, or shoot at you. None of these threats are easily available to people in other countries.
  Just dig into the histories of the related US agencies (e.g., HUAC or the FBI or even the CIA) in the 1950s, 60s and 70s. How many external "enemies" -- or domestic "subversives" -- did they ever catch and prosecute? Pretty close to none at all. How many citizens did they attack and serious injure (either their reputation, finances, or physical well-being)? Lots and lots of them.
  This story is only news to someone who isn't familiar with the long, documented history of such activities. Fact is, your government considers you more of a threat than pretty much anyone outside its borders. This is especially true if you're involved in any activity that threatens the income (especially under-the-counter income) of anyone in your government.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
12. Re:saber rallying by i+kan+reed · 2013-07-09 08:53 · Score: 1
  
  Is this a poorly worded Pogo reference?
13. Re:saber rallying by jeffmeden · 2013-07-09 08:54 · Score: 4, Interesting
  
  I call BS on that guy. He claims there are 5000 people working there. At $100k/year salaries (and it's probably more), that puts this program up to at least $1 billion dollars per year for payroll and equipment. I would assume there is some accounting for that kind of spending.
  The US spends upwards of $500B on "Defense" each year... Do you really think a missing $1B would get noticed here and there?
14. Re:saber rallying by znrt · 2013-07-09 09:01 · Score: 1
  
  Does this sound like boasting to anyone else? It's like a more modern version of having the press watch an explosion of their latest bomb.
  ditto. it immediately reminded me to that hacker the company I work for recently hired. the guy had all the references: an obscure background in some sort of underground scene, ex member of group with some defacements to brag about, profuse media coverage (even a full page article plus interview in national leading press), clear asperger profile ... well, he didn't even pass the test period (which is pretty rare in that company).
  those who have bothered to read the article after having seen the headline have no clue whatsoever. that's no disgrace, you can't possibly know about everything in this life, let alone about such specialized topics. however, those ho have read the article and still believe it makes any sense, they are just part of the problem. relax, and enjoy the show!
15. Re:saber rallying by Synerg1y · 2013-07-09 09:02 · Score: 1
  
  I disagree most real world exploits are configuration specific and further behind hardened network defenses. Our code is shit, but our router and switch are solid. I somehow doubt that the government has secret cisco buffer overflows that were over looked by millions of security researchers since the beginning of computing.
  Spearfishing? Definitely
  Obscure industrial systems? Yep (see DES key article on /)
  Corporate / Government networks? Nah, maybe some but not most.
  Systems not directly connected to the internet? Definitely not
  Adobe Flash and the Java plugin? Easily (don't get why though)
  Encryption? They face the same exact challenges, super computers aren't a catch all here.
  Now to just get charlie to open your random link with exploit code from his outlook. (see #1)
16. Re:saber rallying by gmuslera · 2013-07-09 09:02 · Score: 1
  
  This is about population control, not hypotetical enemies. You critizice something the government or any of their protegees do, then you are a potential threat, no matter how fair or obvious is your critic or complaint. And anything they collect could be used to silence you.
  In the plus side, is a good way to make everyone agree.
17. Re:saber rallying by Jeremiah+Cornelius · 2013-07-09 09:05 · Score: 1
  
  Reeks of disinfo.
  Why didn't hippy-hacker leak exploits at the time?
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
18. Re:saber rallying by Garridan · 2013-07-09 09:05 · Score: 2
  
  The majority of theft in grocery stores is committed by employees, after all.
19. Re:saber rallying by Synerg1y · 2013-07-09 09:11 · Score: 1
  
  RTFA, they can't bring electronic devices in or out, so they can't just copy the DB and go home. They may be able to memorize an exploit or two, but that comes with the job and security clearance.
20. Re:saber rallying by gmuslera · 2013-07-09 09:12 · Score: 2
  
  Seems consistent with this story. And that is just the tip of the iceberg. The only thing that you are wrong is assuming accounting for what government "invest" in cyberwar.
21. Re:saber rallying by Crudely_Indecent · 2013-07-09 09:13 · Score: 2
  
  I somehow doubt that the government has secret cisco buffer overflows
  I'm sure someone at Cisco knows all about them.
  
  --
  
  "Lame" - Galaxar
22. Re:saber rallying by Em+Adespoton · 2013-07-09 09:34 · Score: 1
  
  Many different jobs in the computer security world have this issue -- the answer for most of them is that if you're found out using these for personal gain/fun, you've just ended your career. Nobody (not even organized crime) wants someone on board who would screw them over by haphazardly leaking this sort of information.
  Plus, having the wide set of unpatched exploits is only part of the issue; the guys who are finding the new ones can just as easily do this on their own time too. But why do it? They're being paid by the government (and protected by the government) to do something that would carry hefty penalties if they did it themselves.
  For that matter, many jobs in all walks of life have this issue -- but you're not overly worried about the guy who works for the City Water Department, are you?
23. Re:saber rallying by rmstar · 2013-07-09 09:35 · Score: 2
  
  By "we" I presume you mean "The People" a separate and distinct class from "The Government".
  Allrighty then. What, then, is the government made of? Green cheese?
24. Re:saber rallying by PopeRatzo · 2013-07-09 09:35 · Score: 2
  
  for society's benefit.
  That's debatable.
  
  --
  You are welcome on my lawn.
25. Re:saber rallying by jc42 · 2013-07-09 09:40 · Score: 1
  
  Heh; I think you've got the idea. ;-)
  An only slightly greater stretch of the idea is the claim that has come out in the US's gun legislation, to the effect that a large majority of the deaths from gunshot wounds are due to suicide.
  I wonder how many more interesting examples we can produce showing that most dangers come from "insiders".
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
26. Re:saber rallying by PopeRatzo · 2013-07-09 09:41 · Score: 1
  
  Hopefully those exploits are used against our enemies
  
  "Our enemies" doesn't narrow it down very much, unfortunately.
  Easier to list the people whose computing and communications systems we don't attack.
  If there was ever any question whether the U.S. is a rogue state, I'm pretty sure all doubt has now been removed. Wiretapping our allies at G8? I'm surprised they still let us be a member of the UN.
  
  --
  You are welcome on my lawn.
27. Re:saber rallying by DamnStupidElf · 2013-07-09 10:04 · Score: 2
  
  It sounds like reality. Do you really think that every month or two when Adobe or Oracle patches a remote exploit that's in 90% of computers it's a bug introduced within the last patch cycle? Of course not. Software is riddled with bugs and they're found incrementally. If you can find bugs faster than the public researchers you will have a database of zero-days, end of story.
28. Re:saber rallying by 0111+1110 · 2013-07-09 10:25 · Score: 1
  
  I wonder how well the search. MicroSD cards are pretty small and they can hold quite a bit of data. Obviously not the entire database, but a decent amount of compressed text.
  
