Slashdot Mirror

← Back to Stories (view on slashdot.org)

Born In the NSA: These Former Spies Are Starting Companies of Their Own

Posted by samzenpus on from the we-did-it-our-way dept.

First time accepted submitter ElyKahn (3637855) writes "The diaspora of startups with an NSA pedigree is rapidly growing. These startups, such as Sqrrl, Virtru, and Synack, are typically security-focused and often are commercializing technology projects from the NSA. However, coming from the NSA is a dual-edged sword... the technology is world-class and cutting-edge, but they must also fight the viewpoint of some that the startups are merely a front for the NSA."

40 of 57 comments (clear)

  1. Re:Nice try NSA! by Chrisq · · Score: 3, Informative

    It reminds me of when the BNFL changed the name of its nuclear generating and reprocessing plant from Windscale to Sellafield to lose the association with radiation leaks, fires, etc.

  2. Shouldn't that be BORED in the NSA? by Anonymous Coward · · Score: 3, Interesting

    I was BORED in the NSA
    I was BORED in the NSA

    Born down in a dead man's town
    The first door kick I took down hit the ground
    End up like a dog that's been beat too much
    Till you spend half your life just covering up

    Got in a little public network jam
    So they put a rifle in my hand
    Sent me off to my own land
    To go and kill the geeky man

    Come back home to commercial land
    Hiring man said "son if it was up to me"
    Went down to see my P.I. man
    He said "son, don't you understand"

  3. These days I think it's safe to assume by Rosco+P.+Coltrane · · Score: 4, Interesting

    The NSA has its grubby little paws everywhere. Whether the company is in bed with them willingly is another matter.

    I know a many European business owners who think twice or more before doing business with *any* US company, just because the US surveillance state isn't far behind.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:These days I think it's safe to assume by Trepidity · · Score: 4, Insightful

      Unfortunately, we're increasingly discovering that the European intelligence agencies are pretty strongly in bed with the US surveillance state, too. It's not 100% clear if the situation is quite as bad, but there is substantial evidence that the German, French, Danish, Swedish, etc. intelligence services are routinely helping each other out. There's some suspicion that they're even doing some jurisdiction-laundering through these arrangements: the NSA can spy on Germans because they're foreigners, and then shares data with German intelligence that German intelligence wouldn't be able to legally collect on their own citizens. And vice versa, e.g. Swedish intelligence has apparently been spying on Americans and sharing the info back with American intelligence.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    2. Re:These days I think it's safe to assume by JaredOfEuropa · · Score: 3, Interesting

      Not sure if the situation is quite as bad here, but it's getting pretty bizarre. Apparently, British Intelligence gave (secret) advise to the Dutch intelligence services on how to circumvent legal objections to perform wiretaps, as evidenced by communication leaked by Snowden. When such practises were questioned in parliament, concern was expressed that limiting the amount of spying by Dutch intelligence services would mean that they'd have fewer data to trade with the NSA. Apparently these agencies have a tit-for-tat policy... By the way, the body that expressed that concern was not the intelligence agency, nor was it parliament, but the oversight committee that is supposed to keep an eye on intelligence agencies. Somehow, that doesn't give me a warm fuzzy feeling that my rights are assured...

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    3. Re:These days I think it's safe to assume by Wrath0fb0b · · Score: 1

      This.

      It's an interesting conundrum. We can at least try to pass laws to prevent our governments from spying us, but even if we succeed we can't very well pass a law forbidding others' governments from doing what they will.

      Ultimately, I don't see a solution that's plausible here.

    4. Re:These days I think it's safe to assume by jc42 · · Score: 2

      It's an interesting conundrum. We can at least try to pass laws to prevent our governments from spying us, ...

      While you're at it, you should also pass a law saying that government agencies must obey the laws of your country.

      Good luck with that.

