Glenn Greenwald: How the NSA Tampers With US Made Internet Routers

Bob9113 (14996) writes "According to Glenn Greenwald, reporting in The Guardian: 'A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft is very hands-on (literally!)".'"

What about inbound?

[mr_mischief]

Surely the NSA can touch anything that Customs does.

Re:What about inbound?

[LifesABeach]

One cannot help but wonder what would happen if Router manufacturers put in smaller EPROMS, and Onboard RAM; to reduce costs of course.

Re:What about inbound?

[WarJolt]

You think the NSA really needs customs to help them spy on US citizens? They really don't have to be that clever about it.

Re:What about inbound?

lol, did you even read the summary of the article?

Re:What about inbound?

Actually they both do, but probably don't tell each other what they are doing. NSA tampers and ships, Customs tampers more and ships, then stuff ends up broken at the other end. Not that uncommon, especially with massive bureaucracies like the US Government has become.

Re:What about inbound?

[gweihir]

Inbound is likely too scattered to be cost-effective or nit targeted enough. If some dealer get 1000 routers from China, it may net even be decided at that time where they get shipped to.

Re:What about inbound?

[mr_mischief]

That's true, but what if someone buys a small order? It wouldn't be difficult to tamper with 3 routers and two switches going to Bob's Data Warehouse, LLC.

Re:What about inbound?

[gweihir]

I expect this happens, but on a much smaller scale as most imports will be by dealers.

Re:What about inbound?

[Alouster]

NSA is putting listening device in everything from shovel handles to soup cans. The question is; why? The answer; most likely to tax, kill, and dominate everyone on this planet. Bastards! Never trust a Yank.... He'll figure a way to rape you. Somehow...

Re:What about inbound?

[doccus]

Well, what about "Mission impossible" style routers? "This device has been illegaly tampered with,. It will 'splode (aaw Ricky!) in 15 seconds..."

First

[CBravo]

we were innocent and naive. Now you can only trust open source.

Re:First

[dougmc]

You can't trust open source either.

Devices like these often have "binary blobs" that aren't open source and could contain backdoors (one of the reasons RMS has been rallying against them, but probably not the primary reason), but even more fundamentally than that, it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.

That said, at least with open source you have the chance to find such things, so there is that. But either way ... I think we're screwed.

Re:First

What if the back door is hardware-related? Software(open source) can't save you from that.

Re:First

[fustakrakich]

I think we're screwed.

Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.

Re:First

[Grishnakh]

You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source

No, you CAN trust open source. If it has a binary blob, then by definition, it is not open source.

it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.

That's still better than closed-source code that you can never inspect. Also, any such contributions will be recorded and tracked. Serious open-source projects like the Linux kernel don't accept anonymous contributions; they have to be signed off by someone. Also importantly, if you look at the Linux kernel, you'll find most contributions (esp. in an area where a backdoor could have a real impact, not places like USB joystick drivers or whatever) come from programmers working for well-known companies, not from random people on the internet.

Re:First

[machineghost]

Does it really matter who we vote for, as far as the NSA is concerned? Any "electable" candidate will just let the NSA keep doing what they're doing.

Even if someone like Al Franken got elected president by some miracle (which is not going to happen) he still couldn't do much unless people also elected a whole bunch of Al Frankens/Rand Pauls to Congress. And that just isn't going to happen (there's a reason why those two are such outliers).

Ultimately the only way we'll ever end NSA malfeseanse (or CIA malfeseanse for that matter) is if we can somehow expose what they do. Without that, we'll change politcians but they'll stay the same.

Re:First

The NSA can't control who you vote for.

YET.

Re:First

[fustakrakich]

Al Franken? No thanks! Besides, he thinks the NSA is a-okay...

Re:First

OMG did you just put Al Franken and Rand Paul in the same sentence?

Re:First

[LifesABeach]

Electronic Voting Machines maybe?

Re:First

Yep only trust OpenSSL.

Re:First

[Obfuscant]

That said, at least with open source you have the chance to find such things, so there is that.

Even with "open source" you still have to get the source code to your spiffy new router. Then you have to do a code review to see what's there. Then compile it, then get the libraries and try to link it, then try comparing the binary just to find out that it will have natural differences from what is installed in the router IF you can extract the binary once it has been flashed into it. (Do many firmware-upgradeable routers have an "extract" function, or only "install"?)

So, if by "chance to find such things" you really mean "install your own code that will overwrite anything that isn't supposed to be there", yes. But to actually FIND the backdoors you need to extract the binary and decompile it anyway. The source may be a guide to what you expect to see, but with optimization and compiler tricks the source may not be all that helpful.

Re:First

[Goaway]

You can't really trust the firmware upgrader to actually write your code there unmodified, either. Or that your code is the only code that runs on the system.

Re:First

[jovius]

Not really. The actually influential positions are outside of the democratic reach. They are "too important" to be decided by random public, unless the public can be made to believe the necessary agenda. Besides to be a successful politician one has to sell oneself in many ways, and sacrifice friends. The wall would come about quite quickly otherwise. People in the highest circles have hardly any principles. In the end it's all about power and interests. The intelligence services are in the core.

Re:First

[Arker]

"And that just isn't going to happen (there's a reason why those two are such outliers)."

The reason is that people like you that ought to know better keep repeating such nonsense. Franken and Paul are only 'outliers' in the context of Washington DC and the deep state - in terms of the country they are essentially mainstream at this point. The media works tirelessly day and night to prevent us from figuring this out, however, and one of their most effective tools is silly little tropes such as the one I quoted above.

Re:First

[dougmc]

I think we're screwed.

Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.

1) who knows how far NSA has its fingers into everything. If they've hacked the voting machines ... perhaps they *can* control who we vote for.

2) it doesn't have to be the NSA. They may have the most resources and the most support from our government, but China could do similar things. And the part about getting back doors into open source software doesn't require a government agency at all.

The most recent poster child of vulnerabilities that nobody noticed was of course Heartbleed, but who knows how many other problems either 1) have been detected but not reported to anybody, or 2) were deliberately added but made to look benign? And it's always possible that the vulnerabilities aren't where you think they are -- for example, the idea of hacking the C compiler to detect when it's compiling /bin/login and adding a back door if it is is decades old, and it's only one of oodles of possible scenarios.

Re:First

[dougmc]

Ultimately the only way we'll ever end NSA malfeseanse (or CIA malfeseanse for that matter) is if we can somehow expose what they do

... and this has already happened, with new stuff coming to light all the time.

And so far, most people don't really seem to care. Not enough to do anything about it, anyways.

Re:First

[houghi]

Exposing is not the issue. They need to be convicted. They already HAVE been exposed.

Re:First

[machineghost]

Sorry, I should have clarified: I meant in a more systematic way, not just a one-shot Snowden deal.

Re:First

You're not really distinguishing yourself from the masses by choosing such an ugly monospaced font.

Re:First

Tell that to Heartbleed, or any of the other bugs that have been sitting around for years, unpatched. It happens. Humans aren't perfect, Open Source isn't perfect.

Re:First

[penguinoid]

Ultimately the only way we'll ever end NSA malfeseanse (or CIA malfeseanse for that matter) is if we can somehow expose what they do. Without that, we'll change politcians but they'll stay the same.

That's why we have people like Snowden. Well, had people like Snowden.

Re:First

And then there's also the usual story of the compiler being compromised too.

Re:First

[Grishnakh]

I never said open-source was perfect, but there's no shortage of vulnerabilities discovered in closed-source software. Heartbleed is just an exceptional case, and was very quickly fixed once reported. How many proprietary vendors have sat on vulnerabilities and refused to fix them for ages? They even contend that vulnerabilities should never be disclosed to the public, so that they can take their time fixing them, if they ever get around to it.

Re:First

[penguinoid]

The NSA can't control who you vote for.

And you know this how? You know for a fact that the NSA can't 1) Dig up information on a candidate, that will cause them to (legitimately) lose the election. 2) Donate, or encourage others to donate, to campaigns such that they legitimately lose the election. 3) Frame the candidate for something, that will cause him to lose your vote. 4) Actively eliminate a candidate, eg an "accident", causing you not to vote for them. 5) Change your vote, such that "your" vote becomes a vote for a different candidate?

Full paranoia mode: and occasionally they release a few people like Snowden, to air a select portion of their dirty laundry and make us believe that we know what the NSA is doing. Remember when they were nicknamed the No Such Agency, think they gave up on that level of secrecy rather than just have the current NSA as their public interactions branch?

Now excuse me while I go add a few more layers to my tin foil hat.

Re:First

OMG did you just put Al Franken and Rand Paul in the same sentence?

Yes he did. And so did you.

Re:First

The NSA can't control who you vote for.

Call Diebold for that.

Re:First

Hmm, then surely the reviewers that buy retail devices and perform a tear-down would see such items if this behaviour was en masse?

Re:First

I understand your premise, though to be fair I am guessing you'll be surprised at just how big of a supporter of the NSA Al Franken is -- he and Rand Paul completely disagree on the topic.

Re:First

[fustakrakich]

And so far, most people don't really seem to care. Not enough to do anything about it, anyways.

Exactly. All this brouhaha won't amount to a hill of beans in November. Okay, maybe the reelection rates might dip below 90%, but that's not very likely. So far, the voters (and some of the responders here) have been very successfully conditioned to believe they are helpless to do anything about it. So I'm going to go with the assumption that this is what they want, but they are still being a bunch of crybabies.

Re:First

What use is open source when they can put in their version of the firmware with back doors inside the shipped product instead of *WHATEVER* open source or not factory stuff you think is in there.

Re:First

[HiThere]

Your point is good, but you still can't trust even open source. Open source is "more trustworthy", but there's a bit difference between more trustworthy and trustworthy. E.g., HeartBleed was found in an open source project. It had been there a long time and nobody who knew about it went public. Either nobody knew, or some people were keeping quiet. No evidence either way. It probably wasn't put there intentionally, but NSA, etc., can hire programmers to find bugs as well as to insert them.

Re:First

[dougmc]

And don't forget that the hardware itself may be compromised.

Re:First

[able1234au]

Interesting. Could the NSA have implicated John Edwards? Perhaps Hillary will be the best candidate as there is nothing she has done that has not been dragged over in the media, so there can't be much to reveal.

Re:First

What was that reagan expression, 'Trust but Verify". With open source, that's atleast an option if you are so inclilned. Try taking a look at microsoft's or ciscos's source code - good luck.

"binary blobs" are NOT considered open source. They are precompiled moduled where the source is NOT included. Sometimes they are combined (or linked) with open source programs.

As far as finding errors, or discrepancies between source and compiled versions, you only need one person to compile the source and compare their executable with an installed version. Like a reference book, you only need one fact-finder to point out factual errors.

Re: First

Assuming they can't backdoor voting devices yet?

Re:First

Even with "open source" you still have to get the source code to your spiffy new router. Then you have to do a code review to see what's there. Then compile it, then get the libraries and try to link it, then try comparing the binary just to find out that it will have natural differences from what is installed in the router IF you can extract the binary once it has been flashed into it. (Do many firmware-upgradeable routers have an "extract" function, or only "install"?)

Or, you can skip all those steps and just take a binary from a source that you trust and flash it.
Even if you want to do the code review and compiling there is no need to verify what was in there before.

Re:First

Sure they can, I can vote for A or B and it would not make one bit of difference because they both play for the same team.

Re:First

Binary blobs are the biggest concern here. The threat of the NSA having open source developers is real, but we've never found one instance of it. There have been rumors flying around for well over a decade, and AFAIK we've only really ever found on suspicious bug.

Re:First

Electronic Voting Machines maybe?

With fingerprint readers to "make sure no-one votes twice."

The NSA would love that.

Re:First

Tell that to Heartbleed, or any of the other bugs that have been sitting around for years, unpatched. It happens. Humans aren't perfect, Open Source isn't perfect.

lol, who said it was perfect? It's way fucking better. Got any other non-sequitur comebacks? Open source isn't tasty?

Re:First

[fustakrakich]

Then vote for C or D or E or .... Get the idea?

Re:First

[fustakrakich]

Frame the candidate for something...

Ah yes, the *dead hooker found in your hotel room* routine. Widely used by organized criminals. Well, I guess it's up to us to be more vigilant. The thing is, nothing is going to change under the present circumstances. Nobody will rescue us. If we don't take care of it ourselves, then we are doomed to live in the 10,000 year empire for all eternity.

Re:First

[phorm]

The NSA can't control who you vote for.

Well actually...

Maybe they can't control your vote (except, y'now if they're going to be intercepting people's routers then how hard is it to hack a voting machine), but even if they didn't they could still control the person you voted for. Similar to the movie "J Edgar", having all that intelligence also means a lot of means for blackmailing politicians into doing what you want...

Re:First

[Obfuscant]

Or, you can skip all those steps and just take a binary from a source that you trust and flash it.

The comment was about finding the backdoors and such, not just being able to flash in a binary from someone else you have to trust hasn't put one in. You don't find anything when you flash in someone else's binary, you just add another level of trust. (As someone else already pointed out -- is there code hardwired into the router that isn't replaced by any flashing?)

Even if you want to do the code review and compiling there is no need to verify what was in there before.

If you want to find the malicious code, yeah, you need to know what was in it.

Re:First

[fustakrakich]

...they could still control the person you voted for...

Then don't reelect them. They're already controlling the ones we have now, by threatening to reveal their crooked financing and sexual adventures. We have to force their hand and make them show if they have real power, first by electing somebody different and noticing what happens to them if and when they start to enact the reforms we should be demanding. And if they can't/won't do it, then we must vote them out at the soonest opportunity.

Re:First

No, you CAN trust open source.

The recent Heartbleed in OpenSSL seem to make that statement false.

Open-source may be more trusted but blind trust makes it just as dangerous as Closed-source.

Re:First

Then don't reelect them. They're already controlling the ones we have now, by threatening to reveal their crooked financing and sexual adventures. We have to force their hand and make them show if they have real power, first by electing somebody different and noticing what happens to them if and when they start to enact the reforms we should be demanding. And if they can't/won't do it, then we must vote them out at the soonest opportunity.

The average American commits three felonies a day. They got dirt on everyone. Even if they don't, they can just make dirt up. "Somebody different" will quickly turn out to be not so different after all.

