GCHQ Created Spoofed LinkedIn and Slashdot Sites To Serve Malware

An anonymous reader writes "Ars Technica reports how a Snowden leak shows British spy agency GCHQ spoofed LinkedIn and Slashdot so as to serve malware to targeted employees. From the article: 'Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target “nine salaried employees” of the Organization of Petroleum Exporting Countries (OPEC), the global oil cartel.'"

First infection

[starworks5]

Viral Marketing to Governments.

Victims were alerted

when the quality of the comments section significantly improved.

Re:Victims were alerted

[93+Escort+Wagon]

when the quality of the comments section significantly improved.

Plus submissions were actually edited...

Re:Victims were alerted

[phrostie]

you just think you're Anonymous.

Their watching.

ROTFL

Re:Victims were alerted

[petteyg359]

Whose watching?

Re:Victims were alerted

[ArcadeMan]

They're watching what you're doing on your computer via their hidden cameras over there.

Re:Victims were alerted

Their watching.

Whose watching?

Whoosh.

Re:Victims were alerted

[maxwell+demon]

Whoosh watching?

Re:Victims were alerted

[binarylarry]

Whoooo! Swatching!

Re:Victims were alerted

[Zaiff+Urgulbunger]

Who wooshes the watchers though?

Re:Victims were alerted

You know, Wa Ching, the Chinese mole at GCHQ!
His brother is a lobbyist in America, Ca Ching!
Oh, and it's who's, not whose.

Re:Victims were alerted

[lkernan]

See, no fake Slashdot could ever match the quality of comments like that.

Re:Victims were alerted

[girlintraining]

Whose watching?

The grammar police. We've had our eyes on you for some time.

Re:Victims were alerted

[mrchaotica]

I don't know!

(He's on third.)

Re:Victims were alerted

[Godwin+O'Hitler]

"Oh, and it's who's, not whose."

Not this time it isn't.
"Whose watching" is the best one line reply since "Pretentious, moi?"

hey, GCHQ employees

[Joining+Yet+Again]

I know you're reading this.

You're smart. Smart enough to be able to work out who I am, probably without much trouble.

Why don't you do something productive?

Re:hey, GCHQ employees

Why don't you do something productive?

They dont get paid to do that. They have gone the way of Gestapo, KGB and Stasi.

Re:hey, GCHQ employees

[cold+fjord]

The Gestapo, KGB, and Stasi were mainly agencies of internal political repression, although the KGB also spied outside the country as well. Since the targets of surveillance were apparently outside the UK, it isn't really the same. That doesn't mean you can't find it disagreeable.

Re:hey, GCHQ employees

[cold+fjord]

hey, GCHQ employees .... Why don't you do something productive?

They were apparently spying outside the country. Isn't that what most people here agree they're supposed to do?

I can see why it might be a matter of concern.

Iran says it has capability to force Europe to 'spend the winter in cold' - Published: 02.28.10

Iran could make European countries suffer by cutting off energy supplies and can target any adversary with its missiles, a senior Iranian military official said on Sunday.

Re:hey, GCHQ employees

[NettiWelho]

The Gestapo, KGB, and Stasi were mainly agencies of internal political repression, although the KGB also spied outside the country as well. Since the targets of surveillance were apparently outside the UK, it isn't really the same. That doesn't mean you can't find it disagreeable.

Even if the anglosphere currently isn't openly corporate fascist that doesn't mean it wont be 5, 10, 15 or 20 years down the road. If they have years worth of supposedly private communiques from people thats is like Stasi's wet dream where the people being repressed write their own profile, willingly.
Once the thugs are in power they are not gonna delete that data, they are going to use it.

Re:hey, GCHQ employees

[Joining+Yet+Again]

It makes me sad.

My (long ago retired) father ended up as a relatively senior civil servant for his home country, working abroad and dealing with, to put it generally, import&export. Now he was once asked by his government if he would exploit the contacts he'd formed and cooperate in passing certain useful information to them as and when required. He refused.

I'm sure he'd have enjoyed greater job security in his latter years if he'd cooperated, but he did what was right - ultimately for him too, because being open and honest means a more relaxed life, where you are free to build what you want and speak about what you want.

Even if - and let's say your a stellar maths grad - you're given the most comfortable desk, access to the best machines and the company of a small subset of brilliant minds, your work won't go to improving human scholarship if you work for a secret service. It'll be kept under lock and key, deployed for the whim of the politicians of the day and their masters. And yes, you'll be indoctrinated with the mantra of every civil servant - "I'm not allowed an opinion because I'm only following orders". But that's only acceptable if your orders can ultimately be scrutinised by the general public on behalf of whom you are working.

And if you just enjoy playing god, well, go into the City, or start up your own business. If you're that good, then you can perform in plain sight, can't you?

Re:hey, GCHQ employees

[Penguinisto]

Actually...

The KGB (Komitet gosudarstvennoy bezopasnosti) did the external spying, while the NKVD (Narodnyy Komissariat Vnutrennikh Del) did the internal stuff.

Re:hey, GCHQ employees

[NettiWelho]

And when they say they dont do domestic data gathering you shouldn't trust them. NSA was already caught wiht its hand in the cookie jar.

Re:hey, GCHQ employees

1) There are foreign threats.
2) Our spies are principally spying on foreigners.
3) ????

The conservatives in all our countries are relying on to you stupidly assume that our spies are principally spying on foreign threats. But foreigners are not the same as foreign threats. If the GCHQ spies on Americans, and the NSA spies on Brits, then it's a closed loop. And we know that is happening.

The whole thing is all a big open question with lots of cloud hanging over it.

Re:hey, GCHQ employees

[NettiWelho]

Sending malware counts as a crime, not legal surveillance.

If the victims knew the identities of the perpetrators they would be eligible for extradition under the standing treaties.

Re:hey, GCHQ employees

[king+neckbeard]

Saying that the purpose of the GCHQ or NSA is to spy outside the country is like saying that the purpose of the military is to shoot and bomb people. That's what a large portion of what they do entails, but if it is justified in existence, it's going to need a lot more discretionary than that.

Re:hey, GCHQ employees

[NettiWelho]

Actually...

The KGB (Komitet gosudarstvennoy bezopasnosti) did the external spying, while the NKVD (Narodnyy Komissariat Vnutrennikh Del) did the internal stuff.

Organization that used to be NKVD was castrated in 1950's with arrest of Beria and KGB inherited role of the political police.

Re:hey, GCHQ employees

[Joining+Yet+Again]

The concern is not whether spying activity is at home or abroad - any such distinction can be defeated with recriprocal agreements. The issue is that the targetting was of administrators at Internet exchanges.

And you're worried about Iran putting pressure on OPEC? Deal with your lack of domestic energy security. You had 40 years to wake up, but instead you sold everything off to mostly foreign concerns. Spying on OPEC is just doing dirty work for these businesses to ensure they profitably receive their fuels.

Re:hey, GCHQ employees

[cold+fjord]

And you're worried about Iran putting pressure on OPEC? Deal with your lack of domestic energy security. You had 40 years to wake up, but instead you sold everything off to mostly foreign concerns. Spying on OPEC is just doing dirty work for these businesses to ensure they profitably receive their fuels.

Iran is a member of OPEC. Iran also threatens Europe both with missiles and with the ability to significantly reduce Europe's energy supplies. If you read my post you should have picked up on that. Limiting the ability of Iran to interrupt Europe's energy supplies limits the number of Europeans that will freeze to death in winter. Or was the question of profit your main concern?

Re:hey, GCHQ employees

Skipping some renaming & reorganizations, the KGB was a successor to the NKVD which was a successor to OGPU which was a successor to the Checka.

The KGB owned internal troops, border guards, secret police, and external spies.

Both the KGB and GRU (military intelligence) spied abroad.

Re:hey, GCHQ employees

[Spamalope]

And when they say they dont do domestic data gathering you shouldn't trust them. NSA was already caught wiht its hand in the cookie jar.

Semantics; Assuming it's not a baldfaced lie, they can 'partner' with the NSA then 'share resources' and they've got their hands on the results of domestic spying while only having encouraged and facilitated it themselves.

In the US, courts have ruled that corporate spying on individuals is legal so 'privatizing' the actual data gathering launders it into legality under this time honored principle: 'What are you gonna do about it, you're powerless'.

Re:hey, GCHQ employees

[NicBenjamin]

Sending malware counts as a crime, not legal surveillance.

If the victims knew the identities of the perpetrators they would be eligible for extradition under the standing treaties.

This has been repeated several times, but nobody has been able to name the treaty. In fact the last time I asked somebody brought up a non-governmental hacker.

This is a world of governments. What they do is legal, by definition, unless they have specific Constitutional or statutory bars on that particular behavior. Neither the US nor the UK has ever signed a treaty, or passed a law, that makes hacking in service of the government illegal.

Let me put it to you this way:
If US officials can't get extradited to Venezuela for participating in that minor coup attempt Venezuela had a decade pr so back, why could they be extradited for hacking?

It's not like a) the Venezuela coup worked so the new government loved the coupsters, or b) the Venezuelan government would have refrained from charging the CIA officers they were accusing if they thought anyone (literally anyone) would take it seriously.

Re:hey, GCHQ employees

[Joining+Yet+Again]

Yes, but Iran isn't OPEC, so it still makes sense to say that it might put pressure on OPEC.

How exactly does spying on internal OPEC discussions stop them from deciding to limit supply to Britain, please? Is it so Britain can figure out ASAP how it should threaten Iran as a whole because a group has dared to exercise its right not to sell a product to private companies?

Of course it's a concern that Britain's energy policy has been directed toward maximising profit for energy companies rather than to securing domestically owned and located energy sources. Band-aid after band-aid won't solve the fact that Britain remains at the mercy of being "frozen to death" by OPEC (misdirected hyperbole yours - in fact, people are already freezing to death, and the numbers are expected to increase significantly this winter).

Now, recent moves toward fracking and building of new nuclear power stations have all involved foreign companies, which is only better in that we can in principle regulate in our interest and force nationalisation if absolutely necessary. In practice, the government ends up being subordinate to the needs of the energy companies - hence the spying!.

Genuine military threats from Iran are of course within the remit of spy agencies. That's not the same as sabre-rattling, but I simply don't know enough to say for sure whether Iran is a genuine military threat to Britain. FWIW, I have no evidence that it is.

Re:hey, GCHQ employees

[girlintraining]

Saying that the purpose of the GCHQ or NSA is to spy outside the country is like saying that the purpose of the military is to shoot and bomb people.

The NSA Mission Statement references Executive Order 12333, and I quote directly -- "2.2 Purpose. This Order is intended to enhance human and technical collection techniques, especially those undertaken abroad..." The GCHQ lacks a specific mission statement, because as you know, the British are terrible at getting to the point. The website is, however, full of committee-written documents and available in 9 different languages and makes a point of saying it's available to those who require "assistive devices". The NSA makes no such attempt; I guess that's social commentary.

And as to the military... for an organization whose purpose isn't to shoot and bomb people, they sure do shoot and bomb people a lot. In other news... If an NSA or GCHQ analyst ever reads your post... they'd laugh as hard as I did at your naivety, except part of the swearing in ceremony to become an employee requires they surgically remove the sense of humor.

Re:hey, GCHQ employees

[cold+fjord]

You know what? I agree with you.

That is why it is so important to stamp out signs of genuine oppression and actual thuggish behavior immediately when they are identified, and have good oversight over the rest. That is why I find the indifference on Slashdot to the admitted political oppression engaged in by the IRS to be so appalling. People here moan, scream, and wail about oppression this and that when it involves the intelligence agencies. But when it involves the IRS, which unlike the NSA really does have considerable formal power to make the lives of individual Americans hell, which genuinely does have dossiers on almost everyone in America and various other people from around the world, expects you to send them a report at least annually, engages in its own internet surveillance, and now will be charged with overseeing American health insurance and apparently records, hardly anybody seems to care. That goes for the various Canadians, Europeans, and others that speak with an "American voice" of outrage about the intelligence agencies and many other policy questions, as well as the actual Americans that claim they are for "freedom" no matter now many dead bodies are created. It's like talking to someone that claims he greatly loves his family and would protect them to the death, goes ballistic if someone looks cross eyed at his sister, but upon seeing his brother and mother being gang raped simply utters "meh" and walks away. I can think of a number of explanations for that, but few of them are flattering. At the very least it looks like distorted thinking regarding computer-centric issues.

As to the intelligence agencies proper, yes, I think that much of that data, such as the phone metadata, should be purged periodically if it is going to be kept at all. My recollection from some story was that they were supposed to keep it for no more than 5-7 years. If it is going to be kept at all I would like to see it in a separate organization either within or outside of NSA that would be responsible for ensuring proper privacy protections were applied, including proper purging, as well as reporting on its use. I would also like to see more and better congressional oversight, possibly involving the GAO. I'm sure that other nations could put similar arrangements in place.