  --
  Quite an experience to live in fear, isn't it? That's what it is to be a slave.
29. Re:saber rallying by Synerg1y · 2013-07-09 10:33 · Score: 1
  
  Right on sneaking it in, but a computer can detect when somethings connected to it and each of those devices has a unique ID, at least in windows... there's enterprise software that blocks the device and sends an alert when its plugged into a computer.
  These types of software are pretty costly and smart and have been around for a long time.
  A better bet would be a micro camera to take code screen shots, but that's not an easy one to not get caught on.
30. Re:saber rallying by RoknrolZombie · 2013-07-09 10:35 · Score: 2
  
  I call BS on that guy. He claims there are 5000 people working there. At $100k/year salaries (and it's probably more), that puts this program up to at least $1 billion dollars per year for payroll and equipment. I would assume there is some accounting for that kind of spending.
  LOL, if you're assuming that there's oversight in the government then you haven't been paying attention.
31. Re:saber rallying by RoknrolZombie · 2013-07-09 10:40 · Score: 3, Interesting
  
  From the summary, "They didn't seem to care that I had hacked our own government years ago or that I smoked pot". I call BS on any notion that the federal government intelligence agencies would hire anyone with a background rife with illegal activity. For every Kevin Mitnick, a convicted person now with a felony record, hired there are thousands of applicants rejected because of a small infraction or deviant behavior, including a preference not to socialize outside of the workplace.
  I have a story to tell. (yes, it's relevant).
  
  When I served in the Army I was stationed with an individual that was in the process of getting kicked out. He had been an E4 and had managed to hack into some of NSA's servers (the events took place both before I arrived, and before I knew a damn thing about computers, so I don't know the vector or what his actual abilities are). He created some bogus accounts and used those accounts to send overly critical emails to Generals, signed with a pseudonym, of course. Well, by the time I got there he had already been busted - and like Manning got busted down to an E1 before they kicked him out (dishonorable discharge, of course). Within a month of him getting kicked out NSA directly hired him, paying him far more than he could have ever been paid had he stayed in the service.
  
  The Government ignores laws when it's convenient for them to do so, even when it comes to their own hiring policies.
32. Re:saber rallying by lennier · 2013-07-09 10:42 · Score: 2
  
  I somehow doubt that the government has secret cisco buffer overflows that were over looked by millions of security researchers since the beginning of computing.
  I used to doubt that Windows could be full of thousands of security vulnerabilities that had been overlooked by millions of security researchers so far, and yet. Every month, the privately disclosed 0-days just keep coming.
  And those are just the ones that a) white hats have chosen to disclose to Microsoft rather than the NSA/competitors/Russian Mafia, and b) Microsoft has been given the greenlight from the NSA to patch.
  Cisco's source code is secret and so is their security remediation process, so we've got no independent means of verification. They're also just as deeply in bed with the NSA as all the other big IT firms. What makes you think they're any better / more ethical at finding and fixing bugs than Microsoft?
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
33. Re:saber rallying by cold+fjord · 2013-07-09 11:01 · Score: 4, Informative
  
  Once again we have Anachragnome posting his crackpot conspiracy theories about me. If you bothered reading his post above and find it persuasive, then you should read this post of his, and note this line:
  
  This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not.
  Anachragnome seems to think that everyone is spying for the NSA. Who is it doing all this mutual spying? If you stop and think for even a moment you realize that the idea is nonsense. But it does play into his fear inducing agenda, including attempts to make people suspicious and fear me. He is engaging in the very same sort of behavior he is complaining about. By spreading fear he hopes to control people, to stamp out opinions he finds disagreeable, and control discussions. Ask yourself - are you living in fear? I don't. And yet he seems to want you to. Why?
  Anachragnome seems to find great significance, even to the point of it being evidence that I am a government agent, that I have a different viewpoint, a minority viewpoint among the population of posters on Slashdot. For some reason he can't accept that different viewpoints don't constitute a conspiracy. What is the purpose of having civil rights if we all have to believe the same thing? I thought that was what fascism was about.
  Further evidence that his claims are nonsense is the fact that he thinks that I am both an NSA plant and that I have multiple accounts named with a common theme, no doubt including the recently created troll accounts that have been trying to harass me of late (coid fjord, and co1d fjord). That would seem to be pretty pathetic tradecraft if that were the case. His view is just another sad example of a crank seeing a pattern in the noise that doesn't really exist, and thinking it significant. Go ahead and read from the two troll accounts. I don't think you'll find much evidence to support Anachragnome's nonsense view. (If you think you have, read more of the thread and check UIDs.)
  Apparently the only people that disagree with him are spies. Bow to his power, or you may be branded a "shill" and "forum breaker." Submit to his fear. He expects you to inform on each other. Obey him, or you may be branded a traitor too.
  Or maybe he is just a crank full of suspicion and fear that should be ignored. Take your pick.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
34. Re:saber rallying by lightknight · 2013-07-09 11:03 · Score: 1
  
  Oh, like those are the only methods for getting things out. It exists, therefore a leak of it will exist somewhere.
  
  --
  I am John Hurt.
35. Re:saber rallying by lightknight · 2013-07-09 11:13 · Score: 1
  
  Lol. I'd just synthesize a camera from available parts...and go the microfiche route (store the film inside the suit I'm wearing...do it right, it's flexible, and who is going to rip open the shoulder pads / inner lining of a $2000 suit? If they're wrong, that's $2K from the security budget.) Meh...actually, if I used cellphone filters / trickery, I could collapse the data somewhat holographically...maybe (who is going to question the use of a cellphone wrapper on your person if you bring in / acquire some candy with the right characteristics? Red, blue, yellow, green, etc. on a piece of film...extraction via Photoshop later on.).
  But then, who wants to wander into the lion's den to get what you want, when you can just chill outside? I imagine that the security reports they are using to build their zero-day database are coming to them via emails, or phone calls, or even from the vendors themselves. Why take on the castle (a secure installation), when the tavern is more surmountable (the vendors themselves)?
  But then, this entire thing is a distraction. Let's be honest...going this route is filled with fail.
  
