Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside NSA's Efforts To Hunt Sysadmins

Posted by Soulskill on from the most-sedentary-sport dept.

An anonymous reader writes "The Snowden revelations continue, with The Intercept releasing an NSA document titled 'I hunt sys admins' (PDF on Cryptome). The document details NSA plans to break into systems administrators' computers in order to gain access to the networks they control. The Intercept has a detailed analysis of the leaked document. Quoting: 'The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. "Who better to target than the person that already has the ‘keys to the kingdom’?" one of the posts says.'"

87 of 147 comments (clear)

  1. Hide in plain sight by L4t3r4lu5 · · Score: 5, Funny

    This is why I insist that my official job title is "Soup Dispenser Technician, Second Class" on all official documents.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
    1. Re:Hide in plain sight by Anonymous Coward · · Score: 5, Funny

      If only you could pass those damned astro-navs....

    2. Re:Hide in plain sight by jellomizer · · Score: 1, Offtopic

      Sysadmins are also usually the easiest target to get in.
      standard password: 1amgod
      Being that they are required to fix problems 24/7 that means they have a "secret" back door on their network so they can get in.
      Once they are in they have a lot of access to the companies systems.

      We can go, well those guys are just dumb, however I am willing to bet most of you who are sysadmins have some little back door just in case.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:Hide in plain sight by ravenlord_hun · · Score: 4, Insightful

      Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.

    4. Re:Hide in plain sight by LordThyGod · · Score: 1

      Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.

      I guess you have a definition of "small time", but I am thinking of alleged Chinese theft of Google source code. The "backdoor" was IE and very clever phishing.

    5. Re:Hide in plain sight by Bigbutt · · Score: 1

      Sysadmins can work in a big company and still be 'Small Time'. We're fairly small but automation and documentation lets 5 admins manage 1,200 systems.

      [John]

      --
      Shit better not happen!
    6. Re:Hide in plain sight by SuperTechnoNerd · · Score: 1

      Mine is Magical Mystical Overlord of Tubes

    7. Re:Hide in plain sight by RabidReindeer · · Score: 4, Informative

      Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.

      R
      O
      T
      F
      L

      Worked in Fortune corporations. If I don't stop laughing soon, I'll pass out.

    8. Re:Hide in plain sight by Minwee · · Score: 4, Funny

      I'm sure you would have made it further than "Technician Second Class" if it hadn't been for that unfortunate incident with the gazpacho soup at Captain Hollister's table.

    9. Re:Hide in plain sight by Anonymous Coward · · Score: 2

      In previous jobs, the closest thing to a "back door" is a SSH key. In fact, it has been also the front door too, because some machines have any remote access blocked unless it is via SSH public key authentication. This makes the auditors happy, and it also gets rid of having to change passwords every 15-30 days. It also gets around the fact that three wrong passwords would mean a permanent lockout until an admin reset the account by hand (and documented the reset in JIRA.)

      In times past, a "secret" back door has been usable. However, with audits, political infighting, separate departments of IT, and the pressure of a sysadmin to constantly justify their existence or be replaced by a H-1B who will work for 1/10 the salary, there might be a known account, but that's it. In fact, most admins document the case of -no- backdoors for CYA reasons.

      Most audit tools will easily find backdoors. Part of basic Windows admin training is to search AD for user accounts with rights they shouldn't have. Similar on the UNIX side with Solaris role auditing. A back door likely will be found eventually and there will be Hell to pay for it.

      Finally, a smaller company, this might be doable. A larger company has so many people that a sysadmin might have a backdoor, but the network guys with the IDS/IPS will pick up its use when a SSH tunnel gets formed to a machine on the outside.

    10. Re:Hide in plain sight by Anonymous Coward · · Score: 1

      Pfft. Automation and no documentation would allow 5 admins to support thousands more. Documentation doubles or triples workload.

    11. Re:Hide in plain sight by Lumpy · · Score: 1

      are you crazy? that's exactly how they hacked the Gibson!