Intelligence agencies are a potential danger to a democracy, but also a critical part of defending them. They must be watched and governed adequately so that they don't pose an undue risk, but not so tightly that they become ineffective and leave the nation at risk. History generally isn't kind to nations caught unaware. Sometimes they even cease to be. We haven't reached the end of history yet, so they will be needed for many years to come.

Re:hey, GCHQ employees

[gl4ss]

not really, I don't think they're supposed to be breaking laws. the only spying they can do internationally legally is actually uk citizens.. they do not have international contracts in place that enable them to legally give a set of personnel the right to break laws in other countries by performing hacks there (and domestically were it to go into court they could _only_ argue that it was an act of war, which would have been an unauthorized act of war in that case and everyone in the agency would be guilty of treason!).

Re:hey, GCHQ employees

[NettiWelho]

What makes you think someone needs to pass a separate law for outlawing something for the government? If a CIA operative murders someone in cold blood while on an assignment because he wanted his cool sunglasses, it is still a crime even though there is no law specificly forbidding CIA operatives killing foreigners freely at complete personal discretion.

As far as I am aware attacking private systems with malware is a punishable crime both in US and UK.

Re:hey, GCHQ employees

Iran's missiles would be launched against Saudi Arabia, not Europe.

Re:hey, GCHQ employees

[Ambient+Sheep]

And you're worried about Iran putting pressure on OPEC? Deal with your lack of domestic energy security. You had 40 years to wake up, but instead you sold everything off to mostly foreign concerns.

And now we're getting the Chinese to build our next generation of nuclear power stations... *facepalm*

Re:hey, GCHQ employees

[Dodgy+G33za]

You quote an Israeli source. Did you give a thought that this is likely at best propaganda and at worse complete lies?

Quite apart from anything else the deputy of a branch of the army is NOT the same thing as the official spokesperson of the country.

Most of Europe being at the mercy of Russia for a large part of its gas is of far more real concern.

Re:hey, GCHQ employees

[NettiWelho]

What they do is legal, by definition, unless they have specific Constitutional or statutory bars on that particular behavior. Neither the US nor the UK has ever signed a treaty, or passed a law, that makes hacking in service of the government illegal.

I'll let my google-wiki-fu dazzle you:

Fourth Amendment to the United States Constitution
....
The Fourth Amendment (Amendment IV) to the United States Constitution is the part of the Bill of Rights that prohibits unreasonable searches and seizures and requires any warrant to be judicially sanctioned and supported by probable cause.
...
One threshold question in Fourth Amendment jurisprudence is whether a "search" has occurred. Initial Fourth Amendment case law hinged on a citizen's property rights—that is, when the government physically intrudes on "persons, houses, papers, or effects" for the purpose of obtaining information, a "search" within the original meaning of the Fourth Amendment has occurred.
...
The Fourth Amendment proscribes unreasonable seizure of any person, person's home (including its curtilage) or personal property without a warrant. A seizure of property occurs when there is "some meaningful interference with an individual's possessory interests in that property"

In my interpretation of the functionality of our universe sending detectable signals that carry malware in order to gain illicit access does count as physical action.

Re:hey, GCHQ employees

"It makes me sad..."

It should make you angry as hell.

They used us--every single one of us--as BAIT in the furtherance of a crime.

Re:hey, GCHQ employees

[pitchpipe]

In the US, courts have ruled that corporate spying on individuals is legal so 'privatizing' the actual data gathering launders it into legality under this time honored principle: 'What are you gonna do about it, you're powerless'.

This is a phrase that needs definition so we can better fight against it:

Data Laundering: The government circumventing the illegal search and seizure provisions of the constitution through the use of private corporations vast databases of information on all citizens.

This always elicits the response,"If you don't like $Corps policy of getting tax dollars to spy on you to circumvent the constitution, don't use them." When every corporation is a one way mirror on all of our lives to the government, this no longer becomes feasible. Unless you want to live like the Uni bomber.

Re:hey, GCHQ employees

[AHuxley]

LOL cold on 5-7 years. Thanks to the great work by whistleblower the world now understands a lot of the telco data is long term - 10's of years to life.
The past sock puppets tried hard to shape the wider computer-centric community on data been hard to keep, hard to search, political or legal protections, the protection of the marketplace and stock values, domestic protections, courts...its all turning out to be a huge joke with each new press release :)
Readers now know the legal and real world domestic results as "parallel construction":
http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805
i.e. DEA’s Hemisphere program, i.e. records of every phone back to 1987. Just a bit longer than a nice sounding '5-7 years".

Re:hey, GCHQ employees

[cold+fjord]

DEA and NSA may share data at times, but they aren't the same agency with the same database. I wouldn't be at all surprised if different agencies in the government have different statutory authority in terms of the allowed data retention.

As far as I have heard, "parallel construction" is one way - out of the NSA, not in. Since it seems to be incidental it isn't clear that it is an extensive issue, although it is grounds for concern.

If people want DEA's handling changed, they will have to complain. I wouldn't hold my breath. People don't seem to care much if it isn't NSA. I don't recall you, for example, making many negative remarks about the IRS and yet they are the ones that have demonstrated and admitted to engaging in political oppression that may have tipped an election. If it isn't stopped it could very well lead to a de facto one party state. And won't that be fun?

Re:hey, GCHQ employees

[shentino]

If a hostile government act isn't a crime, it's an act of war.

Re:hey, GCHQ employees

[AHuxley]

"different statutory authority" sounds like color of law. US law reform groups and constitutional law experts often win when such cute efforts are exposed.
Tax law in the US is public, while a persons accounts are been frozen, they can still find a lawyer to read the letters and have them explain very limited future options.
The US and UK seems to have gone to great lengths to have to out smart their own gov staff as their gifted staff seem to know their countries laws and legal protections.
Its all fun when your looking down at the Soviet Union/Russia/China/EU.... When that tech is tuned back onto the domestic setting... very good lawyers are ready :)

Re:hey, GCHQ employees

[fyngyrz]

Two more possibilities:

1) Violation of constituting authority

2) Stupidity

Re:hey, GCHQ employees

[Zontar+The+Mindless]

Even if the anglosphere currently isn't openly corporate fascist that doesn't mean it wont be 5, 10, 15 or 20 years down the road....

You think it wouldn't look like that already, to someone who'd just awakened from a 20-year coma?

Re:hey, GCHQ employees

[robot5x]

You make an excellent point, that is often overlooked in these kinds of debates: there is no faceless spying organisation who we can consider like the Borg, it is always made up of individuals, who for some reason make a conscious decision to engage in this shitty and destructive behaviour.

I've often toyed with the idea of 'outing' people who 'innocently' contribute to the efficiency and organisation of horrible organisations like the NSA. You know - here's John, he's a nice guy, he plays softball and likes Miller Lite, his favourite movie is Deliverance, and during they day at work he spies on your email and helps innocent arab-looking people get fingered in US airports.

I'm being melodramatic but you get the point - we should hold the worker bees of these organisations to account, rather than just say 'the NSA sucks'. These people are all around us and this system could not work without them. They deserve our hatred.

Re:hey, GCHQ employees

[Guest316]

Data Laundering: The government circumventing the illegal search and seizure provisions of the constitution through the use of private corporations vast databases of information on all citizens.

Which is pretty much like saying, "I didn't kill that person, I hired someone else to kill him." It's still unconstitutional, but they've decided that pretty semantics make it ok.

Re:hey, GCHQ employees

[stenvar]

But unless you want to turn the US into some kind of Amish paradise, the solution to this problem is not to prevent private corporations from using private data, the solution is to prohibit government from acquiring and using private data under most circumstances, and disclose when they do.

Re:hey, GCHQ employees

[cold+fjord]

If it did, the coma affected their mind. The US and Western Europe have all scaled back their militaries, and their political systems are unchanged. Eastern Europe has greatly liberalized in the last 20 years. Even China has continued its liberalization even if the current Chinese leadership is having some second thoughts. If it was a 20 year coma even the concerns about terrorism would be familiar. Europe had terrorism problems into the 80s, and the US had suffered the Beirut bombing that killed 299.

Re:hey, GCHQ employees

[cold+fjord]

The NKVD wasn't castrated, it was decapitated. Like all other such political animals it can and did regrow a new head, or at least had one grafted on. I doubt many people that were on the bad side of the KGB would consider them "castrated." The real change was going from Stalin to a new set of leaders that eased up in various ways on the repression. One example would be the end of wholesale deportations of entire peoples or nations to other parts of the Soviet Union.

Re:hey, GCHQ employees

[cold+fjord]

Even if - and let's say your a stellar maths grad - you're given the most comfortable desk, access to the best machines and the company of a small subset of brilliant minds, your work won't go to improving human scholarship if you work for a secret service.

Perhaps you could inquire regarding the fate of Polish mathematicians and their work after Germany occupied their country?

Re:hey, GCHQ employees

[Joining+Yet+Again]

Please be more explicit. Some were evacuated; others were murdered; most of them I know nothing about.

Re:hey, GCHQ employees

[king+neckbeard]

And yet the goal from that executive order boils down to gathering information to protect us against national security threats. That's the reason that these organizations exist, at least that's what they have to claim to the public and international community.

Re:military. I didn't say their purpose was not to shoot and bomb people, but rather, that they have to exercise discretion in doing so. If the US military shot and bombed the same people the NSA spied on, the military would get shut down very quickly.

Re:naivety, I know what the spooks ACTUALLY do and why they do it, but that is different from how they have to sell themselves. It's hard to argue for the military industrial complex, paranoid megalomania, industrial espionage, and the undermining of the sovereignty of countries whose policies are contrary to the economic interests of the plutocracy. But protecting us from the communists, err, I mean terrorists, is fairly easy to sell.

Re:hey, GCHQ employees

[coastwalker]

Your assessment is incorrect. You focus on matters to do with military security and indeed the cold war is over and the old bugbear of communism taking over the world is defunct. However you are blind to the subject of this discussion. You are now a digital person and your existence is defined by what is on the Internet. The greatest and most free source of information ever devised. A source of information which is so free that secret policemen and all kinds of riff raff, state sanctioned and from private industry now own your digital persona. The question is when they are going to use it to enslave you, not if they are.

Enjoy your retirement in prison because of some data from your youth 50 years before. Remember me warning you.

Re:hey, GCHQ employees

[AmiMoJo]

GCHQ's main function is to assist private companies who want to spy on their foreign rivals. To do that effectively they hooked up with the NSA and started doing contract work for them.

To give some appearance of legitimacy to their criminal organization they also help out our own security services from time to time.

Re:hey, GCHQ employees

[Hatta]

This is a world of governments. What they do is legal, by definition, unless they have specific Constitutional or statutory bars on that particular behavior.

You have that exactly backwards. Governments have no legitimate powers that are not specifically granted to them by the people. It's a default deny policy, with exceptions.

Re:hey, GCHQ employees

[girlintraining]

And yet the goal from that executive order boils down to gathering information to protect us against national security threats.

And the goal of that goal was to improve national security. And the goal of the goal of the goal was to make America strong. And the goal of the... (vomits)Yeah, okay -- moving the goal posts through abstraction. Be a little creative in your dodge. You said it, it was taken at face value, and it was patently absurd and obvious to everyone except you. The end.

Re:military. I didn't say their purpose was not to shoot and bomb people, but rather, that they have to exercise discretion in doing so.

Nope. You totally did. Copied it word for word. You should add extra reverse gears... back pedaling this hard can't be easy.

Re:naivety, I know what the spooks ACTUALLY do and why they do it, but that is different from how they have to sell themselves.

Okay, so... two moving goal posts and for the two point conversion... a No True Scotsman. Sigh. The quality on this site lately...

Re:hey, GCHQ employees

[king+neckbeard]

And the goal of that goal was to improve national security. And the goal of the goal of the goal was to make America strong. And the goal of the... (vomits)Yeah, okay -- moving the goal posts through abstraction. Be a little creative in your dodge. You said it, it was taken at face value, and it was patently absurd and obvious to everyone except you. The end.

It's not a dodge. They have to keep up the appearance of being legitimate, and their only legitimate operation is all that national security boogeyman jazz. If there is no reasonable threat to national security nor any reason to believe there will be one in the near future, there is no legitimate need for a national security agency.

Nope. You totally did. Copied it word for word. You should add extra reverse gears... back pedaling this hard can't be easy.

No, word for word was "Saying that the purpose of the GCHQ or NSA is to spy outside the country is like saying that the purpose of the military is to shoot and bomb people. That's what a large portion of what they do entails, but if it is justified in existence, it's going to need a lot more discretionary than that." I said that they do bomb and shoot people and that it makes up a lot of what they do, but their purpose isn't as broad as just simply shooting and bombing people, and it involves a lot of other things. Likewise, the NSA does spy on foreigners, but their nominal goal is not be to spy on all foreigners all the time and spy on all domestic communications that have some portion available outside of the US, and they also engage in other operations, such as security research. I'm sorry if you lack basic reading comprehension.

