Slashdot Mirror
Ask Slashdot: What's the Real NSA Like?
"The National Security Agency, is actually an organization of geeks and nerds parallel to the role of Q in James Bond. They arm the government (CIA, the spy agency; FBI the government police, and the military) with cryptographic systems to protect the missions of those other organizations, and they also have the job of trying to break the cryptographic systems that might be in place to prevent the completion of those missions. You can see this evidenced in their behavior of attempting to block the export of "strong cryptosystems", because that merely makes their job harder.
In all honesty, you will find that the charter for the NSA has a Top Secret clearance level, so we may not actually know the true ajenda of the group, but since they are solely populated by scientists, mathematicians, and engineers, the stories of their involvement in Danger and Daring Do are greatly exaggerated. I would doubt that many of them have ever held a gun before.
So in my not so humble, but somewhat educated, opinion, the popular view of the NSA is fairly inaccurate, and confusingly to me, they seem uninterested in correcting that view.
Comments welcome. But keep in mind that these are the opinions of one person based on contact through job fairs, interviews, and cryptographic history articles. "
So what image do you think represents the real NSA? Are they closer to the Spooks from Hollywood, or are they just normal people like you and me?
This is an interesting point. It is generally believed that multiple encryptions where the keys are totally independent of one another do not necessarily improve security but do not decrease security.
:)
There are properties of some functions that make multiple encryptions bad. Take the rot13 "encryption" for instance. Is it more secure to encrypt your secret message twice with rot13 than just once with rot13? As you probably know, "encrypting" twice with rot13 gives you your original message. So that wouldn't be very secure
There are other bad things that can happen. For instance in DES, if you encrypt a message with key A, then encrypt with key B, who is to say that the attacker has to find key B and key A? Maybe there is a key C that can undo what key A and key B did. Luckily for us, DES has the properties that this sort of thing doesn't happen. So encrypting twice with independent keys does increase your security (though not as much as twice the original security).
I was just reading newsgroups tonight and saw that the Handbook for Applied Cryptography is now 100% online so you can read about all this stuff at http://www.cacr.math.uwaterloo.ca/hac/ although it is rather dense mathematically. Section 7.2.3 has some good info on multiple encryptions. Somewhere in Chapter 10 is the information about how UNIX passwords are actually encrypted and the stuff I was talking about regarding how UNIX uses multiple rounds of DES (actually it looks like it does 25 rounds of DES instead of the 16 I said earlier) and it has some tables showing how long it would take a generic computer to brute-force them.
Although the NSA by law is forbidden to spy on it's own citizens (and politicians), the US has secret laws with eg. Great Britain (USUK treaty, it's a law, you must not break it but you are not allowed to read it, interesting), which enables them to 'switch spies and facilities'. Ie. NSA agents go to british spy facilities, british agents go the NSA headquarters. No, the NSA is not spying on US citizens, they are spying on british citizens. No, the MI6 (the british equivalent of the NSA, MI5 is the equivalent of the CIA) is not spying on british citizens, they are spying on US citizens. And resulting information then is traded trough inofficial channels, by top agency officials - usually behind the back of the administration. You can be pretty sure that all Congressmen in the US are tagged. (by of course british-operated computers). Such a huge snooping network and analyzing capacity of course costs tens of billions of dollars per year.
Big spy agencies like the NSA also try to 'survive administrations and legislations', ie. top NSA officials are very much interested in younger Bush's opinion about encryption and his opinion about the NSA's future budgets. Or just the small information that a key congressional comittee member's daughter has a drug problem, and the well-trained agents visit this congressman and talk about the absolute need to snoop on the Cali Drug Cartell's mobile phones. (which of course is not a bad goal, but not the NSA's true priority either, unfortunately.)
The NSA also tries to 'make itself useful' by doing industrial espionage against the EU. The resulting information then is distributed through unofficial 'old NSA boys' network. There are documented cases of big US defense companies (eg. McDonalds Douglas) suddenly underbidding EU competitors by 5% or so in asian tenders.
This whole issue is a typical case of how uncontrolled power leads to inner corruption. The NSA cannot be investigated by the Congress, only by the National Security Comittee - which again is part of the old boys network. Is the NSA spying on ordinary citizens? Yes and no. Yes because the NSA^H^H^HMI6 does filter even ordinary US citizens, but usually they are not interested in them. Oh and this of course is unconstitutional - but not even Supreme Court Judges have access to NSA documents, interesting?
So no, the NSA is not MIB, they are more like the Matrix.