      --
      Do not look at laser with remaining good eye.
    12. Re:Hide in plain sight by coinreturn · · Score: 1

      If only you could pass those damned astro-navs....

      Just write, "I am a fish," on the exam.

    13. Re:Hide in plain sight by Midnight_Falcon · · Score: 3, Informative

      As ineloquently as RabidReindeer may have put it, he's 100% spot on here. I've done security audits for big companies with large teams -- admins insert backdoors al over the place, then their buddies figure out they did it, and instead of being reprimanded they start using it too for convenience. Just because they have a big, publically-traded company doesn't mean the CIO/CISO cares about anything more than compliance on paper.

    14. Re:Hide in plain sight by RabidReindeer · · Score: 2

      As ineloquently as RabidReindeer may have put it, he's 100% spot on here. I've done security audits for big companies with large teams -- admins insert backdoors al over the place, then their buddies figure out they did it, and instead of being reprimanded they start using it too for convenience. Just because they have a big, publically-traded company doesn't mean the CIO/CISO cares about anything more than compliance on paper.

      Actually, in many cases, the backdoors were created on demand from management because doing things securely was too just inconvenient for them. The old "Git 'er Dun!" principle.

      Or because the security administrator was in a bad mood the day something idiotic came in and didn't challenge it. I knew a lowly applications programmer who was keeping his own personal files in the product data set because of that.

    15. Re:Hide in plain sight by jellomizer · · Score: 2

      A typical NOT ME!! approach.

      The funny part is how many sys-admins think they are so good, until there is an independent security audit done.

      Now you shouldn't get insulted. There are a lot of good sysadmins... However many have gaps, and their ego gets in the way of making things more secure.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    16. Re:Hide in plain sight by doccus · · Score: 1

      Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.

      No.. The backdoors are simply more sophisticated, that's all..

    17. Re:Hide in plain sight by gbjbaanb · · Score: 1

      true, all the admins I know are super-hot on locking down what you want to do, but always expect themselves to have full, uncontrolled, access to everything - including all the stuff that is 'not permitted' under some 'security' policy.

      I think of the last place no-one had youtube or facebook (fair enough TBH) except.. guess who did.

  2. A poem by Anonymous Coward · · Score: 1

    Do not as I do, do as I say: I am the NSA!
    It's alright for me to bust into others' systems all day.
    What's that you say? I can do that too then, it's ok?
    The NSA says nay!
    Do not as I do, but as I say!

  3. This has gone beyond madness by MrDoh! · · Score: 5, Insightful

    People need to be arrested for this. The people who ordered it done, wrote the reports, signed off on it, and anyone who did it. Ship some of them to various other countries for trials too, let everyone get into the action and let it be known to governments that this is not to be accepted.

    --
    Waiting for an amusing sig.
    1. Re:This has gone beyond madness by rmdingler · · Score: 5, Insightful

      Agreed. I think the law enforcement officers that are charged with this task will arrive at the NSA when they finish arresting the bankers and brokers from the housing bubble derivatives scandal.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    2. Re:This has gone beyond madness by Anonymous Coward · · Score: 2, Interesting

      This is kinda their jobs. It's what they do. They're a SPY agency. They do spyish things.

    3. Re:This has gone beyond madness by Anonymous Coward · · Score: 1

      They're arresting Barney Frank finally? About fucking time!

    4. Re:This has gone beyond madness by fuzzyfuzzyfungus · · Score: 5, Funny

      Your mention of shipping people 'to various countries' gives me an idea...

      Since all the 'extraordinary rendition' bag, drag, and torture kids at the CIA are still running around in arrogant impunity, going so far as to just yoink inconvenient documents from the Senate Intelligence Committee(seriously, most of the members of that are appeasnik fuckwits who basically worship the clandestine services, so it must be really, really bad if the CIA is embarrassed in front of them. Also, if there are things the clandestine services do that even that part of the senate isn't allowed to know about, can we really maintain the pretense that civilian government is actually in anything resembling control?) how about pitting two problems against one another?

