Slashdot Mirror
US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet
An anonymous reader sends this news from the Washington Post:
"U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents [from Edward Snowden]. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions. ... The implants that [an NSA group called Tailored Access Operations (TAO)] creates are intended to persist through software and equipment upgrades, to copy stored data, 'harvest' communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others."
that is so cool.
Never say never. Ah!! I did it again!
Allies, "ALLIES", we don't need no stinkin' Allies. All of it, ALL OF IT, ours, we, want it all, exploit it, burn it, the whole world, it's ours, Ours, OURS.
Seriously out of control. Looks like Chinese hardware is the least of the worlds problems. With the US Stupidity Services trying to purposefully break everyone's networks and insert back doors that only they, and their contractors, and anyone who wants to pay those contractors knows about.
Morons there is no such thing as an exclusive back door. Once you broken the security of other countries networks, you leave access for anyone waiting to exploit, bet anything you like those morons did not at all to monitor and ensure those back doors were not exploited by others. I wonder how many times now the US government has blatantly lied about cyber attacks they launched that have been discovered and then blamed on other countries and pseudo organisation like Anonymous.
How many attacks have they launched they were designed to do nothing else but increase their budget?
Chaos - everything, everywhere, everywhen
Who believes the US government had something to do with it?
Suddenly after meeting with regulators the price recovers?
Conclusion: Promote regulation of the Bitcoin network as it's correlated with a rise in the price.
Time for me to destroy my webcam and make sure no device on my computer has a microphone.
Budget documents say the $652 million project...
Most big budget "defense" projects go over budget, over time, and don't perform to expectations. How well does this actually work (yeah, I know it's a rhetorical question)? Of course, by comparison, it's quite a bit less than the cost of a single B-2 bomber, so maybe its budget isn't large scale enough to underperform?
But I can't find a single typewriter in any antique shops any more.
---- The above post was generated by the Turing Institute. Maybe.
Whistleblowing on a secret US government agency that's governed (if at all) by secret laws and secret courts, and is clearly out of control? Sorry, that would never cross the line into treason. It's the agency which is breaking the law.
Since the line for treason gets drawn by the government he is exposing, of course the answer is yes.
The question is, does he care?
We should start referring to processes which run in the background by their correct technical name... paenguins.
As a non-american, I think Snowden went far enough for one man. I think we need other Snowdens to stand up and speak the truth. Treason against his government or all of humanity. Tough choice to make.
What operatives? None of the people involved in this are working undercover, they're working in cubicles in office blocks in the US.
He had already leaked it all to the Guardian. The information is out now. He just can't effectively comment on any of it anymore.
I see the glass as full with a FoS of 2.
Like everyone else on slashdot, I only run Debian and must say I smile when I see reports such as country sponsored malware strikes like this. But it does make me ask an honest question:
How can we be sure that the Linux kernel isn't compromised? I don't really have the time to go through all lines of code and I doubt my security analysis and development skills are up to the task anyway.
We aren't talking about the beacon of the free world, we're talking about the USA!
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
It is really, really easy to turn a blind eye to the evil one's government perpetrates when that evil is not directed at one's self or one's loved ones, and when in fact these benefit in some way from said evil.
Does all this evil keep our economy strong (possibly at the expense of other economies)? Does it keep stuff cheap at walmart? Does it keep the movies and tv programs flowing? Does it keep most of us basically comfortable in our lives? Then maybe we just won't bother sticking our necks out for a bunch of foreigners who offer nothing to us in return.
What is it that you want people to do exactly? Do you think we have any control over what intelligence agencies do? If we try to stop them then their allies will be in the position to do to us and our loved ones exactly what the US intelligence agencies are capable of doing to people in your country.
You don't seem to understand how things work. The US citizen cannot stop the US government because your government would work with the FBI to stop that. It would be called terrorism. The penalty for terrorism is harsh and can even include death.
If someone in your country tried to take on the intelligence agency of your country, then if your country is allied with the US government then the CIA would destroy those people/terrorists.
The only realistic solutions which aren't suicide or completely insane all take time. Decades. The government agencies can be made less abusive over time, and made to follow the laws of war or at least make it clear to us what rules they follow.
I Oppose the Cyber-War...but I support the hackers.
an ethical US citizen which pays taxes?
Questions raise, answers kill. Raise questions to stay alive.
If Snowden leaked this at this point he's exposing information on operations, methods, everything. At what point does it cross the line and become treason? Is there a line which gets crossed where every Snowden supporter would say "this has gone too far"?
As a non-US citizen and potentially impacted by the US govt actions, I don't have any incentive to say "this has gone too far".