Or, just perhaps, there hasn't been a lot of debate in 30 years over real economics. The Fed (and the non-Marxoid economists) are arguing over minor points. Then someone like Carter comes along, having itellectually prostituted himself to liberal ideology for so long that he can no longer do basic math, and wrecks the economy by doing things that everyone but the liberals assure him will wreck the economy. So the Fed fixes it, and knows that it will cost him the election. This doesn't make the Fed political, unless you feel that being anti-US economy is "an opinion" instead of an act of war.
To add to your point:
l
:)
The above school has trained dictators and right wing militias in South America, Indonesia, etc. for decades (including famous graduates as Noreiga). A recent show on PBS focused on the discovery of training manuals that described in detail how to carry out torture and execution of prisoners.
Funnily enough, the School of the Americas said they had been produced by "mistake" in a "translation error". They've added a few voluntary classes in democracy and human rights in response to churches demanding they a shut down.
http://www.hartford-hwp.com/archives/40/015.htm
Your tax dollars at work.
The Disc. Channel prog was good. It didn't pull punches when showing what they had. They said the computer (that could do the crack in under a second) was called a "Thinking Machine" it's actually a CM-5 (connection machine 5) made by Thinking Machines, Inc. Lotsa places have CM-5s, they're one of the most popular production supercomputers. Univ's like U. of Illinois (NCSA) and others have them availible to students.
They showed in the video a Cray T90-class supercomputer. Another popular one. These are nice systems (as far as supercomps go. they're just nice, not great.)
I assume that the NSA also has several of Cray's flagship models - the T3E-1200. Check out www.top500.org to see where I get my assumptions. The list is here.
The NSA has an affinity for very fast computers. They can use them to brute force just about anything.
Private companies have think tanks for coming up with math algorithms. Wolfram Research has some of them, they use them in Mathematica (a program). Mathematica has many secret algorithms for searching for prime stuff (numbers, factors, etc.).
There are other networks the NSA (presumably) uses to spy on people. One of them is rather obscure. Ask yourself this... "GPS uses like 24 satellites in polar orbit to cover the earth with a signal to tell you where you are. These are military (i.e. NSA) satelliites. They have the whole satellite to themselves. These are not little laptops in the sky - they're supercomputers. So what else do they put on the (several schoolbus sized) things???". Answer: Lots of goodies to make their jobs fun. Of course all of the things are top secret (even how GPS works). One of the things is a microwave camera. Ever use a cellphone in a building? Those signals go right through the walls (like they're not even there.) So does the light from these cameras. Ever had an x-ray done? You can see your bones. The freq. range they use is somewhere in between, so they can take pictures through walls, but get more than just bones on the "film". This is all well and good, but we can do better. Take three or more of these cameras and aim them at the same thing... What do you get? A 3-D image of an entire building whose contents show up through the walls.
Next time you're on the crapper, hemroids flairing, wave hi to the sky - we're watching.
I worked for several years with a somewhat high clearance level at NSA at the end of the seventies. The NSA's primary tasking is for the gathering of SIGINT (SIGnals INTelligence). This is the interception of, decoding and analysis of communications of every conceivable type.
Cloak and dagger type stuff is typically left to the CIA or the intelligence groups of the military. My estimation (based on my experiences - primarily with information storage and retrieval systems) is that the technology resources available to them (much of it developed in house) is 5 to 10 years ahead of what you can find readily available in commercial markets.
I was just speaking with a good friend about this... RAND is an independent corporation set up in Santa Monica whose purpose was to consult with the Air Force on strategy and technology development. They were the original "think-tank". They maintain close ties with the government, and many RAND experts will move into government jobs and vice versa. This especially goes for their specialists in areas like Russian Affairs and Weapons development. It is, in all intents and purposes, like an extension of a government agency in that they maintain top level security clearances and have close interaction with most aspects of Defense in government.
As an example of the information level they have access to, it was a RAND Corporation employee who leaked the famous "Pentagon Papers" to the New York Times during the Vietnam War. Needless to say, both he and his superiors were immediately fired. - A.C.
