GCHQ Created Spoofed LinkedIn and Slashdot Sites To Serve Malware

An anonymous reader writes "Ars Technica reports how a Snowden leak shows British spy agency GCHQ spoofed LinkedIn and Slashdot so as to serve malware to targeted employees. From the article: 'Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target “nine salaried employees” of the Organization of Petroleum Exporting Countries (OPEC), the global oil cartel.'"

Victims were alerted

when the quality of the comments section significantly improved.

Re:Victims were alerted

[93+Escort+Wagon]

when the quality of the comments section significantly improved.

Plus submissions were actually edited...

Re:Victims were alerted

[petteyg359]

Whose watching?

Re:Victims were alerted

[ArcadeMan]

They're watching what you're doing on your computer via their hidden cameras over there.

Re:Victims were alerted

[maxwell+demon]

Whoosh watching?

Re:Victims were alerted

[lkernan]

See, no fake Slashdot could ever match the quality of comments like that.

Re:Victims were alerted

[girlintraining]

Whose watching?

The grammar police. We've had our eyes on you for some time.

hey, GCHQ employees

[Joining+Yet+Again]

I know you're reading this.

You're smart. Smart enough to be able to work out who I am, probably without much trouble.

Why don't you do something productive?

Re:hey, GCHQ employees

[NettiWelho]

The Gestapo, KGB, and Stasi were mainly agencies of internal political repression, although the KGB also spied outside the country as well. Since the targets of surveillance were apparently outside the UK, it isn't really the same. That doesn't mean you can't find it disagreeable.

Even if the anglosphere currently isn't openly corporate fascist that doesn't mean it wont be 5, 10, 15 or 20 years down the road. If they have years worth of supposedly private communiques from people thats is like Stasi's wet dream where the people being repressed write their own profile, willingly.
Once the thugs are in power they are not gonna delete that data, they are going to use it.

Re:hey, GCHQ employees

[Joining+Yet+Again]

It makes me sad.

My (long ago retired) father ended up as a relatively senior civil servant for his home country, working abroad and dealing with, to put it generally, import&export. Now he was once asked by his government if he would exploit the contacts he'd formed and cooperate in passing certain useful information to them as and when required. He refused.

I'm sure he'd have enjoyed greater job security in his latter years if he'd cooperated, but he did what was right - ultimately for him too, because being open and honest means a more relaxed life, where you are free to build what you want and speak about what you want.

Even if - and let's say your a stellar maths grad - you're given the most comfortable desk, access to the best machines and the company of a small subset of brilliant minds, your work won't go to improving human scholarship if you work for a secret service. It'll be kept under lock and key, deployed for the whim of the politicians of the day and their masters. And yes, you'll be indoctrinated with the mantra of every civil servant - "I'm not allowed an opinion because I'm only following orders". But that's only acceptable if your orders can ultimately be scrutinised by the general public on behalf of whom you are working.

And if you just enjoy playing god, well, go into the City, or start up your own business. If you're that good, then you can perform in plain sight, can't you?

Re:hey, GCHQ employees

[NettiWelho]

And when they say they dont do domestic data gathering you shouldn't trust them. NSA was already caught wiht its hand in the cookie jar.

Re:hey, GCHQ employees

[NettiWelho]

Sending malware counts as a crime, not legal surveillance.

If the victims knew the identities of the perpetrators they would be eligible for extradition under the standing treaties.

Re:hey, GCHQ employees

[king+neckbeard]

Saying that the purpose of the GCHQ or NSA is to spy outside the country is like saying that the purpose of the military is to shoot and bomb people. That's what a large portion of what they do entails, but if it is justified in existence, it's going to need a lot more discretionary than that.

Re:hey, GCHQ employees

[NettiWelho]

Actually...

The KGB (Komitet gosudarstvennoy bezopasnosti) did the external spying, while the NKVD (Narodnyy Komissariat Vnutrennikh Del) did the internal stuff.

Organization that used to be NKVD was castrated in 1950's with arrest of Beria and KGB inherited role of the political police.

Re:hey, GCHQ employees

[Joining+Yet+Again]

The concern is not whether spying activity is at home or abroad - any such distinction can be defeated with recriprocal agreements. The issue is that the targetting was of administrators at Internet exchanges.