      It'll be an exciting contest, like a reality TV show; but with higher stakes, rules as follows:

      The NSA will be the intelligence-spooks team: their job is to dig up as much dirt on the CIA as possible, by whatever l33t haxx0ring necessary, and try to have the CIA neutralized by political and/or public outrage, at least to the point of organizational collapse, to the point of wholesale hangings-from-the-lampposts for bonus points.

      The CIA will be the wet-ops creeps team: they will have to 'disappear' key NSA personnel to our worldwide network of extralegal torture dungeons fast enough to keep the lid on their dirty laundry, and try to drive the NSA to the point of institutional paralysis or collapse, with extra points awarded for any actually-true facts obtained during the 'enhanced interrogation' sessions.

      Gentlemen, to the starting line, and may you both lose!

    5. Re:This has gone beyond madness by LookIntoTheFuture · · Score: 3, Insightful

      People need to be arrested for this.

      Absolutely. It's astonishing that it hasn't happened already. Where's the line? What will it take to cross it? That is the scary part.

      --
      Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
    6. Re:This has gone beyond madness by stiggle · · Score: 1

      Actually they're an Intelligence Agency - they're supposed to to Intelligent things :-)

    7. Re:This has gone beyond madness by Ben4jammin · · Score: 4, Insightful

      Where's the line? What will it take to cross it?

      I think the issue is that there was a line, and it got crossed. Once you cross it once, it becomes easier to cross, because hey it wasn't so bad last time.

      Then, if you are put in relative isolation (enough for "group think" to take over) then it becomes easier still because you are validated for crossing it (dude we just saved lives by crossing the line...besides the "bad" guys are crossing it)

      And this continues until you really can't even remember why you crossed it the first time, but there is so much danger out there you don't have time to really contemplate it, either. Until one day you realize that you are looking in the mirror each morning at someone who has become a stranger.

      But by then it is too late...to challenge it now would precipitate an identity crises that isn't nearly as much fun as seeing yourself as the hero of the world.

    8. Re:This has gone beyond madness by PolygamousRanchKid+ · · Score: 1

      This is more of a matter for the UN Security Council. The government of the USA has just declared war on all the sysadmins of the world. Note, I said the government of the US, and not the citizens.

      . . . oh, I forgot . . . the US government has a veto vote on the UN Security Council, so good luck with that . . .

      I wonder how that will affect business, like in, "I can't do business with you . . . we are in a state of war with you . . ."

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    9. Re:This has gone beyond madness by ObsessiveMathsFreak · · Score: 5, Interesting

      We are dealing with an extremely well funded, well staffed, and well equipped professional criminal organisation. Whatever it's actual mandate is, the NSA has taken it upon itself to be the worlds premiere cyber-crime hacking group, accountable to no state, code, man, or law, and who regard the Internet and all computers on it-- foreign or domestic-- as fair game for fraud, intrusion and seizure. The organisation is out of control; without moral compass, budgetary restraint, or regulatory oversight.

      It is only a matter of time before individuals and managers within the NSA create actual links with the criminal fraternity and begin to engage in for-profit cyber-crime. Indeed, this has probably occured already.

      And should the cyber-crime divisions inside the NSA ever make common cause with their criminal counterparts in the financial sector -- God help Western Civilisation. The closest parallel I can think of is the rise of the nobility-church-state alliance in the ancien regiem and the subsequent ruination of France prior to the revolution.

      --
      May the Maths Be with you!
    10. Re:This has gone beyond madness by NatasRevol · · Score: 3, Interesting

      Actually, they're a security agency. It's even in their name.

      Not that hacking into every sysadmins computer would give anyone security, but that's another matter.

      --
      There are two types of people in the world: Those who crave closure
    11. Re:This has gone beyond madness by NatasRevol · · Score: 2

      Intelligence agents trying to collect intelligence illegally ?