  --
  I am John Hurt.
36. Re:saber rallying by someones · 2013-07-09 11:13 · Score: 1
  
  so they can hack into anything, but not into their own PC?
37. Re:saber rallying by lightknight · 2013-07-09 11:48 · Score: 1
  
  Dude, it depends if things are an employer's market, or an employee's market. If the US government needs a cracker that can slice through security like a hot knife through butter, and their choices are John Convict, or Joe Non-Convict, with the former being capable, and the latter not so much...well, would you prefer an employee that can perform the job, or not?
  Of course, this sidesteps the entire issue of whether we should be engaging in such things to begin with. Nations spying on other nations has occurred since the beginning of civilization...and there's no reason for them to do otherwise (well, from their viewpoint, anyways; perhaps, if one pauses, and relfects that all nations who have engaged in this kind of warfare (and it is) have fallen, one would not be in such a hurry to emulate their possible mistakes).
  
  --
  I am John Hurt.
38. Re:saber rallying by gweihir · 2013-07-09 12:01 · Score: 1
  
  Clearly boasting. "We can break anything easily". Sounds like standard small skills and large ego. [Ref.: google("Incompetent and unaware of it")] Things like PostFix, OpenSSH, Linux Netfilter or xBSD PF, PGP/GnuPG, etc. have been on the exposed surface for a long time and did not have critical vulnerabilities (if configured sanely) for a long time.
  Of course, I immediately believe that the usual commercial trash with no security architecture and a test&fix approach to security is easily exploitable in most cases. That does not mean other things are. Looking at what malware actually gets found, basically all is still pretty primitive. The problem is that the security level of typical software is abysmally bad, not that there are any "ueberhackers" that can get into anything. They do not and will never exist. There will always be people that claim to have these skills though, and look, one of them gets his ego boosted in this story.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
39. Re:saber rallying by girlintraining · 2013-07-09 12:06 · Score: 1
  
  If it's used against "us" then the likelihood of it being detected and disclosed is too high. They can't utilize these exploits carte blanche, but would have to save them only for specific targets, and still they face the risk of compromising an exploit every time it's used. Any evidence collected in this manner is not usable in court either, so it's really only useful for the spy game against high value foreign targets.
  You're assuming that such use is detected and that people capable of creating a countermeasure are informed. Current technologies utilize a number of honeypots and detection networks to catch new releases into the public networks, but if something like Stuxnet is released and is targetted and doesn't infect many systems, the odds of it being picked up, identified as malicious, and a countermeasure devised, are all remote.
  This assumption means that you (incorrectly) are basing your security on the idea that you're not valuable enough. If one of these cyberweapons is deployed against you, and it isn't picked up on your networks' "radar" as it were it can be reused. And even if it is detected, there is a lag time between detection and countermeasure deployment -- anywhere from days to months. If the detection is, in turn, detected, then maximizing its use before it is nullified is the best course of action -- so you hit all your targets then with a payload that, in a few weeks, will be worthless, and take whatever you can.
  Either way, you're stupid beyond belief to make the assumption that it's only useful "for the spy game". It's quite useful for any number of things, including industrial espionage... and in cyberwarfare, attributation is a bitch... and worse, identification of an exploit usually means publication -- and publication means that the number of people who are aware of it goes up dramatically. You can no longer follow the information release back and compile a list of people who are probable initiators of aggressive action... because it's public now. It could be anyone.
  It's not a question of whether you're high value as much as whether you're of any value.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
40. Re:saber rallying by kesuki · 2013-07-09 12:08 · Score: 1, Funny
  
  i read the fine article and he was working on software that finds flaws called a fuzzer
  http://en.wikipedia.org/wiki/Fuzz_testing
  with the eminent arrival of computer intelligence software that automatically detects and rewrites zero day exploits is soon at hand. then it will be systemically used against everyone at the speed of light to all spheres with computers on them thorough the entire galaxy. just look at modern game engines, if a simple chip or two lets you run a complex 3-d world with billions of operations, well imagine the same machine taking control of computers of all types.. and deciding if those machines can still operate...
  i for one welcome our new robotic overlords as long as i can play planetary annihilation.
  
  --
  https://www.gnu.org/philosophy/free-sw.html
41. Re:saber rallying by Anonymous Coward · 2013-07-09 12:53 · Score: 1
  
  Does this sound like boasting to anyone else?
  It sounds like an avalanche of bullshit, salted with a little boasting.
  In listing the probable lies in the article, I feel like i'm restating the entire article:
  The word 'hack' is found 210 times on those four pages (counting non-article text). The word 'crack', otoh, was used exactly once.
  The use of the vague and ambiguous term suggests that neither of the writers there know many more precise terms, having only read popular fiction.
  It does not seem like listening to the radio would require 'dozens of stacked computers'. This may be inspired by the Lone Gunmen from The X-files.
  He was hired to be the head of IT at a federal hospital at the age of 15. Would you trust your family's health to an uncertified 15-year-old who was too irresponsible to complete high school?
  The radio shack guys didn't like him at first, but after he , they respected him as a man among them. What a coming-of-age story!
  black cars and trucks 'like out of a movie'. Yes, that *is* like a movie.
  He had $100,000 of computers from his 3-year job as an IT admin. Yet he still lives with his parents?
  How many wealthy countries are positioned such that one could 'walk off into the desert' and disappear from all surveillance (presumably) forever.
  Which operating systems did he write? How can such a vague claim be verified? He wrote "Defensive tools", hax0ring ur face 4 teh forces of good!
  According to him, security companies rely on "tools [they'd] found on the internet'. However, since he was 'one of the elite, even in a group of elites', he used his own super hacker tools and showed them all that he was stronger.
  Someone who abandons $100,000 of computer equipment and likes free software is actually motivated by money and changes jobs because he was so elite that he was offered a lot of money.
  'Thousands of people just like him' . 'They had supercomputers'. Nevermind that every personal computer made in the last 10 years meets the old classification standards of a supercomputer.
  It didn't hurt his ego to be stupid? That is surely a lie of lies.
  Contrary to the writer's fail, programs having a bug every 3-5 lines of code does not refer to 'hacking them'. It refers to writing the programs and debugging them.
  Of the thousands of elite hackers, none of them would ever do anything illegal. They're hte good guyz!!1
  Hacking other countries is legal, but only for him! This sounds like a child inventing rules to explain why he deserves more slices of pizza than his brother.
  If he didn't hack other countries we'd 'literally be dead'. He looks 'obvious' since he doens't have a cellphone.
  Nothing about his job woudl surprise the average american because they all watch the same fictional shows he does.
  He is also a brilliant musician, but since he's very concerned about money, he will stay an elite hacker. Also, he's too elite for music.
  Demonstrates naivete about how government hacking programs could be affected by public outcry against it. Believes that since he's a 'good guy', his virtue will protect him from losing a job.
42. Re:saber rallying by myowntrueself · 2013-07-09 13:12 · Score: 1
  
  Hopefully those exploits are used against our enemies and not against us, but that's probably just a silly hope.
  Heres news for you; no matter who you are, even if you work for these people, even if you are a corporate executive or member of your congress or senate YOU ARE THE ENEMY who this is used against.
  