And you're worried about Iran putting pressure on OPEC? Deal with your lack of domestic energy security. You had 40 years to wake up, but instead you sold everything off to mostly foreign concerns. Spying on OPEC is just doing dirty work for these businesses to ensure they profitably receive their fuels.

Re:hey, GCHQ employees

Skipping some renaming & reorganizations, the KGB was a successor to the NKVD which was a successor to OGPU which was a successor to the Checka.

The KGB owned internal troops, border guards, secret police, and external spies.

Both the KGB and GRU (military intelligence) spied abroad.

Re:hey, GCHQ employees

[Spamalope]

And when they say they dont do domestic data gathering you shouldn't trust them. NSA was already caught wiht its hand in the cookie jar.

Semantics; Assuming it's not a baldfaced lie, they can 'partner' with the NSA then 'share resources' and they've got their hands on the results of domestic spying while only having encouraged and facilitated it themselves.

In the US, courts have ruled that corporate spying on individuals is legal so 'privatizing' the actual data gathering launders it into legality under this time honored principle: 'What are you gonna do about it, you're powerless'.

Re:hey, GCHQ employees

[NicBenjamin]

Sending malware counts as a crime, not legal surveillance.

If the victims knew the identities of the perpetrators they would be eligible for extradition under the standing treaties.

This has been repeated several times, but nobody has been able to name the treaty. In fact the last time I asked somebody brought up a non-governmental hacker.

This is a world of governments. What they do is legal, by definition, unless they have specific Constitutional or statutory bars on that particular behavior. Neither the US nor the UK has ever signed a treaty, or passed a law, that makes hacking in service of the government illegal.

Let me put it to you this way:
If US officials can't get extradited to Venezuela for participating in that minor coup attempt Venezuela had a decade pr so back, why could they be extradited for hacking?

It's not like a) the Venezuela coup worked so the new government loved the coupsters, or b) the Venezuelan government would have refrained from charging the CIA officers they were accusing if they thought anyone (literally anyone) would take it seriously.

Re:hey, GCHQ employees

[girlintraining]

Saying that the purpose of the GCHQ or NSA is to spy outside the country is like saying that the purpose of the military is to shoot and bomb people.

The NSA Mission Statement references Executive Order 12333, and I quote directly -- "2.2 Purpose. This Order is intended to enhance human and technical collection techniques, especially those undertaken abroad..." The GCHQ lacks a specific mission statement, because as you know, the British are terrible at getting to the point. The website is, however, full of committee-written documents and available in 9 different languages and makes a point of saying it's available to those who require "assistive devices". The NSA makes no such attempt; I guess that's social commentary.

And as to the military... for an organization whose purpose isn't to shoot and bomb people, they sure do shoot and bomb people a lot. In other news... If an NSA or GCHQ analyst ever reads your post... they'd laugh as hard as I did at your naivety, except part of the swearing in ceremony to become an employee requires they surgically remove the sense of humor.

Re:hey, GCHQ employees

[cold+fjord]

You know what? I agree with you.

That is why it is so important to stamp out signs of genuine oppression and actual thuggish behavior immediately when they are identified, and have good oversight over the rest. That is why I find the indifference on Slashdot to the admitted political oppression engaged in by the IRS to be so appalling. People here moan, scream, and wail about oppression this and that when it involves the intelligence agencies. But when it involves the IRS, which unlike the NSA really does have considerable formal power to make the lives of individual Americans hell, which genuinely does have dossiers on almost everyone in America and various other people from around the world, expects you to send them a report at least annually, engages in its own internet surveillance, and now will be charged with overseeing American health insurance and apparently records, hardly anybody seems to care. That goes for the various Canadians, Europeans, and others that speak with an "American voice" of outrage about the intelligence agencies and many other policy questions, as well as the actual Americans that claim they are for "freedom" no matter now many dead bodies are created. It's like talking to someone that claims he greatly loves his family and would protect them to the death, goes ballistic if someone looks cross eyed at his sister, but upon seeing his brother and mother being gang raped simply utters "meh" and walks away. I can think of a number of explanations for that, but few of them are flattering. At the very least it looks like distorted thinking regarding computer-centric issues.