Then there's the fact that in a democratic republic, you need more than just a few good guys. You need the support from other people and other politicians. So again, "somebody different" will quickly be confronted with a dilemma: stick to your guns but fail to deliver results, or "sell out" and become crooked to get something done?

Re:First

[colinrichardday]

OMG did you just put Al Franken and Rand Paul in the same sentence?

No, machineghost put "Al Franken" and "Rand Paul" in the same sentence.

Re:First

[colinrichardday]

I would say that the font distinguishes the post, but not in a good way.

Re:First

[Grishnakh]

That's why you don't use their version, you load your own version from a trusted source (like openwrt.org).

Re:First

[fustakrakich]

"Somebody different" will quickly turn out to be not so different after all.

So what? The problem is when they are reelected. Don't do that.

Re:First

So what? The problem is when they are reelected. Don't do that.

No, the problem is no matter how many times you put in new people, they will be corrupted faster than they can clean things up. You can't dig your way out of a hole by switching shovels.

Re:First

If it has a binary blob, then by definition, it is not open source.

Unless you program in machine code, you insensitive clod!

Knock knock

Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.

Happy butt raping!

Re:Knock knock

[icebike]

Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.

Happy butt raping!

Soon?
You must have missed the part where it says "A June 2010 report from the head of the NSA's Access and Target Development ".

I seriously doubt the FBI or CIA are going to go after the NSA.

It just costs US companies sales, and further encourages them to move manufacturing overseas.

Re:Knock knock

[amiga3D]

Well that's what I was wondering. They must import them to the US, backdoor them and then export them again. I'd bet they have chinese backdoors in addition to the US ones.

Re:Knock knock

Not JUST manufacturing, tourism as well.

The USA is slowly but surely one of those countries you try and avoid entering. I know a LOT of people who choose to fly via Hong Kong / Singapore / Bahrain, etc etc simply so they don't have to fly to Europe via the USA.

I wonder if the USA will be like Rome. Rome took 300 years to collapse, I suspect we are seeing the start of the collapse of the USA as a relevant power.

Re:Knock knock

[benjfowler]

Greenwald is a friend of Dorothy, so this is less of a problem than you think.

Re:Knock knock

[davidhoude]

We may have some growing pains, and might not stay as dominant was we were post WW2. I don't think we will fall as a nation though, we have too many natural resources and big bombs.

Re:Knock knock

Pathetic. Grow up homophobe.

Re:Knock knock

Nobody cares about your nasty sex life.

Re:Knock knock

[icebike]

More likely we will just change. We were born as a country in a revolution, and only a ballot box stands between us and another one.

Re:Knock knock

I think the cable box is more of a speed bump to revolution than the ballot box is, since so few use the latter.

Re:Knock knock

[Technician]

More likely, they tried to install their backdoor and found the space already ocupied on some devices by the Chinese backdoor. This may be how the other backdoor was discovered. The firmware on some devices didn't match the manufactures binary and filled space the NSA was going to use.

Re:Knock knock

[currently_awake]

American companies have shown they will do anything the government asks. So those backdoors are not installed by the NSA, they came like that from the factory. And for simplicity, they probably back-doord everything but have a secret (port knocking) key to enable the backdoor code.

Re:Knock knock

[Dr_Barnowl]

I heard the Chinese were just using the backdoors that the OEM puts in (possibly for the government) by simply replacing the secret keys in the firmware.

Re:Knock knock

[Sciath]

Don't believe. The only resource the U.S. still has [of any quantity] is natural gas and coal. We get a majority of our other resources [rare metals, gems, wood, etc.] comes from overseas [Africa, S. America, Asia, etc.]. The premise that the U.S. could be self sufficient is ludicrous anymore. It is one of the reasons the U.S. is so aggressive militarily, to maintain hegemony over other people's natural resources. Military might has become the main mechanism for U.S. "superiority" globally. That is one reason the "hawks" in Congress keep insisting we must maintain a strong military. Kind of reminds me of Napoleon. Unfortunately, all [good] things must end. Literally every "empire" has collapsed eventually. And the emerging powers in Asia [China] and Eastern Europe [ Russia] are on the verge of empire now. Ultimately, it will mean a decreased standard of living because resources go where the power is.

NSA = Worlds Largest Criminal Organization

[shiftless]

Enough said

Re:NSA = Worlds Largest Criminal Organization

[MaskedSlacker]

Probably not the largest in terms of sheer numbers.

China

[naris]

and, of course, China would never, ever consider doing that....

Re:China

[TheGratefulNet]

(cough) with china, the backdoors are put there FROM the factory. no trip to the chinese version of NSA needed.

if you trust chinese software or embedded hardware, you are stupid and/or ignorant.

(similar if you trust the US stuff, now, too, sorry to say!)

maybe something good will come from this: the world does not trust as easily anymore. in a way, that can be a good thing; its certainly a maturing thing. the world is growing up and not thinking life is a wonderful disney movie anymore. the world is filled with bad guys and those wearing white are often the worst (so to speak).

Re:China

[Jmc23]

Why would they? They have a culture of working smart not hard.

Simply raise tech propaganda, wait for the US to build backdoors into everything, and then steal the knowledge because apparently the US is very bad with cybersecurity.

I'm suprised most people haven't realized that it's part of the pattern USians show, do-evil-blame-someone-else. NSA backdoors everything, thinks everybody is just as evil and paranoid as they are so they start creating negative propaganda against 'enemy' targets accusing them of doing exactly what they are doing.

I'm not a USian, so haven't been exposed to all the mind numbing media they have, but has there ever been ONE piece of intelligence about other countries that was true and wasn't simply the US looking in a mirror and trying to cover their tail???

Re:China

[LifesABeach]

It is always expensive to under estimate a true competitor.

Re:China

[Goaway]

Let's see. We have proof of the US doing this. We don't have proof of China doing it.

Conclusion: Accuse China!

This makes perfect sense.

Re:China

[davidhoude]

Yes, because accusing China of espionage is fucking crazy! These people need to put their tinfoil hats back on if they think China would ever spy on foreign businesses and government. The United States is the only country that is able to spy, because Snowden said so!

The blindness of the sheeple is amazing. I am sure you denied that any spying was plausible before the leaks, and now you are denying its possible for anyone other than the US because of the leaks, and your opinion will change next week when another leak is published. To those who use common sense, you can see the larger picture here. This is nations doing what nations do. The US is not alone, nor is China the only other culpable country. This is being done by everyone with the resources to do so, and those who don't really wish they did.

Re:China

[Goaway]

I'm sorry, you seem to be having quite a good argument with the me who lives inside your mind, I'll leave you two to that and not interfere, shall I?

Re:China

If you had said "Nothing to see here, move along" we might have accepted it more easily, but instead you start blaming the Chinese again. Quit it. The Chinese don't hold themselves above everyone else as bastions of honour, truth, personal sacrifice, and freedom only to to secretly open all your mail and watch all your relatives as well.

Re:China

[Em+Adespoton]

I think you missed the point, so I'll put it in other terms.

You stab your hand with a knife; everyone sees you do it. You then run around yelling that your enemy stabbed you in the hand with a knife, because everyone knows he'd do it if he had the opportunity.

Meanwhile, you do nothing to stop the blood flowing out of your hand, and deny that you stabbed it... even while your enemy is sneaking up to stab you in the foot.

In other words, who cares about whether China is doing this or not? The US is doing it, has been proved to be doing it, and is doing nothing to fix the situation, instead either saying "It's OK, everyone does it" or "Look at them! They're worse!"

Once the US cleans up its own act, THEN it can help the rest of the world with the specks in their own eyes.

Or to put it more bluntly: in these situations, the US government is its own worst enemy, and needs no help from others who would see it come to harm, whether they're getting said help or not.

Re:China

Ah, yes. The classic "But Bill Clinton did it!!" defense. As if someone else doing something bad makes it okay for the US to do it too. You lose the moral high ground when you resort to being no better than the dictators and terrorists.

Re:China

[HiThere]

They'd do it because it's easier to put a backdoor in than it is to discover or break one. Much easier.

That said, there is no evidence I've seen that the Chinese do this for any reason other than incompetence. Some people claim that because of incompetence Chinese routers are less secure than are various US ones.
Please note: I am not asserting this. I'm merely saying that there is no evidence that I've seen that this is a false statement.

OTOH, it would not surprise me to find out that it was common practice, and that the US has just spilled the beans on a common abusive practice of governments again.

Re:China

[HiThere]

To be fair this should be rephrased as:
"You lose the moral high ground when you resort to being no better than you claim that the dictators and terrorists are."

Re:China

[currently_awake]

1-If China was back-dooring their routers the NSA would be telling everyone and all the American router makers would be telling everyone. They have far too good a (financial and political) reason to tell for them to keep this secret. 2-China is notorious for copying western stuff, the NSA only has to get their code inserted into all the American network gear and the Chinese copied equipment will have the flaws built in from the factory, all ready for spying.

Re:China

[sFurbo]

It would be risky to do, considering what it would do to the market for Chinese hardware once it was found out.

Apparently, the NSA is either stupid enough to think that nobody could ever figure them out, or just as stupidly shortsighted as other branches of the US government.

Re:China

1-If China was back-dooring their routers the NSA would be telling everyone and all the American router makers would be telling everyone.

If China were backdooring their routers, (and I assume that they are), NSA would be keeping its mouth shut about it, because telling your adversary you've found their backdoor would help the Chinese get better at it.

2-China is notorious for copying western stuff,

True, but that only makes the game all the more fun for both sides. We, as users of the compromised products, are the losers.

Re:China

[Dr_Barnowl]

3 - The Chinese probably do clone the American router operating systems - and just replace the secret keys in the backdoors with their own, blocking the way for American security agencies and opening it for their own in one fell swoop.

Re:China

Congratulations, China does the same shit you do. You must be very proud.

Re:China

Yes, because accusing China of espionage is fucking crazy! These people need to put their tinfoil hats back on if they think China would ever spy on foreign businesses and government. The United States is the only country that is able to spy, because Snowden said so!

Enjoy playing with your straw man servile boot-licker. Also using the word 'sheeple' unironically makes you an automatic dick.

Nothing unconstitutional about this

Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.

Re:Nothing unconstitutional about this

Tampering with mail is a crime.

Re:Nothing unconstitutional about this

Considering the US government blatantly and consistently ignores its constitution, the document which grants it sovereignty, and is thus a rogue or fail[ing/ed] state, dismantling the intelligence apparatus would be a good thing for its citizens.

Re:Nothing unconstitutional about this

[rogoshen1]

and not a moment too soon.

Re:Nothing unconstitutional about this

[MaskedSlacker]

Keep sucking that totalitarian cock.

Re:Nothing unconstitutional about this

[Jmc23]

Because it is soooooo VERY important to make the distinction between domestic and international breach of freedom of rights.

Go whine yourself to sleep you rapist.

Re:Nothing unconstitutional about this

US intelligence is nothing but a bunch of single-minded, useful idiots helping a few wealthy people stay that way. Such a laughable waste of life by the least able of society.

Re:Nothing unconstitutional about this

[Savage-Rabbit]

Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.

You can't hide an intelligence operation of this scale forever, this was going to come out sooner or later, Snowden is an inevitability. That having been said, while your concern over how the USA's ability to find out what color underwear everybody else is ordering online is a valid one, consider the economic impact of this. I'm sure Cisco and a whole horde of other US based network equipment manufactures were thrilled to the core when they woke up one morning and found out that the NSA just crashed their sales and to add insult to injury ensured that in the long term their overseas competitors will get a whole lot more business as governments and corporations look for secure and preferably domestic sources of network equipment. Maybe the fact that it was all done in the name of patriotism and national security will more than compensate these US businesses for any financial losses that result from this activity?

Re:Nothing unconstitutional about this

Revealing the stuff wasn't the harm, the doing was the real harm. Nobody is mentioning this.

Re:Nothing unconstitutional about this

[benjfowler]

Sorry to break it to you mate, but freedom isn't absolute. While the people who guard those freedoms are not perfect (no human is), they deserve a little credit.

Re:Nothing unconstitutional about this

I'm not saying our intelligence services are doing the right thing. I'm saying leaking this is in no way patriotic.

Re:Nothing unconstitutional about this

[Jmc23]

People protecting their own asses at the expense of everybody elses?

No, they don't deserve any credit at all, they are by definition part of the problem.

Re:Nothing unconstitutional about this

[davidhoude]

Citation? Not that I expect an AC to respond, but this sounds like you pulled it out of your ass.

"Sorry Mr President, we have confirmed there is an armed nuclear weapon heading to Washington, but it is arriving by mail so there is absolutely nothing we can do to prevent it. Trust me, an anonymous coward told me so."

Re:Nothing unconstitutional about this

I don't think the NSA is operating for the good of the US. I think the NSA is operating for the good of the NSA.

What is the NSA? A collection of security services companies milking a black budget with zero accountability and oversight. That's how this leak happened in the first place. Shitty contractors overcharging and under providing. All it took was one ordinary guy with a conscious to unravel the whole thing.

It's not just that we're being betrayed. We're being ripped off to make a buck at the same time.

Re:Nothing unconstitutional about this

[sjames]

Arguably, it is taking possession of private property without due process of law. Also note that the Bill of Rights applies to the government wherever it is, not just to citizens within the borders.

Re:Nothing unconstitutional about this

Don't you know?
The NSA is Hydra.

Re:Nothing unconstitutional about this

You know almost nothing about what was or wasn't actually done, how often it was used, what the targets were, etc. This is what our intelligence services are supposed to be doing, and you're a fool if you think there is a country that isn't doing the same things to the best of their abilities. Crippling the US only leaves the US at the mercy of countries who's programs are still functional. The real harm is clearly in the leak.

Re:Nothing unconstitutional about this

[donaldm]

Citation? Not that I expect an AC to respond, but this sounds like you pulled it out of your ass.

"Sorry Mr President, we have confirmed there is an armed nuclear weapon heading to Washington, but it is arriving by mail so there is absolutely nothing we can do to prevent it. Trust me, an anonymous coward told me so."

Since you asked for a citation under US Law does this count . A little searching could also pull up the laws governing tampering with mail in other countries as well..

Re:Nothing unconstitutional about this

While the people who guard those freedoms are not perfect (no human is), they deserve a little credit.

The Pulitzer they received is a good start.