Questions raise, answers kill. Raise questions to stay alive.
It is NEVER treason to expose government wrongdoing or unconstitutional behavior. It is NEVER treason to expose government coverups or lies. It is NEVER treason to disclose programmes that should have had proper congressional or public oversight but didn't. Everything so far disclosed has fallen into the above categories. If ever disclosing one of these wrongdoings or unconstitutional behaviors or coverups has put an operative or operation in jeopardy - then the blame rests solely on the shoulders of whoever perpetrated that cover up. Otherwise, any wrongdoing could be hushed up simply by entangling it with something else.
At least, that's my view as a Snowden and Manning supporter
As an american citizen it is not easy to figure out how to deal with this. Neither party is running on the "stop being evil" platform. Minor protests don't have much effect in this country and a revolution is clearly worse than what we have now.
Or maybe you should be asking: should the government have no limit as to what it can do in the name of protecting the country from supposed foreign conspiracies.
If they have really developed software which can do that, they should share their techniques with the commercial world. Software that can continue to run even after a system upgrade? Sign me up.
As a non-American, every bit of this information makes me puke. Specially since last night when your president unilaterally and illegally announced another war on another middle eastern country, even the word USA makes me feel bad.
That's seriously a good question. The ironic answer is that the knowledge that would be sufficient to make an informed decision (as to where the line should be other than an annoyingly vague "whatever doesn't make it worse for humanity") is being withheld from us. Any actual example we could use would be based on what we already know, which isn't going to be whatever the government is still keeping secret - the good _and_ the bad.
Which puts us all between something of a rock and a hard place.
Having read this particular article, it doesn't mention any specific operations, nor any specific methods. I say "specific" because, while it does reveal that the US government is exploiting vulnerabilities in software and hardware (really not a surprise), it does not reveal specifics that would allow an enemy to distinguish between "US government exploit" and "random joe exploit".
I also found this part interesting: "The NSA designs most of its own implants, but it devoted $25.1 million this year to “additional covert purchases of software vulnerabilities” from private malware vendors, a growing gray-market industry based largely in Europe." Apparently, providing 25.1 million dollars of additional demand for unethical behaviour is now within the NSA's newest line in the sand, to go along with global warrant-less electronic surveillance of everyone including its own citizens within its own borders.
Which means here's the thing:
The US government crossed its constitutional line under a veil of secrecy from its own people and then said: I'll keep going.
Edward Snowden crossed his personal line under the orders of the US government and then said: I'm turning whistleblower.
So right now, I'm a lot more worried about the US government's limits than Snowden's.
that's a rather absolutist perspective. isn't it possible that whistleblowing on a super sensitive program is both necessary and treasonous?
and that if found treasonous, a due process trial should happen?
and that the president could pardon the convict once the impact if that revelation is clear?
not saying that will apply, but it is far closer to reality than "all whistleblowing automatically erases harm from completely unrelated organizations and people", which is how your comment reads.
we are getting summarized information. keep in mind that the actual documents that the guardian and now Der Spiegel have likely contain a lot more detail. I'm betting It's well past treason already
Maybe this will help. Since US and British intelligence agencies have helped to stop terrorist plots around the world in many countries, their disruption may lead to attacks in your country, the deaths of people you hold dear, and destruction of things you treasure.
I wouldn't get too comfortable with the current state of affairs. It hasn't been that long since Snowden began his disclosures, and some problems, such as Islamist terrorism, are not likely to go away any time soon. In fact it is likely to grow much worse in Europe in the coming decades. That same could easily be true in the Pacific regions as well.
Maybe you'll never truly understand until you hear a blast yourself. Some people just never learn.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force
http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html
Don't quote me on this.
If you work for something that has turned into criminal organizations of the worst kind (e.g., endangering infrastructure components of other countries), you deserve what's coming your way.
I'm guessing they have already shared their... samples, with the 'commercial world', the commercial world isn't just yet aware of it.
That depends of if we decide the NSA has gone far enough to be considered a domestic enemy of the people. It lies to congress, it lies to the citizens, and it may be lying to the president as well. That doesn't sound much like a legit government agency. It spies on Americans and subverts the Constitution. That sounds like something an enemy does.
I suppose you're among those that think 9/11 happened because Islamic countries just decided they "hate our freedom", rather than a long history of being fucked with in a manner that pre-existed that event and continues through today, and will inevitably result in further animosity and eventual blowback.
