Slashdot Mirror
NSA Worried About Implications of Leaked Toolkits (businessinsider.com)
Reader wierd_w writes: According to Business Insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the 'Shadow Brokers' absconded with a sizable trove of penetration tools and technical exploits, which it plans to sell on the black market. Among the concerns are worries that active operations may have been exposed. Business insider quotes an undisclosed source as stating the possibility of the loss of such security and stealth (eg privacy) has had chilling effects for the agency, as they attempt to determine the fullness and scope of the leak.
(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)
(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)
It's a trap
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Welcome to how the rest of society feels.
that's just code
Live by the sword, die by the sword.
Now, if you had just disclosed those vulnerabilities they could probably have been fixed by now. Instead, you failed at keeping them a secret and unknown unsavory parties have a handy trove of exploits ready to be used. I'm not sure that this is what "National Security" looks like, and that's kind of your job.
But don't forget they're our guys.
It's possible that you think they are your guys. But you should not suppose they are the everyone else guys. :)
I don't really see anything funny or positive in the fact that one of your main intelligence services is under attack by a hostile power. And this attack is not clandestine, hidden from unwanted eyes, but it is made in public, so as to call NSA bluff and expose your country as a paper tiger.
And this all is compounded by a poorly hidden active measures campaign to benefit one candidate and to destroy another.
I believe that neither Schadenfreude nor sarcastic gleeing over a major f@ck up at the NSA are appropriate in this case, because want it or not, admit it or not, but your country is under attack by a powerful, sophisticated adversary. And it aint good. at all.
They don't know, either.
Welcome to our world, newbie.
WARNING: Smartphones have side effects--most of them undocumented.
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
You win some, you lose some. You cook with fire long enough and you're bound to get burnt eventually.
Manhattan project also failed to keep its secrets, so did the VENONA project (and many other). Are you going to exercise your smart sense of moral superiority upon their failings?
The essense of malware is that you offer software to someone else, in hopes that they run it. It's impossible to not realize that when you offer someone this software, not only might they run it to hurt themselves, but they might also offer it to others (maybe back to your own allies), to hurt them. Malware isn't something you can ever "keep" if you intend to use it against others.
It kind of reminds me of biological weapons. You gave the enemy Anthrax? Great, now your enemy has Anthrax. You'll be seeing that exact same strain of Anthrax again.
Can we then expect that after some analysis, that most antivirus and FW software will be able to counter those tools?
No, we're fine with it.
Thanks for correcting the record.
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
It shouldn't matter who the DNC leaker was. Blaming "the Ruskies" is just a diversion.
On the contrary, I think this may be a positive development. Back in the cold war, neither side could use their nuclear weapons since they knew the other would instantly retaliate (Mutually Assured Destruction). It appears we've now reached that phase in the infowar. Both sides know what each other is up to, but they know if they reveal what the other is doing, their own shenanigans will be exposed.
Support Right To Repair Legislation.
The problem here is that the NSA deliberately sacrificed the opportunity to improve our security in order to retain the effectiveness of their toys and couldn't keep them from being directly pilfered, much less independently discovered.
If, hypothetically, the Manhattan Project had squandered the opportunity to make us nuke-resistant in order to preserve the utility of their weapon; then, yes, I'd say that they screwed up pretty atrociously. The difference, of course, is that no such option existed, while the process of disclosing bugs to vendors is very much an option.
The "you aren't the only ones who could exploit those vulnerabilities" argument was previously largely hypothetical; now, not so much.
Because if you really believe that Putin's goons intervene into your elections to promote honesty, integrity, and democracy, you are wrong, very wrong, and I doubt it can be fixed.
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
Then see my initial comment of 0 farks given. You think that inside info from TLA places like that hasn't been used against people internally already? It's about time that these organizations and the people in charge get outed and embarrassed. There's been too much power, corruption and insider BS for too long now and it needs to be balanced out.
It won't matter to most of the people here.
Already I can see that most of the comments are from people giggling like children who just heart a fart joke. They fail to realize - or care - that this is serious business.