As to the intelligence agencies proper, yes, I think that much of that data, such as the phone metadata, should be purged periodically if it is going to be kept at all. My recollection from some story was that they were supposed to keep it for no more than 5-7 years. If it is going to be kept at all I would like to see it in a separate organization either within or outside of NSA that would be responsible for ensuring proper privacy protections were applied, including proper purging, as well as reporting on its use. I would also like to see more and better congressional oversight, possibly involving the GAO. I'm sure that other nations could put similar arrangements in place.

Intelligence agencies are a potential danger to a democracy, but also a critical part of defending them. They must be watched and governed adequately so that they don't pose an undue risk, but not so tightly that they become ineffective and leave the nation at risk. History generally isn't kind to nations caught unaware. Sometimes they even cease to be. We haven't reached the end of history yet, so they will be needed for many years to come.

Re:hey, GCHQ employees

[Dodgy+G33za]

You quote an Israeli source. Did you give a thought that this is likely at best propaganda and at worse complete lies?

Quite apart from anything else the deputy of a branch of the army is NOT the same thing as the official spokesperson of the country.

Most of Europe being at the mercy of Russia for a large part of its gas is of far more real concern.

Re:hey, GCHQ employees

[NettiWelho]

What they do is legal, by definition, unless they have specific Constitutional or statutory bars on that particular behavior. Neither the US nor the UK has ever signed a treaty, or passed a law, that makes hacking in service of the government illegal.

I'll let my google-wiki-fu dazzle you:

Fourth Amendment to the United States Constitution
....
The Fourth Amendment (Amendment IV) to the United States Constitution is the part of the Bill of Rights that prohibits unreasonable searches and seizures and requires any warrant to be judicially sanctioned and supported by probable cause.
...
One threshold question in Fourth Amendment jurisprudence is whether a "search" has occurred. Initial Fourth Amendment case law hinged on a citizen's property rights—that is, when the government physically intrudes on "persons, houses, papers, or effects" for the purpose of obtaining information, a "search" within the original meaning of the Fourth Amendment has occurred.
...
The Fourth Amendment proscribes unreasonable seizure of any person, person's home (including its curtilage) or personal property without a warrant. A seizure of property occurs when there is "some meaningful interference with an individual's possessory interests in that property"

In my interpretation of the functionality of our universe sending detectable signals that carry malware in order to gain illicit access does count as physical action.

Re:hey, GCHQ employees

[pitchpipe]

In the US, courts have ruled that corporate spying on individuals is legal so 'privatizing' the actual data gathering launders it into legality under this time honored principle: 'What are you gonna do about it, you're powerless'.

This is a phrase that needs definition so we can better fight against it:

Data Laundering: The government circumventing the illegal search and seizure provisions of the constitution through the use of private corporations vast databases of information on all citizens.

This always elicits the response,"If you don't like $Corps policy of getting tax dollars to spy on you to circumvent the constitution, don't use them." When every corporation is a one way mirror on all of our lives to the government, this no longer becomes feasible. Unless you want to live like the Uni bomber.

Re:hey, GCHQ employees

[Guest316]

Data Laundering: The government circumventing the illegal search and seizure provisions of the constitution through the use of private corporations vast databases of information on all citizens.

Which is pretty much like saying, "I didn't kill that person, I hired someone else to kill him." It's still unconstitutional, but they've decided that pretty semantics make it ok.

Don't Panic!

Don't worry, this is the real Slashdot right here. I promise.

Re:Don't Panic!

[maxwell+demon]

Yeah, the NSA version is here. ;-)

Do as I say, not as I do

[Hamsterdan]

If I or any /. reader were to do the same, a pretty harsh sentence would await us.

Spoofed slash dot was easy to spot

[OzPeter]

There were no dupes, and all TFS's had perfect spelling and grammar.

Re:Spoofed slash dot was easy to spot

[jrumney]

There were no dupes, and all TFS's had perfect spelling and grammar.

Actually, that's the real one. If you're seeing dupes, misspellings and poor grammar, and the articles seem to be a bit behind other sites, then it is probably a rushed retyping of the original.

Re:Spoofed slash dot was easy to spot

[nherm]

When I saw a CowboyNeal option in the poll I knew that the GCHQ set up us the spoof.

HTTPS on Slashdot

[tepples]

I wonder if it would have been as easy for GCHQ to get away with it if HTTPS on Slashdot weren't a subscriber-only perk. Facebook and Twitter have gone all HTTPS all the time; why can't Slashdot? If ads are the problem, Google recently opened AdSense to HTTPS sites.