      FTFY

      --
      There are two types of people in the world: Those who crave closure
    12. Re:This has gone beyond madness by king+neckbeard · · Score: 2

      That's like saying it's a cop's job to shoot people.

      --
      This is my signature. There are many like it, but this one is mine.
    13. Re:This has gone beyond madness by NatasRevol · · Score: 1

      You don't seem to understand what constitutional is then.

      http://en.wikipedia.org/wiki/F...

      "A "search" occurs for purposes of the Fourth Amendment when the government violates a person's "reasonable expectation of privacy. Katz's reasonable expectation of privacy thus provided the basis to rule that the government's intrusion, though electronic rather than physical, was a search covered by the Fourth Amendment, and thus necessitated a warrant.[35][40] The Court said that it was not recognizing any general right to privacy in the Fourth Amendment,[41] and that this wiretap could have been authorized if proper procedures had been followed.[40]"

      --
      There are two types of people in the world: Those who crave closure
    14. Re:This has gone beyond madness by L4t3r4lu5 · · Score: 3, Funny

      How would the veto work if the UN voted out the USA?

      "I veto your voting us out!" "You can't do that, you've been voted out so you therefore have no veto." "But the vote is vetoed, so we weren't voted out!" "..." "..."

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    15. Re:This has gone beyond madness by Zumbs · · Score: 1

      I love lines. I like the whooshing sound they make as they fly by.

      - NSA operative

      --
      The truth may be out there, but lies are inside your head
    16. Re:This has gone beyond madness by Minwee · · Score: 3, Funny

      "OK, Private, you know the enemy uses US civilians as human shields, and that's when we use the .50 caliber to make sure the bullet goes through the US civilian in order to get the terrist hiding behind him!"

      "But I don't see anyone hiding behind any of those civilians!"

      "They can be tricky. Start shootin' anyway."

    17. Re:This has gone beyond madness by Chris+Mattern · · Score: 1

      The vote has to pass before the US is out, and the vote doesn't pass if the US vetos it. So the US isn't voted out.

    18. Re:This has gone beyond madness by drinkypoo · · Score: 2, Insightful

      But by then it is too late...to challenge it now would precipitate an identity crises that isn't nearly as much fun as seeing yourself as the hero of the world.

      Congratulations, you just described the mode in which basically everyone operates. We all just tell ourselves we're being pragmatic as we sell out our futures. We don't live for today or tomorrow, but for an outcome that will never exist as long as we don't alter our behavior.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    19. Re:This has gone beyond madness by BobMcD · · Score: 1

      It turns out there may be a way...

      http://en.wikipedia.org/wiki/U...

    20. Re:This has gone beyond madness by idontgno · · Score: 1

      Think of it as unplanned pen testing. Kinda like how rape is unplanned sex.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    21. Re:This has gone beyond madness by PPH · · Score: 1

      Assuming the targets are not US citizens, and are outside the US, arrested for what?

      Espionage. Most countries have applicable laws.

      This is what intelligence agencies are supposed to do.

      Apprehend the guilty parties, try them and shoot them for spying. This is what countries security services are supposed to do.

      Hell, most countries don't exclude their own territory nor citizens from being targeted by their own intelligence agencies.

      So China spies on its own citizens. I don't think anyone would be shocked if they arrest a foreign agent for doing the same.

      --
      Have gnu, will travel.
    22. Re:This has gone beyond madness by ObsessiveMathsFreak · · Score: 1

      The FSB, the ISI, and Chinese intel are doing the same exact things, except that whatever they find is going to be immediately used for their country's economic advantages.

      Of this I have no doubt, but where I disagree is on

      a) The scale: I guess the NSA is acting on a scale of one if not two orders of magnitude higher than its counterpart agencies abroad. This no matter how you measure activity.

      b) Discretion: At least if the Russians or the Chinese were monitoring us, we wouldn't be hearing about it as much as from the NSA. While it is a data collection machine, the organisation is acts in an amatuerish fashion when it comes to seeking, storing, and protecting its information and activities.

      c) Whatever about the industrial reasons for Russian/Chinese espionage, the NSAs domestic programs appear to have no reason to exist other than simply to exist. Or else the NSA is actively gearing up for a cuop d'etat in the United States.