Here we come to the heart of the issue - you fundamentally fail to understand al Qaida's motivation. Al Qaida wants to continue the Muslim conquests of centuries ago, when invading Muslim armies threatened to conquer Europe, and continue on to the rest of the world. They want to restore what they see as the glory of Islam. They want to restore the Islamic caliphate government dissolved in 1923 with the fall of the Ottoman Empire. They want replace existing government in Muslim countries with strict Islamic governments ruling according to their interpretation of Islamic law. They want to reclaim former Muslim lands, such as Spain, by reconquest. They want to expand the new Islamic empire to all nations, and convert all people to Islam. They are militant and imperialistic.
Do you know what Bin Laden's demands were to the US after 9/11? Convert to Islam, and replace the Constitution with Islamic Sharia law.
They understand this is a long term struggle. They are patient, and will continue it. The problem is likely to get worse before it gets better. Countries facing the threat they pose ignore it to their peril.
Since you are likening intelligence agencies to "children in a clubhouse," that "allows them to play with big, expensive toys," I'm not sure you are really engaging on this at a serious level.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
What was found on Miranda was raw intel -- before being edited. Nothing that made it to press, as far as I know, has identified individuals. Also, how is it Snowden's responsibility that these "non official cover" agents enjoy no protection based on that status?
Finally, can I safely assume that you were vehemently opposed to the pardon of Scooter Libby (and by implication Dick Cheney) for outing an agent -- rather than hang for treason? Which was arguably the more reprehensible in that that leak did not purport to do any public service, but was only out of petty spite (and discouraging dissent) because Wilson wasn't playing along with the massive deception leading up to the illegal war in Iraq?
Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
The Future of Terrorism: What al-Qaida Really Wants
Full text: bin Laden's 'letter to America'
Q2) As for the second question that we want to answer: What are we calling you to, and what do we want from you?
(1) The first thing that we are calling you to is Islam. ...
(2) The second thing we call you to, is to stop your oppression, lies, immorality and debauchery that has spread among you.
(a) We call you to be a people of manners, principles, honour, and purity; to reject the immoral acts of fornication, homosexuality, intoxicants, gambling's, and trading with interest.
We call you to all of this that you may be freed from that which you have become caught up in; that you may be freed from the deceptive lies that you are a great nation, that your leaders spread amongst you to conceal from you the despicable state to which you have reached.
(b) It is saddening to tell you that you are the worst civilization witnessed by the history of mankind:
(i) You are the nation who, rather than ruling by the Shariah of Allah in its Constitution and Laws, choose to invent your own laws as you will and desire. You separate religion from your policies, contradicting the pure nature which affirms Absolute Authority to the Lord and your Creator....
HAMAS Targets Spain
Bonus:
UK: Muslim Gangs Enforce Sharia Law in London
AU: Muslim body wants 'moderate' sharia law but government rejects plan
SE: 'Separate laws for Muslims' idea slammed
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Obvious solution: vote for a party that you don't find evil. They don't have to win. If 10% of people voted green and 10% voted libertarian, and the apparent reason was surveillance programs... then democrats and republicans in congress would change their tune in a hurry because picking up those votes would be enough to swing almost every incumbent from a possible loss to a sure win in their next election.
Also, if your congressional representative of either major party happens to be anti-evil -- and there are some -- be sure to cross party lines to vote for them.
This space intentionally left blank
And yet Russia can call us up and say "Hey, there are two Chechen refugee brothers in Boston who we think are terrorists" and NOTHING HAPPENS.
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
Many if not most of these "cyber warfare domain" exploits can be traced to the C and C++ languages and the sloppy idioms (such as char* or void* pointers) which are prevalent amongst the users of said languages. Even highly skilled and experienced developers created things like the "ping of death".
Then there is the PHP language, where they try to "make it easier and faster to create software by adding convenience features and removing typing" and the end result is a horrible mess of security-related side effects nobody seems to be able to get a handle onto.
Sometimes I think both C and PHP were invented by people who considered Pascal and Ada as "too secure".
In my opinion as an Applied Computer Scientist and Software Engineer (I do think this is a critical distinction from "programmer"), memory safe/type safe programming languages can significantly reduce the potential for exploitable bugs. So can sandboxing technologies like AppArmor, SE Linux or Sandboxie.
We the computer science community need to do something about it or face the well of our wealth be poisoned by the psychological effects of cyber crime and cyber warfare: "Never store anything critical on a computer, don't you know everything is hackable !".
I created a tailored AppArmor profile for firefox years ago and it cost me about a day. Every software engineer can do that, given determination.
Then I spent serious time on making a memory-safe C++ variant named Sappeur:
http://sourceforge.net/p/sappeurcompiler/code-0/2/tree/trunk/doc/SAPPEUR.pdf?format=raw
http://sourceforge.net/p/sappeurcompiler/code-0/2/tree/trunk/