Re:HTTPS on Slashdot

Given that the spooks have almost certainly compromised all the major Certificate Authorities and can issue their own certificates at-will, I'm going to go with "No, it wouldn't make the slightest bit of difference".

SSL

[dido]

I suppose using HTTPS would have helped even a little, if Slashdot ever bothered to do so. The victims might have noticed that the certificates changed, even if they did check out, most especially if they used HTTPS Everywhere. They couldn't just foist off an SSL cert for Slashdot signed by some other CA (or even the same CA) then: the SSL Observatory would have noticed the change in the certificate the way SSH notices that public keys to servers you connect to change. Unless of course Slashdot gave its (non-existent) private keys to GCHQ, in which case all bets are now off. Why browser SSL doesn't automatically cache certs the way SSH does and warn if there's a change that doesn't involve certificate expiry or revocation is something that isn't quite clear to me.

Re: SSL

[Jakeula]

SSL didn't seem to help LinkedIn. They use ssl and they successfully spoofed that.

Re:SSL

[tomtomtom]

The victims might have noticed that the certificates changed, even if they did check out

Actually, only half the victims could have realised this (at least directly). The websites being spoofed are victims here as well - after all it does your reputation no good at all if someone spoofs your website to serve malware. Best case, you look like an incompetent admin; worst case, someone thinks you did it deliberately and starts telling a lot of their friends. It's akin to a murderer framing an innocent party for his crime - that innocent party is a victim of a crime too. I suspect these agencies have legal immunity unfortunately but if I had proof this had happened to a website I owned, I'd be thinking about what legal redress I could seek.

Re: SSL

[thetagger]

Linkedin does not use SSL consistently and it's vulnerable to downgrade attacks. People are discussing this in several fora and Twitter at the moment.

They specifically chose these jobs

[Marrow]

so they wouldn't HAVE to be productive. All they have to do is listen and let the money roll in.

What will they stoop to next?

[RDW]

That's a pretty sophisticated hack. Looks like they've gone as far as setting up an entire site that looks superficially like Slashdot, but is full of grotesquely dull stories apparently designed to warp the minds of unsuspecting IT professionals - obviously some sort of psyop strategy, but to what purpose?:

http://slashdot.org/topic/bi/

Please stop calling them Attacks

[Press2ToContinue]

They are frauds. The NSA perpetrated a fraud with these actions. This helps to clarify that these acts are illegal. Fraud is illegal.

Thanks,

Rogue governments !!

[Taco+Cowboy]

The term "Rogue" is used to denote "dishonest and/or unprincipled".

They used to put USSR, China, North Korea under the "Rogue Government" category.

Both the governments of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

IMHO, it's time we should include the government of the United States and that of United Kingdom under the "Rogue Government" category.

And btw, if you see the performance of John McCain, especially how he tried to blame Edward Snowden, you would understand how ludicrously pathetic American politicians have become ...

... McCain also said he was convinced that Snowden gave all of his information to Russia ...

As an American, I am beyond furious ...

Re:Rogue governments !!

[Nerdfest]

McCain is a first class weasel to begin with. I remember watching one of the presidential debates, ranting about how the government had paid 40K$ or something for a lightbulb, not mentioning that it was for a planetarium projector.

Re:Rogue governments !!

[skegg]

Both the regimes of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

FTFY.

Re:Rogue governments !!

[TrollstonButterbeans]

And you think J. Edgar Hoover was a straight shooter in the 1960s? What about "Carnivore" snooping on all internet activity in the 1990s? Why are there CCTV cameras everywhere in Britain? What are those very tall telephone poll looking structures in the United States on the highways with a little glass dome at the top? (Hint: Cameras!)

Governments are always nefarious and untrustworthy entities when it comes to surveillance.

Not "even in a democracy" but "Especially in a democracy" because keeping tabs on citizens is more important in a democracy because perception affects political distribution of power even more.

This isn't new --- we are just noticing it more ...

Re:Rogue governments !!

..Why are there CCTV cameras everywhere in Britain?

Err, there aren't.

Look, you (pl) keep throwing this one up, I'm in Britain, and the nearest 'state' CCTV cameras to my current location are a mile and a half away, and I stay in a major town. The nearest CCTV camera to my home location is approx 1,300 feet away (as the Google Earth ruler flies..) and it's pointed at a bloody 'Doo hut'.