  --
  In the free world the media isn't government run; the government is media run.
43. Re:saber rallying by stanlyb · 2013-07-09 13:26 · Score: 2
  
  True. Now, lets see, the people are the employer, the government is the employee......
44. Re:saber rallying by davester666 · 2013-07-09 17:33 · Score: 1
  
  How many times does the gov't have to go "Yeah, we did that, and it probably was completely illegal, but we totally stopped doing that and we pinky-swear never to do that exact same thing again." before you believe they doing all kinds of things right now, in secret, that if they became known, would make you rethink your opinion?
  Of course most of the people in government are basically what we would generally consider 'good' and will try to do the right thing. But there are enough people that we would consider "bad", that order these things to be done, some that we elect, and probably many more that are "civil servants", that do these things with impunity.
  Whistleblowers go to jail. Program heads get promoted/reassigned.
  
  --
  Sleep your way to a whiter smile...date a dentist!
45. Re:saber rallying by davester666 · 2013-07-09 18:17 · Score: 2
  
  Just to follow up, here's how the so-called "oversight" works in the NSA
  http://arstechnica.com/tech-policy/2013/07/5-things-snowden-leaks-revealed-about-nsas-original-warrantless-wiretaps/
  
  Though ultimately more than 3,000 people—mostly within the NSA—were read into the program, the initial secrecy around it was so intense that, notoriously, even the NSA’s own lawyers weren’t allowed to see the legal reasoning justifying it until 2004—something NSA officials themselves found strange.
  That secrecy meant that the NSA’s own Inspector General—the agency’s primary internal watchdog—wasn’t cleared to know about the program until August 2002, nearly a year after it began. Even that appears to have been a reluctant concession; NSA Director Michael Hayden had to “make a case” to the White House for reading the IG in. As a result, it was not until February 2003 that the IG “learned of PSP incidents or violations that had not been reported to overseers as required, because none had the clearance to see the report.” The precise nature of those “incidents or violations” remains unknown.
  
  --
  Sleep your way to a whiter smile...date a dentist!
46. Re:saber rallying by RulerOf · 2013-07-09 18:18 · Score: 1
  
  Keep in mind: software vulnerabilities exist not because it's impossible to create perfect code, they exist because it's financially impractical. When something as deterministic and self-accountable as artificial intelligence is writing the code, those economies of scale will invalidate that statement.
  
  That was actually my biggest gripe about the Terminator movies... computers wouldn't miss that frequently.
  
  --
  Boot Windows, Linux, and ESX over the network for free.
47. Re:saber rallying by semi-extrinsic · 2013-07-09 19:01 · Score: 2
  
  "You don't actually think they spend $20,000 on a hammer, $30,000 on a toilet seat, do you?"
  
  --
  for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
48. Re:saber rallying by serviscope_minor · 2013-07-09 20:12 · Score: 1
  
  The Government ignores laws when it's convenient for them to do so, even when it comes to their own hiring policies.
  Of course. Utterly strict policies are a bad idea in business or government because the world is always more nusnced. I happen to agree with them on this point that firstly it's better to have them inside the tent pissing out rather than outside pissing in and secondly the old expression"poacher turned gamekeeper" applies very well because it seems that now as ever, the best poachers know the ways of other poachers as well or better than the best gamekeepers.
  
  --
  SJW n. One who posts facts.
49. Re:saber rallying by fredrated · 2013-07-10 00:52 · Score: 1
  
  Thank you, shill, for your consistent shilling.
50. Re:saber rallying by tibman · 2013-07-10 03:29 · Score: 1
  
  Down with Core! Arm all the way!
  
  --
  http://soylentnews.org/~tibman
51. Re:saber rallying by Synerg1y · 2013-07-10 09:28 · Score: 1
  
  You're 100% right, so here's the difference: the NSA says they have ready made stacks of exploits ready. 0-day by nature is a revolving door of ever changing exploits.
  It doesn't matter how secret or back-doored Cisco is as countries like China will never use it. Their equivalent of Cisco will be hardened with no NSA back doors built in.
52. Re:saber rallying by Synerg1y · 2013-07-10 09:29 · Score: 1
  
  *shrug* No... just no.
53. Re:saber rallying by someSnarkyBastard · 2013-07-10 12:02 · Score: 1
  
  Pork, largesse, and corruption mostly, with a sprinkling of sociopathic megalomania on top.
54. Re:saber rallying by romons · 2013-07-10 16:41 · Score: 1
  
  Makes sense to me. Software/hardware vulnerabilities are worthless once patched. If this group is tasked with having a way into any system, their main focus is going to be to not-only find exploits, but also to protect those exploits for future use. I have no doubt that such a group exists, and that their collection of exploits is extensive.
  Hopefully those exploits are used against our enemies and not against us, but that's probably just a silly hope.
  If our guys have the day one exploits, their guys have them too. They (including Iran, China, Russia) have more reason to use cyberwarfare than we do, given the relative size of our military investments. We do it as an afterthought, they do it because we would pound the pemmican out of them in a conventional war.
  
  --
  Go to Heaven for the climate, Hell for the company -- Mark Twain
55. Re:saber rallying by jeanph01 · 2013-07-10 18:45 · Score: 1
  
  Well I reviewed a good bunch of your comments and they are well articulated. Having both side points of view is interesting but you can say "fair, you found me !" :) You're definitely government paid.
56. Re:saber rallying by cold+fjord · 2013-07-12 20:06 · Score: 1
  
  Having both side points of view is interesting but you can say "fair, you found me !" :) You're definitely government paid.
  Your lips say yes, but my bank account says no. ;)
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Poor Infoworld.... by Anonymous Coward · 2013-07-09 08:19 · Score: 2

Poor Infoworld.... getting left behind in the Snowdon fiasco so has to do a bit of "Me Me Me.. We're still relevant" crap
Literally, if you can name the software or the controller, we have ways to exploit it.
Pacman?? Didnt think so.
1. Re:Poor Infoworld.... by g0bshiTe · 2013-07-09 08:39 · Score: 2
  
  My unnetworked tv remote from 1980.
  