Okay, so... two moving goal posts and for the two point conversion... a No True Scotsman. Sigh. The quality on this site lately...

I'm not moving the goalposts. The claim was about what their purpose was, not what they actually do.and why. It's not a No True Scotsman because there is without a doubt a difference between what the public justification for their existence is (SCARY BAD MEN ARE GOING TO KILL US ALL) and the actual reason for their existence (Boeing's CEO needs a bigger yacht). The point of my argument was to point out that they are clearly falling outside of the zone of their operations being plausibly legitimate. While we all know the game, cold fjord seems to be forgetting that we all have to dance around the truth when it comes to what spooks do because it isn't something we can justify while still feeling like decent people.

Re:hey, GCHQ employees

[NicBenjamin]

Re-read my statement.

I said as long as the government follows it's procedures it is (by definition) not breaking the law. There's all kinds of paperwork required before the CIA can kill someone. As for the Fourth Amendment, it only governs the relationship between Americans and our government.

You can have your opinion all you want. But the simple fact is that Sovereign Immunity exists, and that in a career that has included enabling at least one instance of seven-figure mass murder, CIA agents have only been convicted of one crime. None of them will ever serve jail time for it.

Re:hey, GCHQ employees

[NicBenjamin]

Default deny or default grant is irrelevant. I specifically mentioned their powers were restricted solely by what their constitutions and other procedures required. If the globe's Constitutions are default deny, then the statement is true. Which means that as long as the hackers file the proper paperwork with their superiors they aren't criminally liable.

Moreover you're simply wrong on the facts. Many states have no enumerated powers. Canada's Constitution, for example, gives the Federal government supreme powers with two exceptions. Certain powers (16 of them, IIRC) are granted the provinces, and the "Charter of Rights and Freedoms" denies the government certain powers. In other words it's a default grant state. Most British colonies, France, former French colonies, etc. are all in "Default Grant" mode. The US is the unusual country here.

Hell, the UK Parliament could declare Cameron dictator, sell all his political opponents on the white slave markets of Morocco, and depose the Queen with a single act supported by 50% of the lower House plus one guy. They'd have to pass the bill over Lords' objections, but 50% of the House of Commons and one guy can do that shit. They won't do that, and if the Queen maneuvered right (and got some legal breaks) she could probably get Cameron officially fired and new elections scheduled before she herself got fired, but in the UK freedom is basically what you have until you piss off Parliament.

Re:hey, GCHQ employees

[NicBenjamin]

Act of War is a fairly specific charge. It's very well-defined. To my knowledge hacking isn't on the list unless said hacking does major damage to physical things. So hacking to get info would be fine, but hacking to shut down the Iranian nuclear program would be sketchy.

That said, I never said Italy or France couldn't make a big diplomatic fuss about the NSA/GHCQ/etc. They are sovereign states and they have the right to make a diplomatic fuss about anything they want. Since war is generally the logical extension of diplomacy that includes interpreting hacking as an Act of War.

What that does not do, however, is make it possible for anyone to arrest and charge an NSA agent for hacking.

Re:hey, GCHQ employees

[NicBenjamin]

1) isn't a crime. Seriously, there's no statute that says a government employee who breaks the Constitution goes to jail. Plenty that say he gets fired, but none that say he gets tried in a Court of Law.

2) is the default mode of operation in any large organization.

Re:hey, GCHQ employees

[Arker]

Eh, you might find the Italians alone have convicted more than one of them.

While they have a de facto immunity based on the unwillingness of the US Government to obey any law, and the military superiority associated with a military budget no one else comes close to. Operations like that are often clearly illegal and in some cases there is even an obligation to prosecute. But in the real world it is rarely pursued because there is no practical way to enforce a judgement, and courts are well aware that pronouncing judgements they cannot enforce just tends to make them look weaker.

But any student of history would tell you this is a very dangerous course for the US Government to be taking. It's hard to see much upside to it to begin with, and the downside is really a national poison. We have already poisoned our relations with friendly nations all around the world, and it appears to be our policy to simply continue doing so. One day, and we can argue over how long, but one day inevitably we wont be the hyperpower anymore, we wont be able to get away with this, and worse yet, the other players, some of whom will be in really good positions to mess with us... they are ALL going to hate our guts.

This is just viciously poor strategy.

Re:hey, GCHQ employees

[Pav]

There are most certainly decent people in the NSA and I'm sure the work is exciting, but this multi-nation surveilance state is a terrible weapon turned against the public. It's interesting looking back at the Manhattan project - because the work was so exciting Richard Feynmann, a decent guy, only realised what he'd done after it had happened.

Other surveilance states have collapsed from within in recent times non-violently... probably not so much because of the moral bankrupcy of it, but because of decades of experiencing the terrible practical repercussions. I REALLY hope it doesn't take us that long because the technology is getting too good.

Re:hey, GCHQ employees

[NettiWelho]

Seriously, there's no statute that says a government employee who breaks the Constitution goes to jail. Plenty that say he gets fired, but none that say he gets tried in a Court of Law.

That would be the case if the thing they were doing while violating the constution wasn't a crime in on itself. It is possible to get more than 1 year of prison for computer crimes so they would be extraditable.

If a police officer deprives someone of their right to life without the required conditions then the police officer is criminally liable for his actions.

Re:hey, GCHQ employees

[Joining+Yet+Again]

I find it odd that some people can be excited about anything once they have some awareness of the harmful results of their work.

I guess you can't become a brilliant specialist without blocking most factors from your thoughts.

"That's not my department," says Wernher von Braun.

Re:hey, GCHQ employees

[NicBenjamin]

Read a bit more carefully/ I didn't say one guy had been convicted, I said one crime had resulted in a conviction. And this was in Italy, which doesn't have a great criminal justice system. These are the people who once convicted Guy Stair Sainty of libel for pointing out that a guy with no connection to Portugal at all could not be King or Portugal; apparently mostly because said guy's lawyers convinced the Judge to send all the correspondence to a very old address so Sainty didn;t even know he was on trial.

Hyperpower or not is irrelevant. Russia has never been a hyper-power, Russia's KGB has done things worse then our CIA, and nobody went back and convicted those guys. The French behave worse then us in Africa on a fairly routine basis, and nobody has convicted those guys. Even as a hyper-power, countries like Cuba and Venezuela have no real fear of offending us, are clearly the target of CIA operations, and never have criminal trials.

Sovereign immunity is a very real thing. It means nobody can ever oppose a government without permission of that government. For example, to sue the US Government for violation of your Constitutional rights in US Court you have to get the government's permission. The government's response to your lawsuit constitutes permission. If they simply refuse to respond to the lawsuit your suit dies, because as sovereigns "fuck you" is a perfectly valid response to any and all complaints.

  If one country get pissed a government agent of another country they don't get to arrest the agent. They get to make a big diplomatic stink.

Re:hey, GCHQ employees

[NicBenjamin]

And again you didn't read anything I wrote.

You think the exact same criminal code applies to you and a government employee following policy. This is ridiculous BS, which you know because several examples of governmental employees committing crimes and not being charged with anything have been brought up. The Constitutional basis for this has been brought up. Your response has been to say jack-squat.

So here's my last shot. Undercover police commit crimes all the time. They sell drugs to establish credibility. They buy drugs so they can nail a dealer for dealing. They offer to sell sex.. They never get charged with those crimes unless they haven't done the paperwork properly, and gotten permission from their bosses. These NSA guys? Did the paperwork. Same for GHCQ.

This applies the world over, in every country, and to international law. The only exceptions are gross human rights violations (ie: actually killing people, all the NSA has been accused of so-far is compiling a database that would be really useful if it had a death squad division). Having your work computer hacked doesn't count.

Re:hey, GCHQ employees

[Arker]

"Russia's KGB has done things worse then our CIA, and nobody went back and convicted those guys."

Actually quite a few KGB agents have been caught and convicted and rotted in prison. Not all, or even nearly all, no, but certainly enough to prove your statement wrong. The US has caught a number of them over the years, but even much smaller and less powerful states such as Estonia have done it too.

Sovereign immunity is some real bullshit, but it does NOT apply here. Sovereign immunity is what is cited to prevent individuals from suing the federal government in the federal court system. It does not in any way shape or form prohibit a sovereign state from charging, arresting, convicting, and punishing those who commit criminal acts on their soil. Even your link says nothing of the sort - if you had researched the case that is referring to you would have known that it involved civil suits against a successor government directly for the acts of a former regime. It may be a flawed judgement but it doesnt matter - even taking it at face value it simply doesnt apply.

We arent talking about civil suits against regimes. We are talking about criminal charges against criminal actors. If you had actually read the judgement you would have noticed e.g. paragraph 87 specifically explains that foreclosing the former does not rule out the latter:

"The Court does not consider that the United Kingdom judgment in Pinochet (No. 3) ([2000] 1 AC 147; ILR, Vol. 119, p. 136) is relevant, notwithstanding the reliance placed on that judgment by the Italian Court of Cassation in Ferrini. Pinochet concerned the immunity of a former Head of State from the criminal jurisdiction of another State, not the immunity of the State itself in proceedings designed to establish its liability to damages."

Re:hey, GCHQ employees

[NicBenjamin]

If I was talking about any individual case I would have linked directly to it. I'm talking about the principle under international law by which governments are not legally responsible in the same way everyone else is. They sovereigns so they are immune. This means that (by definition) their officials are immune. I'm sure that if you look at any tree in the forest you can prove it's not really a tree as defined by you, but that doesn't prove there ain't a forest.

Estonia convicted one of it's citizens of crimes against humanity committed while he was a KGB Agent. "Crimes Against Humanity" exist specifically because if they didn't nobody would have jurisdiction to prosecute them, which means the fact you're bringing one of them up proves that (in general) government officials can't be prosecuted for their actions as long as said actions follow the procedures set forth in their laws. Moreover the "citizen" thing is incredibly important here, because NSA and GHCQ snoops are citizens of the US and UK, not OPEC countries.

To actually win this argument you're gonna need an example of a mid-level (ie: felony, but not a Crime Against Humanity-level felony) crime, committed by a citizen of one country, working for his government, while acting under orders his lawful superiors said were lawful, that resulted in charges in another country. You've got a single example, which only counts if you assume that Extraordinary Rendition was "sporadic," rather then US government policy, because if it was US Government policy then it's a Crime Against Humanity and all this becomes irrelevant.

Don't Panic!

Don't worry, this is the real Slashdot right here. I promise.

Re:Don't Panic!

[maxwell+demon]

Yeah, the NSA version is here. ;-)

Do as I say, not as I do

[Hamsterdan]

If I or any /. reader were to do the same, a pretty harsh sentence would await us.

Re:Do as I say, not as I do

[NettiWelho]

Spoofing websites is on the very low end of the scale of things theyre getting away with..

War crimes and crimes against humanity the Nazis were executed over come to mind.

Re:Do as I say, not as I do

[NicBenjamin]

So?

If I decided to execute some dude I'd be in huge-ass trouble. Yet Texas does that shit all the damn time.

It's the government. The shit it does is legal by definition as long as the correct internal procedures are followed.

Re:Do as I say, not as I do

[cold+fjord]

Do as I say, not as I do .... If I or any /. reader were to do the same, a pretty harsh sentence would await us.

Governments have many powers that individual citizens don't. I would expect that most people on Slashdot would have recognized this by now.

Does it make you sad that you can't imprison people, or tax them?

Re:Do as I say, not as I do

[tibman]

free train ride to your new home? new job as a science experiment? do tell!

Spoofed slash dot was easy to spot

[OzPeter]

There were no dupes, and all TFS's had perfect spelling and grammar.

Re:Spoofed slash dot was easy to spot

[ganjadude]

or maybe "they" are the reason for so many more dupes!

Re:Spoofed slash dot was easy to spot

[jrumney]

There were no dupes, and all TFS's had perfect spelling and grammar.

Actually, that's the real one. If you're seeing dupes, misspellings and poor grammar, and the articles seem to be a bit behind other sites, then it is probably a rushed retyping of the original.

Re:Spoofed slash dot was easy to spot

[cold+fjord]

There were no dupes, and all TFS's had perfect spelling and grammar.

Dude, that wasn't pseudo-Slashdot, that was Lake Woebegone.

""Well, that's the news from Lake Wobegon, where all the women are strong, all the men are good looking, and all the children are above average."" .... and of course, none of the stories are dupes, have afflicted grammar, or words misspelled. See you next week.

Re:Spoofed slash dot was easy to spot

[AHuxley]

What would that get them? Many OS would be running new updated heuristic behaviour tests as part of anti-virus settings just waiting for any such attempts?
i.e. get the browser and then what on a modern OS? Just pass the ip back and then?

Re:Spoofed slash dot was easy to spot

[Opportunist]

Dupes? There are dupes?

Did you maybe have a deja vu? Or can you be certain that you didn't read it on a spoofed page?

Tell me when I made you paranoid enough.