I doubt very much that americans need to be paranoid about an organization that will accept your resume for employment. Think for a moment about the agencies that are not publicly promoted, about the agencies that don't 'accept resumes'. If I was american I would see the NSA as a the goverments little PR move to let it's citizens know that they are providing some means of security, when in reality what the NSA does is mostly commercial and scientific in nature. While I hope this won't spark the constant canadian/american bashing or the freakin' south park 'hate canada' bull.. think for a moment about Canadian Intellegence.. reading that.. you are probably laughing, along with most canadian citizens.. haha.. we have no need for intelligence in this country! - but, fact is, the intelligence game is alive and well in Canada, our government just doesn't make it known, or feel the need to promote itself to citizens. As soon as canadian citizens start acting like americans, and becoming all paranoid and asking 'what is our country doing to protect us?' you can bet that a cutesy little organisation will be spawned (probably from within the real intellegence organizations) and given a nice little acronym (probably CSA) and made public. Did you know that the majority of sub surface and sub marine scanning equipment present in most U.S. military aircraft, is a product of canadian intelligence? An *OLD* product that the US still uses today and hasn't been able to improve upon? ..interesting food for thought. esobofh@mybc.com
Look at the Congressional report on the full House (funny the way it is called the "Committee of the whole"...) session of May 13th (INTELLIGENCE AUTHORIZATION ACT FOR FISCAL YEAR 2000 (House of Representatives - May 13, 1999). Sorry, no URL, the Congressional Record is not bookmarkable, but you can search on the title at Thomas.
Dry reading, I know, but the great journalist I. F. Stone uncovered not a few cases of government misdoings that were out there for anyone to see, purloined-letter style, in the Congressional Record.
This really has to be seen to be believed. It starts stolidly enough, and get entertaining as it goes on. Major Owens just barely stops short of calling the CIA the Central Stupidity Agency... There is also an interesting part about the US' involvement in the Pinochet coup in Chile
Here is a scrunchy excerpt of Major Owen's intervention, for your enjoyment. He is protesting the fact that the size of the US intelligence budget is itself classified, and the only way a member of congress can learn the exact figure is to sign an oath, which then gags him/her about speaking about it in specifics.
Sneakers got it right? Are you kidding? I find it hard to believe that a slashdot reader found the movie accurate. They did dial in using a 300-baud acoustic coupler modem and had full screen realtime graphics, right? And oh yeah, mathematics that can easily break American codes are worthless on Russian codes because they use different numbers. Uh huh. Sneakers is a fun little movie, but it has little of accuracy in it. People with Security Clearances are routinely given instructions to "neither confirm nor deny". If you always get the same answer to your question, you can't tell by the response if they hit close to the mark or were missing by miles. For the record, my best friend works for the NSA now and has for many years. He and his co-workers had "Sneakers" parties where they all went together to watch it. He said they laughed their butts off. And yes, he was told not to discuss it with the media (naturally. Information should come from the top, not some low level employee).
I'm too damned lazy to register; forgive the anonymous cowardice here. I seem to recall that the NSA has something like 400 phds in math, easily the largest employer of math phds in the country. As it happens, there are about 500 - 600 US citizens a year who earn a phd in math in this country (1200 phds a year counting foreign nationals), the majority of which end up in universities. The NSA keeps a very low profile in the public, but somewhat higher profile in the math world; they put intriguing recruitment advertisements in various math publications. At the national math convention a couple of years ago, they were handing out NSA refrigerator magnets at their exhibit booth.
As a European citizen I sure think this is funny. So my communication gets intercepted and my trade secrets are sold to US companies.
Bastards.
Kirth
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
This is true.
I suppose that one reason that capitalized neologisms might have become popular is that they would be clearly distinguished from ordinary typographical errors when embedded in ordinary speech.
Then it's still something unique. A lot of areas have odd-looking jargon, and none of them did this. There was time in Russian history when fad of making all kinds multiple-words abbreviations was very widespread (and it was kept for a long time in organizations names) yet only normal capitalization (or none) was used with those names. There is one exception -- "GULAG" was always all caps even though only first two of three words were reduced to one letter. Possibly because all related organizations had "normal" acronyms.
Contrary to the popular belief, there indeed is no God.
So, I guess I'm asking, perhaps there is actually a use to all this? You set up a paranoid unpleasant situation, give people the chance to screw each other over, and then as the arbiter (you the government) have psychological control over your subverted citizens.
It works well when government always acts as one force, and people can be easily threatened by minor embarrassing things (USSR, East Germany, etc.). While I don't consider US government as a whole disinterested in such things, running after people with loads of minor dirt looks almost as dumb as asking every presidential candidate questions about marijuana use in his distant past. OTOH, blatant misuse of such information if leaked or received by "co-spying" on unencrypted links (for everything from fraud and theft of trade secrets to "marketing research") is a real threat.
Contrary to the popular belief, there indeed is no God.