  --
  I am Bennett Haselton! I am Bennett Haselton!
2. Re:Poor Infoworld.... by Synerg1y · 2013-07-09 09:13 · Score: 4, Funny
  
  Exploit = pipe wrench.
3. Re:Poor Infoworld.... by amorsen · 2013-07-09 12:00 · Score: 1
  
  The original Pacman has an integer overflow. AFAIK it cannot be exploited except for DoS, but still...
  
  --
  Finally! A year of moderation! Ready for 2019?
True fiction? by intermodal · 2013-07-09 08:22 · Score: 2

I basically believe the information presented here, but the source could be anyone. It could be a complete work of fiction, and even if that is the case, it may still all be accurate. If someone asked me to come up with a laundry list of things that in all likelihood the feds have, I'd have easily come up with everything listed here.

--
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Re:Adobe by MetalliQaZ · 2013-07-09 08:23 · Score: 2

Oh please. At least half of them are in Java!

--
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
Rings of bullshit. by Anonymous Coward · 2013-07-09 08:24 · Score: 1

If a hacker could hack into a megabank, airline, hotel chain, etc, how could you possibly pay them enough to ensure that not one of them makes a nice life for themselves?
1. Re:Rings of bullshit. by h4rr4r · 2013-07-09 08:25 · Score: 1
  
  Yup, plus why would the government not patch these exploits on their own machines?
  This is BS.
2. Re:Rings of bullshit. by gl4ss · 2013-07-09 08:41 · Score: 5, Insightful
  
  If a hacker could hack into a megabank, airline, hotel chain, etc, how could you possibly pay them enough to ensure that not one of them makes a nice life for themselves?
  well... by keeping them in a surveillance hell I suppose. he could still do it but he couldn't use any of it.
  but the article smells like bullshit. tens of thousands of exploits ready to go to any controller(I suppose that means industrial controllers and such, fucking vcr's etc) and cracking any sw ever anywhere. fuck, there's some sw's that don't have enough of an attack vector at all. practically the only way it could be remotely true would be if they counted exploits they didn't even try and they counted platform exploits as exploits for sw on the platform(so, say java applet sandboxing has a hole in it = thousand exploits even if they're all the same). he's even claiming that no patched exploit used by malware authors affected their exploits in any way.
  of course, it's infoworld - the bullshit heaven. the weakest defence the magazine had was the journalist. the fucking article starts with 15 year old as head of IT, then 16-17 year old having 100k worth of equipment for "hacking the airwaves" and just leaving it in a shed, it then downgrades to "I was writing buffer overflows and doing fuzzing" and watercooled computers in trucks.
  Mr Grimes, go fuck yourself. either the facts are fabricated or the guy outed himself by the few details(15y head of it at federal hospital, spent time abroad with his mom) and the rest are just.. bullshit you could have made up. so where the fuck is the story?
  
  --
  world was created 5 seconds before this post as it is.
3. Re:Rings of bullshit. by stewsters · 2013-07-09 08:42 · Score: 1
  
  http://it.slashdot.org/story/13/07/09/1330201/got-malware-get-a-hammer
  Q.E.D.
4. Re:Rings of bullshit. by jeffasselin · 2013-07-09 08:44 · Score: 2
  
  You talk as if the "government" was a monolithic entity. Its left hand very often doesn't even know its right hand even EXISTS, much less care what it does. Even worse, it may very well be that they don't want other government employees to patch those systems so they can spy on them, too!
  
  --
  If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
5. Re:Rings of bullshit. by gmuslera · 2013-07-09 09:19 · Score: 1
  
  They are at the bottom of the chain of watchers, so are watched too. But they know that if they want to take advantage of this and gets noticed, well, they should fly to Taiwan, and then get luckier than Snowden, that at least wasn't a criminal like them. Of course, the higher levels of the chain are unwatched, but they win enough in a way or another.
6. Re:Rings of bullshit. by serviscope_minor · 2013-07-09 20:16 · Score: 1
  
  tens of thousands of exploits ready to go to any controller(I suppose that means industrial controllers and such,
  Doesn't sound lke bullshit to me. If you've ever worked with proprietary industrial crap, you will be aware that the manufacturers make great hardware and terrible software that they are inexplicably proud of.
  I can well believe that the sort of software that you find out "oh no sorry if you have a local variable called x you get a hard lock and have to wait until the watchdog timer kicks in" is full of vulnerabilities. Once it runs a piece of real-time code, they generaly run that specific thing well aand for ever. Often though they're not even slightly hardened agains the poor engineers who are trying to not crash them.
  I expect the hardest thing about exploiting them is that they are so flakey they they crash if you sneeze wrong.
  
  --
  SJW n. One who posts facts.
Re:NSA? by CanHasDIY · 2013-07-09 08:26 · Score: 1

NSA != military

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
fud by Dishwasha · 2013-07-09 08:26 · Score: 2

In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'
For some reason I doubt that private government workers, let alone government contractors, have discovered (let alone classified and organized) more bugs than the armies of security researchers out there to qualify as "barely scratching the surface". More likely the government is paying private security researchers for bugs and the promise of non-disclosure. Even then with how altruistic many researchers are, it's likely that kind of exchange would be exposed.
1. Re:fud by h4rr4r · 2013-07-09 08:28 · Score: 4, Interesting
  
  Or they would take the money and disclose the vulnerability. Enforcing an NDA in this case would give away that these exchanges are on going.
2. Re:fud by dmt0 · 2013-07-09 08:45 · Score: 2
  
  The whole article is fake. Trying to clean up the mess after Snowden scandal, trying to justify the existence of the whole apparatus...
3. Re:fud by gl4ss · 2013-07-09 08:49 · Score: 1
  
  In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'
  For some reason I doubt that private government workers, let alone government contractors, have discovered (let alone classified and organized) more bugs than the armies of security researchers out there to qualify as "barely scratching the surface". More likely the government is paying private security researchers for bugs and the promise of non-disclosure. Even then with how altruistic many researchers are, it's likely that kind of exchange would be exposed.
  it's likely they're paying for some bugs - but can't even verify if they work or under what circumstances. I seriously doubt that the fabricated person and his five thousand peers have anything to do with it though.
  
  --
  world was created 5 seconds before this post as it is.
4. Re:fud by gl4ss · 2013-07-09 08:51 · Score: 2
  
  You have no idea the scale of this operation. They are buying the exploits and bugs by the 100's daily. There is soo many "security" research companies that only do this. They exploit and sell it to the government.
  you got it wrong. there's hundreds of people who will privately imply that they do that - but they do it(implying) only to sell security services to their clients.
  stuxnet as an example, could have used a few better exploits.
  