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    5. Re:These days I think it's safe to assume by alex67500 · · Score: 1

      Unfortunately, we're increasingly discovering that the European intelligence agencies are pretty strongly in bed with the US surveillance state, too. It's not 100% clear if the situation is quite as bad, but there is substantial evidence that the German, French, Danish, Swedish, etc. intelligence services are routinely helping each other out. There's some suspicion that they're even doing some jurisdiction-laundering through these arrangements: the NSA can spy on Germans because they're foreigners, and then shares data with German intelligence that German intelligence wouldn't be able to legally collect on their own citizens. And vice versa, e.g. Swedish intelligence has apparently been spying on Americans and sharing the info back with American intelligence.

      I would say that they are all doing it, and that the NSA probably isn't the best at it (Israel and Russia are great at it, France-Germany-UK are good at it, China does it in the open...). The only difference between the NSA and intelligence agencies elsewhere is discretion. And Snowden, of course. That was discretion 101: what not to do.

    6. Re:These days I think it's safe to assume by Jane+Q.+Public · · Score: 2

      The NSA has its grubby little paws everywhere.

      What bothers me is that they're doing it at our expense.

      Hey, folks:

      The NSA is a taxpayer-funded, government organization. Any technology that comes out of it belongs to the public, not some corporation.

    7. Re:These days I think it's safe to assume by Ungrounded+Lightning · · Score: 1

      ... European ... agencies ... in bed with the US surveillance state, ... German, French, Danish, Swedish, ... routinely helping each other out.

      One scenario where this would make sense is if the governments of the world see the upcoming conflicts as, not between nation-states or groups of them, but between nation-states as a class and their citizens.

      There's been a lot of talk about things like:
        - The Internet gives people news channels that can't be so readily turned into propaganda machines for those in power.
        - Voluntary organization is far more efficient than central planning, including when it comes to organizing political action.
        - Allegedly opposing major political parties are essentially indistinguishable when it comes to their actions when in power.
        - Liberty and libertarian movements, dedicated to reducing the size of governments, having growing political success.
        - Individuals and small groups, driven by ideology or rational thought rather than organized cooperation, having world-shaking effects (example: Snowden). Multiply that by the number of non-governmental individuals who may become active...
        - Governments, as a class, having looted their people to the point of crippling the economy and risking their survival.
      and so on.

      Suppose governments are taking this talk seriously? They could see this as a repeat of the 18th century overthrow of the various royal families and the replacement of their governmental forms by republics, but with the current institutions playing the part of the royals and voluntary, information-based, anarchy/libertarian/constitutional/etc. movements playing the radicals.

      With visions of the French Revolution's Reign of Terror dancing in their heads (and concern that these heads might be abruptly separated from their bodies), wouldn't one expect them to tool up for a conflict? Wouldn't a first step to be collecting intelligence on their possible opposition - to see if it's real and sort out WHICH sheep are becoming wolves?

      The same scenario might also work if, for "governments" you substitute power blocks within them (such as "the intelligence community") or outside power groups that allegedly control or strongly influence them (such as "International Mega-Corporations" or "International Bankers / The Financial Community".)

      The common thread is "Some international power group as a class, versus the bulk of the people of the world." They don't have to actually be under attack by billions of little people. They just have to believe they might be, now or soon, and have the power to get the intelligence agencies to aid them. ... jurisdiction-laundering through these arrangements: the NSA can spy on Germans because they're foreigners, and then shares data with German intelligence [they couldn't] legally collect on their own citizens. And vice versa, ...

      Case in point. Why would they need to bypass the limits unless they fear a threat from within? "Terrorism" is a great excuse. But the threat from international terrorism is a drop in the bucket compared to traffic accidents. Wouldn't detection and suppression of perceived revolutionaries and internal political opponents make more sense?