Re:Nothing unconstitutional about this

NO ... the USA BoR apples ONLY to American citizens and prolly then only when they are within national boundaries. Period.

Re:Nothing unconstitutional about this

Citation? Not that I expect an AC to respond, but this sounds like you pulled it out of your ass.

Are you an retarded? You seriously didn't know that tampering with US mail is a crime?

http://about.usps.com/posters/...

But obviously that's only for us plebes not for the Panopticon operators.

Re:Nothing unconstitutional about this

freedom isn't absolute? from which sphinctor did you pull this chestnut? people guarding freedoms? I would like to again beg askance. From which planet do you hail and have you ever read any of those pesky texts known as "laws"? particularly that one called the constitution. you, sir, are a moron. I would call you a retard too but that's not pc. go sodomize yourself with a blunt object.
the NSA deserves credit for backstabbing american revenue generating industries. what revenue does the NSA generate? jack shit. protection of our freedoms? thanks but i'll be declining further protections if they involve activities aforementioned. you. hike. go take.

Re:Nothing unconstitutional about this

I've got to say, if you were any more of a fucking idiot you'd have difficulty using a keyboard.

Re:Nothing unconstitutional about this

Since you asked for a citation under US Law does this count

Not unless you also include this.

Re:Nothing unconstitutional about this

[sandbagger]

No problem. Just don't sign for it.

Re:Nothing unconstitutional about this

[Sabriel]

Except we do know they are engaged in mass domestic surveillance, which is NOT what our intelligence services are supposed to be doing.

There's a word for people who claim to uphold the rule of law while breaking it: "hypocrites" (preferably also "felons", but good luck with that).

Re:Nothing unconstitutional about this

[sjames]

Where does it say that? It is a series of affirmative restraints on our government.

Re:Nothing unconstitutional about this

[Agripa]

I do not doubt this is happening but I am surprised there has not been more direct evidence. All it takes is one forged certificate that could only have been signed by a certificate authority or one example of network equipment with a designed in exploit. I assume the NSA makes considerable effort to hide what they are doing but there are capable interests who would seem to benefit from revealing it.

Re:Nothing unconstitutional about this

[davidhoude]

Where do you draw the line? I understand that it is illegal to intercept mail, but we are talking about foreign exports which are under tight scrutiny.

Most damaging release yet

Just wait till the markets open tomorrow. NASDAQ down 600-800 points (at least). Nobody sane is going to purchase US-made networking gear for a very long time.

Re:Most damaging release yet

[SpankiMonki]

Just wait till the markets open tomorrow. NASDAQ down 600-800 points (at least). Nobody sane is going to purchase US-made networking gear for a very long time.

Nah, this won't budge the markets, mainly because this info was released some time ago - and it wasn't limited to router hardware.

The only reason this is being re-reported is to promote Greenwalds's book.

Re:Most damaging release yet

[amiga3D]

Is there any US made networking gear? I'd be surprised if it was more than 3 percent of the market. Maybe some high end stuff but I'd bet all the consumer grade shit is Chinese in origin. Hard to boycot made in America when it's not made in America. This article sounds like bullshit.

Re:Most damaging release yet

Exactly. I remember hearing this a couple years ago.

Re:Most damaging release yet

[DarwinSurvivor]

I'd assume this wouldn't only be US made networking gear. It probably also includes networking gear that is made elsewhere, shipped to the US and then re-sold and exported to its final destination (as is the case with most US products). If you order a Linksys, D-Link or Netgear router, it may be manufactured in China/Taiwan/Japan, but it almost certainly passed through the US before making it to their Canadian, Mexican, European, etc customers.

Re: Most damaging release yet

We're people people us us router manufacturers. We take the routers made by the chinese, put branding on them, and then sell them back to the Chinese.

Re: Most damaging release yet

[amiga3D]

You do know they put the branding on them there don't you. It comes here to be sold to US consumers. I can't believe anyone is stupid enough to buy a router made in china and then shipped out of the US. You have to know the only possible reason for it to come to the US and then leave again is that it's been altered. Anyone who falls for that is so incompetent you shouldn't really need to spy on them.

Re:Most damaging release yet

[steelfood]

Try not to be distracted by the hyperbole of GP. Companies aren't going to go bankrupt or lose all their large international contracts overnight.

What'll happen is a gradual shift away from doing business with U.S. based companies. Nor will the business necessarily go to the Chinese counterparts. Instead, what'll likely happen is niche local players will suddenly find that some new doors have opened up. And regulators will give U.S. companies more trouble when they're making large acquisitions of foreign (or domestic, from their POV) entities. And maybe some overseas companies will refuse to do business in the U.S. or not be allowed by their governments to form U.S. subsidiaries, though that's far less likely a direct result of this revelation.

Chances are, this will isolate the U.S. from the rest of the world a bit more, and maybe that's a good thing, or maybe it's a bad thing. Corporations will feel the sting particularly hard, but the people willl survive.

Re: Most damaging release yet

The company I work for does this (manufacture in china, ship to the US, then out to the world). We do this because we don't want to give the manufacturer the full binary and let them set up the per-device crypto bits (keys, certificates). Nothing scary there... unless the NSA has a plant at our US facility which does this. It is, of course, outsourced... .

Re:Most damaging release yet

NASDAQ is slightly higher this morning. Try again.

Re: Most damaging release yet

Cisco utilizes sub-assembly for the high end enterprise and service provider products. They have manufacturing partners produce pieces and Cisco assembles them into the final product in their own United States based manufactoring facilities. Only the low end, high volume products are built, tested, and shipped from external factories. About 70% of Cisco revenue comes from products shipped from internal, domestic factories.

#1!

yeah baby

WAT?! spies spy?!

FNORD! why weren't we told of this? the NSA actually eavesdrops on communications outside the U.S.? with aplomb, acting all like it's in the NSA's charter or something?

Re:WAT?! spies spy?!

[amiga3D]

I'm sure it's against the law to spy on anyone unless you tell them about it first.

Treason

Glenn Greenwald, reporting ...

I say, arrest this asshat without the BS of a trial and send this traitoress informant of NSA secrets to Gitmo! I say!

Re:Treason

[oobayly]

Well, they could get a friendly nation to detain his partner, question him for 9 hours and confiscate his electronic devices. Oh wait, that didn't work.

Nice job NSA

[cbybear]

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Re:Nice job NSA

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Right.

Because hardware from China isn't subject to this.

Or Europe. Those oh-so-reasonable Europeans would never engage in espionage.... (what a good, simple eyeroll emoticon?)

Re:Nice job NSA

[joe_frisch]

The problem is that even if this is a lie, the NSA has done enough that it will likely be believed. Once some lines have been crossed, its difficult to claim that others have not been. There are lots of companies with a huge financial interest in damaging the reputation of US equipment, so one can expect a constant flow of stories - some true some not.

Yes the NSA has done grave damage to US tech industry. They likely have also drastically weakened our national defense by creating / allowing / obscuring weaknesses in our cyber defense. I don't think it was intentional, just people applying 20th century ideas to 21st century conflicts. The sort of thinking that causes great nations to become quaint has-been's.

Re:Nice job NSA

[amiga3D]

You mean that Chinese manufactured US hardware? They have to ship the crap here for the NSA to backdoor it because it's made in China. My question is do they take out the Chinese backdoors or do they leave those in with the NSA backdoors?

Re:Nice job NSA

[TheGratefulNet]

what they have, then, is a 'garage'. right? its two backdoors right next to each other: the chinese one and the nsa one.

where I come from, 2 back doors right next to each other = "a garage"

and so, we have been letting our citizens install routers with built-in garages... garages big enough to, uhm, drive a truck thru.

Re:Nice job NSA

[houstonbofh]

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Not single handedly. The FBI seizing domain names of legal foreign companies, and arresting foreign nationals that never came to US soil sure helped.

Re:Nice job NSA

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Right.

Because hardware from China isn't subject to this.

Or Europe. Those oh-so-reasonable Europeans would never engage in espionage.... (what a good, simple eyeroll emoticon?)

We should get equipment from Canada. If they start to put such measures in their hardware, it would come with an apology sticker on the box.

Re:Nice job NSA

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

No they didn't. Snowden and Greenwald did. They chose to leak this.

Re:Nice job NSA

They certainly did not Kill the entire tech industry, some governments will happily purchase, even encourage the purchase of compromised hardware, then under an intelligence sharing scheme, these same governments get to circumvent the laws protecting their citizens from state based surveilance...

Re:Nice job NSA

[Tablizer]

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

That's okay, we don't trust their hardware either. Tit for tat.

Re:Nice job NSA

They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material.

Re:Nice job NSA

[kruach+aum]

"'Merica is doing it so everyone must be doing it" is a really dumb defense mechanism. In the case of the US we now all have the facts, in the case of everyone else you just have your paranoia.

Re:Nice job NSA

[c0d3g33k]

Your statement if altered slightly to reflect the perspective of the NSA and the US government might actually provide insight into the reason behind the outlash against Edward Snowden. One would presume such tampering isn't done wholesale because doing so on an industrial scale is not feasible. Yet. And because ubiquitous tampering would be detected by security researchers so the majority of devices on the market should remain untampered with. Tampering is most effective when done in a targeted manner depending on who will own the routers in question. Maintaining a baseline level of trust that is actually justified is very important, otherwise this technique wouldn't work. Mr. Snowden's revelations have destroyed all trust, thus undermining the ability of the NSA to ride on the back of that trust to engage in targeted spying.

This is why it baffles me that people can so readily point to entities like Startpage and Duck Duck Go as trustworthy just because they say so. Their claims may indeed be accurate for the vast majority of those using their services, but it's easy to imagine that particular searches can be scrutinized on demand if there is an interest. In other words, they can't be trusted based on their claims alone, even if they themselves believe them to be true.

It seems to me the only rational approach is to assume that nothing can be trusted and and act accordingly. Assume that whatever you are doing online is being observed by someone or anyone and don't communicate about genuinely private things, because they will no longer be private.

Re:Nice job NSA

I'm not very worried about what china, europe, canada or zimbabwe are doing.

I'm angry that my country is taking actions that will have years of consequences for our tech industry when there is no justification for their actions. We are not at war and there is no indication that we are about to be attacked by a foreign state. This country is in authoritarian attack mode against its own citizens and the rest of the world for no good reason at all.

Re:Nice job NSA

[sconeu]

Come on, if we let one person break ROT-13, then all the Evil Content Pirates® will do it!!!

Re:Nice job NSA

[LifesABeach]

You didn't mention Russia, where the Router looks for you.

Re:Nice job NSA

[PolygamousRanchKid+]

No one will ever trust US hardware again.

No one will ever trust US citizens again.

I expect we'll be getting blacklisted soon from working on projects in foreign countries.

Re:Nice job NSA

[ArcadeMan]

I think the giveaway would be the wooden casings.

Re:Nice job NSA

[LoRdTAW]

I think the gooey maple syrup finger prints on the hardware would give them away....

Re:Nice job NSA

[lgw]

We should get equipment from Canada. If they start to put such measures in their hardware, it would come with an apology sticker on the box.

Which is really quite effective, since you'd never see it amongst all the other apology stickers.

Re:Nice job NSA

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

I don't think the NSA murdered trust, as everyone has already accustomed to spying. In this context, the NSA should even be thanked for its massive spy attack, as it made the public aware of how much of their privacy and control they already have given up, not because of the NSA, but because of the large companies. In recent times, investors have found such companies (fb, google, and so on) a very good place to put their money to. They know why. The NSA is at least controlled by the US people a tiny bit. Big companies aren't.

Buy a new car? Most likely it contains a GSM module phoning home your current location. In future, perhaps, all cars also gets a kill switch. You don't have control over your own car. I believe there will be a time where you don't have car keys anymore. Instead you open your car with a special app on your smartphone. No Internet? Against the government? Your problem.

Why do these cars need all this "features"? I don't want my maps to be updated online through some GSM. I want them updated when I have parked my car at home. The car should recognize when there is a broken part. But it shouldn't tell this to its creators. The car shouldn't ask online for traffic information, the traffic information should be distributed with FM radio, as they did it in the times humans were listening to traffic information. If the information is only intended for one car brand, then encrypt it. I want to decide when Information about my car leaves it. Its my car.

Re:Nice job NSA

It's not complicated to have china manufacture the device, install a firmware with Chinese backdoors, test & ship it to the USA. After arrival in the USA, you can retest & reflash the firmware with the production version with NSA backdoors.

Re:Nice job NSA

[cbybear]

No, this is all on the NSA. They had no legal or moral right to take it as far as they did. Blaming those reporting the story is inappropriate.

Re:Nice job NSA

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Right.

Because hardware from China isn't subject to this.

Or Europe. Those oh-so-reasonable Europeans would never engage in espionage.... (what a good, simple eyeroll emoticon?)

The US tech industry will not be killed just reduced to the US and other markets dependent on the US. Clearly both the Europeans and the Chinese can and will develop their own hardware and may prevent US equipment from being used. The US will spy on it's people as will the Chinese and the Europeans. Welcome to the New World of the boot in everyones face for a thousand years.

Re:Nice job NSA

ah but does that mean the NSA have reverse engined the firmware? Oh dear that is a crime!

Its the NSA's job to spy on the none merkins but speaking as a none merkin Id say you would think they might be a little more subtle about. After all you have the best government Corporate Lobbying can buy and their paymasters want ever dollar in the world. This sort of stuff is going to damage sales.

Oh I forgot your Americans you will just call any refusal to purchase American products anti free trade and declare them enemy combatants.

Re:Nice job NSA

>NSA's job
wrong. it's the NSA's job to spy on EVERYONE.

>corporate lobbying
don't kid yourself. corporations aren't american. they are multinational and have loyalty to nobody other than the top shareholders.

>every dollar in the world
but then you wouldn't have anyone to buy your products!

>your americans
i'm pretty sure whatever 3rd world country you are from is bending over for the NSA & CIA as we speak. hell, even SWEDEN was funneling phone calls to the NSA.

Re:Nice job NSA

[HiThere]

What alternative are you proposing?

If people were seriously interested in security, nobody would ever choose closed source software or hardware. They prefer to ignore security in favor of convenience. Don't expect this to change.

Please note: Even when the (US) government mandates secure computers, it validates and approves things like MS Windows (HIPAA approved, despite unnumbered problems).