  --
  world was created 5 seconds before this post as it is.
5. Re:fud by jose+loewenherz · 2013-07-09 09:02 · Score: 1
  
  Agree with you. This is just Damage Control.
6. Re:fud by Kjella · 2013-07-09 09:12 · Score: 4, Insightful
  
  There's a lot of boasting yes, but as I understand it a lot of security bugs are discovered because they're being exploited. If you do all your hacking in a test lab and only use it sparingly and targeting specific computers it might take a long time before it ends up in any security researcher's lab. For example, take this recent bug from Microsoft, it affects every IE version back to IE6 - possibly older since they don't test further. Assuming it was in the original IE6 code base that's a bug the cyberwar division might have been sitting on for 12 years. Multiply that with lots and lots of top notch people and a system that don't disclose and (mostly) don't exploit, just hoard for a rainy day and I have no problem believing they have a pretty solid stash.
  However that is also their biggest limitation, if you start using them they'll also become exposed so they're more like deep undercover agents. They're not going to "waste" them trying to catch the odd criminal, even if it's for serious crimes. They're military assets stockpiled for a cyberwar, like being able to crack the Enigma code during WWII. Some of it for espionage but I'm guessing most for being able to strike both physically and electronically at the same time, paralyze or even mislead their systems while you move in.
  
  --
  Live today, because you never know what tomorrow brings
7. Re:fud by gmuslera · 2013-07-09 09:32 · Score: 1
  
  Security researches can't do reverse engineering or publish too soon what they find, at least if they are working in the open (think that don't applies to black hats). Government, in the other hand, have first hand the information of exploits far before is patched, or even could get intentional backdoors in commercial software.
  Anyway, patching a bug won't remove the already put backdoor in that computer, unless you do a clean reinstall after those bugs are fixed.
8. Re:fud by Pseudonym+Authority · 2013-07-09 13:47 · Score: 1
  
  stuxnet as an example, could have used a few better exploits.
  Why? It seems to have done exactly what it was meant to do. Why use a supercomputer when a TI-82 will work just fine? Save the better stuff for another day.
9. Re:fud by indeterminator · 2013-07-09 18:35 · Score: 1
  
  Foreign governments and educational institutions have access to the Windows sources, too.
  How do they know it's the same source that was used to compile the binaries? And MS could just deploy a few more back doors any time, using their auto-update infrastructure.
  I still think that a more likely place for intentionally placed exploits is in the CPU. Common operating systems have enough unintentional flaws for a long time, with more coming out very major release.
Re:I have to ask... by alen · 2013-07-09 08:28 · Score: 5, Insightful

first the knowledge of the bugs is classified. better to know something that the enemy doesn't
and most of the government's data isn't classified so its not that big a deal
Woot! Another arms race by Anonymous Coward · 2013-07-09 08:31 · Score: 1

Just think how much safer our digital infrastructure would be, how everyone's privacy and data could be protected if, instead of hoarding exploits for use in an asinine "cyberwar", the US gov quietly released them to developers so their vulnerable software could be fixed. Fuckers.
1. Re:Woot! Another arms race by lennier · 2013-07-09 10:48 · Score: 1
  
  Just think how much safer our digital infrastructure would be, how everyone's privacy and data could be protected if, instead of hoarding exploits for use in an asinine "cyberwar", the US gov quietly released them to developers so their vulnerable software could be fixed. Fuckers.
  Alternatively, what if software manufacturers actually tested their software before release with the same tools that the bad guys use, and made sure there were no bugs?
  Or even better, wrote their software in a language that prevented entire classes of errors?
  It would be nice if the concept of 'due diligence' applied to the people building the planetary brain.
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Re:NSA? by damiangerous · 2013-07-09 08:32 · Score: 2

The NSA is under the Department of Defense, which makes it close enough.
Re:NSA? by Anonymous Coward · 2013-07-09 08:36 · Score: 1

Oh jeez, of course it's military:
From the NSA's and Director of NSA wikipedia pages:
The National Security Agency (NSA) is the central producer and manager of signals intelligence for the United States, operating under the jurisdiction of the Department of Defense.
The Director of the National Security Agency (DIRNSA) is the highest-ranking official in the National Security Agency, which is a Defense Agency within the U.S. Department of Defense. The Director of the NSA also concurrently serves as Chief of the Central Security Service (CHCSS) and as Commander of U.S. Cyber Command (USCYBERCOM). As DIRNSA/CHCSS the officeholder reports through the Under Secretary of Defense for Intelligence, and as CDRUSCYBERCOM through the Commander of U.S. Strategic Command, to the Secretary of Defense.
If true, a profound disservice by Anonymous Coward · 2013-07-09 08:37 · Score: 5, Insightful

So, if what's being claimed is true (I'm doubtful), by not making these flaws public and giving vendors the chance to fix the issues, they are jeopardizing the domestic infrastructure they are ostensibly tasked to protect?
There's something profoundly inconsistent in this story, or profoundly hypocritical if it is true.
And he plays in a "hardcore rap/EDM band"? Either this person is an idiot for revealing something so specifically identifiable (even among "5000 people on my team", how many others of them are into it that much?), or they're spinning a yarn (misdirection or the whole story is nonsense).
1. Re:If true, a profound disservice by gl4ss · 2013-07-09 08:52 · Score: 1
  
  well the non-nonsense(yeahyeah..) parts of the story are just "we find holes and have thousands of them and can crack anything". it's just bullshit all the way.
  
  --
  world was created 5 seconds before this post as it is.
2. Re:If true, a profound disservice by danpbrowning · 2013-07-09 11:02 · Score: 1
  
  ...they are jeopardizing the domestic infrastructure they are ostensibly tasked to protect?
  You must be new here. Don't you know how things work here in America?
  
  --
  Daniel
3. Re:If true, a profound disservice by Dzimas · 2013-07-09 12:16 · Score: 1
  
  Grimes' friend isn't tasked to protect anything. He is a civilian defence contractor whose job is to exploit flaws in software for the benefit of his employer's client.
4. Re:If true, a profound disservice by oursland · 2013-07-09 16:08 · Score: 1
  
  Know all of those "Send error report to Microsoft" windows that pop up when an app crashes? I suspect that these dumps are making their way to these guys.
  
  Basically, everyone who's ever clicked "send report" has been informing the NSA of exploit vectors and not letting the vendor know.
Sounds like complete bullshit... by Assmasher · 2013-07-09 08:38 · Score: 1

Ignoring that he suddenly goes from one of the elite of the elites in penetration testing to an average guy in a group of thousands...

