Crypto Legend Quisquater Targeted - But NSA May Not Be To Blame

judgecorp writes "Reports that the NSA and/or Britain's GCHQ deliberately targeted Belgian cryptography professor Jea-Jacques Quisquater may be jumping to conclusions, the professor has said. Investigation of an apparent NSA/GCHQ hack of Belgian ISP Belgacom uncovered evidence that Quisquater's PC had been infected with malware and had data extracted. However the two incidents might be coincidence: similar malware is used by Asian attackers, he said."

Damned if they did, more so if they didn't

[3.5+stripes]

Now the NSA has shown its willingness to do such things, and then deny even having the ability, they're going to get the finger of blame pointed at them a lot more, regardless of whether they deserve it, and now in a much more credible way.

Re: Damned if they did, more so if they didn't

If you lie often enough I can't believe anything you say anymore. That's the way trust works.

Re:Damned if they did, more so if they didn't

[Opportunist]

Problem is, when pointing the finger blindly at the NSA, your chance to be right is surprisingly high...

Re: Damned if they did, more so if they didn't

The intel agencies prefer to say nothing, not to lie. Some people won't trust them regardless of what they say anyway. That's the way it works.

It isn't uncommon for the people to call them liars to be lying themselves.

Re: Damned if they did, more so if they didn't

Clapper lied to Congress. No ifs, ands or buts about it. That's enough for me. If he'll lie under oath why on earth should we ever expect him to tell the truth?

Re: Damned if they did, more so if they didn't

[Mathinker]

> My understanding is that during a classified, closed door session
> with committeee members, the actual truth came out.

How would you know? The members of the Intelligence Committees are clueless/corrupt, and even less reliable sources of information than the intel brass.

> Sometimes, you are required by law to lie, even to Congress

No. Just, no. Clapper has on numerous occasions refused to answer questions in open sessions while providing the information in closed session (to the same Congressmen, not just committee flunkies).

NSA And GCHQ Used Fake LinkedIn And Slashdot Pages

[rvw]

How about this? Edward Snowden Reveals 'Quantum Insert': NSA And GCHQ Used Fake LinkedIn And Slashdot Pages To Install Spyware?!?!

German newspaper Der Spiegel reported that documents leaked by Snowden show that the GCHQ used a method called “quantum insert” to redirect employees of Belgacom, Belgium’s largest telecommunications company, to fake websites that contained spyware. The program targeted higher-level employees that had “good access” to Belgacom’s infrastructure.

Either way, they are responsible

[PopeRatzo]

The NSA is responsible for the hacking of Jean-Jacques Quisquater whether or not they actually did it.

They're the ones who created this ugly labyrinth of snoops and upskirters who obsessively have to possess every atom of extant human dignity by owning their information, they're very meaning.

God, I hope Edward Snowden is only the beginning. I hope that dozens, hundreds, thousands of Edward Snowdens reveal every single detail of every single stinking perverted notion of what a government and corporation is to do until we know exactly what kind of chlamydia medicine the wife of the head of the NSA takes and how often he spits in the shower.

These NSA revelations have left me absolutely disgusted and incensed. They've changed my politics, they've changed my behavior, they've changed my view of my innocent corner of the world.

And worse, for the corporations who thought this was going to bring some great future of control over the metrics of our lives, it's changed my consumption habits. Now, I've become leery of every request for my zip code. My willingness to use a real email address anywhere is just about gone and I'll pay cash just because fuck them.

I don't think the backlash has even started over this Surveillance State. Or rather, I hope it hasn't because if there's not an effective backlash then our only hope is a solar flare that wipes everything with an EMP, and that would mess up my saved games.

Damn you to hell, NSA! and the corporate trojan horse you rode in on.

Re:Either way, they are responsible

[Somebody+Is+Using+My]

The problem I have with the NSA is not just the violation of my (and others') privacy. That's pretty bad but let's face it, that seems to be the direction the world is heading. As our technology matures, we are going to be under observation more and more often, be it from the government, corporations, other organizations (such as religions) or just each other.