Re:Spoofed slash dot was easy to spot

[nherm]

When I saw a CowboyNeal option in the poll I knew that the GCHQ set up us the spoof.

HTTPS on Slashdot

[tepples]

I wonder if it would have been as easy for GCHQ to get away with it if HTTPS on Slashdot weren't a subscriber-only perk. Facebook and Twitter have gone all HTTPS all the time; why can't Slashdot? If ads are the problem, Google recently opened AdSense to HTTPS sites.

Re:HTTPS on Slashdot

Given that the spooks have almost certainly compromised all the major Certificate Authorities and can issue their own certificates at-will, I'm going to go with "No, it wouldn't make the slightest bit of difference".

Re:HTTPS on Slashdot

I think certificate pinning solves this provided your browser has seen the legitimate certificate previously.

Re:HTTPS on Slashdot

[AHuxley]

Re https ,br> Thats what smart people have been warning about for years. Once the nets basic cryptography is a junk standard thanks to gov - anyone can be anything online and its all perfectly trusted..
The ex staff, fired staff, mercenary, contractor - they all take the complex skill set with them and sell it.
Other govs, firms, foreigners with cash, faith groups with cash... thats why junk crypto is so useless - all the interesting people can pay to learn about the 'net' and always know to avoid it or create complex legends.
All the random silly people using terms and words they copy and past from other open news sites just get to fill gov databases tracking .com
Over time the UK will have a massive East German like database filled with many quotes and people. Did the rows of East German files alter the politics and mil of East Germany? i.e. great for tracking workers comments, people protesting outside churches.

Re:HTTPS on Slashdot

[maxwell+demon]

So if you type https.example.com in your browser, it will first try to access it by HTTP.

Of course, because you just happen to access a server called "https". Which is completely unrelated to the protocol you might want to use.
The correct way to use https is to write it as protocol: https://example.com/

Re:HTTPS on Slashdot

[mstefanro]

No, I meant what I said. "https.example.com" is an example of a host supporting HTTPS, yet the browser accesses
it by default as "http://https.example.com". You don't seem to have understood what I said at all.

Re:HTTPS on Slashdot

[mrchaotica]

What "legitimate certificate previously?" There is absolutely no reason that I'm aware of not to think the certificate authorities weren't compromised from the very beginning.

Re:HTTPS on Slashdot

[NicBenjamin]

You do realize that the UK already has an obscene amount of data on it's people?

Londoners in particular, can be tracked individually by the police if they so choose. I don't think they even need a warrant. In theory they could decide they wanted to find out what some random hot chick does every day, and they'd be able to follow her everywhere she went for as long as she was in London.As long as she's in public she's on one of their cameras. For most people (ie: the ones who don't discuss their illegal activities by text message or email) that's a lot more threatening then anything that either GHCQ or the NSA could do on the internet. If you add in some stuff on their use of cell phone towers you get some things that are as threatening in theory, but in practice they won't become that big a deal. And it's not a big deal for pretty much the same reason the cameras aren't a big deal:

Analyzing that much data takes a lot of analysts. The Stasi employed one half of one percent of East Germany's population. To get that many analysts in the UK you'd need 300,000 of them. You only have 200k in your active duty military (altho with reserves that goes to 380k). With computers you could probably automate a some stuff, but as databases get more complex you a) need more database gurus to make sure the data/hardware/etc. all stays working, and b) need to have a lot of actual people looking at your results who are smart enough to notice garbage. You're still gonna need a literal British Army (~130k) of analysts. You only have 500k or so people employed in the Civil Service.

Yeah if you fuck up and break the law, you're truly fucked. They have everything. If you look like you broke the law the data could be great or (in rarer cases) it could really suck. There's a lot of it, so if you're innocent something probably shows you're innocent. Even if the cops hate you your barrister should get access to the data, and if he doesn't suck you will probably get off. If your barrister sucks, and the cops/prosecutors charge you anyway the data will make you look very guilty.

Re:HTTPS on Slashdot

[KiloByte]

Even worse, browsers introduce regressions like a Chrome's misfeature than came to Firefox as browser.urlbar.trimURLs. It really needs to go, yet it not only exists but defaults to true.

Let's all vote on bugzilla bug #691147. Seriously, it's time to switch the default to https, rather than making everything but http a second-class citizen.

Re:HTTPS on Slashdot

[WaffleMonster]

b) add some proper authentication and encryption in HTTP2.0 instead of bitching that it's the wrong layer. it's clear no-one is going to adopt HTTPS
                  widely anytime soon; most websites require you to login, meaning you can perform encrypted key exchange (EKE) with them, which allows for two-way authentication, plus encryption optionally;

Lets not even think about it. Not only is it the wrong layer inventing new protocols that don't even exist yet thinking they will be adopted any sooner than throwing the switch on SSL on existing systems is about as silly as not caring about it being the WRONG LAYER.

A solution is mostly implemented in the form of TLS-SRP. RFCs already written, SSL toolkits already support it, patches exist for major browsers and web severs such as Apache already support it.

Using a TLS-SRP patched browser you enter your login credentials for Slashdot into a browser login field - it then goes out and establishes a secure connection to Slashdot based not on certificates / CA shenanigans but upon mutual knowledge of a common password.

Re:HTTPS on Slashdot

[AHuxley]

Yes Nic, it was always interesting in the UK. From the first staff asking legal questions about UK satellite call tracking and local UK calls mixed in back in the late 1960's.
The computers kept running and everything was just fine. Then came voice prints from the US drug wars in South America (for wider use). CCTV tracking, cell phone decryption and finally the bulk of all UK internet traffic per day.
As for the use of analysts, you have a lot of private sector pre sorting for 'advertising' contracts that can cover some aspects of any group for a well funded gov 'front company' that pays on time, every time.
That would provide a very clean, formatted, neat input over years. You would also have 'talks' with the tame private sector on "legal" sharing. The data in could be managed much more carefully allowing fewer gov analysts. New US super computers, better software could help with some tasks.
Recall how the US gov worked on telco data, the telco kept the data and special telco staff where on hand to 'sort' as needed with a few US gov people been in on the results.
The problem for East Germany was the good computers they had where for sending daily reports/files back to the Soviet Union.
The rest was magnetic audio tape, paper files, induction from per person phone lines, some optical splitting for West Berlin links, efforts with early consumer computers.. The cash and hardware was never ready in time.
The UK and US shows what larger budgets would have done. You keep it all and can really sort it. East Germany could really just add to files and hope staff where not reporting on their own gov missions.
In the end East Germany had one option - order the ~tanks in and trust their 'special forces' mil would clear the streets as ordered. Informants and gov staff working undercover would have been hard to pull out in time. Western TV would be on the rooftops with some of the footage making it out.
Young protesters had also done their mil duty and knew what they faced and how ~tank crews would respond.

Re:HTTPS on Slashdot

[wvmarle]

For that part, the problem lies with the browsers.

I still think this whole "signed by trusted CA" is nonsensical. Instead. a browser should do a different check: is the certificate we have on file from the previous visit to this site, the same as the certificate the site presents us now? If not, something is fishy (unless the old certificate has expired, or the new is signed with the old).

Such a simple check on the client side would completely thwart any such buying out of a trusted CA.

The chance that your very first visit to a site is compromised already, is extremely slim, as an attacker would have to lie in wait hoping to intercept traffic that may never happen. That chance may be even smaller than the chance of a CA being compromised (which we know actually has happened before).

Re:HTTPS on Slashdot

[advocate_one]

I drive past 6, yes 6 fscking ANPR cameras every day. All set up by our wonderful police as a crime fighting measure to cut down on organised crime and to give the crims nowhere to hide. Doesn't fscking work, the crims use stolen cars or cloned number plates for a job.

Meanwhile, there's a massive amount of data available for trawling on any numberplate that comes to their attention. Security services want to know where you've been? Easy, they just do a search against your plate... Apparently retention of data has been justified by them having "solved" murders by examining the movements of the suspect to bust their alibi...

C.U.N.T.S... the powers that be that is...

Re:HTTPS on Slashdot

[Guest316]

Analyzing that much data takes a lot of analysts.

If only there were some sort of computing device which could, with what one might call "programming," do all sorts of tedious analysis automatically for us. I guess it's lucky for us that everything still needs to be done manually by humans.

Re:HTTPS on Slashdot

[kasperd]

There is absolutely no reason that I'm aware of not to think the certificate authorities weren't compromised from the very beginning.

Even if you had compromised a CA, there would be a huge risk of being exposed the very first time you abused it. You have to send a legitimate certificate to the site owner, otherwise they would not be able to setup their https site in the first place. However a CA cannot abuse the legitimate certificate because they don't know the corresponding secret key. So in order to do any abuse, you have to forge another certificate.

Now there are two certificates each of which is definitely visible to a small set of legitimate users. If certificate pinning was widespread, then that would be enough to guarantee exposure. We just need a standard for chaining the legitimate certificates over time, such that certificate pinning can work well when the legitimate certificate is replaced with a new legitimate certificate before the old has expired. Ideally it would be designed in a way, that does not require cooperation from the CAs, because they might be afraid of losing control, if such a chaining was readily available.

It is useful and important to focus on as strong security against passive attacks as possible, even if it doesn't improve security against active attacks. Strong security against passive attacks will mean active attacks are needed in more cases, and it also means it is hard to make those active attacks well targeted. And systematic active attacks is both difficult to pull off and also easily detected. Additionally widespread deployment of cryptography, which is only resilient to passive attacks is easier, since it does not rely on key distribution.

It is just important to ensure that you still do use methods secured against active attacks, when the extra security is really needed. Additionally protocols must be designed such that an active attack is required to find out if a connection was protected against them. If you can passively tell if a connection is secured against active attacks, then passive security is practically worthless.

Re:HTTPS on Slashdot

[NicBenjamin]

Have you ever actually dealt with that kind of data? I mean really dealt with it?

I have on political campaigns. Computers really cut down on the number of grunt-secretary-types you need, and if somebody's doing something predictable they can even do low-level analyst work. And you don't need to do that much analyses -- you're only really trying to figure out one thing, after all. And generally the data points (aka: people) you're talking aren't trying to thwart you. Either they love you in which case they want to make your database buetific, or they hate you and your database and just want you to go away. In the latter case they aree cooperating with you even if they tell "Fuck off, I believe in the Second Amendment and you are a fucking huge target," because the data the database needs on that dude is that he ain't voting Democratic.

But if I was a cop Out to Do Evil, and I was investigating people Out to Stop Me, it would be several orders of magnitude harder. The algorithm is predictable. The people I'm doing evil to aren't fucking morons. If they can confuse the prograkm's ties to video sensors siimply by changing hats between cameras they will start to do that shit. The only way I'll find out that is what they are, in fact, doing is by having an analyst go over all my video data. If I start taking down everyone whose made three calls to Yemen from the same phone number, people will start using burner phones for precisely two calls to Yemen, then exchanging them for a new number. If I don't have analysts going over the data from cell phone stares I won't know that.

And that assumes the technology actually works. Several of the databases I described would be too big for SQL. So you'd probably need a program that could a database in some fairly unique format, take the data from that and use it in a search query for a database of another format...

In theory it's all doable, but it's not trivial. The video-recognition database in particular doesn't seem to be possible with current computer technology, especially in fucking rainy Britain where it's always fucking raining, which means the face-recognition tech has to be able to tell like 5,000 different 120 lb Girls in yellow raincoats apart. From every angle, in every light condition, in the rain, etc. It would be pretty goddamn impressive if they created a product that could tell ethnicity by computer algorithm in all these weather conditions (ie: it can tell the Jamaican Londoner from the Pakistani from actual ethnic English people).

This is the kind of project that takes a big institution like the government 30,000 man-years. And even then there's only a 50-50 shot it works.

Re:HTTPS on Slashdot

[NicBenjamin]

The problem with using private contractors in this is that private contractors are fucking expensive. State-side they don't get government benefits, so they demand a higher salary then government drones. Their HR and other administrative stuff has to be paid for out of the money the government is spending on them.

So if you need 100k contractors to do data analysis on your Evil Spy Program you're gonna be spending $10-$20 Billion a year. You've also got 100k potential snitches.

If it's actually closer to the 300k number I mentioned, and they get paid Booz-Allen prices, we're talking a $50 Billion program.

I'm not saying we shouldn't stop the NSA, but I am saying that al this comparison to the Stasi is a bit overblown.