Re:Nice job NSA

Wait, you are blaming the reporter for reporting, and not the government agency that is messing with privately manufactured gear? Wow!! Did you forget to put a *snark* in that comment?

Re:Nice job NSA

[currently_awake]

I doubt they are patching the software, they probably just load a new image into flash. So unless the backdoor from China is in the hardware it's gone. Of course they do make the hardware, so they certainly could be building in a hardware backdoor where nobody would see it- only the NSA caches everything on the network so they would see if there was extra data flowing.

Re:Nice job NSA

We carefully lick that stuff off our fingers before engaging in work you insensitive clod. It's damned tasty.

Re:Nice job NSA

[Goaway]

Just like you didn't ruin your marriage, the guy who told your wife about your affair did!

Re:Nice job NSA

3'rd world? We have universal health care at affordable prices, better internet , phone markets etc and are above you in most metrics that are used to determine 1st world status except prisoners, murder rate and gun ownership .America is the 3rd world nation in a lot of areas.

You are correct that our ruling class sell us out to feed their own self interest / egos though isnt that the case the world over.

Sell Cisco

[BoRegardless]

What a travesty.

Re:Sell Cisco

Eh? Cisco is manufactured in China anyway, the hardware never needs to enter US jurisdiction. Of course, then you have to trust that the Chinese government is not doing something similar... hahaha.

The NSA is a liablity

Shit. It's almost as if they're out to sabotage the US tech industry all together.

How can we sell gear abroad knowing it can and will be tampered with by a dark budget US agency that has an unknown agenda and doesn't feel the need to report to the Congress or the President?

Modern IT products depend on security. Security is about trust chains. NSA has broken all of the trust chains. US IT products are now useless abroad.

Re:The NSA is a liablity

[davidhoude]

This was posted in 2010. In the last 4 years everyone has stopped buying any and all electronics in fear. I wonder if anyone will ever use a computer again.

Well sure....

[niftymitch]

This is to be expected.... what is the real scope of this?

I believe that a router on the way to a German auto maker is not targeted. OK I want to believe.

I believe that a well managed site will audit and reload software. I believe that additional system admin audits behind and in front of the
hardware are justified.

For the NSA (Never Say Anything) to snoop does not bother me but they are not the only TLA in the game today.

The internet has not been friendly for a gosh long time nothing has changed.

Re:Well sure....

[silas_moeckel]

Who says it's just firmware? Working examples of chip level modifications are in the open.

Re:Well sure....

[Noryungi]

Only possibility is to home-build all your systems, using nothing but individual parts, bought from several different suppliers, preferably from factories not based in the U.S. or China. Difficult, but not impossible.

Finally, once machine has been built, install nothing but open-source software, such as Quagga or OpenBGPD, PfSense and FreeNAS, for instance, including auditing the code yourself.

And even then, you are not safe, since Vupen and other delightful guns-for-hire are busy selling NSA zero-day exploits for your favourite piece of gear. Are we having fun yet?

Oh, and NSA snooping not bothering you? Why? Nothing to hide? Meditate upon the old Niemoller saying: "First, they came for the socialist..." until it finally gets through you thick skull.

Re:Well sure....

I 3D print my own chips at home. Using my prototype 3D printer. And I have an neckbeard. And I never have recreational sex. I'm a faggot, and I can't even get other male faggots to have sex with me. I 3D print Stallman's cock with a heater and ejaculatory mechanism built in for realism. Would somebody please kill me?

Re:Well sure....

[TheGratefulNet]

unless you build CHIPS, you can't build a fully trustable computer anymore. maybe using 30 yr old chips, but not any modern chips.

its easy enough to put firmware and microcode in almost any chip.

would you trust a nic chip? it has firmware and its rom is closed source. cpus? they have closed source 'errata' microcode and even what's deep inside an intel chip is not for you or I to see.

pc's bios? yeah, right. like you can trust that.

basically, nothing is trustable anymore. maybe that 30 yr old trs-80 is, or the atari or amiga or PET computer.

wonder if we'll see a rebirth of those in operation. ebay, here we come!

Re:Well sure....

[viperidaenz]

So buy everything from Samsung? Everything else is either an American company or made in China.

Re:Well sure....

[donaldm]

unless you build CHIPS, you can't build a fully trustable computer anymore. maybe using 30 yr old chips, but not any modern chips

You can treat a "chip" as a black box (standard engineering/technical practice) and from the Manufacturers specifications (they are available) it is surprisingly easy to determine if that chip has been compromised. Scale up to any electrical equipment such as a router and the same principles apply since the tester needs only to know what is input (they control this) and what they expect the device to output and if the output is different from what is expected then the device is faulty or compromised.

Sure a tester is only human and may miss something important, however it only requires one person to actually blow the whistle and you have many interested parties getting involved. If it can be shown that the manufacturer is deliberately putting in back-doors then the loss of sales and possible litigation could be very damaging to that manufacturer and no manufacturer would knowingly risk being put in such a compromising position.

Re:Well sure....

Niemoeller? GODWIN'S LAW!

Re:Well sure....

MOS Semiconductor forever!

Re:Well sure....

Niemoeller? GODWIN'S LAW!

GODWIN'S LAW!?! Too soon.

REVERSE GODWIN'S LAW! It's Robot Hitler for you AC!!

Re:Well sure....

[currently_awake]

It's very easy to add hidden circuitry that only triggers upon very unusual conditions. Think port knocking as an example. Given that it's physically impossible to test every combination of inputs on a modern CPU, it's reasonable to expect you could slip something in. The NSA is spying on everyone everywhere and has been for a long while without any repercussions to them, so why would they have a problem with giving themselves a back door into the router owned by terrorists or a foreign government? Remember all this spying isn't against you, its against the worst monster the NSA spymasters can think of. That's how they justify everything, think of the worst case and plan for it.

I think this relates:

[jafac]

Security researcher and Tor developer, Andrea Shepherd, found something fishy:
http://www.techdirt.com/articl...

Re:I think this relates:

[TheGratefulNet]

that is almost guaranteed to be bogus.

why? do you REALLY think that the world' 'greatest' spy agency would be so sloppy as to have the mail system (any mail system) log 'route-arounds' that look suspicious?

really? REALLY??

anyone that powerful will have built-in ways to suppress any mail log records. in fact, if you ordered from dell, my GUESS is that dell is in bed with the bad guys and any 'special firmware' that might have to be installed for user X will be done BY dell AT dell, never having to give any indication that wrong-doing happened.

Re:I think this relates:

[Tablizer]

Careful! My coworker clicked that link and was never seen from again the next day. At least with goat-se you know what happened to them (after slapping them to consciousness).

Re:I think this relates:

Didn't you know? Amazon ships everything from A to (NSA) to Z.

Re:I think this relates:

Amazon ships everything from A to N to S to A to Z.

Re:I think this relates:

[viperidaenz]

Nah, if they did it at Dell it would have been leaked by now.

Re:I think this relates:

[wile_e_wonka]

Two things:

1) According to the picture on the tracking thing, this was not a Dell, it was a Lenovo Thinkpad, which is a Chinese company, which Chinese company probably does not install "special firmware" for the NSA.

2) However, the picture actually doesn't say it is a Lenovo Thinkpad, it actually says it is a Lenovo Thinkpad KEYBOARD. I guess I haven't dismantled a Thinkpad lately, but it doesn't make as much sense to me to intercept a keyboard as it does to intercept a computer.

Re:I think this relates:

It should make sense to you.

A keyboard is easier to intercept than hardware, won't get bios flashed, and will never be ROM checksummed by most people. When embedded, it may last for years -- has a reliable power source, and a handy hardware spec ... (USB).

As a USB device, it's capable of emulating virtually any other driver that can run over USB -- such as bootable drives, network appliances, and of course... sending keystrokes.

If you read the TAO catalog (he used to have a post of the day over at schneier.com), you can verify for yourself that there are established off-the-shelf (to NSA) components capable of being inserted into a keyboard (drop in usb port replacement, chips, or wiring) that could be dropped into keyboards. Their systems tend to set up their own wireless channels.

To save you the thinking and googling you won't do...

http://arstechnica.com/informa...

https://www.schneier.com/blog/...

To be *really* clear, the keyboard intercept capabilities are nothing new at all -- I've bought hardware to do that off of Amazon, and you can too. The agency ones are presumably much smaller and probably better hidden ...

So yeah... when you're targeting somebody, you go through all channels. A keyboard is a good one...

Re:I think this relates:

[dbIII]

why? do you REALLY think that the world' 'greatest' spy agency would be so sloppy

They were sloppy enough for Snowden to do what he did. They were sloppy enough to trust outside contractors with a vast amount of information. I don't see how they could be the 'greatest' spy agency in Virginia let alone the world. The look like a bunch of horse judges playing at being toy soldiers from how they've handled the leak.

Fuck the foreigners Re:What about inbound?

[mozumder]

This is about exports, to spy on foreigners.

More importantly, how does the release of this information benefit Americans privacy rights? This is about foreigners, not Americans. But I guess traitors aren't really concerned about Americans..

We PAY the NSA to spy on foreigners, because they're foreigners, fuck em. That's the NSA's job.

This is another example of traitors being traitors. Edward Snowden has done NOTHING to help actual American civili liberties.

In fact, all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans. For example, why do you think they have actual filters to filter out data on Americans? If the NSA was about violating Americans rights, then they wouldn't have those filters in the first place. They would collect actual data, instead of metadata, because no one has the right to metadata privacy, as courts have decided already 35 years ago.

Remember, the goal is to expand the powers of government. We form a government to give it powers over other entities, like corporations (via laws and regulations) and foreigners (via trade rules and military).

All Americans are guests living in this country. Your role as a citizen is to make sure government continues to function and do its job, because that's what we as citizens have decided.

And we as citizens have decided, fuck foreigners - we're going to spy on them. And it's their governments job to protect their citizens privacy, not ours. Too bad traitors like Edward Snowden and their narcissistic precious snowflake high-school dropout libertarian supporters haven't figured this out yet.

Sorry that won't be able to reply to this, since you "libertarians" don't want us big-government jack-booted socialists thugs like me posting here and prefer to limit my posts because they has sad when we do. lol. Good job, idiots.

Decided now if you want to be a traitor or not. The rest of the country will deal with whatever you decide.

Re:Fuck the foreigners Re:What about inbound?

[Zontar+The+Mindless]

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

Looks to me like those spying on anyone, anywhere, are the real traitors.

Re:Fuck the foreigners Re:What about inbound?

The NSA's own internal watchdog group found that NSA snooping power was used to spy on 'love interests' of several NSA employees.

If their own internal watchdog group is telling the world that there's something going on here, it's a bold move to claim "all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans"

Imagine if an organization such as the ACLU had access to all internal NSA snooping records. Are you telling me that you believe that no civil liberties have been violated by the NSA? Alternatively, are you telling me that we have zero rights because the NSA is allowed to spy on everyone doing anything at any time for no reason at all?

Re:Fuck the foreigners Re:What about inbound?

[mi]

Looks to me like those spying on anyone, anywhere, are the real traitors.

Just curious, does that include Alan Turing spying on Germans? Or the UK intelligence intercepting Zimmerman's telegram?

Re:Fuck the foreigners Re:What about inbound?

[benjfowler]

No idea why you're being downmoderated. It's *absolutely* the NSA's job to eavesdrop on foreigners. That's what they're being paid to do.

What is Greenwald's problem that makes him such a compulsive Judas? Isn't his Brazilian rentboy putting out, or something?

Re:Fuck the foreigners Re:What about inbound?

Get fucked you piece of shit. You do NOT have the fucking right to spy on us dirty foreigners.

Re: Fuck the foreigners Re:What about inbound?

Because war and peace makes no difference...

Re:Fuck the foreigners Re:What about inbound?

Some of those "foreigners" are probably better allies of your country than some of your own citizens.

Your distrust of all things "foreign" shows just how shallow you really are.

Re:Fuck the foreigners Re:What about inbound?

Of course, China does the same thing with routers, regardless of internal or exported...

Re:Fuck the foreigners Re:What about inbound?

Yes Alan Turing was a terrorist to the German NAZI party.

Re:Fuck the foreigners Re:What about inbound?

[amicusNYCL]

Nothwithstanding the fact that I don't think a single person involved in any of this is guilty of treason, you are blatantly wrong about a few things, like this:

In fact, all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans.

This is just wrong, the NSA's net is so large that they can and do collect a lot of information about Americans not suspected of a crime. The three hops rule means that they collect data from millions of people who are so loosely connected with a particular suspect as to make it so that there is no real connection there. The recent proposals of changing how the NSA works also removed the privacy advocate. If the federal government's priority was protecting Americans' civil liberties, why did they remove the person whose job that would be?

Remember, the goal is to expand the powers of government.

The goal of what? The goal of the constitution is to limit, not expand, the powers of government. That is spelled out very clearly. The entire purpose of the constitution is to protect the citizens from the government.

Your role as a citizen is to make sure government continues to function and do its job, because that's what we as citizens have decided.

What happens when the government stops doing its job, or starts abusing its power? If that is happening, wouldn't you want to know about it?

Re:Fuck the foreigners Re:What about inbound?

[flyingsquid]

No idea why you're being downmoderated. It's *absolutely* the NSA's job to eavesdrop on foreigners. That's what they're being paid to do.

While it is the NSA's job to spy on people, that's traditionally been something you do against your adversaries, not your allies. I mean, it's one thing if we're talking about tapping the USSR's undersea cables. They had nuclear-tipped ICBMs pointed at us. It's quite another thing when we're talking about tapping the phone of Angela Merkel. She's the democratically elected president of an allied NATO state. I mean, up until that point she and Obama had a pretty good working relationship, so if he really wanted to know what she was thinking, he probably could have you, know, asked her.

Re:Fuck the foreigners Re:What about inbound?

Looks to me like those spying on anyone, anywhere, are the real traitors.

Just curious, does that include Alan Turing spying on Germans?

Nazi Germans were not "anyone, anywhere" — they were targeted participants in on-going, escalating armed state aggression in the European theater, Atlantic and North Africa, whose military planning generated actionable intelligence. None of this applies to the NSA's current operations or their worldwide foreign and domestic victims.