--
Loading...
1. Re:Sounds like complete bullshit... by Flere+Imsaho · 2013-07-09 09:07 · Score: 5, Informative
  
  Yeah, a lot of it sounds far-fetched to me as well.
  " Most of the software written in the world has a bug every three to five lines of code. " Sure, buddy.
  "It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface." Oookaaay, that sounds legit.
  "My loft was up near the rafters, so I scooted over into the next storage area, climbed down" No lock-up facility I've been in has access through the roof space to the roof space into other units. Would you keep "$100,000 worth of computers, radio equipment, and oscilloscopes" in such a facility?
  This reeks strongly of male bovine excrement.
  
  --
  It gripped her hand gently. 'Regret is for humans,' it said.
Re:NSA? by CanHasDIY · 2013-07-09 08:38 · Score: 1

The NSA is under the Department of Defense, which makes it close enough.
These days, it seems more and more like DoD doesn't consider itself part of the military, either...

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Re:I have to ask... by gl4ss · 2013-07-09 08:43 · Score: 2

...If they have access to such awesome vulnerability detection software, why don't they run it on all the government's servers and applications?
Sounds like shit.
because they WANT the chinese to have blueprints to their billion dollar jets. you know, that's only way to bankrupt them. also, why don't they hack iran's banking that provides funding for their nuclear program?

--
world was created 5 seconds before this post as it is.
Scary thought by Sperbels · 2013-07-09 08:49 · Score: 2

Literally, if you can name the software or the controller, we have ways to exploit it.
Voting machines?
1. Re:Scary thought by meta-monkey · 2013-07-09 09:06 · Score: 5, Funny
  
  Voting machines?
  Dude could save the country and be a national hero. I can see CNN on election night 2016 now...
  Wolf Blitzer: "In a shocking turn of events, not a single Republican or Democrat, or anyone on the ballot for that matter, won a single national election today. The entirety of the Senate is now made up of 20 random engineers, 15 doctors, 10 accountants, 10 school teachers, 10 construction workers, 5 disabled veterans, the 5 honest cops, and the rest are mexican day laborers. There's not a single lawyer or millionaire among them, and the new President is comedian Doug Stanhope."
  
  --
  We don't have a state-run media we have a media-run state.
2. Re:Scary thought by nicoleb_x · 2013-07-09 09:06 · Score: 1
  
  I wish you hadn't said that...
3. Re:Scary thought by Anonymous Coward · 2013-07-09 10:09 · Score: 1
  
  Sadly, that could never happen, because even if this guy is as much of a genius as he thinks, he will never be able to find the 5 honest cops.
Re:Adobe by Anonymous Coward · 2013-07-09 08:52 · Score: 1

Oh please. At least NaN of them are in IE!
They should disclose the vulnerabilities by Hentes · 2013-07-09 08:54 · Score: 1

Disclosing these vulnerabilities would do much more against the Chinese hackers than hacking back does. Sometimes the best defence is defence.
LOL by Anonymous Coward · 2013-07-09 08:55 · Score: 1

Most of the software written in the world has a bug every three to five lines of code.
Hahaha bullshit. What a shit article. This "cyber warrior" is either feeding the author shit or is made up.
Baloney by MysteriousPreacher · 2013-07-09 09:12 · Score: 1

This sounds like baloney, so I'll write some Walking Dead fan fiction.
You ever known a real fighter? I do. His name is Larry Ellison. Back when I headed to Atlanta, only to find a graveyard, I hooked up with some survivors camped outside the city. Best fucking luck I ever had. It was a few days later I met Ellison. He'd returned from scavenging in the city. I heard that most are in and out in a day - you don't want to risk staying overnight unless you really have to. This guy had been on his own in zombie central for three days, and he looked like he'd just returned from the circus! I never saw anyone else that calm.
A week after that some walkers came through the camp. Calm as anything, he moved like a robot. I though that this was a guy with PTSD just bubbling under the surface, but then our eyes met as he jammed a screwdriver through a zombie head. You know what I saw? A caretaker. Ellison, the billionaire yacht enthusiast was somewhere else, probably with a warm fire and a harem of furries, while this man held the keys. No emotion, just relentlessly driving towards a time when we could sleep soundly.
I don't know where he is now. Maybe balls-deep in some guy in a Bugs Bunny costume, or still stalking decaying cities with that cold stare in which only a slight glimmer of the man remained? Either way, I hope at least one of those men has found peace. One night on watch he told me he used to make Java. I though he was a barista, and said as much. He half-smiled a moment, and said he gets a lot if that. With all those nights on watch, that's a out the only time I think I met the Ellison under the shell. I knows as well because I felt a burning need to push him off a cliff, and I can't explain why. Glenn, another survivor, told me that everyone feels that way about Larry.

--
-- Using the preview button since 2005
Now I understand the war on white-hats by rsborg · 2013-07-09 09:14 · Score: 1

...and whistleblowers.
It's like the war against government watch groups - the idea that by limiting what the government does (and increasingly the crony corporations that have cropped up to help it expend it's reach) - not fighting, but just calling out and limiting it, you are an enemy of the state and you need to be removed.
Exploits are bought/discovered and kept as armaments to be used on industrial/state espionage, and also for internal clandestine operations. So clearly anyone "invalidating" one by disclosing it is restricting the power of the government.

--
Make sure everyone's vote counts: Verified Voting
Re:Interesting implied threat by gmuslera · 2013-07-09 09:23 · Score: 1

And if they figure a more or less safe way to make even more profit with the information they are gathering, they will, no matter how much people, companies gets hurt by that.
Re:Adobe by AdamStarks · 2013-07-09 09:41 · Score: 2

Oh please. At least half of them are Java!
FTFY
If they're that smart by bigmo · 2013-07-09 09:49 · Score: 1

then how did a guy with a usb stick steal information from the NSA?
Re:NSA? by Livius · 2013-07-09 10:04 · Score: 1, Insightful

Military. Industrial. Complex.
It's sure to fall under at least one of those.
Re:NSA? by CanHasDIY · 2013-07-09 10:06 · Score: 1

Military. Industrial. Complex.
It's sure to fall under at least one of those.
Well stated.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
No idea what to think by benjfowler · 2013-07-09 10:28 · Score: 1

Unless the language of the interviewee is obfuscated, I would say that either:
A: the guy is for real, but some kind of idiot-savant. I know the type -- I've met people who are barely literate and can't even string a sentence together, but would blitz an electronic engineering degree.
or B: just a bona-fide wannabe idiot
Judging by the language alone, I can't actually tell.
This bothered me: by gr8_phk · 2013-07-09 10:41 · Score: 2

Most of the software written in the world has a bug every three to five lines of code. It isn't like you have to be a supergenius to find bugs.
Some blend of three options here:
1) He's full of shit
2) I'm delusional in thinking I write code way better than that
3) Most of the world really is barely held together by bubble gum and duck tape

What bothers me is to what extent is #3 actually the answer.
1. Re:This bothered me: by danda · 2013-07-09 11:43 · Score: 3, Funny
  
  duct tape, not duck tape. That's a bug in 1 out of 3 lines. :P
  > Most of the world really is barely held together by bubble gum and duck tape
2. Re:This bothered me: by HybridST · 2013-07-09 11:51 · Score: 1
  
  I'll just leave this here.
  