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    8. Re:These days I think it's safe to assume by cavreader · · Score: 1

      At the international level it is more of the government spying on other governments not your average citizen. And every country of note on the planet does it and the rank hypocrisy of the countries raising a fuss about a US intelligence agency performing it's functions is simply breath taking. OMG a spying agency that actually spies. Stop the fucking presses and get ready to charge the barricades. The whole NSA spying issue has been blown out of proportion when it comes to spying on individuals. There isn't a spying agency on the planet or the necessary technology capable of real time data collection and worthwhile analysis on individuals. At best they can collect a whole shitload of worthless data that they can use if a particular person or group shows up on their radar from the HUMINT side of things. Or they can use any stored data to do a post mortem after the next 9/11 to figure out who is to blame for not stopping it from happening. That's where all this nonsense started in the first place. People weren't satisfied with blaming the people who actually committed the act they wanted to blame someone for letting it happen and of course no one wanted to take the blame so they started devising ways to make sure they could not be blamed for any future random suicidal attack. Meanwhile the real danger to online security and privacy protection for the individual is credit card theft and identity theft from sophisticated criminal enterprises. These dangers do effect the individual and causes all types of problems every day all over the world. The technology crowd has also been silent when it comes to evaluating some of the capabilities that the NSA purportedly has. Most of the information stolen from the NSA contains no details about how these capabilities are implemented or even if they were ever built and deployed. The Power Point presentations released look more like something used to procure future funding than any actual system that is up and running. And of course no one has vetted any of the released documents and have just automatically assumed they are 100% accurate. If the NSA technical capabilities are any where close to what is claimed then why would you not hire a company with the knowledge and technical expertise to make sure you are not vulnerable to any existing exploits the NSA is supposedly taking advantage of? Ask yourself what caliber of people would the NSA have building their cutting edge systems? The engineers and software developers building the NSA capabilities are in the upper tier of that particular labor pool and any chance to get access to their services to secure your own systems would be worth the money and it would be very profitable for the companies proving these services. To automatically assume they are still working for the NSA shows more paranoia than prudence.

  4. Oh no... by Parker+Lewis · · Score: 3, Funny

    Now I'll never be able to sing again the Bruce Springsteen song without remember this news title!

  5. Think of the features ... by MacTO · · Score: 1

    "All of our security products come with a free back^H^H^H^H^H emergency exit."

  6. Front for the NSA? by Anonymous Coward · · Score: 1

    That's not the actual problem. The actual problem is like going to a world-class and cutting-edge insurance company that has been started by retired Mafia members.

    You don't want to trust people with business ethics compatible with their background. Never mind how qualified they are.

  7. Re:Should become a lot easier by NotDrWho · · Score: 2

    They only need one customer. Uncle Sam will throw pallets of cash at any company that says the magic words "We can help you with national security" (non-bullshit translation: "We can help you spy on your citizens and other county's citizens").

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  8. ya see it works like this... by nimbius · · Score: 1

    Government: founded by and for the people, beholden to certain truths inalienable to all mankind, servant of the public trust and keeper of the freedom. checks and balances exist in theory to crush any attempt to tread on constitutional rights.
    Corporations:: Facebook gmail gchat pinterest funtime! its snapchat loads of fun social social! just sign up! its free and all ur friend r here its fun! play farmville! :D
    Fusion Center: Warrants are hard, congress is slow, we steal your data, but you'll never know..

    --
    Good people go to bed earlier.
  9. Or that the tech comes with backdoors... by gweihir · · Score: 1

    As the NSA is so fond of placing these days, thereby exceeding the damage even the most capable data-terrorists could ever hope to cause and attacking the very fabric of society: trust.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  10. Re:Nice try NSA! by NotDrWho · · Score: 1

    Worked for Blackwater, aka "Academi". Still gets 10's of $millions in government contracts every year.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  11. Re:Nice try NSA! by NotDrWho · · Score: 1

    Oops, that's actually a typo. I meant *hundreds* of millions--every year, of our tax dollars.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  12. Funny but... by LWATCDR · · Score: 1, Insightful

    I fear the NSA a lot less than Russian Mafia and or the others that seem to be running things like the Target break in. I feel that many people do not have their threats in line with reality. Kind of like people that live in terror of nuclear power plants and flying but drive a 1982 Volvo with no airbags, traction control, or anti-lock brakes.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    1. Re:Funny but... by LWATCDR · · Score: 1

      And you think you are in danger of a kill order?