As bad as this is, the real issue I have with the NSA is the complete imbalance of power this creates between the people and the government that is nominally there to support it. Of course, the question of who is really in charge of this country has gone back and forth for over two centuries, though the statesmen who wrote the US Constitution and other documents did everything they could to tip the scales in favor of the citizenry, while the politicos have spent generations pushing in the other direction. But the observational power currently solely held by the government (through agencies of the NSA/FBI/CIA/IRS/etc.) could well prove the unimpeachable advantage that ensures the power irrevocably slides into the hands of a select few. It is an exceedingly dangerous power and, unopposed, is a far more dangerous tool for tyranny than any army. A strong military can take a country, but it is the network of informers is what will let you hold it.

Which leaves us with two options: one, we-the-people say "no more", and do what we can to protect our privacy. Unfortunately, because of the ubiquity of these tools - and the temptations for police to use them - this would probably make illegal much of the technology we now take for granted, everything from GPS receivers to cellphone cameras to the Internet. But People and Government would have a closer balance of power.

The alternative is to go completely in the other direction: we achieve a sort of universal panopticon, where everybody is watching everybody; the government sees everything we do in our lives, and we can monitor everything they do in (and out of) office. Informational blackmail by either party becomes impossible; how can government enforce laws if they are shown - as they would be - to be breaking it as often as we?

I don't look favorably at this second option, but the first has such severe disadvantages - and would be so difficult to bring about - that I believe the latter is our future. Already the younger generations are coming to terms with a decreased lack of privacy, and Snowden's heroic actions have shown us how this can be used to keep the Powers-That-Be in check. Personally, I think a panopticon society will be so psychologically and culturally different than what I am used to that I won't want to live there, but I still think it is far, far better than one where surveillance is in the hands of only a few,

Re:TFA doesn't tell much...

[AHuxley]

Some more at http://www.infosecurity-magazi... is6
"He received a fake LinkedIn invite from a non-existent person in the European patent office (Quisquater holds 17 patents).
This dropped a variant of the MiniDuke malware which covertly opens a backdoor onto the infected computer."
and http://www.infosecurity-magazi...

how this works

[stenvar]

You can be pretty much certain that the NSA is trying to get its hands on the private data of anybody relevant to their interests and work: cryptographers, big data scientists, other related fields of computer science. This is simply so that they can make sure that they are ahead of what's out there in the public domain and academia.

And in addition, you can also be certain that any administration is going to be using the NSA and other spy agencies to keep track of potential dissidents, critics, and leakers: economists, social scientists, political opponents, political activists, members of the military, etc. And they are going to use that data to warn the administration of political attacks and silence opponents through leaks of unflattering personal information, as well as selective prosecution of actual wrongdoing.

That's not a question of whether this or any other administration is particularly bad or dishonest, it's simply what happens when you give any organization and any government the kind of power that the NSA has given to recent administrations.

Re:TFA doesn't tell much...

[Mashdar]

Taking parent's post for granted, MiniDuke appears to only target Windows:
http://www.symantec.com/securi...

Re:TFA doesn't tell much...

[fatphil]

And this shows why "cryptography expert" and "security expert" should not be confused.

Re:Crypto Legend?

[Fref]

The french page is more thorough http://fr.wikipedia.org/wiki/J... I was a student of his, and he is indeed well known in the field of cryptography. This might give you a glimpse of his relevance: http://scholar.google.com/cita...

Re:NSA And GCHQ Used Fake LinkedIn And Slashdot Pa

[Bite+The+Pillow]

The prof is simply not jumping to conclusions. Doesn't mean anyone in particular is or is not involved.
Presumably the researchers he contacted know enough to say if this did not look like the NSA job. The quantum insert looks like they don't need hosting in Asia, where these attacks were hosted.
NSA ate not the only people who have heard of LinkedIn, and it is the obvious attack vector for people who use it. It could be fricken anyone, and pointing to one party in particular is just click bait given the facts. If you have more info beyond that link, let us know how it lines up with the info linked elsewhere in these comments and you will actually deserve a +5.

Re:Crypto Legend?

[fatphil]

I'm familiar with his name, but wouldn't say "legend" was appropriate.
Google for ``"Quisquater attack"'', and you should find some of the cryprographic attacks he's known for.