  --
  Ever notice that Cobra Commander sounds an awful lot like Star scream?
BS by tmark · 2013-07-09 10:45 · Score: 1

Like so many others, I call BS.
- he says he's middle aged - let's say 50. He also said at 16 or 17 he joined "one of the distros". The earliest "distros" as such, started appearing around 1992, IIRC - around 21 years ago. So at most he's now 37 or 38 - not middle aged.
Now if he just defines "middle aged" differently, then he would have been hanging at 15 around the Radio Shacks (a hacker cliche) around 1990 - well past the eras of the TRS-80s and Color Computers that the cliche says hackers would be working on - unless he's claiming that was on PCs. Did Radio Shack sell PCs ?
Then he just snuck out the back door when the men-in-black showed up. He got away because he never went back - even though surely the MIB knew who he was and that he was, apparently, still living with his mother and step-dad.
He doesn't want to be emailed in the months leading up to the conversation, ostensibly to maintain secrecy, which opens up another bunch of inconsistencies. First, if I'm able to read the author's emails, all I need to do is look for friends who stopped emailing him for a few months around the conversation. Secondly, who is he hiding from if he's already working for the government ?
Finally, the notion that a super-secret, middle-aged white guy ho walso plays in a hardcore rap band - and IDENTIFIES HIMSELF AS SUCH - exposes this pack of lies completely. That's a pretty shitty cloak of anonymity a middle aged white guy that came from another country and plays a lot of instruments in a hard-core rap band north of DC is hiding under.
This guy is real. I know. by Anonymous Coward · 2013-07-09 11:00 · Score: 1

This guy is real. how do I know ? I know couple of folks of this type. Advertise themselves as born with very high IQ, boast that they hacked/developed software 'early in life', they cannot fly because of certain things that they cannot disclose.. blah..blah...blah.. and guess what ? they cannot put together couple of shell scripts even if they try hard.
And this will continue to be true as long as by Kazoo+the+Clown · 2013-07-09 11:04 · Score: 1

Software developers have an incessant need to add features regularly in order to induce paid updates. Take Microsoft for example-- who needed a completely new UI in Windows 8? Only Microsoft. The only update features I ever need from Microsoft is stability/security/bug fixes. After about another 7 or 8 major rev levels of those, there would be some chance of having a system stable and secure enough to actually depend on-- but that'll never happen, as they're too busy monkeying with it in order to justify paid upgrades.
Like I said last week.... by ka9dgx · 2013-07-09 12:40 · Score: 1

As I said last week, the root cause which enables cyberwarfare is persistently insecure endpoints all over the internet. Each and every system out running linux, windows, mac osx, etc... all are based on an outdated and useless security model. Those nodes can then be used to attack or DOS anything that actually happens to be secure. Unless we shift everything to a system based on capabilities (and the principle of least privilege) we're going to be in a "cyberwar" forever.
yea, whatever by Slugster · 2013-07-09 13:09 · Score: 1

I was going to write a serious comment, but then I remembered that at least 75% of Slashdot accounts are just people shilling for the king of Thailand.
This has the ring of truth by WOOFYGOOFY · 2013-07-09 17:37 · Score: 1

. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'"
What does that say about the theory that open source will have fewer defects? Most of the internet is run on open source. He seems to be saying that it's a bugfest.
I have ot say I think it's true and here's why. Early on I had to implement a protocol from scratch. I read the RFP and implemented it but as you may know RFPs aren't actually written in EBNF or anything like it so there's plenty of room between the spaces left by the wordy, not completely explicit spec.
As it happened my correct implementation also took down the server instance that received it for a particular server which shall remain nameless except to say that at that time that internet server software accounted for , oh , 95% of servers out there.
So what I had created completely by accident was a near universal death ray.
I am quite sure there are TONS of stuff out there of a similar nature waiting to be exploited. For all I know, that death ray still works.
We don't locate these things because only a small number of us (programmers) are actively looking . Most of us use this stuff trying NOT to break it. The number of people doing the opposite is small. The number of possible serious bugs is more or less infinite. The rest follows from the math.
Keyser Soze by ThatsNotPudding · 2013-07-09 23:38 · Score: 1

"He becomes a myth, a spook story that criminals tell their kids at night. "Rat on your pop, and Keyser Soze will get you."
Maybe it's to scare all the leet folks into thinking everything in their tool bag is nothing but Swiss cheese to the NSA.
What's next... by cundare · 2013-07-10 05:53 · Score: 1

You see, the thing that I think most of these happy-go-lucky creepy-ass hackers don't realize is the ramifications of the fact that they're performing military or, at least, paramilitary functions or state-mandated police actions. Depending on context, they may be disrupting high-value activities of organizations and individuals that run the gamut from badass foreign counterintelligence agencies and fundamentalist radicals to Columbian drug lords. So what happens next? Well, just pick a season of "Breaking Bad."
In this line of work, it is scary easy to identify someone in this line of work, especially one who is unprofessional enough to grant an interview to a trade pub (and to do little to further mask his identity). I attended a recent seminar in this field in which panelists debated this very question: Is it ethical to assassinate young, stupid "cyberwarriors" if their work has the potential to disrupt or destabilize mission-critical operations? The bottom line was that most think it is, on the ground that these guys are civilian operatives acting as military "cyberwarfare" "combatants" -- not much of a terminology stretch in a world of "enhanced interrogation techniques."
So what I'm saying is that it may not be long until (and I wouldn't be surprised if it's already happening in places like Israel & Palestine) guys like this interviewee, and their families, are routinely targeted by hit men, suicide bombers, drones, seals, whatever. If they're performing military functions -- think Iranian centrifuges -- why wouldn't they be fair game?
And when that happens, how does this social dynamic change? Does our dopey Season 1 Walter White hackercracker immediately transition to Season 5?