My place of employ?, internally we've cameras everywhere (and I run 4-8 of them), the industrial estate we're located on is surrounded by a ring of the buggers, guess what?, none of the fucking things work (and they haven't done so now for a number of years..7+ years now).

Yes, Britain in parts (hello London, Glasgow, any other 'metropolitan' area and the major road networks) may have an inordinate number of CCTV cameras, but they're not 'everywhere in Britain' and not any more so than any other country.

If you truly want an example of Panopticon levels of CCTV surveillance, try Monaco.

Re:Rogue governments !!

[erikkemperman]

yeah, so few ppl do not realize that outing information about spying on Americans was whistle-blowing, while spilling information about our actions on other nations (which was legal per US law), turned him into a traitor.

So... Here we have a government agency, which is funded by taxpayers, going completely off the rails and spends fortunes on snooping potential terrorists like the leaders of Germany, France, Spain -- not to mention entire countries which are supposedly allies. And you are saying it is not in the interests of the US citizens to know this?

I see the distinction you make, I really do. But this is still whistleblowing, by my reckoning; it is public money being spent on ludicrous targets.

Besides, I am convinced that if the US public had reacted to the first batch of leaks (you know, the one which you did still consider "proper" whistleblowing) with anything more than the shameful apathy now on display, Snowden might not even have released any more.

His goal is to put a stop to the NSA's operating beyond its brief (to put it mildly). When US citizens, in whose name this is all allegedly done, refuse to do something about that -- well, I don't fault Snowden for trying to put some international pressure on it.

Re:Rogue governments !!

[nospam007]

"But it's not only the USA or GB. At the moment, Merkel & friends are trying to get away by throwing a fit, as if they didn't know. "

Merkel didn't know. She used her unencrypted party-cellphone for a decade for state business in clear violation of the rules and guidelines. She was warned repeatedly but choose to ignore it.
Any other official would have been sacked on the spot for that.

Re:Rogue governments !!

How is U.S. law relevant when those actions were not in the U.S.?

Edward Snowden revealed that U.S. government agencies have performed illegal and immoral actions. The people that ordered those actions are traitors, not the messenger.

It's not that simple ...

[Taco+Cowboy]

And if you just enjoy playing god, well, go into the City, or start up your own business. If you're that good, then you can perform in plain sight, can't you?

Speaking from experience here ... it's not that simple

I started to plan for my escape from China way back in the late 1960's because of the social madness created by Mao back then.

Thongs of mindless assholes with red armband parading on the street, waving that little red book and plunged the Chinese society into total darkness.

Those of us with brains knew that the things coming from Mao were bullshit, but those without brains who embraced Mao's bullshit outnumbered us 1000 to 1.

So we ran, and ran, and finally I got to Hongkong.

From Hongkong I ended up in the United States, and at that time, the U. S. of A. was a paradise, a place where brainy people get to do whatever they want to do without having fear of official repression.

Some 40 odd years have passed, and the United States is turning into just like Mao's China ...

Everything coming from Washington D.C. is pure bullshit, and the things I have noticed right now is that the mindless fucktards who bought into Washington D.C.'s bullshit are outnumbering those who know better.

While the society in the United States of American haven't plunged into darkness yet, there is no certainty that it won't.

When the controlling regime got desperate ~ (Mao's reign at that time was in danger of collapsing from within, motivating Mao in his encouragements to the mindless assholes with red armbands creating social havoc), ~ they will do anything to remain in charge.

And if (and when) the regime which is reigning over Washington D.C. (democrats _ and_ republicans) is in danger of collapsing, there is NO TELLING what they would do.

To make the matter worse ... they have a lot of very powerful tools Mao couldn't even begin to dream of 50 years ago.

I am an American now, and I am looking at my adopted country, the United States of America, with the same dismay as Mao's China, back in the 1960's.

Re:It's not that simple ...

[shadowofwind]

At least half of the people I know are Chinese, most of them in their early 40's or so who came over in the 90's. You're the first one I've knowingly encountered who seems to have any clue about this sort of thing. Though its a gross oversimplification, I tend to view Chinese and eastern European immigrants as the inheritors of western civilization in the US, since the rest of us seem to have given up on it. Their kids are going to be powerful in another 40 or 50 years. Yet my Chinese friends generally don't seem to have a clue about political and cultural history, they're all about money and taking care of their families. In some ways they know a lot less than I do even about Chinese cultural history. I've toyed with the idea of trying to teach a class on it at the local weekend Chinese school, aimed at parents. Not that they would necessarily be interested or that my preaching would accomplish anything.