It's bad enough for the government to have these tools, but it's really bad for criminals, or worse, enemy governments, to have access to these tools as well. Do you honestly think they're going to buy these tools up and then graciously disclose everything and help companies fix vulnerabilities?
No. They're going to be used to attack you, your businesses, and your own government. It will inhibit our government's ability to perform espionage. It's bad enough when our own government is full of corrupt people, but it's even worse when that corruption is being driven by a foreign actor.
And yes, I understand that in a general sense that espionage isn't considered "good" in most cases. But sometimes we need these capabilities. It's good to know what our enemies are thinking, to be able to be a few steps ahead of them. It can mean the difference between our soldiers living to come home and being captured, tortured, and eventually killed with their bodies being dragged through the streets. It can mean learning that North Korea really has done off the deep end and plans to launch a nuke at South Korea in the next eight hours.
So, yes, there is a bit of schadenfreude to be had here, but don't forget the big picture. This is a bad thing for the United States. If you live in the civilized world, that means it is bad for you, too.
So giggle away, children. These tools are going to be used against you by people with far less constraint and far fewer morals than even our own government.
Instead of worrying about things like the democratic process being broken as demonstrated by the leaks, you are worried about the source of the leaks.
Yeah, I worry about the rest of society but more that they think like you do.
History is a pretty good crystal ball for everything going on. I won't give you any lessons here, you seem content or frightened so remain ignorant. I will simply state that all weapons through history, including espionage devices used for weaponry, have moved from place to place. All political systems have been full of corruption, and it never ends well for the populace. You are focusing on the first, instead of the latter. I have no confidence that you care given the point you are contending.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Read:
http://observer.com/2016/08/ns...
https://www.lawfareblog.com/ve...
The stolen hacks will be used by adversarial governments and criminals to silently move onto almost anyone's computer. Thanks NSA, for the upcoming super-malware.
I'm still not convinced this isn't some sort of odd false flag operation.
Imagine you're the NSA and you've been unable to get inside of some other countries likely air gapped cyber security operation... putting some juicy tools out there they're likely to snatch up and play with at least get you to see who the players are and maybe these tools work maybe they blow up... As for the vulnerabilities, with so many people playing this game, any vulnerability not found by the NSA is likely to be found by some other organization.
Even the vulnerabilities could be snares... I'm suspect of all of this and think it's just part of a big ruse.
Yes Francis, the world has gone crazy.
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
They got what they deserve. Instead of monitoring every single American and putting backdoors in every program they can, the NSA should have focused on monitoring foreign actors while helping to ensure that domestic institutions (companies, political parties, non-profits, and of course the population as a whole) have access to privacy and secure communications. The NSA should be the national equivalent of an IT security department. Leave the detection and investigation of domestic bad actors to the FBI(if you run across any domestic malfeasance then by all means pass it along but don't go looking for it specifically) and coordinate with the CIA when it comes to foreign actors. Develop tools and programs to protect Americans-and this is important: your job is to protect Americans (the people) not "America"- and their homes, not to watch them in them.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
My worry is that the NSA is likely penetrated by moles or it was successfully penetrated by foreign hackers. Regardless of the actual way those files were exfiltrated, this public stunt is nothing less than a public attack on one of your main intelligence services, by a foreign adversary, a brutal undemocratic and illiberal regime.
The fact that the NSA is under attack (and a public one) is what worries me, not that a bunch of 0-days is made public (and some of them are already fixed).
Its no longer just fed.gov you're trying to defend against, its all the script kiddies now running around with fed.gov's latest and greatest exploit toys.
Lawyers, MBA's, RIAA? A jedi fears not these things!
Imagine if the researchers of the Manhattan project not only discovered how to create a nuclear bomb, but also discovered a defense against nuclear weapons. Then, rather than telling anyone about the defense, they tried to keep it a secret so they alone could use the bomb. That would have been incredibly foolish! But we do not judge the Manhattan project this way, because they didn't actually have a defense against nuclear weapons.
Yet the NSA did. They found security bugs, created exploits for them, then refused to disclose the bugs to vendors so they could be fixed. This intentionally left their own country vulnerable to attack. The security community beseeched them to release this information, and warned them that others could find these exploits too and use them. But the NSA figured that nobody else was as smart as they were and so no one else could discover these exploits. They have been proven wrong.