Re:Fuck the foreigners Re:What about inbound?

[fnord123]

NSA apologist trope #57: [insert foreign country that has no 4th amendment] routinely does the same thing we do.

This is one of the dumbest arguments in the NSA apologist playbook. Gee, we are as bad as China when it comes to spying on our populace. Great job!

Re:Fuck the foreigners Re:What about inbound?

[gmhowell]

By what 'tradition'? Nation states and their predecessors have always spied on friend and foe alike.

Re: Fuck the foreigners Re:What about inbound?

[VTBlue]

It's their job to spy on enemies of the state. Foreigners is a broad brush that is a slippery slope to domestic monitoring. Actually we are already there.

Re:Fuck the foreigners Re:What about inbound?

[rahvin112]

And that is a very good thing.

Spying prevents war, it's credited with preventing the Cuba missile crisis from being a very real nuclear war because each sides spying revealed not only how serious the issue was but what was required to end the threat (the Soviets requirement was removing nuclear missiles from Turkey). And that's just a single incident, spying has probably prevented more wars than anyone can imagine.

Re:Fuck the foreigners Re:What about inbound?

I guess World Wars dont' get a pass, do they?

Re:Fuck the foreigners Re:What about inbound?

I'll bet you're the first to whine and cry when there's a story about a Chinese company with a backdoor in a product Americans are buying.

But hey, keep on cheer-leading this heinous behaviour. When exports of all US computer gear dry right up because nobody wants to deal with your corrupt shit, you can then go on to bitch and troll about rampant unemployment.

Re:Fuck the foreigners Re:What about inbound?

Really? You have proof of that? I think you're full of shit and just spreading some rumour you read on the Internet.

Re:Fuck the foreigners Re:What about inbound?

At this point, I think only Stalinist basketball-playing robotic lesbian koalas and Lipstick-wearing skinless alligators from Alberquerque are about the only two things NOT credited with stopping the Cuban missile crisis. Oh, and bunny-rabbits and chickens. OK, so that's 4 things.

Re:Fuck the foreigners Re:What about inbound?

[rtb61]

Lie. Spying enables war, it creates the illusion of having sufficient control and being able to go in and kill whom ever you want and win. Spying the disrespecting of other countries laws and their citizens rights and is the peremptory action to war. The death penalty for espionage still exists in many countries and with good reason. Espionage routinely enables and uses organised crime in targeted countries, ignoring laws also covers ignoring laws like murder and extortion the assumption by those countries actively engaged in hostile espionage are that the targeted countries citizens have no rights and are to be considered sub-human to be abused at will as long as they hostile country can get away with it. It is pretty clear the US has become the enemy of world peace, quite simply because there is not enough profit in it, for the select few.

Re:Fuck the foreigners Re:What about inbound?

[im_thatoneguy]

Really? How is spying on an Australian being a traitor to America? Are they being a "traitor" to some organization I'm unaware of where we swore an oath to keep Australians free from snooping? Is there a constitutional amendment I missed where foreigners living in foreign territory are protected from unreasonable search and seizure?

Re:Fuck the foreigners Re:What about inbound?

[Bite+The+Pillow]

Yes, if they meet the definition of "traitor". Because "those spying on anyone, anywhere" does not meet any definition I know of.

Or, another way, your statement is just as true as the gp.

I prefer to think of it as redefinition, where the meaning of treason is whatever supports gp post.

On one hand, we have the idea that all spying is wrong. On the other, some spying is okay, if it supports the greater good.

If I misdial an international number and get a terrorist burn phone, does it make sense to flag me as metadata to be recorded in the future? If I repeatedly call burn phones, am i a greater risk? If I have friends I met in college who are fighting for their freedom and lives in an unpleasant country - fighting the same fight that my country is fighting but from the inside - how does my country know which side I'm on?

If some spying is good, we have to define where to draw the line. My parents were killed 20 years ago, when CCTV was not prevalent. Would you support CCTV cameras for the purposes of finding their killer(s)? That seems like unnecessary spying given the hours of tape that would get captured, but it also seems to be for the greater good.

So, can we define clear lines that don't require interpretation, which clearly defines the good guys from the bad guys and the targets from the protected? And we have to keep in mind that the state preserving itself is not the same as the state preserving its citizens, so the state is not necessarily the best decision maker. When a revolution happens, the state finds itself on the wrong site of history, and is the bad guy. They will abuse any power granted them at that point.

So how do you grant UK permission to make the call, while giving the Americans the ability to revolt?

Re:Fuck the foreigners Re:What about inbound?

[currently_awake]

The purpose of spying is to gain political, military, or economic gain. Things change. If you don't spy on everyone you won't see those changes happen before they hit you. One of the reasons Obama had such a good relationship with Germany is because he knew what they wanted, not just what they told him.

Re:Fuck the foreigners Re:What about inbound?

[currently_awake]

True. If you don't know what another country is doing you will assume the worst. If they are buying uranium centrifuges and you don't know they are building a nuclear reactor you will assume they are making bombs. If they are buying guns and you don't know they are having a civil war you will assume they mean to invade.

Re:Fuck the foreigners Re:What about inbound?

Here is a little logic lesson, take heed of the flow because I realize that logic is difficult for people.

Spying in and of itself can be considered a gray area. We can justify spying on enemies, and not spying on friends.

Deceit on the other hand is always bad. There is really no gray area in that one, try as you like there is no way to convert deceit to honesty.

The issue with the NSA, and say Australia, is that the US Government as a whole has lied to the people that the politicians and office holders are supposed to be representing. Repeatedly lied I'll add, and those lies are all in the open and well documented.

This takes us to an issue of trust, and people simply have no more trust for the US Government. People in offices have lied not just about the NSA, but everything possible. WMDs in Iraq, the TPP, and Fast and Furious are good recent examples, but The Gulf of Tonkin and COINTELPRO were just as real and lies as well. So we have a history of liars holding offices to overcome somehow.

Spying by itself may not be treasonous (unless you are breaking the laws defined in the US Constitution), but providing arms to gangs that kill US citizens surely counts. I would say that declaring war on fabricated and falsified information also counts because it cost thousands of US lives and endangers our country as a whole. A politician failing to protect the US Constitution and trying to subvert our Government also counts as treason, which is why the last 3 Presidents have all been brought up on impeachment charges.

It's the lying in addition to performing acts the US Constitution prohibits that make these acts treasonous.

Re:Fuck the foreigners Re:What about inbound?

What is Greenwald's problem that makes him such a compulsive Judas? Isn't his Brazilian rentboy putting out, or something?

No idea why you're being downmoderated.

*Gasp!* Really, you can't see the reason for him being down moderated? I'm shocked and amazed!

Re:Fuck the foreigners Re:What about inbound?

Your first statement should be logically countered by everything else you stated, I seriously wonder how people got to bet his handicapped mentally. The first and primary function of _ALL_ elected US Officials (and most appointed posts as well) is to defend the US Constitution. As soon as officers were found to be lying about things, they should have all been put to death or exiled for failing to perform their primary duty.

I agree with some of what you say after, but the first statement diminishes the severity of the crimes.

Oh, and by the way..

What happens when the government stops doing its job, or starts abusing its power? If that is happening, wouldn't you want to know about it?

You may want to read a Newspaper or something, because this has already been happening. See "Free Speech Zones" and "Corporations are People" if you need lack reference materials. Berkley demonstrations are good ones too, as is TPP negotiations and US involvement in the recent Ukraine coup where 4 billion of your tax dollars went to a group more pro EU than those voted into office.

Re:Fuck the foreigners Re:What about inbound?

He was also a criminal to the British political establishment, guilty of the audacious crime of sodomy which is a British pastime anyways.

Re:Fuck the foreigners Re:What about inbound?

[dbIII]

Yet another thing when it's an Indonesian cigarette company being spied on for commercial reasons. Burning through the goodwill of allies just to help out a campaign donor with some trade secrets picked up by spies is IMHO a ridiculous abuse of power.

Re:Fuck the foreigners Re:What about inbound?

[l0ungeb0y]

Alternatively, are you telling me that we have zero rights because the NSA is allowed to spy on everyone doing anything at any time for no reason at all?

Well since you ask... what "rights" do you really have in a Government that ignores it's own Constitution, drafts laws to allow it's lawbreaking after it gets caught, and who's local Law Enforcement routinely twists and misapplies laws against citizenry?

Seems your "rights" are entirely subjective and likely to change at a moments notice.

Re:Fuck the foreigners Re:What about inbound?

[AmiMoJo]

I think he meant people who engage in mass, untargeted surveillance of entire populations. Not spying on anyone at all for any reason.

Re:Fuck the foreigners Re:What about inbound?

[Dr_Barnowl]

I heard rumours that the Chinese firms who clone routers were just replacing the secret keys in the backdoors with their own and shipping them as-is. That kind of thing got Phil Zimmerman in hot water.. why isn't Cisco in hot water?

Re:Fuck the foreigners Re:What about inbound?

[AmiMoJo]

It's really simple. An individual looking at specific targets with real oversight is fine. Mass collection of data, especially metadata, is wrong and treasonous. It's super convenient and doubtless would prevent/solve some crimes, but freedom is more valuable.

Re:Fuck the foreigners Re:What about inbound?

[Pieroxy]

I believe the proper term is now shocked and awed.

Re:Fuck the foreigners Re:What about inbound?

[jandersen]

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

Which Creator are we talking about here? I ask out of interest; and of course also because I have never seen any evidence of such a being. My point here is NOT that humans don't have rights or that these aren't reasonable and fundamental, but I think it is time to abandon the pious lingo and try to find the valid reasons that undoubtedly are there, somewhere. After all, if the only reason why these rights are unalienable is that they are God-given and somehow enforced by Him, then they can be thrown out when your religious affiliations change, as they so easily do. The fact is that the god most, if not all, people claim to follow, is a concept created to suit their own preferences and petty prejudices, and personally wouldn't want my freedom and rights to depend on the whims of the prevailing, religious wind.

Re:Fuck the foreigners Re:What about inbound?

[AmiMoJo]

Sure, but on a limited scale. GCHQ and the NSA have basically said it's fine for other nations to hack all our systems and completely pwn our countries if they can. No limits, collect everything and use it all for the most trivial industrial espionage or political gain. Destroy all good will, make sure British and US products have no credibility and wreck out data storage industries. Make sure citizens are at greater risk by installing backdoors and weakening security systems.

What do you think is the biggest threat to you? Terrorist attack or becoming the victim of hacking, identity theft, losing your job because the company's secrets were stolen etc.

Re:Fuck the foreigners Re:What about inbound?

[Maritz]

Your example of spying on allies being a good thing is to refer to the Cuban missile crisis? Sorry I didn't realise USA and USSR were great buds at the time.

Re:Fuck the foreigners Re:What about inbound?

Obama and his successor will realize the world is a cold and lonely place once everyone assumes you're a lying two faced fuck out to deceive and manipulate at every turn.

Re:Fuck the foreigners Re:What about inbound?

[Zontar+The+Mindless]

Which Creator are we talking about here?

Does it matter? FWIW, I'm a Buddhist, and most of the Founders were Deists.

Re:Fuck the foreigners Re:What about inbound?

Still another 1 line fart of a reply from gmhowell.

Re:Fuck the foreigners Re:What about inbound?

[azav]

Sadly, we can't take the luxury of distributing communications devices that we don't have the ability to tap.

Certainly says something about the state of the civilizations on this planet.

Re:Fuck the foreigners Re:What about inbound?

[azav]

I think it's somewhat of "we have all your data. If you are suspected of anything wrong, we will look at it. Don't do anything wrong."

Re:Fuck the foreigners Re:What about inbound?

[azav]

> ignores it's own Constitution,

ignores its* own constitution

        it's = it is

Learn this.

Re:Fuck the foreigners Re:What about inbound?

Oblig XKCD: http://xkcd.com/1357/

I agree, saying that other people (who do not claim the same moral high ground as the US does) do it is one of the weakest arguments.

Re:Fuck the foreigners Re:What about inbound?

[yacc143]

Actually, the funny part is, that spying on Mrs. Merkel phone is the NSAs job. And she's got a number of people whose job it is to prevent such spying. Technically, btw, as far as it's known, only Merkel's private (or technically party) mobile has been intercepted. In effect most relevant stuff was certainly interceptable => because her communication partners have to rely on "normal" communication systems designed to be easily intercepted.

Spying on the whole German population is the big issue. Mass-surveillance is a problem, it violates basically the 4th ammendment (and their local counterparts, e.g. in Germany, as you've mentioned the example, it's the "Fernmeldegeheimnis", communication privacy that is a constituional basic right). One of the things that was disliked about the Britons back than that they used to do basically warrentless searches, for whatever reason.

Now consider that the NSA wants all electronic communication world wide, and that naturally includes communication by US citizens at home. So think, if the population (because the political caste in D.C. is way less interested) manages to forbid domestic mass surveillance, And they manage to make it stick (against a bureacracy shredded into multiple layers of secrecy for the "common good", invoking "national security" every second sentence). Now what do you think will keep the NSA from asking their British friends to do some spying, under supervision for them? A good pretence would be e.g. "Safety of NATO personal deployed in the US", that's what the German BND (which is mostly forbidden to work inside the borders) did, just ask the allied agency that have the right to spy (via the NATO treaty and related "formerly secret" treaties) in Germany. Not probable, but the British inteligence community is very intimate with the US, even more than the other members of the "Five Eyes" club.

So basically, what we've got are highly unregulated secret organizations (where even the official oversight, usually from the legeslative branch has not enough insight, and still has to rely on the perps themselves not to lie), which have shown in the past a tendency to work around any legal issues very creatively, by doing the illegal thing (and cover it under the "national security" tag, to avoid scrutiny), by interpreting law in fascinating ways (e.g. creative interpretations of the Patriot Act, rubber stamp it at the FISA Court, and again we wouldn't want independent analysis if the legal creative interpretation is okay, so it's a question of "national security"), ...

And if everything else breaks, split the bad stuff up internationally, there are enough allied spooks that are not explicitly forbidden to do the bad deed in question, ...
"And no, Senator, we cannot tell you that, because that information "belongs" to an allied foreign agency, and sharing it would endanger international cooperation, and you know, that cannot be allowed, because the bad bad terrorists would win."

Re:Fuck the foreigners Re:What about inbound?