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  13. Who else has their grubby pays in the NSA? by davecb · · Score: 1

    The NSA has its grubby little paws everywhere.

    I wonder how many of these companies were started by ex-sysadmins with their pockets full of thumb-drives? Is their security is that bad, there must be a thriving business in recycled secrets (;-))

    --
    davecb@spamcop.net
    1. Re:Who else has their grubby pays in the NSA? by TheCarp · · Score: 2

      I think you have it wrong.

      Every time I look at an org like this I remember, its government....they do funding in the same model as academic institutions and hospitals. They are a cash cow....but employes can't get at those teats directly, they can only influence who externally gets to suck.

      Clearly the smart move is to leave, and become a service provider. Start a security focused business, start something the NSA themselves will have trouble getting into, and you provide incentive for them to buy their way in when your security focus attracts someone they find interesting.

      Its not a new idea, it happens all the time in places with a lot of money and beauracracy where insiders see outside contractors bringing home the bacon. Sure, not everybody likes bacon that much but, there are always a few who do....and it isn't unheard of for managagement to find such arrangements lucrative themselves. (what is a little kick back between such long time friends and former co-workers)

      Then again, that is likely not all of them. Who knows how many left because they were disgusted by the whole thing? That definitely happens too.

        But where there is beauracracy... funding gets turned into a political games. Political funding games are lucrative for outsiders....hence this particular design pattern emerging in so many places.

      --
      "I opened my eyes, and everything went dark again"
    2. Re:Who else has their grubby pays in the NSA? by davecb · · Score: 1

      Clearly the smart move is to leave, and become a service provider. Start a security focused business, start something the NSA themselves will have trouble getting into, and you provide incentive for them to buy their way in when your security focus attracts someone they find interesting

      I wasn't asking about legitimate spin-offs, I was wondering how many of them are pure crooks (;-))

      When Sun still existed, it wasn't at all unexpected for a couple of people to leave to start their own business, work on something on their own nickel that Sun wasn't going to fund, and see if they'd get bought.

      The Sun very-very-multithreaded chips came out of two hardware designers thinking that there was a better way to go fast than "this chip is so hot it glows in the dark". They got lots of parallel threads almost immediately, whereupon Sun bought them! They eventually got faster single-threaded performance too, all out if breaking up the function units very differently.

      All large organizations suffer from this phenomenon, whether they're public or private. All large organizations suffer from crooks walking out with thumb-drives, too...

      --
      davecb@spamcop.net
  14. Re:Guaranteed business by NotDrWho · · Score: 2

    The ideal business:

    "So, tell us about your product and/or services"
    "That's classified."

    "Well, does it at least work?"
    "That's classified."

    "Was it successful?"
    "That's classified."

    "And how much did it cost the taxpayer?"
    "That's classified."

    "Well, is it even fucking legal??"
    "That's classified."

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  15. No such thing by Charliemopps · · Score: 3, Interesting

    There is no such thing as a former KGB man.

    Vladimir Putin - May 2000

  16. Re:Grubby little paws by bradley13 · · Score: 2

    why don't we also stop using the term "congress critters"

    It's just a euphemism, we all know what we mean. Anyway, "corrupt sociopath" doesn't have the same cachet...

    --
    Enjoy life! This is not a dress rehearsal.
  17. Ruh roh... by rhewt · · Score: 1

    This company A10...

    http://www.a10networks.com/pro...

  18. Sounds familiar... by LongearedBat · · Score: 1

    If they cut off one head, two more shall take its place.

  19. Spinoffs by ShakaUVM · · Score: 1

    See, this is why we need to boost funding for the government!