And that is why we judge them somewhat differently.
"This is not a joking matter. You're ALL on a list, now!
Oh, damn!
I'm on the bloody list now, too."
"Flyin' in just a sweet place,
Never been known to fail..."
With the US being a bad thing for everybody else in the world, an most of its "own" people?
I'd say that what's bad for the US is good for the sake of humaity itself, and I only brook small exaggeration here.
The removal through collapse, of the United States as an actor on the world stage would be the greatest human triumph since the collapse of the Berlin Wall or the ending of South African Apartheid.
God bless us, each and everyone.
"Flyin' in just a sweet place,
Never been known to fail..."
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
Versus not being worried about how before when the NSA was actually covertly owned by foreign states and/or non-state actors since at least 2013 and the NSA apparently either didn't realize it or did realize it and for 3 years failed to warn much of the US industry (or our allies) that a bunch of infrastructure was still completely insecure not only to the NSA but also vulnerable to a more hostile adversary.
Fuck. We have been talking about the possibility of the NSA itself getting hacked for years and Congress again and again was reassured that the NSA could be trusted to find out a bunch of exploits and back doors, not tell anyone to fix the problems with security and then keep them secret and only use those tools to fight the bad guys.
Apparently the rest of the public would rather bury their heads in the sand as our US Government gets completely subverted and only gets worried that it might make the government look bad if the broader public actually knew about it.
The NSA should make it its PRIMARY MISSION to warn industry about the exploits it finds rather than keep them secret for years while our foreign adversaries also utilize them to undermine us.
Fine let the NSA use newly discovered exploits for 90 days to give the US a head start in both fixing our own systems and exploiting the vulnerability, but then mandate that the NSA inform industry to fix the security vulnerabilities WITHOUT EXCEPTION.
Hahahaha
"Flyin' in just a sweet place,
Never been known to fail..."
The NSA is a riddle, wrapped in a mystery, inside an enigma. This whole things smells fishy. "bad actors" will buy this software on the black market, use it to spy on other people all the while the NSA actually gets to watch everything over their shoulders: backdoors into the networks of those that installed it, side-channel copies of all the surveillance etc.
Installing stolen NSA software obtained on the black market would be as smart as installing that cool new game downloaded from a warez folder found on a porn site.
- For the complete works of Shakespeare: cat
I'm more worried about "our" guys these days than any foreign country. The government has a much easier time fucking me personally over than Russia, China, etc.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Since 1994, when Ukraine established relations with NATO, and since 2008, when the Bush administration voiced support for Ukraine joining NATO.
https://en.wikipedia.org/wiki/...
Since then, the official US designation for Ukraine is a "major non-NATO ally" (MSNA):
https://en.wikipedia.org/wiki/...
You are welcome on my lawn.
said the virgin neckbeard in the basement of his mom's house, in the USA
"No, we swear the tool won't ever get out to the public! We 100% guarantee it!"
6 months later: "well... shit"
"Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
This is precisely why:
:-)
- Apple didn't want to release a tool to unlock iPhones.
- Back doors should never, ever, ever be required for any type of device.
- Encryption keys should never, ever, ever be given/managed by any government agency.
- Etc., etc., etc.
When will the masses wake up and realize that a large, controlling government will never be a good thing for freedom?
Ramley-out!
Interesting. Though your wiki link states that Ukraine, Moldova, and Georgia are proposed members. I don't see that the language has ever actually passed in H.R.5782 - Ukraine Freedom Support Act of 2014 or other similarly named bills. Do you have a reference?
Indeed; if it's the only way our own government is ever held accountable for anything, well.. it's a damn shame, but it is what it is. It means people were not doing their jobs well at some level if it is really a problem.
Imagine the size of the balls on someone to actually hack the NSA. I can't even comprehend...
I'm not concerned at all about these tools being used to penetrate Joe Sixpack's computer.
I am, however, tickled pink that these tools will be used against the tools of the Government and Commerce.