Re:It's not that simple ...

[Common+Joe]

Only an American would be naive. Disclaimer: I am American.

You should meet my wife. She's 100% German and moved to the United States only when we got married. She was over 30 at the time. When we met several years before our marriage, her speech and written word was flawless even then. Her accent morphs to whatever English speaking country she is in. She is freakin' talented. He says her nightmare is speaking with an American, a Brit, and a Australian at the same time because she wouldn't know which accent to use. It bears repeating again: I can attest that her American accent and use of language is flawless. Her written prose is flawless.

I corrected her English only once. She then corrected me. I consulted a dictionary to prove her wrong and it turns out she was right. She kicks my ass in English -- and I'm the native speaker. Now, with that said, there are two things you need to know. Her profession is translation so she was trained. She comes from a family of translators and interpreters. The other thing you should know is that she isn't the only one with these kinds of talents that I've met. I am now learning German and one of the guys in my class speaks native Spanish, good Romanian (his wife is Romanian), and pretty good English (of which I can attest). His German abilities completely outstrip mine.

I don't normally rail against someone... especially someone with a 4 digit ID, but I'm telling you that you need to get off the computer and get more face-to-face time with other people. There are people who walk around you and just because you think they speak American doesn't mean that they are American or even from North America. Right now, I'm living in a foreign country and I'm in the linguistic circles because of my wife. I am exposed to a lot of really talented people out there. Some of them are not even formally trained like my wife.

I suggest you apologize to Taco Cowboy -- another 4 digit ID, I might add. He was saying something important and it's not the first time I've personally seen him post something like this. This is very personal thing for him to open up to people -- especially on Slashdot like this. I surmise he hurts on the inside to watch what is happening to America -- a country he obviously loves. Then to have someone like you come along, act like an asshole, and call him a liar is just a horrendous insult to someone like him.

I had to learn the hard way that I'm not the most talented person in this world. No matter how good I get in whatever I pursue, there is always going to be a lot of people who are a whole lot better than I am. Grow a pair, apologize to Taco Cowboy, and learn that others don't have the same limitations you have.

Doctor who?

[tepples]

I thought Who was on first, Torchwood was on second, and The Sarah Jane Adventures was on third.

Re:Internet...broken?

[WaffleMonster]

Time to start from scratch, and start a large-scale redesign of the Internet and its protocols, to try and better secure users from surveillance/attacks?

In my view the most dire issue facing the network right now is handful of content companies owning majority of network traffic. People have to run their own servers and get involved with the network again. There is no meaningful technological solution for aggregation of power in the hands of a few media companies caused by laziness and lack of engagement. Those with the skills need to work to make it more accessible to those without the time or inclination to learn.

Tor and other fringe security protocols/networks won't cut it, and getting people to use very-user-unfriendly encryption tools won't happen - nothing short of a mammoth redesign

The structure of the current net at IP layer and below is architecturally about right as far as I'm concerned. 100% untrusted, 100% untrustworthy. All the network needs to do is forward packets with some degree of assurance they will be delivered.. the rest is up to us users.

far surpassing the resources/scale of the IPv6 changeover, is going to come anywhere close to repairing the damage.

I think if we're smart about it IPv6 becomes a huge part of the solution. Whatever the future of the net and accompanying protocol soup look like maintaining a network of peers where any one can talk to anyone else is the most powerful tool we have to avoid oppressive tendencies of various less than perfect governments.

There's no going back now - it's already too late to salvage what we have, because it has already been completely and irrecoverably 'owned' - the NSA broke the Internet.

If you were talking specifically SMTP or SSL CA's I would agree with you. More generally all is not lost and all does not need to be replaced.

How do you know Snowden has released *ALL* info ?

[Taco+Cowboy]

... Snowden is no more principled than McCain or an investment banker. He released ALL of the intelligence information he gathered at the NSA ...

I am intrigued !

How do you know Edward Snowden has released _*ALL*_ the information he had gathered at the NSA ?