      The NSA is a different beast than its counterprats or historical ancestors. We are witnessing the creation of a new, powerful, and very sinister type of human organisation.

      --
      May the Maths Be with you!
    23. Re:This has gone beyond madness by PPH · · Score: 1

      So you are saying that, even if such behavior is wrong, the fact that someone else does it makes it OK?

      One of the NSA's duties was supposed to be ensuring the security of our networks from foreign spying. Doing so and exposing foreign exploits with the idea that they are wrong and disrupt global trade would have been the moral high ground. But we lost that position a long time ago. We can no longer argue that other nations should follow our example because our example is no better then theirs.

      And if you think that the NSA/CIA are only collecting foreign intelligence for the benefit of US corporations, you are wrong. These organizations have a long history of collecting domestic intelligence and handing it to their friends in the company across the street.

      --
      Have gnu, will travel.
    24. Re:This has gone beyond madness by Anonymous Coward · · Score: 1

      Ignore that moron. I suspect it's the same people posting the same thing over and over (though I can't confirm). No matter what arguments you use, these people will just move on to the next NSA article and claim that the NSA isn't doing anything illegal and that the Supreme Court's opinions are always correct (paradoxical authority worship). Something is unconstitutional when it violates the constitution. Fuck 'em.

    25. Re:This has gone beyond madness by Chris+Mattern · · Score: 1

      A deadlocked security council can't block the general assembly's ability to issue "recommendations". The GA can't vote to do anything real under this provision.

    26. Re:This has gone beyond madness by BobMcD · · Score: 2

      Maybe you didn't click the link. Here's the salient part:

      It has been argued that with the adoption of the 'Uniting for Peace' resolution by the General Assembly, and given the interpretations of the Assembly's powers that became customary international law as a result, that the Security Council 'power of veto' problem could be surmounted.[34] By adopting A/RES/377 A, on 3 November 1950, over two-thirds of UN Member states declared that, according to the UN Charter, the permanent members of the UNSC cannot and should not prevent the UNGA from taking any and all action necessary to restore international peace and security, in cases where the UNSC has failed to exercise its 'primary responsibility' for maintaining peace. Such an interpretation sees the UNGA as being awarded 'final responsibility' - rather than 'secondary responsibility' - for matters of international peace and security, by the UN Charter. Various official and semi-official UN reports make explicit reference to the Uniting for Peace resolution as providing a mechanism for the UNGA to overrule any UNSC vetoes;

      So this is the approximate procedure:

      1) Introduce to the Security Council a resolution to restore "security" to the internet by barring the United States from hacking everybody.
      2) US vetoes.
      3) Introduce to the Security Council a resolution removing the US from the Security Council and barring the United States from hacking everybody, in order to restore "security" to the internet.
      4) US vetoes.
      5) Bring resolution from '3' to the General Assembly.
      6) Resolution passes, because the GA is empowered to prevent war.

    27. Re:This has gone beyond madness by ubrgeek · · Score: 1

      > Kids can be terrorists too.

      That's right kids! And now it's easier than ever with Mattel's My First IED!

      --
      Bark less. Wag more.
    28. Re:This has gone beyond madness by ubrgeek · · Score: 1

      More likely to challenge it now would precipitate a cut to the agency's annual budget.

      --
      Bark less. Wag more.
    29. Re: This has gone beyond madness by cbiltcliffe · · Score: 1

      I didn't know that every sysadmin was a US citizen

      Where does the GP make anything even remotely resembling this claim?

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  4. A limerick by Anonymous Coward · · Score: 5, Funny

    There once was an NSA operative from Nantuckett
    Whose ________ was so _______ he could ________.
    He said with a _________ as he wiped off his __________,
    "If my __________ was a _________ I would __________ it."