Yes, you tools! Let's see what happens when your sordid affairs, your innermost secrets and every repulsive, nauseating detail of your rape of America for the past half century are revealed!
In other words, Commerce and Government, fuck you with a splintered phonepole. I hope it hurts every bit as bad as what you've done to this country.
(Provided this toolkit is as powerful as claimed, and its leak isn't some False Flag operation.)
The "Civilized World" jumped the shark ca. 1973.
UGh, gag me with a spoon! Are you kidding me? In no way are they our guys, they work for the US Govt. You know, the same govt that spies on everyone, commits war crimes and meddles with businesses, elections and whatnot. This is not the time to be patriotic, it's time to be skeptical.
640k ought to be enough for anyone.
It goes back before that. It was signed into law in October of 1992.
In 1992, George H.W. Bush signed the FREEDOM Support Act, which also started US economic support of Ukraine.
https://en.wikipedia.org/wiki/...
And the United States continues to support Ukraine membership in NATO.
You are welcome on my lawn.
If you talk about "coup junta in Ukraine" you're nothing but a Kremlin troll.
Paid or not paid, I have no idea, but you're still a Kremlin troll.
Catalin Braescu
Ofaly.com
But we do not judge the Manhattan project this way, because they didn't actually have a defense against nuclear weapons.
How do we know that? Maybe they were very, very good at keeping it secret and took the secret to their graves. #Conspiracy theories
There is wikileaks putting a bounty on the killer of dnc voter registration directory in IT.
The reality is its probably yet again an inside job done by people that look at snowden/drake/whistleblowing.
I'd be more interested in seeing an article on the massive hacking fraud of the blackbox voting machines with 0 paper trail and the statisticians that came out proving the math that said it was fraud. SLASHDOT WHERE IS OUR MATH AND COMPUTER INFO ARTICLES ON VOTER FRAUD VIA COMPUTERS?
I'm more worried that parts of my society might actually see exposing political parties' communications, as being akin to "meddling in our affairs" or even more absurdly as "intervening in our elections."
I hope that these people are lying, faux-outraged in an attempt to get their crappy party an emotional edge over another crappy party, but I fear they're being honest, every bit as disconnected as they claim to be.
"Believe me!" -- Donald Trump
Wait, so an agency that hacks/exploits into others people's devices and data traffic with complete disregard for due process doesn't like it when it happens to them? Say it ain't so Tommy!!
You don't get it. These jokers can only spy on us because they've purchased or discovered vulnerabilities in the systems we use. Instead of going all noble, protect the American citizen--their job--and notified the appropriate parties of these vulnerabilities they keep them for themselves to exploit wherever possible. An argument might be formulated in their defense if this was a one-sided deal. But, it's not, if they can discover/purchase these vulnerabilities so can others. If they can exploit them, so can others.
The more these types of agencies can have their curtains drawn back to expose their shenanigans the better. Its time to change the culture away from thinking the world is a grand RTS game with zero real world consequences. For the former generations I have a simple suggestion: "video games." It's time to give a sh*t about the people you're hurting. If you need to play your "Cloak and Dagger," "Master and Commander," "The Spy that Shagged Me" bullsh*t go buy yourself a console.
Two of my imaginary friends reproduced once
Looks like they got a taste of their own medicine and they don't like it a bit, just like us.
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
We are mostly okay with that because Capitalism. See Facebook, Microsoft, Google, Apple and Amazon. This time around it's just a different person looking to make a profit.
Until we as a society actually take a stand on privacy and stop sharing every meal and bowel movement with all of our friends, this kind of crap will always fly under the radar to "ZOMG Zac Efron at the olympics!"
If by "our" you mean they have had their hands in the wallets of tax payers, then, yes, they are ours.
I don't understand why we pay so much money to have zero privacy when they can't keep track of their own stuff.
How would it be worse if we lost all this digital spying and relied entirely on old school detective work?
Is that the NSA of all people knowing how vulnerable systems can be and then failing to seriously protect their own.
The inability to keep secrets in itself has nothing to do with morality. The nature of the secrets being kept does. We judge all these projects equally and your listed projects as well as many others come up far better than the NSA.
and damned if you don't.