Re:HTTPS on Slashdot

[AHuxley]

Workers at telcos and ISP's would just see a list of court ordered requests to watch accounts for different reasons and task forces.
A trusted person tells them its legal and its just another day at the office entering telco/isp codes.
The counter signing and paperwork surrounding each request would ensure no worker would ever feel it was not legal, had not been seen by many other cleared staff.
Any 'questions' been picked up at an early stage - well before the ISP/telco level to ensure a sound conviction.
That would allow super computer to do the rest via dedicated hardware.
The evolution of the GCHQ is basically a set by growth 'jumps' with emerging US tech.
First you can only watch Soviet mil and have to be exact in what you extract from the telco system. Then you can only watch all international calls. Then you can only watch all international and domestic calls. Then you can only watch aspects of the internet. Then you can only watch the full internet for days....
Budgets and hardware prices did hold the GCHQ back post ww2 till the 1980's in some areas. The skill set and total understanding of crypto and the entire global telco network was always waiting for new hardware.
A file can be very compact. A call list, friends and family, the hop to all their friends and family. Any phone number of interest/fax/email/bank accounts/instant messenger users/ip/web sites noted, political interests, voice print, photo, travel, crime, languages, faith, thought crime - could all be compressed and be very searchable and easy for a super computer to track and add to.
Most of the above are just simple strings or link back to very complex files and operations. Until you make the wrong call, visit the wrong site, the instant messenger has the wrong IP/keywords, your bank/voice print/holiday pops up and your file grows :)
Then you need a real human or linguist.

Re:HTTPS on Slashdot

[Guest316]

Big government agencies with huge budgets have no more computational ability than some random volunteer DBA with a handful of Leenoks desktops, and will never surprise us by being able to do things we thought undoable.

Yes, that sort of thinking has never come back to bite us later.

Conversely, bad guys all have amazing telepathic powers which permit them to instantaneously know the methods used to track them and take evasive maneuvers.

Interesting reality you inhabit.

Re:HTTPS on Slashdot

[mstefanro]

I wasn't aware TLS-SRP patched browsers exist. In any case, these mechanisms will likely be adopted only if they can be embedded in HTML. Few designers are going to sacrifice their fancy login form for that ugly-ass browser window that asks for credentials. But allowing proper authentication in HTML forms would imply that you get all or nothing. Either all HTML forms that contain an input type="password" must use TLS-SRP for sending the credentials, or this cannot be adopted. Otherwise a MITM would simply alter the form to switch from secure authentication to plaintext authentication.

Re:HTTPS on Slashdot

[NicBenjamin]

You really not helping your case by ignoring all the actual facts I mentioned. I never said the government wouldn't have more computational ability or resources then a campaign. I didn't even imply that. I said I'd worked with this kind of data on camapigns, and I'd learned it's not the kind of data that is trivial to turn into computer algorithms.

As for the "bad guys," that's a phrase that kinda implies you aren't actually reading my case. I didn't say the guys opposing our Stasified-British Government were bad guys. If the British state turns into a Stasi nightmare then those opposing it would be (by definition) good guys. In this case the good guys don't have to be psychic. They just have to be cautious. Everybody starts out using burner phones. Eventually people get sloppy, and then you find out roughly the number of calls that need to be made on a burner phone before the StasiBritState figures you out. Why? Because you know Bill made lots of calls and he's dead, but Amy isn't and she only makes five. This is how every resistance movement, ever, in the history of mankind, has operated. If the Stasi are doing this shit on the cheap and not aggressively changing their algorithms they will be figured out within six months.

Hell, you're so inept you agreed with my point. I'm saying that just HAVING the data is not enough to create a Stasi nightmare. They must also spend lots of money/manhours/etc. analyzing said data. You brought up huge budgets. There are campaigns with multi-Billion budgets, mostly spent in the last few months, for $10 Billion+ on an annuallized basis. Since you contrast this with government budgets you just agreed that my $10 Billion or so extra funding in the UK budget for GHCQ would be the minimum they would need to make this work.

You might actually have to think in your next post, rather then snarking, or you'll accidentally agree with me again.

Re:HTTPS on Slashdot

[Guest316]

It's interesting to look through your posting history and note just how many of your comments start off accusing someone of not reading/understanding your previous post. This may be a point worthy of introspection on your part, if your purpose isn't intentional antagonization.

I've no interest in battles of will. I made the points I intended concisely, and that's enough.

Re:HTTPS on Slashdot

[NicBenjamin]

The reason I accuse people of not reading or understanding my posts is because they don't. They have a script for how these debates go in their heads. Most of the time the script is accurate. But it's not for the posts I make, because I actually debate. That means I have changed my position when it is proven wrong, which means that you will have to actually think to prove my current position wrong.

As for your points, they didn't exist. Your argument was a paraphrase so far off that it was a lie, and supremely unfunny snark.

You expressed some distrust of the government, especially the high levels (like the Feds). That's not totally unjustified. It's certainly the main point of bad British sci-fi like 1984 and Clockwork Orange. However Slashdot is an American site. You should know that almost all actual oppression that America does to it's citizens is actually carried out by lower levels. In the most extreme cases it's actually individual assholes who do it. The government's involvement is restricted to carting away the corpses and telling the survivors, "that was stupid of you, you know we can't convince a Jury that giving a bunch of Indians blankets laced with smallpox is a crime, but you took the blankets anyway; clearly you are barbarians who did not deserve to live anyway."

So let's say you win this issue. Completely. 100%. Federal records can only be used in court cases after a ridiculously rigorous warrant process. Then let's say an asshole wins the White House. What happens?

He's got tons of asshole friends who don't have to prove anything to a Judge. They're dues-paying members of the Asshole Party, not public officials. They've got asshole allies in most state governments (even after a disastrous 2010 election Obama's Democrats controlled 13 states). The ridiculously complicated warrant process will be blamed by the Feds for their failure to catch any number of criminals. Which means our asshole President doesn't need any real powers top crush his opposition. He doesn't even need a super-secret, secure database of everything everyone does. He's got a political party. It has people in every City, suburb, small town, etc. It knows who the Asshole Party members are. It knows who isn't. It knows you aren't, and that you threatened to kill the Asshole Party volunteer who knocked on your door. The Party has a perfect excuse to start it's own militia (the Feds can't protect us due to that new warrant process), a bunch of willing asshole volunteers, states that will not prosecute, Feds who are under orders not to prosecute, etc.

And, unlike super-good database technology tracking everyone leading to Bad Things, this shit has actually happened. It was slightly different the Asshole Party of 1876 got the Anti-Assholes to agree to look the other way as they imposed Jim Crow on an unwilling South (at the time both South Carolina and Mississippi were majority black, and most other southern states were 40% black, so it's unlikely a fair referendum would have resulted in Jim Crow).

SSL

[dido]

I suppose using HTTPS would have helped even a little, if Slashdot ever bothered to do so. The victims might have noticed that the certificates changed, even if they did check out, most especially if they used HTTPS Everywhere. They couldn't just foist off an SSL cert for Slashdot signed by some other CA (or even the same CA) then: the SSL Observatory would have noticed the change in the certificate the way SSH notices that public keys to servers you connect to change. Unless of course Slashdot gave its (non-existent) private keys to GCHQ, in which case all bets are now off. Why browser SSL doesn't automatically cache certs the way SSH does and warn if there's a change that doesn't involve certificate expiry or revocation is something that isn't quite clear to me.

Re: SSL

[Jakeula]

SSL didn't seem to help LinkedIn. They use ssl and they successfully spoofed that.

Re:SSL

[gnoshi]

Being notified of the 'duplicate' responses from the server would have helped too. That's not a normal running condition.

I don't mind so much that browsers don't cache SSL certificates and notify of changes, but it is a shame that the server can't request that behaviour (using something like HSTS).

Re:SSL

[gronofer]

The SSL Observatory wouldn't notice a change in certificate if it was only targetted against certain individuals. The CA system is counterproductive if compromising a single CA is all that it takes to disable SSL against any chosen target.

Re:SSL

[tomtomtom]

The victims might have noticed that the certificates changed, even if they did check out

Actually, only half the victims could have realised this (at least directly). The websites being spoofed are victims here as well - after all it does your reputation no good at all if someone spoofs your website to serve malware. Best case, you look like an incompetent admin; worst case, someone thinks you did it deliberately and starts telling a lot of their friends. It's akin to a murderer framing an innocent party for his crime - that innocent party is a victim of a crime too. I suspect these agencies have legal immunity unfortunately but if I had proof this had happened to a website I owned, I'd be thinking about what legal redress I could seek.

Re: SSL

[thetagger]

Linkedin does not use SSL consistently and it's vulnerable to downgrade attacks. People are discussing this in several fora and Twitter at the moment.

Re:SSL

[Burz]

HTTPS doesn't cache certs because that would create a prompt whenever you visited a secured site for the first time... and we can't have that. There is always this attitude in software design that regular users can't be bothered with even the slightest bit of key management.

Against that background, some popular sites like Google started changing their certs so frequently that even I was getting tired of seeing the alerts all the time.

On the whole, I think its just best to regard the Internet as a hostile environment and browse most sites using a hypervisor-based OS like Qubes. They can have their 'exploit' on my system... temporarily in a small corner of it.

Re: SSL

[Frosty+Piss]

I'm sorry, "fora"?

I'll bet you used to say "boxen", too.

You have revealed yourself as a douchbag.

They specifically chose these jobs

[Marrow]

so they wouldn't HAVE to be productive. All they have to do is listen and let the money roll in.

Almost Cut My Hair

[wrackspurt]

And I'm not feelin' up to par
It increases my paranoia
Like lookin' at my mirror and seein' a police car
But I'm not givin' in an inch to fear
'cause I promised myself this year
I feel like I owe it to someone

I bet a lot of /.ers are mentally running through some of their past posts right about now. Where did I leave that tinfoil?

Re:Almost Cut My Hair

[Bite+The+Pillow]

Nope. I joined repeatedly, and earned positive karma repeatedly, with many accounts.

Bunch of deleted stuff... you can leave your past behind, if you are willing to leave your past behind. Most people aren't, and that's what everyone against you is counting on.

Kill your wife, or child, or countryman, or government, or celebrity, or friend? I count on you to be strong, while the perpetrator counts on you to be weak.

Everyone should be mentally reviewing their activity. and if it should be censored or stopped, then don't say it or do it. Breathe or don't, type or don't, speak or don't... live or don't. Decide your own fate, and decide your actions accordingly.

Are you searching the internet for something that supports your view? Then consider if you are wrong. Are you repeating something your parents told you, or something you learned ten years ago or more? Consider that society has learned some things since then.

Put on the foil if you must, but appreciate that your own mind can come up with facts, consequences, and conclusions, if you do not submit your mind to input from adversarial forces.

What will they stoop to next?

[RDW]

That's a pretty sophisticated hack. Looks like they've gone as far as setting up an entire site that looks superficially like Slashdot, but is full of grotesquely dull stories apparently designed to warp the minds of unsuspecting IT professionals - obviously some sort of psyop strategy, but to what purpose?:

http://slashdot.org/topic/bi/

Re:I knew it!

The idiots are all quite real, it is the intelligent responses which are fake.

Luckily, we have folks like you to "keep it real" for us!

Internet...broken?

Time to start from scratch, and start a large-scale redesign of the Internet and its protocols, to try and better secure users from surveillance/attacks?

Tor and other fringe security protocols/networks won't cut it, and getting people to use very-user-unfriendly encryption tools won't happen - nothing short of a mammoth redesign, far surpassing the resources/scale of the IPv6 changeover, is going to come anywhere close to repairing the damage.

There's no going back now - it's already too late to salvage what we have, because it has already been completely and irrecoverably 'owned' - the NSA broke the Internet.

Re:Internet...broken?

[WaffleMonster]

Time to start from scratch, and start a large-scale redesign of the Internet and its protocols, to try and better secure users from surveillance/attacks?

In my view the most dire issue facing the network right now is handful of content companies owning majority of network traffic. People have to run their own servers and get involved with the network again. There is no meaningful technological solution for aggregation of power in the hands of a few media companies caused by laziness and lack of engagement. Those with the skills need to work to make it more accessible to those without the time or inclination to learn.

Tor and other fringe security protocols/networks won't cut it, and getting people to use very-user-unfriendly encryption tools won't happen - nothing short of a mammoth redesign

The structure of the current net at IP layer and below is architecturally about right as far as I'm concerned. 100% untrusted, 100% untrustworthy. All the network needs to do is forward packets with some degree of assurance they will be delivered.. the rest is up to us users.

far surpassing the resources/scale of the IPv6 changeover, is going to come anywhere close to repairing the damage.

I think if we're smart about it IPv6 becomes a huge part of the solution. Whatever the future of the net and accompanying protocol soup look like maintaining a network of peers where any one can talk to anyone else is the most powerful tool we have to avoid oppressive tendencies of various less than perfect governments.

There's no going back now - it's already too late to salvage what we have, because it has already been completely and irrecoverably 'owned' - the NSA broke the Internet.

If you were talking specifically SMTP or SSL CA's I would agree with you. More generally all is not lost and all does not need to be replaced.

Re:Internet...broken?

[Burz]

Time to start from scratch, and start a large-scale redesign of the Internet and its protocols, to try and better secure users from surveillance/attacks?

Tor and other fringe security protocols/networks won't cut it, and getting people to use very-user-unfriendly encryption tools won't happen...

The redesign of the net has to start at the fringe: An establishment-driven scheme will just get us worse surveillance and intrusion than we currently have.