How do you know Edward Snowden does not keep some files to himself, files that pack even *MORE* fire power than what he has released so far ?

As a poker player, I never release my trump card early in the game.

I don't know if Edward Snowden plays poker or not, but judging from what he has done since his days as a security guard ... I suspect the guy has even more juicy things in the pipeline

Javascript

[Jah-Wren+Ryel]

If there was ever indisputable proof that Slashdot needs to maintain javascript-free functionality in slashcode, this is it. If it were viable to use slashdot with javascript disabled, this sort of impersonation attack would be a lot harder to pull off because NoScipt would have protected from drive-by nsa-ware infections hoisted on the slashdot impersonator site.

Unfortunately, its been years since it was reasonable to use slashdot without javascript. Even if you still use the old style interface, there are too many corners where javascript has crept into the design in a mandatory way rather than just as an enhancement.

Re:How do you know Snowden has released *ALL* info

[Smauler]

As a poker player, I never release my trump card early in the game.

Somehow, this reminds me of Zapp Brannigan.

powerful, you should write this up properly

[raymorris]

I've read a similar post you made before. You have a powerful point to make, and you make it well.
It would be a service to the country you loved, and freedom in general, if you spent an hour or two to write that up "properly", to spend a few minutes editing it to say exactly what you want to say. I could see such an article being shared quite a bit via social networking, blogs etc.

Re:How do you know Snowden has released *ALL* info

[ahabswhale]

Snowden stated that he's released all of the information he had The only thing that is restricting the release of information at this point is the journalists that he released it to. Those journalists have already said that they haven't even released the really juicy stuff yet. That's pretty impressive, if it's true, considering the significant revelations already made.

if that OS is Windows

[raymorris]

Due to some perfectly reasonable decisions by Microsoft that failed to predict the future, a reasonably a proficient private hacker could choose an appropriate Trojan to embed. The agencies involved in this sort of thing have libraries of them.

Those exploits are chained much like the normal boot process. The boot sector is 512 BYTES. It can't do much, but it can load the boot loader. The boot loader is quite limited, but it can load the 2MB kernel, which loads the rest of the OS.

Similarly, based on what even _I_ can do to a Windows machine that loads script of my choice, it's pretty clear the intelligence agencies could execute arbitrary code in the sandbox. That limited sandboxed code in turn loads a privilege escalation, which can load a rootkit. Three quick steps to own the machine. With control of the machine, they start looking at network shares and dropping payloads to infect coworkers, probe firewalls from the inside, etc.

Re:Almost Cut My Hair

[Bite+The+Pillow]

Nope. I joined repeatedly, and earned positive karma repeatedly, with many accounts.

Bunch of deleted stuff... you can leave your past behind, if you are willing to leave your past behind. Most people aren't, and that's what everyone against you is counting on.

Kill your wife, or child, or countryman, or government, or celebrity, or friend? I count on you to be strong, while the perpetrator counts on you to be weak.

Everyone should be mentally reviewing their activity. and if it should be censored or stopped, then don't say it or do it. Breathe or don't, type or don't, speak or don't... live or don't. Decide your own fate, and decide your actions accordingly.

Are you searching the internet for something that supports your view? Then consider if you are wrong. Are you repeating something your parents told you, or something you learned ten years ago or more? Consider that society has learned some things since then.

Put on the foil if you must, but appreciate that your own mind can come up with facts, consequences, and conclusions, if you do not submit your mind to input from adversarial forces.

these "consumers" admin key networks. What risk?

[raymorris]

"The consumers machine"? The targets run major network exchanges. Owning their machines, and thereby the network exchanges they administer, is sort of like rooting the internet.

What's the risk? That the admin notices they have some malware? If they notice, they could either a) remove the malware just as admins everywhere do all the time or b) conjecture about a vast government conspiracy. Neither really does any damage - people have been babbling on about government conspiracies to get them approximately since the invention of government.

The risk, as it turned out, was that an insider would go rogue and make the information public _along_with_strong_documentation. I suppose in that business you just have to accept the fact that if one of your own turns against you, it's going to bad.

Time to go HTTPS only Slashdot

[Kjellander]

Really. I mean it. It is not that hard.

Re:How do you know Snowden has released *ALL* info

"As a poker player, I never release my trump card early in the game."

If you were a poker player, you'd know that there are no trumps in poker.