[yacc143]

What good relationship? The reason Obama has been popular for some time is related more to the fact that the Bush administration had any number of very unpopular policies here around, and Obama claimed that he'll change them when elected. The sad part is, that he did not change them, he continued them or even enlarged them. The only big promise that he kept at least partially, was stopping all these "illegal stuff". Alas, he stopped it be legalizing the practices in most cases, so lawyerish he's correct, he stopped all these "illegal practices", although many people (voters or not) probably took him to mean that he'll stop the practices and not just legalize them ;)

Re:Fuck the foreigners Re:What about inbound?

[Noah+Haders]

gp is a db, but the point still stands that it's the NSA's job to provide signals intelligence outside of the US.

Re:Fuck the foreigners Re:What about inbound?

[colinrichardday]

NSA apologist trope #57: [insert foreign country that has no 4th amendment] routinely does the same thing we do.

Does the Fourth Amendment apply to the NSA's spying on foreigners?

Re:Fuck the foreigners Re:What about inbound?

[crtreece]

What happens when the definition of "doing something wrong" changes?

Re:Fuck the foreigners Re:What about inbound?

[lucien86]

I think it's somewhat of "we have all your data. If you are suspected of anything wrong, we will look at it. Don't do anything wrong."

Sorry but you are living totally in the past. The security services don't just take your information they sell it on for money or trade it for access or other secrets. And guess what some of the people they sell it on to are criminals, spying and crime have been brother and sister ever since they were invented. (Good) Criminals often even make the best spies, they are resourceful, independent, good at deceit and lying and hiding - and they always have a good excuse for 'nefarious' activities if caught. Even worse today, the services are made up of many small private companies - this allows for greater believable deniability and compartmentalisation - but some of those companies are deliberately crooked or bent or even linked to organized crime. Crime is also a great way to launder money so it cant be traced back to the government. Today the NSA aren't Uncle Sam they are corporations like Halliburton or Facebook or dozens of nameless holding companies around the world, or they are your pimp or your drug dealer or that guy on the corner selling child porn. In spying being a criminal is part of the job.

Still don't mind them riffling through your bank details?

Re:Fuck the foreigners Re:What about inbound?

[Alouster]

What a crock of #@it! We hold these lies to be self-evident, that all men are not created equal, that they are endowed by their greed with unlimited unalienable Rights, that among these are Life, Liberty, the pursuit of Happiness, and kill the rest. Looks to me like those they are spying on everyone, anywhere, are the real traitors according to good old uncle Sam. They should pay or die. Simple as that!

Re:Fuck the foreigners Re:What about inbound?

[kubajz]

Interesting thought, that we would have these rights if there was no Absolute Law or something similar. What would lead us to conclude that everyone has the right to Liberty, for example? Is it a matter of taking a vote about it? And if the majority vote against, could they then imprison the minority? I live in Europe and one thing I envy the US Constitution is the way rights are defined - that they are given by an Absolute and therefore cannot be voted away :)

Re:Fuck the foreigners Re:What about inbound?

[tolkienfan]

I'm sorry, I the the danger is more "what happens when those with the data decide to use it for nefarious purposes?". The existance of such an enormous body of data will mean some people will misuse it. And they ALREADY have!

Re:Fuck the foreigners Re:What about inbound?

[tolkienfan]

Creator can be a metaphore here. It doesn't need an agent for the passage to serve its purpose. There is speculation that some of the founding fathers were atheists despite much of the language that was used. The salient point is that we have rights from the moment we exist.

Re:Fuck the foreigners Re:What about inbound?

[tolkienfan]

That's what we want to change. The biggest problem is that the enemy of the NSA is anyone that would oppose it, or tear it down. It will move to defend itself by using it's considerable power. It needs to be torn down and replaced with an entity with a more targeted mission and more oversight.

Re: Fuck the foreigners Re:What about inbound?

Silly

Re: Fuck the foreigners Re:What about inbound?

'Privacy' is not a right in your quoted list.

Too much.

If the NSA had restricted its spying efforts to foreign countries, would Snowden have felt morally obligated to disclose this?

The NSA spied on Americans in violation of the law. So Snowden blew the whistle. If the NSA had not spied on Americans in violation of the law....maybe Snowden would have kept his mouth shut, and this amazing foreign intelligence network would have continued to function unabated.

I am not saying that it is OK for the NSA to spy on foreign governments to this degree...I am just saying that it would not have broken the (American) law and may not have pushed Snowden to blow the whistle.

The NSA got greedy. It's as simple as that.

Re:Too much.

The answer is clearly yes. Domestic spying was what, like 1% of his revelations? You have to be pretty dumb to think that was his primary motivator at this point.

Re:Too much.

Dick Cheney, Paul Wolfowitz, etc. saw an opening to push their ultra-neocon agenda and took advantage of it in every way they could think of.

But is was the actors in that administration that got greedy, the NSA was simply the derivative effect. Of which we're feeling the effects to this very day.

Re:Too much.

[joe_frisch]

Without trying to predict what Snowdon would have done in that situation, I think the mistake the NSA made was in thinking that even the foreign intelligence part of this could have been kept secret indefinitely. The Dr Strangelove quote of "you can't fault the entire system because of a single screw-up" is really appropriate. Knowledge of this program was so damaging to US business interests that the risk of an information release was too high.

Snowdon may have acted out of (misplaced or not) morality, but when you have a secret that could move many billions of dollars from US to foreign industries, some people would have purely financial motivations to see that it was leaked.

The job of the NSA is spying on foreign governments, I have no particular problem with that . The problem is that they did so in a way that substantially destroyed faith in US industry if / when it was discovered. All of the arguments the US government has made against using Chinese networking hardware now reflect back. If we try to claim that "everyone does it", then people will go with the cheapest vendor, and that isn't US.

The NSA did something that if revealed would badly damage US industry. The NSA then failed to properly protect that data. Snowdon is irrelevant - with such devastating information, any proper security system had to take into account that an employee might try to release it for any of a wide variety of reasons, rational or not.

Why should I distrub Heuwei again ?

[aepervius]

Ah yes because the NSA says me so. You know what i think ? I think NSA told us to distrust other vendor because they have no back door in them.

Welp

This just goes to show what happens when you let a bunch of fucking niggers run your security departments.

Re:Welp

[viperidaenz]

I don't think he could get any whiter
http://en.wikipedia.org/wiki/D...

Huh?

This is far beyond espionage and about the common man. Espionage is some fake shit hollywood wants you to believe is real, the glamorization of getting ass fucked by surveillance and other perceived "cool" stuff the federal government makes to justify the fake terror organizations they set up in each in every country. Currently it's Ukraine.

Ever hear about this? http://swampland.time.com/2013/09/27/whos-watching-the-watchmen-nsa-employees-caught-spying-on-partners/

I suggest you slowly and calmly turn off CNN, Fox news, and wherever else you have justified your attitude and realize the complete betrayal of trust the NSA has been engaged in for over 50 years now.

People are waking up to the fact that the entire system is rigged. Every war, conflict, thing that happens on a global perception scale has been carefully scripted to gain more control over money and resources, and the media is there to keep people like you still believing that we should be good little slaves because we need "Espionage".

When 13 families run the world "Espionage" doesn't mean shit.

Re:Huh?

I turned off the BBC. If anyone thinks they are better than the likes of CNN, I have a bridge to sell you.

Sadly, Slashdot and many other tech sites are no better.

NSA's message

[fgouget]

NSA's message:

Beware: we're doing it to them so they could be doing it to us.

Of course they could not go public with part one to they only publicized part two.

Doesn't matter.

[khasim]

My question is do they take out the Chinese backdoors or do they leave those in with the NSA backdoors?

That doesn't matter. We now know that the NSA has backdoors in them. We highly suspect that the Chinese also have backdoors in them.

The question is how long it will take the other nations to start their own chip fabrication plants and build their own routers / switches / etc.

Since nothing from us can be trusted (even by us) then they should be building their own stuff which they can trust more than our stuff.

Re:Doesn't matter.

[amiga3D]

I've started raising pigeons to communicate with friends. It's pretty cool, you see you take a message and fold it and attach it to the pigeons leg with a band and he flies off to home with it. Just have to watch for the hawks.

Re:Doesn't matter.

[Chris+Mattern]

The question is how long it will take the other nations to start their own chip fabrication plants and build their own routers / switches / etc.

Writing their own software, sure. Making their own hardware? Might be a while. Hardware manufacturing takes big start costs, has big fixed costs, and requires a lot of specialized experience and expertise. It's always much, much cheaper to let somebody who already has all that in place do it for you, and you get better results, too. This is particularly true of chip manufacture.

Re:Doesn't matter.

The NSA shithawks, Randy... NSA shithawks.

Re:Doesn't matter.

[TheGratefulNet]

I prefer tcp-over-waterbuffalo.

its more robust.

Re:Doesn't matter.

[currently_awake]

The European Union could afford it. Of course they are already working with the NSA so that won't help any. I expect Russia has a good reason to build chip fabs now.

Oh dear

[viperidaenz]

Now they've been found out it's going to hurt USA's export market.

fw

they are fiddling with the firmware/bios (absolute.com). almost impossible to detect.

Re:fw

[Virtucon]

Re-Flash it. Done. Or better yet get a reputable firm to validate the Firmware via CRC check etc. vs. OEM.

Re:fw

[currently_awake]

Given the level of resources available to the NSA, once they have their hands on your hardware you should consider it permanently untrusted. It's not just that they could have reflashed the firmware, they could have installed a radio keylogger or maybe a radio receiver that allows direct control of the computer itself. The power supply could be redone to transmit your crypo-keys onto the power lines for all you know. Now you just have to figure out how to get hardware before they get their hands on it. Given their resources, that might be difficult.

Glen Greenwald The Guardian??

Bollocks

mod d03n

Hapless *BSD Or a public club, and enjoy all the Real problems that disappearing up its long term survival EFNet, and aaply *BSD is dying Yet decentralized OPENBSD, AS THE by BSDI who sell

And people though Huawei concerns were baseless

[nomad63]

You need to be one to understand one. US, especially the international cyber security related ranks of government, were worried about the security of networks, operating on Chinese made Huawei brand routing equipment. Has anyone give it a thought "why" ? Because, they were doing the same thing to the US manufactured equipment and up until Huawei undercut Cisco prices and made inroads to the US networks, they didn't say anything. I am just laughing why people are getting so upset at this point in game. Your privacy and mine as well, is no more than a joke.

Re:And people though Huawei concerns were baseless

[LookIntoTheFuture]

I am just laughing why people are getting so upset at this point in game. Your privacy and mine as well, is no more than a joke.

Silence is seen as compliance. They want us to shrug it off and forget about it and tell others to do the same. The opposition needs to be loud and withstand time. Maybe it will motivate some to do something constructive with their anger. Like donating to the EFF. Or maybe start a new company that provides open hardware and software on their routers. That would be something. Privacy like security isn't on or off. You can make it better.

Re:And people though Huawei concerns were baseless

[currently_awake]

The American government respects money. If the NSA spying scandal costs American companies money they will make sure the government fixes the problem. If you want this spying problem fixed, find a way to ensure large American corporations lose money over it.

Re:And people though Huawei concerns were baseless

[LookIntoTheFuture]

Silence is seen as compliance.

Silence is seen as acceptance. FTFM lol

Re:And people though Huawei concerns were baseless

[LookIntoTheFuture]

The American government respects money. If the NSA spying scandal costs American companies money they will make sure the government fixes the problem. If you want this spying problem fixed, find a way to ensure large American corporations lose money over it.

They will lose money if the injustices are not forgotten, so that trust in them cannot be restored.

Re:And people though Huawei concerns were baseless

[Rich0]

It goes back way further than this. The US messed with firmware in some computer equipment back in the 80s to sabotage a major Soviet oil refinery, resulting in one of the largest industrial fires in history. That eventually became public, and by now everybody should know not to trust foreign firmware for anything important to national security.

And one time at band camp.

[Virtucon]

Sorry, I've given up on all this Spy vs. Spy nonsense. Frankly I'm surprised that there hasn't been a story where the NSA employes pixies who spread magic fairy dust on the Internet Tubes and the secret encryption keys float magically in the air. Sure, a lot of what Snowden took possession of and released was most likely based in fact but a lot of it is starting to sound a bit more ridiculous. If this article has even 1% of credibility I would have thought that any security firm outside the US would have been able to confirm it. Once it's confirmed then I'll worry. If it's not confirmed then it's another red herring.

Re:And one time at band camp.

Because Greenwald clearly has so much to gain by destroying his own credibility, lol

Re:And one time at band camp.

[stiggle]

Snowden handed everything to Greenwald and friends. They are now controlling the leaks and have stated they have an agenda to leak certain material as and when it is in their best interests. Not the best interests of the public to know about this stuff, but their best interests to cause the most embarrassment and disruption. If they cared about the public knowing then they would release everything all at once so we'd know, like the Wikileaks document drops.

eg. The information about intercepting of the EU leaders phones leaked shortly before high level meetings between the leaders.
The information about intercepting of Brazilian leaders phones shortly before a major arms deal was signed with Boeing, changing the decision of the Brazilians who went with Gripen instead.

Re:And one time at band camp.

[Virtucon]

Yes, it's being done to maximize embarrassment but half of the shit that's being published looks absolutely fraudulent. Take this one for example, I'm sorry this is standard practice but it was cobbled together in a few minutes and nobody who values their fat bureaucratic, pensioned job would present something like this. Shit I could probably put something on the back of a restaurant napkin and then pass it off as "General Alexander's design for new surveillance."

So... What?

[jimmifett]

I have no problem with the NSA spying on the rest of the planet.
That's what they are paid to do.
I'm even fine with them intercepting my inbound stuff with a warrant or FISA order if I was connected via phone or other means to known enemies overseas.

Outright spying on me in my day to day life tho, that is right out.

Last time I posted this...

[hackus]

I got a -1 for flamebait, with people telling me I was full of crap...just a few days ago when I explained how the NSA is standing in the way of critical needed upgrades in infrastructure because there software and hardware do not work with 10GigE or IPv6 among other things.

So where to get my routers from?

[coolsnowmen]

So, as a business I ness US made routers so the chinese slave labor me out of the market, but in my home I need chineese made routers so the NSA isn't hacking my local computer.