I2P is an 'Internet' designed on P2P principles that has security and anonymity built-in. It 'cuts it' because although it has Tor-like onion routing, its also highly decentralized such that it also works a lot like bittorrent. In fact, you can fully torrent over I2P and a torrent app is built-in. A DHT-based email system is also available.

OTOH, IPv6 is yesterday's protocol. I can't tell it to transport only with encryption, or how many hops I want a particular application to use (trading off anonymity vs speed). I can't have my own address (or multiples) that can also be used to verify my identity cryptographically. Mostly, I can't have an identity where I choose the level of privacy I have (anyone watching the backbone can figure out exactly who I am by just monitoring me for 20-60 minutes).

Re:Internet...broken?

[Burz]

I2P is not like Occupy. Its more like Bitcoin (which interestingly has a presence on I2P). And like holding more than one currency, I do think people are capable of running a networking alternative on the side to communicate with their peers; at the very least, techies should do it and that's how the best tech trends get started anyway.

I2P also doesn't have the proxy liability you mention about Tor: Everything is encrypted end-to-end. All the traffic you route for other nodes is like being a 'relay' on Tor; you have no way of knowing what the content is. There is no implicit trust necessary-- only the trust that you may or may not wish to assign to the party you are communicating with on the other end of the link.

Re:Internet...broken?

[Burz]

The structure of the current net at IP layer and below is architecturally about right as far as I'm concerned. 100% untrusted, 100% untrustworthy. All the network needs to do is forward packets with some degree of assurance they will be delivered.. the rest is up to us users.

This may be a good assumption for way points that build a network infrastructure, but it is unacceptable to Alice and Bob (e.g. the endpoint users of a network). IMHO, only a layer that is based on crypto and creates identities (addresses) that are both strongly immutable (can't be tampered with) and anonymous has a chance at succeeding, which is why I mentioned I2P elsewhere in this thread. I2P assumes that each hop on the network may be untrustworthy, but it also enforces encryption end-to-end thus allowing Alice and Bob to build/assign trust to each other as they see fit without worrying their communications are going right into a state surveillance algorithm. Such a network layer has permitted the building of fully anonymous bittorrent and decentralized (DHT-based) email.

And still no SSL support fon /.

[xaosflux]

If /. had even basic ssl support, at least a possible forged certificate could have been revealed.

Re:And still no SSL support fon /.

[Burz]

If /. had even basic ssl support, at least a possible forged certificate could have been revealed.

They're too cheap. Slashdot had an interesting start with slashcode, but since then we've mainly seen a layout redesign. You'd think that turning on SSL would be simple today and it scarcely adds any load to modern systems, but there is always that one last 'hard' thing about it: You have to safeguard your private key(s).

Similarly, if /. were interesting in keeping its readers safe they might have opened a mirror on I2P or Tor by now.

So read your Slashdot, etc. in an untrusted Domain on Qubes instead. This is the era of the hypervisor-based OS now.

Re:Waht about LinkedIn?

[Press2ToContinue]

Linked-who-what?

Please stop calling them Attacks

[Press2ToContinue]

They are frauds. The NSA perpetrated a fraud with these actions. This helps to clarify that these acts are illegal. Fraud is illegal.

Thanks,

Re:Please stop calling them Attacks

[mysidia]

OK

The British spy agency GCHQ generated and sent fraudulent messages over the telecommunications network purporting to be from Linkedin and Slashdot to targeted employees' computers, through their internet connection; in order to deceive their targets and their computers' in order to exploit security vulnerabilities causing their computers to execute covertly planted software with a malicious intent.

After targets were defrauded into having covert malware planted on their computers; the software would then cause targets' computers to transmit their most private and sensitive information, against their will, without their permission or knowledge.

Rogue governments !!

[Taco+Cowboy]

The term "Rogue" is used to denote "dishonest and/or unprincipled".

They used to put USSR, China, North Korea under the "Rogue Government" category.

Both the governments of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

IMHO, it's time we should include the government of the United States and that of United Kingdom under the "Rogue Government" category.

And btw, if you see the performance of John McCain, especially how he tried to blame Edward Snowden, you would understand how ludicrously pathetic American politicians have become ...

... McCain also said he was convinced that Snowden gave all of his information to Russia ...

As an American, I am beyond furious ...

Re:Rogue governments !!

[Nerdfest]

McCain is a first class weasel to begin with. I remember watching one of the presidential debates, ranting about how the government had paid 40K$ or something for a lightbulb, not mentioning that it was for a planetarium projector.

Re:Rogue governments !!

McCain may be correct, but he isn't right. Snowden was likely incorrect, but he was right. This is why Snowden is now a hero, and McCain is at best now a fallen hero. That's the sad truth. The intel side of the story, in many ways, is more window dressing. As is the doomsday talk of the intel methods being compromised. State secrets are of the most fleeting kind. As are the means to compromise them. Honestly, all things considered, I rather wish the US/UK's spy agencies were rendered largely useless. But, then, it's not very clear that they were ever very useful--at least, not to the citizens.

Re:Rogue governments !!

[skegg]

Both the regimes of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

FTFY.

Re:Rogue governments !!

[TrollstonButterbeans]

And you think J. Edgar Hoover was a straight shooter in the 1960s? What about "Carnivore" snooping on all internet activity in the 1990s? Why are there CCTV cameras everywhere in Britain? What are those very tall telephone poll looking structures in the United States on the highways with a little glass dome at the top? (Hint: Cameras!)

Governments are always nefarious and untrustworthy entities when it comes to surveillance.

Not "even in a democracy" but "Especially in a democracy" because keeping tabs on citizens is more important in a democracy because perception affects political distribution of power even more.

This isn't new --- we are just noticing it more ...

Re:Rogue governments !!

[WindBourne]

And yet, it came out that ALL other nations act the same way. Brazil, and Germany having been outed recently. And to be honest, it is A GOOD THING that they do. It allows each side to know what is going on.

Re:Rogue governments !!

[WindBourne]

yeah, so few ppl do not realize that outing information about spying on Americans was whistle-blowing, while spilling information about our actions on other nations (which was legal per US law), turned him into a traitor.

Re:Rogue governments !!

..Why are there CCTV cameras everywhere in Britain?

Err, there aren't.

Look, you (pl) keep throwing this one up, I'm in Britain, and the nearest 'state' CCTV cameras to my current location are a mile and a half away, and I stay in a major town. The nearest CCTV camera to my home location is approx 1,300 feet away (as the Google Earth ruler flies..) and it's pointed at a bloody 'Doo hut'.

My place of employ?, internally we've cameras everywhere (and I run 4-8 of them), the industrial estate we're located on is surrounded by a ring of the buggers, guess what?, none of the fucking things work (and they haven't done so now for a number of years..7+ years now).

Yes, Britain in parts (hello London, Glasgow, any other 'metropolitan' area and the major road networks) may have an inordinate number of CCTV cameras, but they're not 'everywhere in Britain' and not any more so than any other country.

If you truly want an example of Panopticon levels of CCTV surveillance, try Monaco.

Re: Rogue governments !!

[Zontar+The+Mindless]

What's funny is that you seem to have your own special definition of "rogue" that you've forgot to share with the rest of us.

Re:Rogue governments !!

[wvmarle]

Stupid guy

He should have talked about the light bulbs on the ISS. If you include transport cost, they're probably even more expensive. And that may not even be that special bulbs.

Re: Rogue governments !!

[clickclickdrone]

I'm in the UK. I recently stopped and looked around near where I work and counted 27 cameras. Ten were pointing directly at my location. They may or may not be active but they are there OK.

Re:Rogue governments !!

[erikkemperman]

yeah, so few ppl do not realize that outing information about spying on Americans was whistle-blowing, while spilling information about our actions on other nations (which was legal per US law), turned him into a traitor.

So... Here we have a government agency, which is funded by taxpayers, going completely off the rails and spends fortunes on snooping potential terrorists like the leaders of Germany, France, Spain -- not to mention entire countries which are supposedly allies. And you are saying it is not in the interests of the US citizens to know this?

I see the distinction you make, I really do. But this is still whistleblowing, by my reckoning; it is public money being spent on ludicrous targets.

Besides, I am convinced that if the US public had reacted to the first batch of leaks (you know, the one which you did still consider "proper" whistleblowing) with anything more than the shameful apathy now on display, Snowden might not even have released any more.

His goal is to put a stop to the NSA's operating beyond its brief (to put it mildly). When US citizens, in whose name this is all allegedly done, refuse to do something about that -- well, I don't fault Snowden for trying to put some international pressure on it.

Re:Rogue governments !!

[Pino+Grigio]

Just so I understand, you're furious because your government and its allies are spying on people who are involved in one or more of their vital national interests. Your "fury" and "principles" are naive at best.

Re:Rogue governments !!

[Pino+Grigio]

I wonder how many wars and international disputes have been prevented by one or both sides knowing what the other side is up to? Can you imagine if in 1914 we'd had SIGINT about Austrian and German intentions? Perhaps World War 1 could have been prevented.

Re: Rogue governments !!

[myowntrueself]

I'm in the UK. I recently stopped and looked around near where I work and counted 27 cameras. Ten were pointing directly at my location. They may or may not be active but they are there OK.

Soon everyone in the UK will start wearing masks to get a sense of privacy.

(see Michael Moorcock, Hawkmoon)

Re:Rogue governments !!

[nospam007]

"But it's not only the USA or GB. At the moment, Merkel & friends are trying to get away by throwing a fit, as if they didn't know. "

Merkel didn't know. She used her unencrypted party-cellphone for a decade for state business in clear violation of the rules and guidelines. She was warned repeatedly but choose to ignore it.
Any other official would have been sacked on the spot for that.

Re:Rogue governments !!

How is U.S. law relevant when those actions were not in the U.S.?

Edward Snowden revealed that U.S. government agencies have performed illegal and immoral actions. The people that ordered those actions are traitors, not the messenger.

Re:Rogue governments !!

[stenvar]

Both the governments of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

So have most of the other governments in Europe and elsewhere.

And btw, if you see the performance of John McCain, especially how he tried to blame Edward Snowden, you would understand how ludicrously pathetic American politicians have become ...

US politicians have always been this pathetic. The difference is that they now run more than 40% of the economy (25% at the federal level) and control what you eat, drink, and do in the privacy of your own home. The solution is not to hope for less pathetic politicians, the solution is to reduce their power again to the levels they used to have.

Re:Rogue governments !!

whether that information revealed illegal activities

When the bad guys are the ones who decides what is legal and what is not, "illegal activities" becomes a meaningless measurement.

You might as well say that Saddam Hussein did nothing wrong, because he never illegally had anyone killed.

Re: Rogue governments !!

[MRe_nl]

Just a guess, he thinks the biggest guy in the room should be called "tank"? I personally think a point could be made for "rogue leader" or perhaps just "obese" ; ).

Re: Rogue governments !!

[bfandreas]

How many of those are privately operated and how many of those are courtesy of Theresa May?

The privately operated CCTVs are mostly unwatched and the businesses will only look at them when there is a need because honestly, they don't make money. They are propably writing over the same tape over and over again and I wouldn't be surprised if most of the material were completely useless.

They are a bit like a backup process a company has set up a couple of years ago and nobody testing the actual backups or even looking at the logs. When push comes to shove they propably are useless. Unless of course the London Underground ones. The ones pointing at a bus stop in Derby most likely are useless.

Re:Rogue governments !!

[peragrin]

the problem there is no group that wants to actually do that.

You would need a massive campaign to get out to the people with the right and very simple message, detailing very simple requirements, to force enough people to demand action.

The tea Parties response to curbing these leaks is larger government. The republican response to curbing these leaks is larger government. The democrats don't care for the larger government but they are not opposed to it either.

Re:Rogue governments !!

[stenvar]

You don't need "massive campaigns", you just need to do something. In every primary and every election, there are candidates supporting lower taxes, cutting programs, and smaller government; vote for them.

Oh, and expect that anybody who advocates smaller government will be demonized, because both Republicans and Democrats see their money threatened.

Re:Rogue governments !!

[isorox]

Stupid guy

He should have talked about the light bulbs on the ISS. If you include transport cost, they're probably even more expensive. And that may not even be that special bulbs.

The ISS? The Russian space station?

Re:Rogue governments !!

[Edzilla2000]

Look up the acronym. Hint: the first word is "International"

Re: Rogue governments !!

[umafuckit]

Not the point, I'm getting at the 'cameras are everywhere in Britain' blanket statement I keep seeing here, when, manifestly, they aren't.

You're quibbling with definitions. They may not be everywhere but there are a fuck of a lot of them and they're breeding. The number of cameras per person is very high in the UK: http://news.bbc.co.uk/2/hi/uk/8159141.stm

Re:Rogue governments !!

[isorox]

Look up the acronym. Hint: the first word is "International"

Yeah, and how many of those countries can send people there?

Re:Rogue governments !!