IF this whole thing has any truth to it at all, the NSA has a serious dilemma.
In one hand, they have a bunch of tools complete with unpublished exploits now in the hands of the masses. ( oh noes ! )
In the other, they have a desire to keep their tools and unpublished exploits their dirty little secret so they can continue to spy on folks the easy way.
As the NSA, do you:
1) Keep your mouth shut and hope those exploits aren't used against unintended targets ( us ) in order to keep your push-button spy operation working
2) Inform the vendors of the exploits their tools are designed to utilize so they can get patched at the cost of losing all the work put into the tools so far
*My guess is they'll go with #1 and just blame this weeks boogey-man. ( Iran, China, Russia, Terrorists, Islam, Trump, Hillary, whatever )
This quote fits rather well: " Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should. -Ian "
Now that their jewels have been stolen, will they still remain so arrogant to NOT release all these vulnerabilities so they can be patched? Or will their ego allow thieves to make huge bank off their wounded pride, with the entire first world laid low by the devastation? Also, cue the right-wing to blame all of this on Snowden instead of the proper source.
Lastly, if the POTUS does not publicly demand the resignation of the senior management of this TLA, our suspicions will be confirmed: the NSA now answers to no one.
The vulnerability equities process, where lawyers decide whether to disclose to US citizens a vulnerability or keep it to themselves, seems pointless if NSA tools are going to leak to the black market anyway. This is yet another reason why the government cannot be trusted with defensive security measures, they are too conflicted about actually doing it.
I have been wrestling with this quandary recently. Illegal activities performed by unknown perpetrators (Yes they are still unknown, no we don't know for sure they are Russians, put down the Kool Aid) have resulted in the first inkling of transparency the American people have seen from their government and their government officials in a long time. I'm a law-and-order kind of guy on most subjects. This concerns me greatly.
What has allowed me to sleep is simple. Whoever is making these leaks is acting not as an adversary, but an advocate. Their actions are those of an advocate of the people, not the government. Sadly, but truthfully, it is increasingly easy to draw the line between the government and the people, as our government treats the people like an enemy. Greater transparency, unveiling deception, getting emails into the public record before they can be deleted (Lois Lerner/IRS, Hillary, etc.) seems to be the only way the people can be assured that the truth is available after the fallout of a scandal. And it may be the only way to hold our government accountable for any illegal actions they perform.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
An important thing to note about NSA operations - they intentionally do not keep access logs. They do not allow for auditing tools or any other such nonsense. Claiming that such infrastructure will endanger security of operations. Now, they will try to figure out what/who/where. Good thing they know when: 3 years ago.
The NSA should make it its PRIMARY MISSION to warn industry about the exploits it finds rather than keep them secret for years while our foreign adversaries also utilize them to undermine us.
Fine let the NSA use newly discovered exploits for 90 days to give the US a head start in both fixing our own systems and exploiting the vulnerability, but then mandate that the NSA inform industry to fix the security vulnerabilities WITHOUT EXCEPTION.
Oh, my. What quaint naivete. Child, what makes you think the NSA is not sharing it's intel with it's corporate overlords? The fact that it isn't shared publicly? If you were in a position to do so, wouldn't you insist on an exclusivity clause? That's a huge competitive advantage, worth a fair chunk of change. Why in the world would you let that "investment" be squandered by some bullshit, social responsibility notion? Poke fun at my foil hat if you like, but for amount of money that we're talking about here, not much is really in the "too paranoid" category, and certainly not the notion that there are other customers of the NSA's output.
"No, we're fine with it."
It even feels good.
C|N>K
OPSEC was great for keeping East Germany and its decades of well placed next generation of graduate spies out.
The US gov has now been sold on the "cloud" at a city, state and federal level. Every agency has to share more contracts with the private sector, upgrade and share with friendly nations.
A lot of the more useful software is now created by contractors, rented back to the US gov, shared with other nations (5 eye and well beyond)
Lots of private sector and telco staff now have full access to and are working on that "rented server at a colo" to try and keep collection projects working 24/7 for years.