    All these spinoffs! It's given us velcro, the microwave, handheld diagnostic devices, heat shields, radiant barriers, brainwave monitoring, real time tracking of the populace, the license plate database, live interception capabilities on all foreign leaders, the space shuttle, data mining tools, radiant barriers, Stuxnet, improved rocket engine designs, automated facial recognition, new anti-icing formulas, access to the data in the cloud, oxygen sensors for bioreactors, speech recognition, micro-accelerometers, the ability to recover data off a dead hard drive, behavior prediction tools, sensors that enable plants to text farmers, graphing all social connections in America based on phone calls, photocatalytic surfaces, satellite maps for more realistic gaming (http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20130009018.pdf) and US soldiers (http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20120001904.pdf)... NSA, NASA, what's the difference?

  20. Re:Should become a lot easier by NotDrWho · · Score: 2

    "Hey, why not trust a civilian with full access to our defense system?" said the Caprican Defense Ministry, regarding Gaius Baltar.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  21. NSA usually = useless bluster by Anonymous Coward · · Score: 1

    coming from the NSA is a dual-edged sword... the technology is world-class and cutting-edge

    There's also the human problem that more often than not, "usta work for the NSA" means "could not hack it in private sector," "buzzword compliant," or "washout."

    Here at a small software company in the PNW, we've literally hired hundreds of ex-NSA and similar defense intel people. The vast majority cannot think their way out of a paper bag. Once you get past the secret squirrel BS and the kill-chain-chinese-haxxor-APT-APT-APT!!!!! grandstanding, nary a one has any creative idea about big data analysis, could not tell you how "taxonomy" is different than "tagging", nor could they explain the difference between a malware hit and a behavior. By and large, the NSA people are useless and only here to steal our soda.

    You want scary analysts who know you better than you know yourself? Go talk to the Google/Bing advertising analytics researchers.

    1. Re:NSA usually = useless bluster by WillAffleckUW · · Score: 1

      Here at a small software company in the PNW, we've literally hired hundreds of ex-NSA and similar defense intel people. The vast majority cannot think their way out of a paper bag. ... By and large, the NSA people are useless and only here to steal our soda.

      You use paper bags? Everyone I know in the PNW uses reusable shopping bags.

      --
      -- Tigger warning: This post may contain tiggers! --
  22. Just because everyone is spying on you by WillAffleckUW · · Score: 1

    Doesn't mean you're not paranoid.

    The front corporations are fairly easy to find, just look who buys certain equipment.

    After all, since nobody respects the US Constitution, or the Canadian Constitution, or the EU Constitution and their rights, why should we Serfs care?

    --
    -- Tigger warning: This post may contain tiggers! --
  23. But they're NOT a front for the NSA. by gestalt_n_pepper · · Score: 1

    I'm sure they'll work for *anybody.* The NSA, the CIA, the Chinese, the Russians, the NYC police department, NASA, BP, Exxon....

    Heck, the beauty of it is that the intelligence can be sold over and over to different parties to the highest bidders. It doesn't even have to be accurate, just convincing.

    Of course, if the NSA hopes to shield itself from controversy by outsourcing to these front organizations would never allow that to happen.... (Ahem). Unless, perhaps, there was money to be made.

    --
    Please do not read this sig. Thank you.
  24. Sounds pretty bogus by sgt_doom · · Score: 1

    commercializing technology projects from the NSA...

    Ummmm.....if it's gov't tech, it's the people's technology, and therefore all profits should go to the IRS at the very least!

  25. Re:Nice try NSA! by AvitarX · · Score: 1

    Bars in the seedier parts of Brooklyn would do the same thing.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  26. Distributed Meshes of Neurons: Discover Themselves by VortexCortex · · Score: 2

    Sneaker Net: Decentralized peer to peer data exchanges using paper, punched cards, scrolls, stone tablets, bits of knotted string and other primitive methods such as the Postals Services get humans to the personal computing explosion.

    Prior to mid 1980's: Software doesn't have patents yet, no innovation could have happened before this point.