[Edzilla2000]

The US, Russia, and pretty much all the key members of the European Union, at the very least. China probably, and I would say India as well. That makes it pretty international, and not "Russian"...

Re:Rogue governments !!

[tibit]

Never mind that legacy CCTV, as currently deployed, is pretty fucking pathetic. Anyone who has ever looked at the footage will attest to that.

Re:Rogue governments !!

[Carewolf]

Who actually _sends_ them there? Only Russia and US ever had the capability but the US has cancelled the program that can actually send men there.

It is still an international space station, it just happens to be under effective Russian control as they are the only ones able to service it.

Re:Rogue governments !!

[ale2011]

Nope, we cannot do a revolution, because we have free elections. If we had regimes we could.

Re:Rogue governments !!

[Edzilla2000]

Yeah, they own and operate the transport to get there, that doesn't make the station russian...

Re:Rogue governments !!

[Marxist+Hacker+42]

You can't believe everything you see on Torchwood.

Re:Rogue governments !!

[pupsocket]

This from a guy who never would have been allowed to sit in any of the three ten-thousand-dollar fighter-pilot seats he jettisoned if his father had not been a general.

Re:Rogue governments !!

[isorox]

Who actually _sends_ them there? Only Russia and US ever had the capability but the US has cancelled the program that can actually send men there.

It is still an international space station, it just happens to be under effective Russian control as they are the only ones able to service it.

Indeed. Only Russia and China have the ability to lift human beings into orbit, and only Russia can dock at the IIS.

The U.S. is too busy firing $2 million drones at $10 tents and hitting camels in the butt.

Re:Rogue governments !!

[WindBourne]

So... Here we have a government agency, which is funded by taxpayers, going completely off the rails and spends fortunes on snooping potential terrorists like the leaders of Germany, France, Spain -- not to mention entire countries which are supposedly allies. And you are saying it is not in the interests of the US citizens to know this?

If you think that the ONLY reason for the NSA is to stop terrorism, then you are seriously lacking in education.
And I said that it was treason for snowden to talk about our LEGAL OPERATIONS against the rest of the world. Heck, all of the leaders know that we do this. Germans knew it. They have been doing it to us and others (including china). And the only way that this works, is when ppl do not know what capabilities you have or don't have.

Besides, I am convinced that if the US public had reacted to the first batch of leaks (you know, the one which you did still consider "proper" whistleblowing) with anything more than the shameful apathy now on display, Snowden might not even have released any more.

First off, the NSA does not spy on every Americans. They do not have that capability.
Secondly, the NSA said that less than 2% (.2%?) of Americans had been spied on BY THE NSA. And even snowden did NOT dispute that.

And I doubt that you understand how snowden feels.

Re:Rogue governments !!

[WindBourne]

I'm sorry, what actions did the NSA do that was illegal or immoral?

Re:Rogue governments !!

[erikkemperman]

And I said that it was treason for snowden to talk about our LEGAL OPERATIONS against the rest of the world

Whether or not operations are legal is orthogonal to the question of whether or not they are in the best interests of the US citizens, who are paying for all this.

Heck, all of the leaders know that we do this. Germans knew it. They have been doing it to us and others.

If you have any evidence for your statement that German intelligence was tapping Obama's personal phone I'd love to hear about it.

Secondly, the NSA said that less than 2% (.2%?) of Americans had been spied on BY THE NSA

The NSA says huh? Well that settles it then.

And I doubt that you understand how snowden feels.

I also doubt I understand how Snowden feels. Which is why I wrote about what he actually did. The part of my post that is speculation on my part was clearly marked as such.

Re:Rogue governments !!

[RockDoctor]

Only Russia and US ever had the capability

China currently has the general capability to put someone into orbit, though the technical details of docking equipment and protocols may differ. I'm not sure if they've proved EVA capabilities yet (and can't be bothered to search), but it must be on their "in development" list if they haven't done it already. So, even without the details of docking equipment, they can get a person on board if they really wanted to. I take their increasing payload and orbital height capabilities as a given ; they've demonstrated that they want to be in space, and they've demonstrated the willingness to fund these developments, so they're going to happen, and quite soon. It's not, uh, rocket science after all. Except that it is. But you know what I mean.

Copyright Infringement?

[Lieutenant_Dan]

Hm, /. may have a valid case to chase after.

After all, they duplicated the site/logo/etc without the permission of the actual copyright owners.

Re:Copyright Infringement?

[seandiggity]

Hm, /. may have a valid case to chase after.

After all, they duplicated the site/logo/etc without the permission of the actual copyright owners.

They could also make a case for monetary damages and damages to their reputation (trademark?), especially when you consider lost advertisement revenue (if we do believe that the advertisement business model for the Web makes any sense).

Re:Copyright Infringement?

[Hartree]

"damages to their reputation"

Slashdot? Reputation? *snrrk* *snort* *giggle*

Two words sum up Slashdot's reputation these days: "Dice Holdings"

Default protocol

[tepples]

The correct way to use https is to write it as protocol

Yet user agents continue to automatically write http as protocol. So how should a server communicate to the user agent that the correct protocol for accessing the server is HTTPS, not HTTP? There is HTTP Strict Transport Security, but not all web sites are popular enough to get into all major browsers' preloaded STS lists for first-visit security.

Strict Transport Security

[tepples]

add some proper authentication and encryption in HTTP2.0 instead of bitching that it's the wrong layer.

The current HTTP 2.0 draft is based on SPDY, which operates in a TLS tunnel. This allows for secure HTTP basic authentication and TLS client certs. It also eliminates the IPv4 exhaustion excuse, as web browsers supporting SPDY will support SNI.

HTTP Strict Transport Security - not very useful

In what way is it "not very useful"? Is it just that browsers' preloaded STS whitelists aren't nearly as big as the HTTPS Everywhere rulesets? (Disclosure: I use HTTPS Everywhere, and when I switched away from Go Daddy for my own web site, I made sure to pick a shared host that supported SNI, so that every visitor has a secure option save Android 2.x users and IE/XP users.)

Re:Strict Transport Security

[mstefanro]

To the best of my knowledge , HSTS is merely the Strict-Transport-Security response header. The lists are just something
extra. The "not very useful" comes from the fact that you are still unprotected the first time you access the website. If the
attacker is present the first time you visit an website, he can remove that header via MITM. Otherwise you should be fine.

It's not that simple ...

[Taco+Cowboy]

And if you just enjoy playing god, well, go into the City, or start up your own business. If you're that good, then you can perform in plain sight, can't you?

Speaking from experience here ... it's not that simple

I started to plan for my escape from China way back in the late 1960's because of the social madness created by Mao back then.

Thongs of mindless assholes with red armband parading on the street, waving that little red book and plunged the Chinese society into total darkness.

Those of us with brains knew that the things coming from Mao were bullshit, but those without brains who embraced Mao's bullshit outnumbered us 1000 to 1.

So we ran, and ran, and finally I got to Hongkong.

From Hongkong I ended up in the United States, and at that time, the U. S. of A. was a paradise, a place where brainy people get to do whatever they want to do without having fear of official repression.

Some 40 odd years have passed, and the United States is turning into just like Mao's China ...

Everything coming from Washington D.C. is pure bullshit, and the things I have noticed right now is that the mindless fucktards who bought into Washington D.C.'s bullshit are outnumbering those who know better.

While the society in the United States of American haven't plunged into darkness yet, there is no certainty that it won't.

When the controlling regime got desperate ~ (Mao's reign at that time was in danger of collapsing from within, motivating Mao in his encouragements to the mindless assholes with red armbands creating social havoc), ~ they will do anything to remain in charge.

And if (and when) the regime which is reigning over Washington D.C. (democrats _ and_ republicans) is in danger of collapsing, there is NO TELLING what they would do.

To make the matter worse ... they have a lot of very powerful tools Mao couldn't even begin to dream of 50 years ago.

I am an American now, and I am looking at my adopted country, the United States of America, with the same dismay as Mao's China, back in the 1960's.

Re:It's not that simple ...

[shadowofwind]

At least half of the people I know are Chinese, most of them in their early 40's or so who came over in the 90's. You're the first one I've knowingly encountered who seems to have any clue about this sort of thing. Though its a gross oversimplification, I tend to view Chinese and eastern European immigrants as the inheritors of western civilization in the US, since the rest of us seem to have given up on it. Their kids are going to be powerful in another 40 or 50 years. Yet my Chinese friends generally don't seem to have a clue about political and cultural history, they're all about money and taking care of their families. In some ways they know a lot less than I do even about Chinese cultural history. I've toyed with the idea of trying to teach a class on it at the local weekend Chinese school, aimed at parents. Not that they would necessarily be interested or that my preaching would accomplish anything.

Re:It's not that simple ...

[crvtec]

Thongs of mindless assholes...

I bet it didn't take you long to figure out that those thongs were full of shit.

Re:It's not that simple ...

[joss]

Sorry, I just don't buy it.

Your speech patterns sound too much like a young native. Although I can believe that 40 years residency would leave you flawlessly bilingual, I don't believe you would *want* to sound like an angry 20 something.

Re:It's not that simple ...

[Common+Joe]

Only an American would be naive. Disclaimer: I am American.

You should meet my wife. She's 100% German and moved to the United States only when we got married. She was over 30 at the time. When we met several years before our marriage, her speech and written word was flawless even then. Her accent morphs to whatever English speaking country she is in. She is freakin' talented. He says her nightmare is speaking with an American, a Brit, and a Australian at the same time because she wouldn't know which accent to use. It bears repeating again: I can attest that her American accent and use of language is flawless. Her written prose is flawless.

I corrected her English only once. She then corrected me. I consulted a dictionary to prove her wrong and it turns out she was right. She kicks my ass in English -- and I'm the native speaker. Now, with that said, there are two things you need to know. Her profession is translation so she was trained. She comes from a family of translators and interpreters. The other thing you should know is that she isn't the only one with these kinds of talents that I've met. I am now learning German and one of the guys in my class speaks native Spanish, good Romanian (his wife is Romanian), and pretty good English (of which I can attest). His German abilities completely outstrip mine.

I don't normally rail against someone... especially someone with a 4 digit ID, but I'm telling you that you need to get off the computer and get more face-to-face time with other people. There are people who walk around you and just because you think they speak American doesn't mean that they are American or even from North America. Right now, I'm living in a foreign country and I'm in the linguistic circles because of my wife. I am exposed to a lot of really talented people out there. Some of them are not even formally trained like my wife.

I suggest you apologize to Taco Cowboy -- another 4 digit ID, I might add. He was saying something important and it's not the first time I've personally seen him post something like this. This is very personal thing for him to open up to people -- especially on Slashdot like this. I surmise he hurts on the inside to watch what is happening to America -- a country he obviously loves. Then to have someone like you come along, act like an asshole, and call him a liar is just a horrendous insult to someone like him.

I had to learn the hard way that I'm not the most talented person in this world. No matter how good I get in whatever I pursue, there is always going to be a lot of people who are a whole lot better than I am. Grow a pair, apologize to Taco Cowboy, and learn that others don't have the same limitations you have.

Re:It's not that simple ...

[Common+Joe]

I'm posting to you directly instead of raymorris, but I completely agree with raymorris. Oh... and I'd ignore people like joss. (I gave him an ear full by the way.)

I'd love to hear what you have to say and I sincerely doubt raymorris and I are the only ones. To me, any insight that a person who has been through changes like this is very welcome to give me their stories and advice. If you do decide to write something up, please let me know.

Re:It's not that simple ...

[Areyoukiddingme]

I love how people who learn second and third languages are always so excellent at cursing in those languages. The country is indeed full of mindless fucktards.

It just strikes me...

[FishOuttaWater]

...how very long a time the federal government would put me in jail if *I* got caught doing this.

Doctor who?

[tepples]

I thought Who was on first, Torchwood was on second, and The Sarah Jane Adventures was on third.

Re:Doctor who?

[Jason+Levine]

Obligatory XKCD: http://xkcd.com/1221/

"You're both confused. He's just 'The Doctor.'"

Down at the Twist and Shout

[tepples]

I thought the KGB was a dance school. Otherwise, why would Mary Chapin Carpenter have recommended that people find a two-step partner in the KGB?

If you're running Windows, I have to ask why

[erroneus]

Is it "the games"? Is it "the critical apps"? There's a VM for that... there's a separate machine for that. Don't be a sucker. Not saying that Linux can't be targeted, but I will say there is much low-hanging fruit to get to before they get to you. And especially if you're running MSIE? Really? At least go with a browser with NoScript available. Things are getting serious. You should be too.

Re:If you're running Windows, I have to ask why

Is it "the games"? Is it "the critical apps"? There's a VM for that...

If you think you can do hardcore gaming in a VM, you're clearly not a hardcore gamer.

How do you know Snowden has released *ALL* info ?

[Taco+Cowboy]

... Snowden is no more principled than McCain or an investment banker. He released ALL of the intelligence information he gathered at the NSA ...