If too much is kept hidden from contractors, they go to political leaders and tell of how much the free market has to offer and that they want their great products considered too.
More outside experts are invited in, contractors get their products sold and everyone is happy. Cold war OPSEC hurts profits and is seen as talking points protecting old private sector monopolies. The gov has to be more open to the needs of new innovative, private sector consultants. Why should just a few no bid contracts be given out under the cover of decades of old OPSEC to the same few US brands? Lots of people with new security clearances have bight ideas to suggest... think of all the new well paying local jobs..
Domestic spying is now "Benign Information Gathering"
When Apple said that if it made a special version of IOS that would bypass all the security features , that eventually it would be hacked which is why they would not do it, I guess they were right.
Snowden's leaks showed us the real problem with the NSA and the story continues.
You see, I don't think the problem with the NSA is all the the spying and data collection they do. After all they are an intelligence agency, spying is their job. Or actually half their job. The second half of their job is keeping secrets. And this is where they fail.
Just look at what Snowden, a simple subcontractor without external help managed to do. And now they leak their toolkits to random blackhat groups. No imagine what a big nation like China or Russia can do... that's scary.
I like the idea of "don't attribute to malice what you can attribute to stupidity". And right now, I think the NSA is stupid.
They are bloated, eating more data than they can chew. They seem to prioritize projects that gets them large budgets and jobs for their friends rather that doing actual security. Building massive datacenters to process massive amount of useless data, sure, that's big, that's important. Putting millions of people on "watch lists", sure, it will keep people busy. Implementing sensible security policies to actually keep secrets secret, boring.
+1 where are my mod points when I need them.
You fail to understand that you can't have it both ways. If someone has the ability, criminals will eventually have the ability. So now it turns out, instead of preventing criminals from acquiring the ability you don't want them to have, you provided it to them. This isn't about giggling like children or whatever. This is about a fundamental necessity to shift the thinking of those in charge of these kinds of exploits.
Imagine if the researchers of the Manhattan project not only discovered how to create a nuclear bomb, but also discovered a defense against nuclear weapons.
Nonono. Its far worse than that. Imagine the government build a nuclear weapon, and then let someone walk off with it. Individual exploits come and go, this is letting someone walk off with a MIRV ICBM. And now they are trying to sell it. On the Internet.
To the NSA: Dear god, you fuckups. Please call your friend over at the CIA who does wet work and black ops, and put these people who walked off with your software and put them into the ground before it gets sold to China or Russia. And then, have a review meeting with your people about the 'S' part of NSA.
HA! I just wasted some of your bandwidth with a frivolous sig!
People spy on NSA.
Requiem for the American Dream
That isn't fair criticism.
The facts are there was no provision for impeachment of a sitting president under their constitution at the time, and yet it happened.
It does not matter they guy was corrupt and in the pocket of the Russians, a coup is still a coup. The rule of law should matter. The people should live with the consequences of who they voted for or use a predefined process for impeachment or recall. You don't get to make one up after the fact.
We saw the same thing with the Muslim brotherhood in Egypt. Are the people there better off having removed them, oh probably but it was NOT legal or democratic.
What is even worse is in the case of both Ukraine and Egypt we violate our own laws and sacrifice our own integrity continuing to provide aide and honor treaties with these countries after these coups have occured, despite the fact our laws say we can't do that. We could/should probably recognize the new governments as new governments and consider it a diplomatic reset, but that is bad for business and our State Department / Congress is lazy and corrupt itself.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Nuclear bombs are hard to copy, you should add in that anyone could copy the bomb simply and easily and use it on anyone anywhere anytime.
We don't even have a complete set of corresponding source code 99.999995% of devices. Besides a handful of routers from ThinkPenguin the closest hope we have for fixing that is EOMA68. By modularizing key components we can cut the cost to design and manufacture devices while playing the companies designing key components like CPUs/SOCs off each other to obtain complete sets of code for all components needed to produce a given device. Crowd funding campaign here: https://www.crowdsupply.com/eo...
I'm not rooting for Hippie Land to emerge from the wreckage.
Americans will likely slaughter each other in righteous and god-ordained fury for many decades thereafter.