Or I just get both, and put them back to back, and hope the US NSA never cooperates with the chineese NSA [equivalent]

Re:So where to get my routers from?

[TheGratefulNet]

here's your solution: buy a US router and a china router. put them in parallel (on their inputs) and on their outputs, use a local AND. only pass packets that are produced by both and reject all differences.

(I'm kidding, but maybe only half kidding..)

Re:So where to get my routers from?

Make one from nand gates.

Re:So where to get my routers from?

[currently_awake]

China is known to copy American routers, hardware and software. So using both might just get you extra NSA back doors on your network.

Re:So where to get my routers from?

[coolsnowmen]

Actually, I kind of like that.

Electorial solutions

[bussdriver]

1) Anti-Establishment candidates are often marginalized by the establishment, by civil methods and later by authoritarian ones depending on the threat and how authoritarian. Example: Ghandi. MLK. The extreme repression was their strength; the wise establishment doesn't empower their enemies.

2) If you can elect somebody, they are a minority and unless it is a dictatorship they can't do anything on their own. Continued marginalization and undermining them with their base as they are forced to compromise to get anything done at all. Example: Paul Wellstone, Bernie Sanders, Ron Paul (a rare case of no compromise and doing nothing.)

3) Use the system against the elected officials. As the 2006 NSA leaker stated, Obama was observed before he was a senator. Officials have things to hide; even honest ones must make tough decisions that can look horrible if made public. Catch-22, such as the intelligence committee members who can't even tell other's in office what they know. Remember, Wyden said when Snowden leaks came out that it was just the tip of the iceberg and he couldn't talk about any of it. Remember, the 1st Snowden leak was they were spying on everybody. that was the tip of the iceberg?!
Example: possibly everybody who did a 360 after getting in office.

4) Politicians can only address a few issues at a time; much of their time is spent eating shit from their predecessors and trying to convince people it will taste good after they add their seasoning and most their time is spent raising money.

5) Press has been captured. You have to go foreign to get anything and they are being terrorized. (Funny how much "treason" is applied to foreigners.) When it's a big issue the press backs the government position; without even the need to be asked. Self censorship is the norm and patriotism is supporting the gov PR. Remember, the press didn't back the pentagon papers until it was already published and that was back during better days.

Franken is my senator. he is just OK. He is also at risk of being replaced by a complete sellout.

Re:Electorial solutions

[Tokolosh]

You left out the Supreme Court, which has completely sold out to the Tories.

Tech Support Rep here with International Customers

I work for a company that ships laptops, desktops, and routers to customers overseas and I'm going to say that there are some really weird things going on in transit that I can't explain. Particularly with international shipments, but not necessarily exclusively. I've personally heard from numerous customers who've had there systems seemingly opened in transit. Not just the packages, but the actual cases. They don't even always do a good job of re-connecting and re-sealing everything. Its obviously the cases that have been opened too as snap-style pieces are left disconnected (hard drives). No amount of vibration or force will cause a disconnect.

While I've suspected something like this I've never attempted to have a customer take a hash of the disk image and compare it to a before-shipment hash. Given this is a problem I think I might just go ahead and start doing this. The problem now is actually finding a customer who is going to be able to repeat the process on the other end.

NSA -- destroying US tech industry

You can bet the Chinese government are spying. Ditto for some European countries.(etc).. That said, any foreign government or corporation that buys US tech -- and thinks at this juncture that they aren't being spied on by the US government - would be dumber than a rock. (tinfoiler hatters were right after all)

America is digging a hole for itself in the technology sector. Foreign governments (and corporations) everywhere are scrambling to ween themselves off US technology. Because of use dominance it's a slow process but once that transformation happens, they won't ever be going back. The tech industry in the US will become much like the once dominant US auto industry, A has been that destroyed itself. (in this case by not standing up to government spy agencies clearly going too far).

The *only* way to change this inevitable decline is to change not only US laws but to create international agreements. It should be illegal to put back-doors into software/hardware that allow for wholesale spying on the citizens of any nation. And even in cases where spying of individuals is necessary, it is done with due process (i.e. ala the right to privacy in enshrined in the US constitution -- which the government officials that supported the NSA decided to ignore). Don't expect this to happen though. Politicians say one thing publicly to get voters but often do another once in power. They'll continue to put in their back doors as well as not disclosing vulnerabilities (ironically weakening security not only for other countries but America as well)

The way towards security in the future will thus come from the private sector. There is going to be big growth in companies that produce security hardware/software that explicitly have a mandate to distance themselves from any particular government and use open source designs, firmware, and software (which doesn't necessarily mean free). In an odd twist, total disclosure is the only way to build real security and privacy.

I bet the Narus stuff is not made in Asia!

http://en.wikipedia.org/wiki/Narus_%28company%29

That was the network gear in the splitter room in San Fransisco ATT.
That's the NSA router supplier.

Servers shipped from the US

Not too long ago, I had two identical servers shipped from the US. Upon unboxing them and running them up -- I didn't pay too much attention to their physical appearance -- one of them had different CPUs, different HDDs and a different amount of RAM. I went back and double checked the shipping notice, packing slip and packaging. The packaging was correct and listed all of the components in the quantities that I expected, it's just that the server in the box had a different configuration and serial number. This happened pretty much the day after I read about about NSA allegedly intercepting and fiddling with shipments.

Now, I don't think we do anything interesting enough to warrant spying on our operations, but I can't help but think there is now some despot somewhere who got a clean server (ours) when the shipments were mixed up.

The vendor concerned was very interested in how this mix up might have happened.

Applying 20th century ideas to 21st c. conflicts

[Paul+Fernhout]

"just people applying 20th century ideas to 21st century conflicts."

All too true. Although the results may be far worse than becoming a "quaint has-been". To expand on your point:
http://www.pdfernhout.net/reco...
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing. ... There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."

And also on intelligence specifically:
http://www.phibetaiota.net/201...
"A failure to realize this irony will produce ever greater problems down the road as we develop ever greater technologies that can become ever greater amplifiers of destructive impulses (including self-replicating nanotech and biotech) or ever greater inhibitors of constructive impulses (like pervasive surveillance to enforce arbitrary unhealthy norms as a "war on the unexpected"" [see Schneier]). So, how can we have an intelligence community in the 21st century that is truly worthy of the name? How can we have an intelligence community that truly helps prevent misadventures that waste trillions of US dollars while millions of US children grow up in poverty and tens of millions of US citizens lack access to health care or even adequate nutritious food?"

And:
http://pcast.ideascale.com/a/d...
"As with that notion of "mutual security", the US intelligence community needs to look beyond seeing an intelligence tool as just something proprietary that gives a "friendly" analyst some advantage over an "unfriendly" analyst. Instead, the intelligence community could begin to see the potential for a free and open source intelligence tool as a way to promote "friendship" across the planet by dispelling some of the gloom of "want and ignorance" (see the scene in "A Christmas Carol" with Scrooge and a Christmas Spirit) that we still have all too much of around the planet. So, beyond supporting legitimate US intelligence needs (useful with their own closed sources of data), supporting a free and open source intelligence tool (and related open datasets) could become a strategic part of US (or other nation's) "diplomacy" and constructive outreach."

"Good will" is an important resource. Slowly the USA has been squandering what goodwill it including from WWII. Fortunately, good will can be a renewable resource depending on the political choices the USA makes going forward.

For example, imagine how much goodwill the USA would have right now if we had given the people of Iraq US$6 trillion dollars (US$300

This news won't hurt US business at all

[erroneus]

... I just can't imagine how anyone would be offended or in the least bit concerned over this.

So... where's the problem?

[Lawrence_Bird]

I have no issue with three letter agencies doing the job they were tasked to do - provide the USG with foreign intelligence gathered offshore. The problem is when they turn those same techniques inward.

And lest the foreigners cry - your governments are spying on the US too, often on behalf of your nationally domiciled corporations.

Zontar The Mindless = "eat your words"

"Your hosts file app is SPYWARE, dude." - by Zontar The Mindless (9002) on Wednesday April 09, 2014 @02:43AM (#46702387) FROM -> http://slashdot.org/comments.p...

You said MY program's a spyware?

Ok: CONTRARY PROOF from a REPUTABLE security community source http://slashdot.org/comments.p... who hosts my app (malwarebytes hpHosts) which you are FREE TO VERIFY by email if you like as MY proof!

Now: Is YOUR SOURCE Computer Associates REPUTABLE? See here http://www.bing.com/search?q=c...

---

"for a crapware host files app that nobody in his right mind wants to allow anywhere close to his system" - by Zontar The Mindless (9002) on Wednesday April 16, 2014 @12:24PM (#46769393) FROM -> http://slashdot.org/comments.p...

You say my program's crapware?

Disprove 17 points here showing hosts give uses more speed, security, reliability, & anonymity then since YOu say my program's "crapware" http://start64.com/index.php?o...

---

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

Show us a post where I put up material on hosts where it doesn't apply.

You can't, can you? Nope - That makes YOU a liar.

APK

P.S.=> You FAIL, sockpuppeteer troll...

... apk

Re:Zontar The Mindless = "eat your words"

Show us a post where I put up material on hosts where it doesn't apply.

I'm replying to one. Now go away and quit bothering the adults.

Re:Zontar The Mindless = "eat your words"

Some 2-bit host of many, many banner ads and not much else "likes" your shitty app. Whoop-de-doo.

Re:Zontar The Mindless = "eat your words"

Zontar the Mindless, you didn't disprove apk's 17 points in favor of hosts adding security, speed, reliability or anonymity for users. Since you put it down, where's yours that does better? It isn't Zontar the Mindless (we know it's you posting by anonymous too instead of your regular registered account Zontar the Mindless).

How can the NSA possibly have the manpower?

They would need millions of people to do all this...

Oh wait, all this stuff is made in China, since when does the US *export* any of this equipment?

Some allies don't mind

[penguinoid]

Some of our allies don't mind that we spy on them, especially if they are not allowed to spy on themselves. Then we can spy on them and share the intel with them. They still get mad if we spy on their high level politicians and business secrets, and of course they have to denounce our spying if their people find out about it.

Assuming all communications are monitored

[Paul+Fernhout]

"It seems to me the only rational approach is to assume that nothing can be trusted and and act accordingly. Assume that whatever you are doing online is being observed by someone or anyone ..."

I've been saying to make the best of this since at least 2008 (chain of citations):
http://www.pdfernhout.net/on-d...
https://groups.google.com/foru...
https://groups.google.com/foru...
https://groups.google.com/foru...
"Our biggest advantage is that no one takes us seriously. :-)
And our second biggest advantage is that our communications are monitored, which provides a channel by which we can turn enemies into friends. :-)
And our third biggest advantage is we have no assets, and so are not a profitable target and have nothing serious to fight over amongst ourselves. :-)"

Or more recently:
"A way forward through openness? (Score:5, Informative)"
http://slashdot.org/comments.p...

Of course, growing up in a Christian ideological environment, the idea is nothing new that all my actions are under constant surveillance 100% 24X7 by an omniscient entity who can even read my thoughts and decides my ultimate fate day by day... Just got to make the best of it... :-)

Not saying that means it will end well if humans are entrusted with that kind of surveillance power... Although "The Light of Other Days" and "The Transparent Society" are both books to think about...
http://en.wikipedia.org/wiki/T...
http://en.wikipedia.org/wiki/T...

It's probably only a matter of time anyway until the halls of all governments are saturated with nanotech "smart dust" by all sorts of actors (see Vinge's "A Deepness in the Sky" or some other stories for examples). Governments might want to get their houses in order before then... In that sense, Manning and Snowden might both just be the tip of the iceberg -- even if smart dust like that is still probably ten or twenty years off...

Or also from me in 2008:
http://www.pdfernhout.net/post...
"Wikipedia. GNU/Linux. WordNet. Google. These things were not on the visible horizon to most of us even as little as twenty years ago. Now they have remade huge aspects of how we live. Are these free-to-the-user informational products and services all there is to be on the internet or are they the tip of a metaphorical iceberg of free stuff and free services that is heading our way? Or even, via projects like the RepRap 3D printer under development, are free physical objects someday heading into our homes? If a "post-scarcity" iceberg is coming, are our older scarcity-oriented social institutions prepared to survive it? Or like the Titanic, will these social institutions sink once the full force of the iceberg contacts them? And will they start taking on water even if just dinged by little chunks of sea ice like the cheap $100 laptops that are ahead of the main iceberg?"

Or in this case, will 20th-century-mindset security institutions start sinking when their procedures are dinged by revelations moved via small cheap USB sticks apparently carried around by Manning and Snowden? Really, how "secure" or wise is a plan in the 21st century when it depends on 100% secrecy forever? Shouldn't so-called security experts employed at great expense by governments know better by now? Security by obscurity is problematical, especially over the

Trustworthy firewall?

[penguinoid]

Isn't it still possible to have a trustworthy firewall as separate hardware, that can inform you if there are any inappropriate data transfers? It would seem like an important tool to have if only for virus/malware analysis.

Re:Trustworthy firewall?

Isn't it still possible to have a trustworthy firewall as separate hardware, that can inform you if there are any inappropriate data transfers? It would seem like an important tool to have if only for virus/malware analysis.

What makes you think the firewall doesn't have a backdoor too?

Re:Trustworthy firewall?

[penguinoid]

Isn't it still possible to have a trustworthy firewall as separate hardware, that can inform you if there are any inappropriate data transfers? It would seem like an important tool to have if only for virus/malware analysis.

What makes you think the firewall doesn't have a backdoor too?

A hardware firewall is simpler hardware than a computer plus OS and programs, and would be harder to hide a backdoor in. No guarantee of course.

Re:Tech Support Rep here with International Custom

[EmperorArthur]

Disk image might be the same. The Snowden docs include things like hardware replacement of Ethernet jacks and firmware backdoors. Nasty stuff, and completely undetectable without destructive teardown or an X-ray machine and a ridiculous amount of time.

Open source doesn't mean much

You are assuming the source you are looking at is the same one loaded on the device. If you change out the software on the device you may as well assume its no different than a binary blob.

And if the change is to the hardware that the open source software runs on? same idea as a hyper-visor rootkit, the software could be as fancy and open source as you want its still compromised since the hardware could easily send a copy of everything and react to a signal without the software ever knowing about it.