  5. Then I will hunt them first. by Anonymous Coward · · Score: 1

    (police show up at house)

    "Wait...what are you doing! I was just making a joke online...I didn't mean it...please!"

    (shot in face, staged as suicide)

  6. Once compromised, it's a two way street.. by FirstOne · · Score: 5, Interesting

    Once you break into a admin's computer, with his credentials, it's a two way street.. One can plant evidence just as well as detect it..

    Now that this info is public knowledge, any accused should levy a defense that the NSA planted the evidence, since they have the ability and the court has no way of identifying planted information verses unapproved activity.

    Advice to NSA admins, I know it is a cushy job, but find another job NOT in the government, the NSA is on a witch-hunt it's only a matter of time before they turn innocent bystanders into criminals.

    1. Re:Once compromised, it's a two way street.. by boristdog · · Score: 2

      I had to point this out to our security dept several years back. They were scanning everyone's computer and user drive and building cases to fire people for anything they considered inappropriate. I told them that just because something is on someone's computer doesn't mean they put it there.

      They finally listened when I secretly buried an empty directory called "kiddie porn" on one of the security managers user profile. Root access is awesome. The witch hunts stopped soon after.

    2. Re:Once compromised, it's a two way street.. by 228e2 · · Score: 1

      Cool Story Bro.

      So where do you work now???

      --
      Since when does being a Socialist mean 'someone who has a different opinion than me'?
    3. Re:Once compromised, it's a two way street.. by boristdog · · Score: 1

      Same place. Head of security is gone, however.

    4. Re:Once compromised, it's a two way street.. by Minwee · · Score: 1

      They finally listened when I secretly buried an empty directory called "kiddie porn" on one of the security managers user profile. Root access is awesome. The witch hunts stopped soon after.

      Which reminds me, how has your job hunt been going?

    5. Re:Once compromised, it's a two way street.. by drinkypoo · · Score: 3, Insightful

      Advice to NSA admins, I know it is a cushy job, but find another job NOT in the government, the NSA is on a witch-hunt it's only a matter of time before they turn innocent bystanders into criminals.

      Why would that help? A "former NSA admin" makes a convenient scapegoat. Come up with some employees who will strongly suggest that he was pushed out the door due to possible illegal activity and it's goat stew time

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:Once compromised, it's a two way street.. by Khashishi · · Score: 1

      ...the court...

      Who said anything about a court being involved?

  7. Re:Perhaps it is rather time..... by interkin3tic · · Score: 4, Funny

    Good idea, I'll post a message to the facebook group for assassins for hire, and we'll... hmm... who could be at the door THIS early?

  8. yawn. by nblender · · Score: 2, Insightful

    I read through it. What I got was some full of himself mid-level network aware weenie who managed to get a job at NSA and get access to a vast trove of captured packet data trying to impress people with his vast knowledge of intarwebs protocols... I bet the smart people at NSA who are reading his lunatic ravings are wondering "who hired this asshole?"

  9. I spy my spy by denisbergeron · · Score: 1

    When a spy agency have to spy its own spy, it's not a spy agency anymore but a paranoiac employer.
    And it's also the end of any mccarthyism in the USA

    --
    Ceci n'est pas une Signature !
  10. Smert Shpionam! by davecb · · Score: 2

    The traditional fate of spies is death, so arrange to catch one and rendition him to Russia.

    --
    davecb@spamcop.net
    1. Re:Smert Shpionam! by dryeo · · Score: 1

      Only during war time. Traditionally during peace time their fate is often to be traded for the other sides spy.

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    2. Re:Smert Shpionam! by davecb · · Score: 4, Insightful

      Only slightly tongue-in-cheek, I fear the US is in the middle of a civil war they haven't noticed yet...

      --
      davecb@spamcop.net
    3. Re:Smert Shpionam! by Yew2 · · Score: 1

      Smient Spionum u mean?