    Software Patents: Due to government restriction on innovation in the 1980's Personal Computers instantly appear. Some say it is a conspiracy, involving E.T.s

    ARPANET: After millions of years of primitive communication, humans finally test peer to peer data routing on machines, and one day this becomes the Internet. Semaphores and Radios remain a CIA Hoax!

    FIDONET: The Internet (being designed by committee) takes too damn long so the citizenry say, "Well, fuck that let's do it our selves", because of long distance fees and the FCC the Internet wins over a more decentralized approach.

    The WWW: A centralized approach to digital file sharing. In ignorance of all prior human history (including such one-to-many landmark designs such as Hollering, Signal Fires and Television), HTML and DNS fails to leverage the Internet's capabilities fully, creates lots of needless bottlenecks at the data silohs it erects, enables censorship, and spying on data consumption for the first time. (Librarians shudder, and eventually the state takes away the right to privacy in dead-tree reading material too, because "Turrist!").

    Distributed File Sharing: Online decentralized information transfers, tries to make the data storage work the way the Internet, and every-"bloody"-thing else does. Fine upstanding citizens understand such technologies can only be used for, evil (I mean, just look at rumors, gossip, repeating camp-fire stories, and brains).

    Tor: Online Anonymity to fight the dumb-ass "features" of the centralized web's design. This centralized approach to anonymity fails because it's fucking laggy and it bounces data between endpoints instead of placing the technology in the IP routers.

    Anonymous P2P: Anonymous (somewhat) Distributed File Sharing, lays the groundwork for what will replace the WWW.

    Dead Drops: Offline decentralized digital information transfers, because "Oh yeah!", the FIDONET approach and packet routing doesn't actually need wires; Sneakernet v2.0 don't even need broadcast radios -- as if such things had ever existed.

    DTN: NASA tries to figure out how Disruption Tolerant Networking would work, but completely ignores that DHT infohashes deduplicate the fucking data. Meanwhile, users of napster, Bittorrent, WoW game installers, and dark-age-couriers scratch their heads vigorously and realize since "information conveyance isn't rocket science" space agencies pretty much suck at it.

    Web 4.2.0: Finally mirroring, life, the universe and everything, the web becomes decentralized too, because caches should talk to each other Derp! You mostly pull from neighbors so tracking your online habits has exponential cost. There is no more "fast lane", everything essentially has free collocation, and the more popular content is the more available and faster it comes in. The world's surviving sysops give a collective shrug and say, "well, that finally happed." (Marijuana is also universally legalized, purely by coincidence).

    Terrestrial DTN: A NASA engineer, once fined for using Bittorrent, takes a break from rolling out the DTN and realizes it would cost a lot less if everyone just owned their own software defined short-wave radio to operate the

  27. Back doors, though? by Orwell1983 · · Score: 1

    "The basics on backdoors in security systems" on How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer. I thought the "pool ball" analogy was very interesting....

    "The backdoor allows anyone with knowledge of a secret user agent string to log in and modify settings on any router running the vulnerable software,"... "The values for the points P1 and P2 could have been chosen randomly or they could have been chosen with a deliberate relationship. If they were chosen deliberately, there is a backdoor."

    Is there any way to tell if they were chosen deliberately or not, and if not is this a possibility for any of these programs out there?

    1. Re:Back doors, though? by Gertr00d140 · · Score: 1

      "The basics on backdoors in security systems" on How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer. I thought the "pool ball" analogy was very interesting.... "The backdoor allows anyone with knowledge of a secret user agent string to log in and modify settings on any router running the vulnerable software,"... "The values for the points P1 and P2 could have been chosen randomly or they could have been chosen with a deliberate relationship. If they were chosen deliberately, there is a backdoor." Is there any way to tell if they were chosen deliberately or not, and if not is this a possibility for any of these programs out there?

      Yeah but the NSA probably doesn't want back doors to exist just as much as we do, if not more so... Think of the extremely dangerous consequences for the NSA that could happen if they DID exist or if someone from inside did know a "secret user string" and used it against them... (hint, think Snowden)