I am intrigued !

How do you know Edward Snowden has released _*ALL*_ the information he had gathered at the NSA ?

How do you know Edward Snowden does not keep some files to himself, files that pack even *MORE* fire power than what he has released so far ?

As a poker player, I never release my trump card early in the game.

I don't know if Edward Snowden plays poker or not, but judging from what he has done since his days as a security guard ... I suspect the guy has even more juicy things in the pipeline

Javascript

[Jah-Wren+Ryel]

If there was ever indisputable proof that Slashdot needs to maintain javascript-free functionality in slashcode, this is it. If it were viable to use slashdot with javascript disabled, this sort of impersonation attack would be a lot harder to pull off because NoScipt would have protected from drive-by nsa-ware infections hoisted on the slashdot impersonator site.

Unfortunately, its been years since it was reasonable to use slashdot without javascript. Even if you still use the old style interface, there are too many corners where javascript has crept into the design in a mandatory way rather than just as an enhancement.

Re:Javascript

[tibman]

Was just thinking something similar. I said to myself "it's a good thing slashdot doesn't need javascript!" before noticing that noscript was disabled for the site : /

Re:Javascript

Maybe that is the real reason it uses javascript at all. It's certainly not needed to run the site. The pre-javascript version worked just fine.

Re:Javascript

[Arker]

"Unfortunately, its been years since it was reasonable to use slashdot without javascript."

I must disagree as I am using it that way right now, and have been for years. It works fine. Whenever I start allowing any scripts is when it really borks.

Re:Javascript

[Jah-Wren+Ryel]

Off the top of my head:

(1) You can't moderate without javascript
(2) You can't vote on firehose/frontpage entries without javascript
(3) You can't unhide the collapsed article summaries on the front page without javascript (even though they are embed in the page itself, they could just use some CSS to do it)
(4) Changing account preferences is hit-or-miss without javascript
(5) You can't get the low-javascript "classic discussion" mode unless you create an account and log in. it knows enough to tell you that you should turn it on, but it won't let you turn it on without being logged in.

Re:Javascript

[Jah-Wren+Ryel]

(6) You can't delete notifications from the messages slashbox without javascript (you can from the intermediary messages page) -- just found this one out as I tried to delete the notification of your message.

Re:Javascript

[Arker]

All true, but I have an account, classic discussion is set, and while there might be some small issues with it it's far preferable to the nonsense you get when you allow scripting here.

Re:Javascript

[strikethree]

If you are only reading Slashdot, javascript can be turned off. You only need javascript for moderation. Commenting is interesting without javascript but mostly works.

BTW, I stole your sig and added it to my emails. Did you make it up or is it a quote? It has quite a few interesting aspects to it. :)

Re:Javascript

[Jah-Wren+Ryel]

I synthesized it from http://www.theguardian.com/commentisfree/2013/oct/06/prism-tempora-cabinet-surveillance-state

Re:How do you know Snowden has released *ALL* info

[BradMajors]

Snowden has said he does not have any more files.

Two possibilities

[Taco+Cowboy]

Snowden has said he does not have any more files

Two possibilities ...

A. Snowden is not lying, that he has nothing left

Translation: His goose is cooked

B. Snowden is playing NSA back to NSA

Translation: More juicy things would appear if they don't loosen their grip on him

As I say, poker players won't reveal their cards until the very end

Re:Two possibilities

[denmarkw00t]

Whoa

Snowden, your /. user # is LOW buddy.

Re:How do you know Snowden has released *ALL* info

[Smauler]

As a poker player, I never release my trump card early in the game.

Somehow, this reminds me of Zapp Brannigan.

powerful, you should write this up properly

[raymorris]

I've read a similar post you made before. You have a powerful point to make, and you make it well.
It would be a service to the country you loved, and freedom in general, if you spent an hour or two to write that up "properly", to spend a few minutes editing it to say exactly what you want to say. I could see such an article being shared quite a bit via social networking, blogs etc.

Re:powerful, you should write this up properly

[bill_mcgonigle]

agreed - some of the less beholden sites would run it as an op-ed.

Thanks, I really liked that rendering :)

[Press2ToContinue]

It does put their actions into a less fear-based perspective, and a more accurate one. At least it seems so to me.

Re:How do you know Snowden has released *ALL* info

[ahabswhale]

Snowden stated that he's released all of the information he had The only thing that is restricting the release of information at this point is the journalists that he released it to. Those journalists have already said that they haven't even released the really juicy stuff yet. That's pretty impressive, if it's true, considering the significant revelations already made.

if that OS is Windows

[raymorris]

Due to some perfectly reasonable decisions by Microsoft that failed to predict the future, a reasonably a proficient private hacker could choose an appropriate Trojan to embed. The agencies involved in this sort of thing have libraries of them.

Those exploits are chained much like the normal boot process. The boot sector is 512 BYTES. It can't do much, but it can load the boot loader. The boot loader is quite limited, but it can load the 2MB kernel, which loads the rest of the OS.

Similarly, based on what even _I_ can do to a Windows machine that loads script of my choice, it's pretty clear the intelligence agencies could execute arbitrary code in the sandbox. That limited sandboxed code in turn loads a privilege escalation, which can load a rootkit. Three quick steps to own the machine. With control of the machine, they start looking at network shares and dropping payloads to infect coworkers, probe firewalls from the inside, etc.

Re:if that OS is Windows

[AHuxley]

Thanks for that. So they would risk it all and go for the consumers machine?

these "consumers" admin key networks. What risk?

[raymorris]

"The consumers machine"? The targets run major network exchanges. Owning their machines, and thereby the network exchanges they administer, is sort of like rooting the internet.

What's the risk? That the admin notices they have some malware? If they notice, they could either a) remove the malware just as admins everywhere do all the time or b) conjecture about a vast government conspiracy. Neither really does any damage - people have been babbling on about government conspiracies to get them approximately since the invention of government.

The risk, as it turned out, was that an insider would go rogue and make the information public _along_with_strong_documentation. I suppose in that business you just have to accept the fact that if one of your own turns against you, it's going to bad.

Time to go HTTPS only Slashdot

[Kjellander]

Really. I mean it. It is not that hard.

Complete SPIEGEL story in English

The complete SPIEGEL story on GCHQ targeting engineers at various companies this way is here.
http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821.html

Re:Your suggestion is too vague

[Zontar+The+Mindless]

There are a few grammatical and phrasing errors that it would be nice to fix. I don't think anybody's suggesting that he make any substantial changes in his observations or assertions.

Criminal Statute Applicability

[crazyhorse44]

I assume that this qualifies as a violation of various international laws aimed at curbing and combating the unauthorized use of private computer systems/networks. Resultantly, it appears that some of these government agencies have been acting in complete abrogation of the law, and should face statutory criminal consequences for these actions.

Re:How do you know Snowden has released *ALL* info

[advocate_one]

Just dump it all out into the public view guys... really... let us the public get to work on it with data mining tools...

OB: xkcd

[laejoh]

So it has come to this...

Re:How do you know Snowden has released *ALL* info

[hairyfish]

As a poker player, I never release my trump card early in the game.

Never? That would make you an easy read then and a pretty lousy poker player.

Re:How do you know Snowden has released *ALL* info

"As a poker player, I never release my trump card early in the game."

If you were a poker player, you'd know that there are no trumps in poker.

Re:How do you know Snowden has released *ALL* info

[cold+fjord]

Remembering of course that "the public" includes: China, Russia, Iran, al Qaida, and any other country, group, or even corporation that would want to exploit it against you. What could possibly go wrong?

GCHQ Malware ?

[codeusirae]

"Elite GCHQ teams targeted employees of mobile communications companies and billing companies to gain access to their company networks. The spies used fake copies of LinkedIn profiles as one of their tools. .. The victims didn't notice that what they were looking at wasn't the original site but a fake profile with one invisible added feature: a small piece of malware that turned their computers into tools for Britain's GCHQ intelligence service." ref

Does any of this malware work on Linux?

I had almost forgotten what it was like...

[grimJester]

...when Americans were allowed to play on the net.

As a poker player, I never release my trump card early in the game.

We miss you guys! Please come back!

Re:NSA privilege, perhaps ?

[Wootery]

Slashcomma.org? Interesting idea for a phishing attack...

./ post: 2 minutes. Article: 2 hours

[raymorris]

When I made my post, to which you replied, I spent perhaps 40 seconds on it. I suspect you spent a similar amount of time on yours and Taco Cowboy maybe twice as long on his. That's about how long one spends on a Slashdot post - a minute or two. When one is writing an article that is expected will be read by thousands or millions of people, one generally spends an hour or two, as opposed to a minute or two.

As a case in point, I've made posts here regarding the 2nd amendment / gun control. I'll take a minute or two to post some relevant numbers, or at least the approximations I can remember. I'm currently writing a piece on the same topic, mentioning the same numbers, but I'm spending several hours to actually get the numbers write, to be sure I introduce my main point in the first paragraph and support it in the following paragraphs, then reinforce it in the closing paragraph, etc.

The post we're discussing has no paragraphs, or if one sentence per paragraph if you choose to look at it that way.
I suspect that if Taco Cowboy were so inclined, he (she?) could organize it more effectively. In fact, I've read essentially te same post by Taco Cowboy before, but it was more effectively written the last time.

Again, this isn't a criticism of what was written, just an acknowledgement that what was written was a Slashdot post, not an article.

I approve of this.

[Anarchduke]

Do you really want anyone who doesn't realize its a spoofed slashdot site to post comments anyway? Its like a public service.

Re:How do you know Snowden has released *ALL* info

[MooseTick]

Excellent strategy holding that trump card! If we can hit that bullseye the rest of the dominoes will fall like a house of cards, checkmate!

I could be wrong...

[d0n0v6n]

As someone that worked and enjoyed technology from my teen years, all this pretty much kills the world wide web for me. I'll admit I do not see a replacement, yet.

Re:How do you know Snowden has released *ALL* info

[pupsocket]

The people who betray this country are those who assigned to find the traitors. Robert Hanssen. Aldrich Ames. Counterintelligence, traitors.

Everybody goes all sober when these names come up, not for a moment letting their minds play with the idea that there is something natural about that result, something predictable in the nature of all large organizations where a policy of paranoia replaces accountability.

Let us for a moment postulate that somewhere, sometime, the so-called "intelligence services" of some country transgresses its constitution or creeps into a level of power far beyond any level acceptable to the people.

How then, should a moral whistleblower attempt to bring these transgressions into public deliberations without incurring the presumption of treason?

After all, the term "intelligence" is a euphemism for "minimal accountability" and the reason for any specific secret is itself a secret. How not to violate?

There has never been a disclosure that has not been ridiculed with cheap paranoia.

Re:How do you know Snowden has released *ALL* info

[alexo]

The public has an extremely short attention span.
Trickling the data keeps the scandal in the spotlight.

A reply

[Taco+Cowboy]

This is a reply to you and to Common Joe, as well as to Joss

I am but a very ordinary man

I am no literary figure

My English is at best, remains at the secondary (high school) level - for English is the 5th language I picked up

I write based on what I have experienced, and I suspect (other than the trolls) most people here leave their comments based on their own life experiences

In my entire life I have never written an article before - I never need to

I am a nerd, a geek, a tinker, one who likes to get his hands dirty just to find out how things work, and if all attempts failed, take a step back and starts thinking, and after that, doubling the effort into finding out the answer/solution to whatever problem lies ahead

You want me to code ? No problem. I've done that for decades

You want me to do chip layout design ? No problem

You want me to fix my own car ? Re-design the firmware of the chip that controls my car engine ? No problem

But please ... don't ask me to write a formal article

As user "Areyoukiddingme" has remarked on my use of profanity ... that's the way I am, in my real life, and that's the way it reflects on my writing

Anyone working with me knows that I never minced words - when I am annoyed, all kinds of expletive come out, in all the languages that I ever know

It's not that I do not care for America - I do care, it's MY COUNTRY (eventhough I was not born in America, USA is more important than me than China, the country I was born in), but don't expect me to pen a flowerly worded article so that it could be pasted somewhere as "op-ed"

Re:A reply

[raymorris]

I understand and respect that. It sounds like we may have some things in common where you mentioned "I'm a nerd ... redesign the firmware".

You do have a powerful testimony and I hope that, through whatever medium you choose, you continue to express that. Those of us who have been around long enough to have an appreciation of what this country is supposed to be can appreciate the reminder, and today's teenagers remember only the Bush and Obama years, so your words may introduce them to ideas that they've never thought about.

Re:How do you know Snowden has released *ALL* info

[gnujohn]

Taco Cowboy has some novel information. Not only was Ed Snowden a Security Guard (did he mow lawns, as well?), but the Cowboy has a new kind of poker. I've played five and seven card stud, jacks or better to open draw poker, and even lowball. Once or twice I was in a game with deuces wild. I've never seen guys play with trump cards. This is a cat with some new and wild ideas.