Personally, I used to wear bright red suspenders with CCCP and a hammer & scicle & star on them under my BDU's. I always had fun running around without the blouse on! :)
rodent...
Tactical nuclear weapons are a viable alternative!
Beats the hell outta me. I'm just parroting what the program I saw about it said. ;)
The thing I saw about it didn't say what he did, just that he worked for NSA. They did say that he was 'posing' as an Air Force member; shows what happens when you trust the media to put accuracy above sensationalism.
Don't know what program it was (have there been many? Wouldn't think so). Caught it while surfing. My memory may be faulty; if so, my bad. As I've obviously offended you, my apologies. Thanks for putting the record straight.
There is one person's account of a job interview with the NSA available online.
IIRC Phrack published the NSA security manual a few years back.
Heres a good one...
early 1980s Reagan Becomes president with Bush
at his side as VP. Who is Bush? Ex head of the
CIA.
What do they do? Turn up the heat on the drug war
even more. Make prices of drugs like cocaine
go up. What does the CIA do? They start selling
crack in poor neiborhoods. Coincidence? I think
not.
As for the NSA...im not sure what to make of them.
they keep secret and I don't like that. Government
shouldn't be allowed to keep secrets.
-- Steve
Ok yes...secrets need to be kept from the enemy
during a hot war. True.
However the government should NOT be able to
make documents secret from its people.
So barring troop movements and wartime weapons
development...the government should have NO
secrets. The people should know EVERYTHING about
the killing of JFK that the gov does...
the CIA should not have been allowed to destroy
most of the MKULTRA documents.
No secrets at all. very simple. Hell I was GLAD
when China stole our nuclear secrets. I don't
trust our government with nukes any more then
I trust the chinese, at least if we both have
the same technology, there is a better chance
we wont use them.
of course what do I know?
I think the Army should ONLY be applied when
we NEED to engage in total warfare and that
advancing the political agendas of a
meglamaniac or two is not a valid use of an army
(however...thats all we have done with the army
since WWII)
-- Steve
The question is not can system X be cracked. It should be how much money and time does it take to crack X. I mean if the NSA can crack my email
but it will take a computer that costs 100K 60 days to do it I don't much care. The probably will have more important things to use that computer on.
Oh and there is No Such Angency.
Erlang Developer and podcaster
As far as I know, there is no decent random number generator on Windows. Linux has a good one though. I have no idea whether it is good enough. You could try to find out by sending a Linux-PGP encrypted death threat to the president...
--
Castro taking over Cuba
Saddam's invasion of Kuwait
It took us quite some time to build up the necessary forces to liberate Kuwait. Give this, what would be the value of knowing it was going to occur a day or two earlier than we did? For that matter, what makes you think we didn't know ahead of time? The fact that the NSA didn't give a press conference about it two days before it happened? The NSA is not a public information service. The fact that the world at large did not know ahead of time that is was going to happen is not evidence that the NSA didn't tell a select few people that it was going to happen ahead of time.
The India/Pakistani nuclear tests
Again, why in the world do you believe the NSA did not inform certain people of this before it happened? And for that matter, what value is this intelligence? Were we supposed to bomb India or Pakistan to prevent the tests from occuring or something? It just makes no sense to consider this a "failure" on anybody's part.
North Korean Missile tests ("3 stages?" oops)
The location of Chinese embassies
I'm not sure if this has anything to do with the job the NSA does or not.
and I'm sure others can supply more examples.
Actually, anyone who claims to be able to supply examples is full of shit. If you don't work for the NSA (and even for most who do), you don't know enough about their involvement in any of these affairs or any others for that matter to know whether any perceived failures, if there were any, where the fault of the NSA or not.
Give me just one good example where intelligence gathered by the NSA has done the world any substantial good.
If I could do that, it would be a failure on the NSA's part. Again, the NSA is a secret intelligence agency, not a public information service. Anytime I can tell you anything about what the NSA does, it's a failure on the NSA's part.
--
"Convictions are more dangerous enemies of truth than lies."
--
"Convictions are more dangerous enemies of truth than lies."
Aside: I heard a while ago that some enterprising cracker was selling CD-ROMs containing a big sorted hash table, mapping all possible encrypted UNIX passwords to valid plaintext, and thus reducing the cracking operation to a table lookup.
Has anybody else heard anything about this? (It certainly sounds possible.)
According to the Simpson's, the RAND company is responsible for turning Springfield's adults into reverse vampire zombies.
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
They're also handy to keep crap from accumulating in the dish. Lots of people use em.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
NOTE: The previous message was paid for in full by the NSAPRF (NSA Public Relations Fund).
