Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview With An 'NSA Hacker' Published By The Intercept (theintercept.com)

Posted by EditorDavid on from the he-talked,-I-listened dept.

The Intercept published a 4,000 word article based on a journalist's three-hour interview with an "NSA hacker" who recently left the agency for a career in cybersecurity. Offering a portrait of life within the U.S. intelligence agency, "Lamb" says he worked on "ridiculously cool projects that I'll never forget... Technically challenging things are just inherently interesting to me."

He's the author of some of the memos leaked by Edward Snowden about how the NSA tries to identify Tor users or break into sys-admin accounts. ("One of his memos outlined the ways the NSA reroutes (or "shapes") the internet traffic of entire countries, and another memo was titled "I Hunt Sysadmins.") "If you tell me, 'This can't be done,' I'm going to try and find a way to do it."
It's interesting that he ended one memo with "Current mood: devious" and wrote in another that Tor "generally makes for sad analysts". But in his interview, he warns that "There is no real safe, sacred ground on the internet. Whatever you do on the internet is an attack surface of some sort and is just something that you live with."

12 of 93 comments (clear)

  1. no sacred ground by turkeydance · · Score: 4, Insightful

    includes the NSA's lawn.

    1. Re:no sacred ground by AmiMoJo · · Score: 3, Insightful

      The NSA must surely be compromised. If Snowden could do it, you have to figure that professional spies from other countries have too. The NSA is a very attractive target, having virtual dossiers on all US and many European citizens that are ripe for plundering. Access to NSA backdoors and non-public vulnerabilities would be quite valuable too.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Worthless article by pellik · · Score: 4, Informative

    The only story is that the journalist did a three hour interview with a NSA hacker. There's no content in there.

    1. Re:Worthless article by khallow · · Score: 2

      And with that kind of support... you will never be free.

      In the real world, you use the tools you have to make the world a better place. Not the magic pink unicorns you wish you had.

    2. Re:Worthless article by 93+Escort+Wagon · · Score: 2

      So what? This is real life, not some fairy tale movie where the journalist hero saves the world and wins the girl.

      I don't believe Glenn Greenwald is particularly interested in winning the girl.

      --
      #DeleteChrome
  3. This can't be done by b783719 · · Score: 2

    "If you tell me, 'This can't be done,' I'm going to try and find a way to do it."

    How to be rich in 10 seconds:
    1) say, "I can't have your bank account. This can't be done."
    2)He's 'going to try and find a way to do it'
    3)????
    4)Profit

  4. Re:NSA sucks at technology by vux984 · · Score: 2

    Its pretty common when mocking a post to respond in the same style.

    For example, one might have responded to yours with:

    You must be [insult] ; either that or [insult]; and you [insult].
    Anyhow [final insult]....

    You might be right and its the same AC; but its just as likely to be using style imitation as part of the mockery.

  5. Re:Legit story? by pepsikid · · Score: 2

    Legit-ish. "Lamb" was in one of the terrariums full of haxxors that the spooks keep for research and observation. Obviously, he wasn't even valuable enough for them to aggressively hold on to.

  6. Unprecidented by Velox_SwiftFox · · Score: 2

    Oh for the old days when no one wondered why >50% of European Internet connections were routed through MAE East.

  7. NSA has a lot of resources, no superheroes. Easy by raymorris · · Score: 2

    Being in the information security field myself, I've hung out with some federal government infosec people once or twice. My read is that the feds have a lot of money and other resources. They don't have superheroes on staff. "Garcia" from the TV show CSI doesn't work there. So they're good, but cerrainly not orders of magnitude better than those of of us in the private sector. We can't get billion dollar datacenters, though, to record information about every phone call in the country.

    HOWEVER, most of the time it doesn't matter. Spear phishing isn't that difficult, and most people can be spear phished. (Note the qualifier SPEAR, not bulk phishing).

    What about hacking high-value targets like major governments? Is it easy to hack the US state department? Well the head of the department, the secretary of state, DOES communicate in CLEAR TEXT via an unpatched server in her basement. It doesn't take genius hackers to read top secret informatiom that isn't encrypted and is sent in the clear over the public internet. The NSA doesn't NEED geniuses. They just need to be patient and persistent to exploit a particular target.

      Of course they don't have to attack the primary target directly. Once they have access to the email account of Clinton's good friend Debbie Wasserman-Schultz, they can set a filter that intercepts emails she sends to HRC and add a trojan to an attached file. Then they have a foothold on HRC's computer and phone. None of this is that difficult, they just have to be patient if they want to get a value target.

  8. Re:So does this mean.. by Anonymous Coward · · Score: 3, Insightful

    It means he sold his soul and now he repents. But in reality it's like Satan posing as a humanitarian worker.

    His curiosity toward IT was exploited by a rogue agency, no doubt. I just hope he realizes all the damage he's done to the basic and human rights, let alone diluting the values outlined in the US Constitution. There's no amount of "cyber security" he could ever do to make up for that and there's no amount of righteousness he can hide behind to justify his actions. What he did was pure evil.

  9. Re:NSA sucks at technology by arth1 · · Score: 2

    Flawed as SELinux is, it's on top of other security measures. It cannot give permissions that aren't already there.

    Most of the criticism I see about SELinux is that it's too cumbersome to use correctly, so those without a special interest often turns it off. Often by the same people who don't understand acl either, and think 666 and 777 permissions are practical. Many of them even rely on Windows-like privilege escalation like gratuitous ALL=(ALL) ALL in /etc/sudoers.