Disingenious Arguments

That the internal watchdog is looking and did catch violations is a good sign of ACTIVE protection.

You have zero rights because your internet packet addresses might be sniffed? Zero? Really? You're good at math.

Al Franken would be Bush4

When you realize how shitty the world is (I read the president's daily intelligence summary), you'll quickly realize that Fox News is center-left and that predators and hellfires are probably the best answer, since genocide is out.

Linux-libre is proof of the point, pre-Snowden

[jbn-o]

Addressing both your comment and the grandparent comment: this distinction of allowing non-free software is part of what distinguishes the older free software movement from the younger open source movement. RMS has been talking and writing about this critical distinction for years.

Consider the following from "Why Open Source misses the point of Free Software":

The idea of open source is that allowing users to change and redistribute the software will make it more powerful and reliable. But this is not guaranteed. Developers of proprietary software are not necessarily incompetent. Sometimes they produce a program that is powerful and reliable, even though it does not respect the users' freedom. Free software activists and open source enthusiasts will react very differently to that.

A pure open source enthusiast, one that is not at all influenced by the ideals of free software, will say, "I am surprised you were able to make the program work so well without using our development model, but you did. How can I get a copy?" This attitude will reward schemes that take away our freedom, leading to its loss.

The free software activist will say, "Your program is very attractive, but I value my freedom more. So I reject your program. Instead I will support a project to develop a free replacement." If we value our freedom, we can act to maintain and defend it.

In other words, open source won't endorse software freedom for its own sake. That movement was designed to never raise the issue of software freedom in order to promote a developmental methodology thought to lead to more reliable, more powerful programs. That methodology is fine as far as it goes (everyone likes powerful robust programs) but as we're seeing with the Snowden revelations, that methodology doesn't go far enough. RMS realized this very early on and has been providing ethical counterarguments since the open source movement began (older essay, newer essay).

This difference explains what we're seeing in the very different approaches taken in Linus Torvalds' fork of the Linux kernel versus the GNU Linux-libre fork of the Linux kernel. Linux-libre's distinction is that this fork removes the blobs that come with the Torvalds fork of the Linux kernel. Torvalds includes nonfree code meant to make the kernel run on more hardware which places a high value on convenience at the cost of software freedom. Linux-libre values software freedom instead. As a result, Linux-libre doesn't run on as much hardware and might not take advantage of everything modern hardware can do, but one gains a system they are allowed to fully inspect, share, and modify—software freedom. Linux-libre lets users make sure the software does only what that user wants that program to do. RMS, as recently as his recent responses to /. questions, encouraged readers to reverse engineer hardware in order to fully document hardware ("The parts of Linux we need to replace are the nonfree parts, the "binary blobs". [...] The main work necessary to replace the blobs is reverse engineering to determine the specs of the peripherals those blobs are used in. That's a tremendously important job -- please join in if you can."). This work leads to increased support for fully free operating systems, including fully free support in Linux-libre.

Increased security is one of the things you get with the pursuit of software freedom for its own sake. I think RMS very much recognizes the security enhancements that come along with Linux-libre and why his org

Now you know the real reason why the U.S. hates HU

[The+Other+White+Meat]

All those protests about HUAWEI - the real reason we scared everyone about them is for precisely the opposite reason than was claimed. HUAWEI is not in the pocket of the NSA, which makes them useless from an espionage standpoint. The problem isn't that their equipment has spyware, it's that it doesn't (as far as the NSA is concerned.)

Everybody ignores where they come from

[WindBourne]

The servers, routers, etc are NOT coming from America. They are being shipped via China. For example, Cisco does not import the routers and then re-export them to say china, or Venezuela, etc. They are shipped direct.

What I find funny is that so many miss the fact that many backdoors have been found on equipment that was shipped directly from China and not touched by ANY AMERICANS. And yet, we have greenwald and snowden ignoring what is going on with Russia, AQ, China, etc.

Re:Now you know the real reason why the U.S. hates

[WindBourne]

BS. Why do you think that India banned them? Because they found it on their routers that were sent directly from China to India.

Ppl like you are beyond foolish, or are simply Chinese trolls.

Cisco stock prices tank. . .

News at eleven :/

We're effectively killing off our chances at a global market. Seriously. Would you buy ANY network gear from ANY US based company at this point ? Hell, for that matter would any US based company even trust it ?

The bigger question is how does the NSA know about the shipment unless the companies are giving them a heads up about it before it leaves the country ? It's unlikely the NSA just gets " lucky " and just so happens to find them.

Treasonous violatoin of the constitutional right t

Spying on a war time foe is way different than spying on everyone. (without due process I would add). Not only is it spititng in the faces of allies its also violating the US constitution.

This is going to kill the US tech industry

[Karmashock]

If I'm a foreign buyer for this stuff... say a bank in Germany that wants to build a data center... I can't buy American stuff anymore. That's a huge blow to US tech.

Look... I'm okay with pulling this crap against brutal dictatorships. But I suspect they're just doing it to anyone they're even vaguely interested in... I have to assume that because there's so much double talk and evasion on the issue along with apparently no oversight or auditing.

If this sort of crap continues then the companies are at they very least going to have to use protected shipping methods that guarantee no tampering. A guard going with the shipment 24 hours a day from the factory to the delivery location would be an example.

And of course, any organization or customer that is responsible to data security is going to have increasing trouble trusting US businesses with anything.

This is incredibly damaging. The NSA needs to do their job without destroying the US tech industry in the process.

Re:This is going to kill the US tech industry

Twisted

Re:I think this relates: NOPE

The seller simply sent her the wrong tracking number. NSA had nothing to do with it. Yay paranoia.

https://privacysos.org/node/1311

https://twitter.com/puellavulnerata/status/427849719633571840

Re:Applying 20th century ideas to 21st c. conflict

Outstanding write up!!

Re:Tech Support Rep here with International Custom

[Animats]

Tell a few of their customers to ship back items which appear to have been tampered with, and compare them at your end. That's appropriate tech support. You have no idea who's doing the tampering or why, and it's worth finding out.

Outsourced

[dutchwhizzman]

I hope customers can replace those crypto bits themselves?

Not to an authoritarian

To an authoritarian, all other crimes pale in comparison to that of exposing wrongdoing by authorities.

Zontar The Mindless = "eat your words"

"Your hosts file app is SPYWARE, dude." - by Zontar The Mindless (9002) on Wednesday April 09, 2014 @02:43AM (#46702387) FROM -> http://slashdot.org/comments.p...

You said MY program's a spyware?

Ok: CONTRARY PROOF from a REPUTABLE security community source http://slashdot.org/comments.p... who hosts my app (malwarebytes hpHosts) which you are FREE TO VERIFY by email if you like as MY proof!

Now: Is YOUR SOURCE Computer Associates REPUTABLE? See here http://www.bing.com/search?q=c...

---

"for a crapware host files app that nobody in his right mind wants to allow anywhere close to his system" - by Zontar The Mindless (9002) on Wednesday April 16, 2014 @12:24PM (#46769393) FROM -> http://slashdot.org/comments.p...

You say my program's crapware?

Disprove 17 points here showing hosts give uses more speed, security, reliability, & anonymity then since YOu say my program's "crapware" http://start64.com/index.php?o...

---

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

Show us a post where I put up material on hosts where it doesn't apply.

You can't, can you? Nope - That makes YOU a liar.

APK

P.S.=> You FAIL, sockpuppeteer troll...

... apk

Zontar The Mindless = "eat your words"

"Your hosts file app is SPYWARE, dude." - by Zontar The Mindless (9002) on Wednesday April 09, 2014 @02:43AM (#46702387) FROM -> http://slashdot.org/comments.p...

You said MY program's a spyware?

Ok: CONTRARY PROOF from a REPUTABLE security community source http://slashdot.org/comments.p... who hosts my app (malwarebytes hpHosts) which you are FREE TO VERIFY by email if you like as MY proof!

Now: Is YOUR SOURCE Computer Associates REPUTABLE? See here http://www.bing.com/search?q=c...

---

"for a crapware host files app that nobody in his right mind wants to allow anywhere close to his system" - by Zontar The Mindless (9002) on Wednesday April 16, 2014 @12:24PM (#46769393) FROM -> http://slashdot.org/comments.p...

You say my program's crapware?

Disprove 17 points here showing hosts give uses more speed, security, reliability, & anonymity then since YOu say my program's "crapware" http://start64.com/index.php?o...

---

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

Show us a post where I put up material on hosts where it doesn't apply.

You can't, can you? Nope - That makes YOU a liar.

APK

P.S.=> You FAIL, sockpuppeteer troll...

... apk

kind of cappy world we live in

no one would really care if it was really used to catch big bad terrorists but we all know its all far from that.

firmware hardware dumps

Hope that soon firmware dumps of desoldered BIOS of will be compared inside and outside the USA to fund the gap ...

Parallel construction

[ToddInSF]

is much more common than people supposed.

The dystopic future in the series Continuum doesn't look so very far-fetched to me.

We're already a third of the way there !

Re:Tech Support Rep here with International Custom

you should definitely do this

Freedom's Curse

[Sciath]

I may be a little off-base but there used to be a time in the U.S. that our legal system was premised upon actual "misdeeds" not "thought crime". We now appear to live in an age in which crimes are "manufactured" out of obscure, fragmented and ambiguous data elements that could "potentially" lead to a criminal act. Then the purported perpetrator[s] are accused of "plotting" destruction even before the act is committed. I think people should be able to think anything they want. Even engage in ambiguously and potentially criminal acts for freedom's sake. What makes the difference is whether or not the act is actually carried out. Actual destructive actions should be the punishable offense, not thinking about it. Sure, this may place a heavy burden on law enforcement but I'm willing to accept that in exchange for personal freedom[s]. Besides, we are ALL ultimately responsible for our own self-protection. That requires that we be aware of our surroundings. To live with a certain degree of "precaution". To hone our personal skills in detecting potentially dangerous situations and utilizing a considerable degree of "street smarts". There are way too many people who have abandoned their personal responsibility for their own safety. They live as innocent children, expecting the world to be a "peaceful and enjoyable" trip to an amusement park where life is happy all the time and just kick back and wait for the guys in the white coats [or blue, or grey or whatever] to come and save them. We all like to think of ourselves as "adults" but we don't what the personal responsibility of acting seriously as adults. Rather, children wanting all the privileges of rank but little responsibility. One of the things we are ALL personally responsible for is our own safety. But most people think that responsibility falls upon someone else. Those who complain about safety but are unwilling to accept personal responsibility for it are creating a burden upon society. It's time everyone stopped whining about "safety" and started acting like adults.

Moral high ground

[Christopher_T.]

And everyone was paranoid about Chinese stuff.

Zontar The Mindless = "eat your words"

"Your hosts file app is SPYWARE, dude." - by Zontar The Mindless (9002) on Wednesday April 09, 2014 @02:43AM (#46702387) FROM -> http://slashdot.org/comments.p...

You said MY program's a spyware?

Ok: CONTRARY PROOF from a REPUTABLE security community source http://slashdot.org/comments.p... who hosts my app (malwarebytes hpHosts) which you are FREE TO VERIFY by email if you like as MY proof!

Now: Is YOUR SOURCE Computer Associates REPUTABLE? See here http://www.bing.com/search?q=c...

---

"for a crapware host files app that nobody in his right mind wants to allow anywhere close to his system" - by Zontar The Mindless (9002) on Wednesday April 16, 2014 @12:24PM (#46769393) FROM -> http://slashdot.org/comments.p...

You say my program's crapware?

Disprove 17 points here showing hosts give uses more speed, security, reliability, & anonymity then since YOU say my program's "crapware" http://start64.com/index.php?o...

---

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

Show us a post where I put up material on hosts where it doesn't apply.

You can't, can you? Nope - That makes YOU a liar.

APK

P.S.=> You FAIL, sockpuppeteer troll...

... apkDisprove 17 points here showing hosts give uses more speed, security, reliability,

Zontar The Mindless = "eat your words"

"Your hosts file app is SPYWARE, dude." - by Zontar The Mindless (9002) on Wednesday April 09, 2014 @02:43AM (#46702387) FROM -> http://slashdot.org/comments.p...

You said MY program's a spyware?

Ok: CONTRARY PROOF from a REPUTABLE security community source http://slashdot.org/comments.p... who hosts my app (malwarebytes hpHosts) which you are FREE TO VERIFY by email if you like as MY proof!

Now: Is YOUR SOURCE Computer Associates REPUTABLE? See here http://www.bing.com/search?q=c...

---

"for a crapware host files app that nobody in his right mind wants to allow anywhere close to his system" - by Zontar The Mindless (9002) on Wednesday April 16, 2014 @12:24PM (#46769393) FROM -> http://slashdot.org/comments.p...

You say my program's crapware?

Disprove 17 points here showing hosts give uses more speed, security, reliability, & anonymity then since YOU say my program's "crapware" http://start64.com/index.php?o...

---

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

Show us a post where I put up material on hosts where it doesn't apply.

You can't, can you? Nope - That makes YOU a liar.

APK

P.S.=> You FAIL, sockpuppeteer troll...

... apkb

Can we get an example of tampered hardware?

I want to know what the feasibility of just "prying out the offending component and soldiering a new one in" is.

I like it!

I like that BUSINESSES are being touched by this. No one gives a s**t that your and my privacy rights are null and void. Congress won't do zip to fix that. But when foreign CUSTOMERS, who SPEND MONEY, decide they DON'T WANT compromised Amerikan hardware, and take their business elsewhere, congress might start to listen. (Stupid me) or maybe not.

Thank you Edward Snowdon! Thank you Glenn Greenwald. Obama, you are a disappointment (in SO many ways).

NSA spying

Do you really think the power hungry politicians are going to stop
spying on each other and the people to get dirt on them for there elections.
So I'm sure they will definitely continue spying on us.
Remember transparency by this US Government, so it will never stop
They will tell us that you sheep, we ill stop watching you, but the fact is as long as tax
dollars are collected it will continue I have been using http://Lookseek.com for about a
year the non tracking private search engine to protect my privacy.
  We have to start somewhere

Re: Treasonous violatoin of the constitutional rig

[astar]

Famous quote by the head of us intelligence regarding spying on Kaiser et all

gentlemen do not read other gentlemen mail