We're on your side. Really.
:>
Sorry, couldn' resist.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
- Jeff
Actually, I used to work for the government (well, kind of - I worked at one of the national labs that HASN'T been in the news due to leaks to the Chinese government).
:>
:>
Dress codes were pretty much non-existant after men started actually coming in dresses. We computer techs could wear anything halfway appropriate, but the suits had to wear, well, suits (although I'm not sure that was mandated).
Never had any tardiness policies that I know of. Flex time was actually pretty nice. Work five 8 hour days, four 10 hour days, whatever.
Zero mobility? Admittedly not as good as I'd have liked it to be, but not really as bad as you'd think. I'd agree somewhat with this - it's not as good as it should be (or rather, was misplaced).
Paperwork sucks, and there was a decent amount of that - but it wasn't quite as bad as you make it out to be. Then again I was a Mac tech, so we were phasing out floppies anyhow.
Mindless beureaucrats? We had a few - believe it or not, though, I actually liked my manager. Go figure.
As for pay, well, let's just say I'm working in the private sector now.
The upshot - if you can get in at a good level, the benefits and such as great - it's the kind of place you want to retire in. If you're looking for an incredibly exciting job, stock options, whatever then look elsewhere. Stability is the key - although it does keep some 'dead weight' around, you don't have the problems with layoffs and such. Great if you're raising a family (I'm not).
It's a matter of priorities, really. Then again, my old job could have been entirely different than someone else's. The government is a big place, and my place of employment wasn't really strictly government.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
- Jeff
Sadly, what you say about Hanford is correct. There appears to be a great deal more incidents of cancer around here than should be.
Of course, that doesn't even mention the liquid waste that is currently found to be leaking toward the Columbia river (follow it on a map and you'll see that it leads directly to Portland Oregon).
On the plus side, the industry here has gone from Nuclear power to cleanup. These things aren't really kept secrets any more.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
- Jeff
The math major is right, you are wrong.
There are 8 Slots.
[x][x][x][x][x][x][x][x]
That would mean [70][70][70][70][70][70][70][70]. Also read as 70*70*70*70*70*70*70*70, also read as 70^8.
You know kind of like the way you count in decimal. 10000 = 10^4 = 10*10*10*10
Go back to remedial math.
You were cruising around in a war zone, and you got shot at? Heavens, who would have thought it? Friendly fire -- it happens. Perhaps you think the Brits killed by the USAF during the Iraq affair should "not forget, and not forgive"? Sounds like a nice recipe for international chaos. What do you think the USA should do about this? Bomb Tel Aviv? /. readers should note that the link fair-mindedly included on the ussliberty.org page comprehensively demolishes any case for a deliberate Israeli attack -- here.
By the way, it was no secret, though not terribly relevant, that the Soviets were in Vietnam -- I've always taken it for granted that Vietnam was a proxy war.
I believe "Cosmic Top Secret" is considered to be above Top Secret. CTS is as far as I know used by NATO for information that is Top Secret in several countries or something like that.
Yeah, NSA types are portrayed as the buff special trained photogenic face types... however, if you looked "attractive" would people really _not_ notice you in a NSA spy guy kinda situation?
[NSA guy walks over to terminal just happening to be connected to something that would likely be airgapped in real life.]
[Pretty Girl just happens to stroll by]
Pretty Girl: Hee Hee... you look smart! Want to take me out to dinner?
NSA stud: Uhm... no... please leave me alone. I am very busy.
Pretty Girl: Wow! Do you know computers?
NSA stud: Uhm... no... I am merely a low key and unassuming cleaning person making sure this keyboard is clean.
Pretty Girl: Hee Hee... you are really cute for a cleaning person!
[NSA guy pulls out gun with silencer to kill Pretty Girl and cleverly dispose of body so that he can get past the login sequence of a convoluted MacOS or SGI looking interface]
I mean in most movies you get this swank does it all James Bond-esque profile guy that is NSA. Now, how effective on a mission would you be with people constantly trying to make passes at you? I think a good NSA type would be someone that looks like a real sysadmin type. Just passing on through... minding their business while jacking into some whacko convoluted mouse trap like system owned and run by some subvert organization deemed an enemy of the state[tm].
http://www.mp3.com/fudge/
http://fudge.org
Actually (though I don't work for NSA), I'd guess that what they're using is a system which looks at the IR signature of faces. I've seen a fair amount of research done with this.