      --
      will work for dragon quest localization
  11. Turnabout is fair play, isn't it? by king+neckbeard · · Score: 3, Interesting

    If they are compromising sysadmins without due process, then a sysadmin like Snowden compromising them is just desserts.

    --
    This is my signature. There are many like it, but this one is mine.
  12. Smartest guy in the room by Krazy+Kanuck · · Score: 3, Insightful

    Sadly the NSA isn't, and creating these back doors is just creating a honey pot for those who are. Stop compromising our networks in the name of "national security".

  13. The apologists will darken the skies by Anonymous Coward · · Score: 5, Insightful

    As bad as such revelations are, what drives me nuts is all the apologists who crawl out of the woodwork every time one of these stories breaks. They have no end of justification for whatever the NSA or CIA does, anything from "I have nothing to hide" to "privacy is dead, stop bitching because the Good Guys are working t protect you".

    I predict the kind of practice in TFA is going to keep mushrooming until someone uses it as a political weapon and then gets caught. Only then will the jock-sniffing Congress do something substantive about this mess.

    If I were advising Hillary Clinton, I'd tell her to never touch another computer until her political career is over.

    1. Re:The apologists will darken the skies by EnergyScholar · · Score: 1

      While some of the apologists you decry are probably real, it's a safe bet that most of them are sock puppets. There is a thriving market for 'media consulting firms' who take money to provide sock puppet services. I've personally identified quite a few working Slashdot. They already have 'full capture' of this service, and of most online social networks. They are most apt to turn up when someone posts a 'controversial' story, and otherwise try to keep a low profile.

  14. CFAA by neghvar1 · · Score: 2

    It would be nice if we could sick the CFAA on the NSA. Unofrtunately, they are immune from that law.

  15. oh, you think sigint is your ally. by nimbius · · Score: 5, Funny

    But you merely adopted the shell. I was born in it, molded by it. I didn't see the GUI until I was already a man, by then it was nothing to me but BLINDING!
    The login prompts betray you, because they belong to me.

    so give it your best, young man. I and my greybeards are forged in this art. We know that behind your presentation, your boldface scrawlings and your bemused predatory preamble that we have coffee ringed RFC's that have seen more fervent attempts than yours. Save yourself some grief and maybe curry our favour. target our PHB instead.

    --
    Good people go to bed earlier.
  16. My take on it. by Noryungi · · Score: 3, Informative

    If you are a sysadmin, and you have a Facebook page, LinkedIn account, social-media-whatever thingmagajig or Slashdot account, the NSA may well come after you.

    Remember: this is written in plain sight and the NSA created fake Slashdot account to get into Belgacom.

    I am a sysadmin. I have a Slashdot account. Maybe it is time for me to say so long, and thanks for all the fish. What Beta was not able to do, the NSA did.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:My take on it. by Nyder · · Score: 2

      If you are a sysadmin, and you have a Facebook page, LinkedIn account, social-media-whatever thingmagajig or Slashdot account, the NSA may well come after you.

      Remember: this is written in plain sight and the NSA created fake Slashdot account to get into Belgacom.

      I am a sysadmin. I have a Slashdot account. Maybe it is time for me to say so long, and thanks for all the fish. What Beta was not able to do, the NSA did.

      Ya, and admitting your a sysadmin probably doesn't help either.

      --
      Be seeing you...
    2. Re:My take on it. by DigiShaman · · Score: 1

      Security through obscurity!

      --
      Life is not for the lazy.
  17. If you are reading this on /. by Dharkfiber · · Score: 1

    It has already happened.

  18. I love the irony of this... by bwcbwc · · Score: 3, Insightful

    While NSA was hunting sysadmins, they were being pwned by...a sysadmin!

    Yet another example of how NSA is too focused on offensive network capabilities (breaking into target systems) and doesn't pay enough attention to defense (strong crypto, open security models, etc.)