But they will have withdrawn from every corner and space on this planet - where today they distort, extract and oppress as a matter of "interests".
"Flyin' in just a sweet place,
Never been known to fail..."
And the Iroquois. They ripped mercilessly from that people.
"Flyin' in just a sweet place,
Never been known to fail..."
If you have a backdoor, a key, or some other way to get into other peoples computers/device/files, then no matter how hard you try to keep it secret, it will eventually leak and become common knowledge, and be abused. (Assuming the original owner/discoverer wasn't already abusing it as well.)
This is why no security developer in the world that's worth even one molecule of salt will ever allow a backdoor or master key.
And hey, these guys now have a chunk of the NSA trove of nasty tricks, so even going blackmarket (not like they could sell it aboveboard) is bound to net them several million, assuming they don't get caught/shot beforehand.
It shouldn't matter who the DNC leaker was. Blaming "the Ruskies" is just a diversion.
The question here isn't 'who leaked?', so much as 'if it's the Russians, what are they holding back?'
I'm a fan of leakers, but would prefer leaks from people who don't have a horse in the race. The age-old question 'cui bono?' (who benefits?) is a key element to establishing the value and completeness of a leak. I say this, by the way, as a professional journalist who has relied on leaks and whistleblowers for some big stories.
Crumb's Corollary: Never bring a knife to a bun fight.
And they would have gotten away with it too, if it weren't for those meddling kids.
The Shadow Brokers github repo was taken down but not before it was mirrored :)
https://github.com/nneonneo/eqgrp-free-file
Everything (that was made available in the sample tarball) is inside the Firewall folder.
Most of the human readable stuff is in Firewall/OPS and Firewall/SCRIPTS.
From the very little scanning I did, it seems most of the stuff is meant to attack Cisco PIX and Cisco ASA firewalls/routers.
There are quite a few scripts for preparing/setting up an ops terminal from which an antagonist can launch attacks.
One of the attack techniques involves instructing a pix/asa to fetch an implant over http (or ftp) from a web server running on an ops terminal.
So some of scripts install an http server (apache or tiny httpd) on the ops terminal.
The antagonist supplies the implant (the software bug) on the ops terminal.
Then they use vulnerabilities in the pix to instruct it to fetch the implant, upgrade the target's OS or load a module into the running system and then that gives them full access.
The binaries and implants are provided in the repo as well.
Hell, they probably got exploited by exploits they hoarded and were discovered independently.
But hey, remember folks, everything should have a Government-approved back door in it which only the Government can use, just in case they need access. It'll absolutely be secure...
Just like that time Microsoft thought the Clipper chip was a great idea and lost the master key to their entire Surface subscriber encrypted disks?
http://www.theregister.co.uk/2...
Make sure everyone's vote counts: Verified Voting
I think this AC was describing himself in the subject line, very revealing.
Only I can judge you.
...and you want to be my backdoor provider?
As Bruce stated - either were all secure or none of us are.
Get up!
Maybe they're our guys, maybe they're not.
Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.
Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.
For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.
Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.
A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.
The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"
The group of nerds chooses the latter, opting to not have the bugs fixed.
Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Personally, I hope they make such a massive mockery of the NSA that the entire department gets disbanded permanently. And hopefully most of the leaders end up in jail, or worse for treason.
They're going to be used to attack you
They already have been used to attack me! On a daily basis, and for years, these tools have been used to violate my rights and the laws of the country I live in. By the NSA, who has proven time and again to be an evil organization that is committing crimes all over the world, continously.
Thus, I'm not concerned in the least that now also other criminals have access to these tools, making it more likely to speed up the fixing of the security holes.
the NSA should have focused on monitoring foreign actors while helping to ensure that domestic institutions (companies, political parties, non-profits, and of course the population as a whole) have access to privacy and secure communications.
This conflicts with their mission to spy on Americans and help other agencies to spy on Americans.
Maybe NIST should be helping to provide private and secure communications ... oh, nevermind.
Yikes! Those tools will now be in the wrong hands.
Well, more wrong hands. (The NSA already had them.)
There's no time like the present. Well, the past used to be.