    --
    We are the 198 proof..
  19. LinkedIn... by Larry_Dillon · · Score: 1

    So they're basically running through LinkedIn and targeting anyone who says they're a SysAdmin, a VP, or anyone else who looks like they might have elevated privileges?

    --
    Competition Good, Monopoly Bad.
  20. NSA to Sysadmins ... by PPH · · Score: 1

    Do our bidding or we'll out your posts on /mlp/.

    --
    Have gnu, will travel.
  21. Really Stupid NSA... by Lumpy · · Score: 2

    Wow they are amateurs now.

    Dear NSA, want to do your job right? then start watching top networking companies for job openings and have your Networking expert agents apply for the jobs there. Nothing better than having your agent working on the inside.

    a "hit list" is stupid, you waste a LOT of time having to deal with them, but if Agent Davis is a network admin at VERIZON or AT&T then you make a single phone call to own the network.

    This tip is free, otherwise I am $4500 an hour minimum of 10 hour charge for any more consulting, als you pay all travel costs and I only fly private or military jet. F16 trainer preferred.

    --
    Do not look at laser with remaining good eye.
    1. Re:Really Stupid NSA... by Lumpy · · Score: 1

      Hush Comrade, they have no idea that we have infiltrated their systems.
      Note to self: stop using the word Comrade, it seems to draw strange looks from NSA types.

      --
      Do not look at laser with remaining good eye.
  22. Re:Perhaps it is rather time..... by NoOneInParticular · · Score: 1

    As the Boston bombing shows, the NSA is really not reading facebook. They're storing all this shit. but it's not used for any actual intelligence work. I can only speculate what it is used for, but chances are that's it's about money. So feel free to post on facebook, that's the last place they'll look.

  23. I hope the list itself is leaked by ShaunC · · Score: 1

    So many attempted lawsuits against the USG over various spying revelations have been refused because the complainant has no "standing," i.e. legal proof that they have been damaged. I imagine that if the list of targets were to leak, that would give those individuals valid standing to sue. As someone who was the DBA at a US$6-7B/yr corporation for more than 7 years I sort of suspect my name is on their list. I will say one thing, there's no fucking way any NSA ratware got into systems under my control using me as a conduit.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  24. Where is the NSA recruiting? by allo · · Score: 1

    > are ROFL-easy [...] And pointing out for the lulz [...]

  25. bottom line by allo · · Score: 1

    - seperate normal surfing from your admin job
    - encrypt everything
    - consider to bounce connections via another server. Bonus if the final connection is via an intranet
    - consider using a vpn-service, which routes many people over one ip
    - avoid facebook and webmail (are they talking about specific webmails?)

    for the selector stuff: install a cookie-killer like self-destructing-cookies (firefox) or tab-cookies (chromium).

  26. Re:Perhaps it is rather time..... by anyGould · · Score: 1

    As the Boston bombing shows, the NSA is really not reading facebook. They're storing all this shit. but it's not used for any actual intelligence work. I can only speculate what it is used for, but chances are that's it's about money. So feel free to post on facebook, that's the last place they'll look.

    More accurately, they're storing it so that once they decide you're the guilty one, they can easily backtrack through everything you've ever said or did to "prove" it. Six lines from an honest man, and all that.

  27. It's a criminal activity when anybody else by ToddInSF · · Score: 1

    does it; but when the government and it's many contractors do it, it's A-OK.

  28. Suspicion by PPH · · Score: 1

    So now you, the company CIO, go back to work and wonder if your sysadmins might inadvertently infect your servers with a trojan. Or worse, they have already been turned by the NSA. So screw this running your own infrastructure in-house. Pull the plug and put everything in The Cloud. Where they promise you security. Its possible that this document was leaked purposefully, to sew some doubts into decision makers minds with regard to their in-house admins.

    In reality, The Cloud makes things easier to crack. A couple of big targets rather than thousands of little ones.

    --
    Have gnu, will travel.