Basically, the IR signature of a person's face is derived from the underlying bone structure, which isn't something that's likely to change often. (unless one has a penchant for visiting bars frequented by Hell's Angels!) These signatures are supposedly as unique as fingerprints.
Kinda cool. A little scary, though, as they could (heh. probably are) use this to ID people from a distance, regardless of conventional disguises. I wonder if there's counter-tech for disguising one's facial IR characteristics?
--
A host is a host from coast to coast...
A host is a host from coast to coast...
Unless it's down, or slow, or fails to POST!
The National Security Agency (NSA) is headquartered on the lovely grounds of Ft. Meade, Maryland. There is a "NSA Employees Only" exit on the Baltimore-Washington Parkway (Maryland Route 295). The main NSA building is near the intersection of Emory Road and Maryland Route 32. The Engineering building is located on O'Brien Road. There are numerous antenna farms all over Ft. Meade which, presumably, are operated by NSA. NSA is the single largest employer in Maryland's Anne Arundel County.
NSA has two primary missions: Information Security (INFOSEC) and Signals Intelligence (SIGINT). The NSA is responsible for ensuring that US government communications, both civilian and military, are secure (the INFOSEC role). The NSA works in conjunction with other government agencies to fulfil this responsibility. The NSA is also responsible for intercepting and cracking foreign communications (the SIGINT role).
Living in Northern Anne Arundel County, I know many people who work for "the Agency" (as people around here call it). These are normal, everyday Americans. They aren't spooky or evil. Driving around the NSA campus is really no different then driving around any military base. There are lots of MPs (Military Police), and lots of DoD cops around, but unless you are doing something you shouldn't be (like speeding - MPs don't give an inch on the speed limit) they don't hassle you. I've been in the main building (but not the secured area, just the lobby where the bank is), and there aren't people pointing machine guns at you or anything like that.
People who work at NSA are rather secretive about what they do, but they are required to be. I play softball for the Agency during the summer and the people who I play with have all sorts of jobs there: some are engineers, some are secretaries, one guy is actually a lawyer. Nobody talks about work (because they can't), so they are a fun bunch to be around.
The NSA presumably has tremendous amounts of raw computing power. Given their mission and the shear volume of work they have, that much is a given. I'm sure that the engineers at NSA work with technology that won't be released to the general public for years, or maybe never.
Recent movies have portrayed the NSA as an agency that conducts operations and spies on the American people. In truth the NSA does not conduct covert operations (that's what the CIA is for). The only field personal employed by the Agency are those who work at overseas monitoring stations. The NSA does not operate spy satellites: that is the territory of the National Reconnaissance Office (NRO).
I think this is at the very heart of the NSA's operation. At least, the US crypto policies make only sense in the context of industrial espionage. Those big bad terrorists won't be kept from strong crypto just because American companies don't export it. But if you run any kind of company abroad, chances are that you'll just use off-the-shelf programs for email etc. If those programs don't provide strong crypto, many foreign companies won't go through the trouble of using it. And the NSA/CIA have easier listening.
There are quite a few cases where the NSA/CIA handed information they had gleaned from their signals operations abroad to US companies. Some German politicians estimate that this type of espionage (mainly by the US and France) costs the German economy billions of dollars each year. But of course, you don't want to piss off your biggest ally by protesting too forcefully against these things.
Oops. This paragraph:
Should have read:
The way that the paragraph used to read didn't make nearly as much sense and it could also be read to mean the opposite of what I meant.
The African dyoung stays cool in its burrow during the daytime, coming out only at night to forage for food.
If it's running on something like DOCKMASTER II, it really doesn't need patching. DG/UX B2 is a network-level B2 (under eval, not done) that allows you to define untrusted paths coupled with the IP stack. So, even if you find an exploit, it's likely that the system is set up to not let you reach the level required to execute anything, and the httpd shouldn't be given things like access to a shell. Compartmented systems work fairly well for things like Web servers, nameservers and stuff like that. Data coming in from the Internet is always best set to the lowest level of trust. Web servers, etc. run at the path/user's MAC level/Capability set.
If you're remotely interested in the types of things you can do with OS-level security, do a search for RSBAC to see the types of princilples involved applied to a modern Linux kernel.
Paul
http://www.pauldrobertson.com
I saw something on the Park Police looking at or using cameras that mapped blood vessels in the face a while back. It's my guess that they're using something similar- that'd be much more accurate than a fingerprint scan and significantly harder to fake.
Paul
http://www.pauldrobertson.com
Ok so they have something in common with the rest of us.
Here's something they don't have in common with the rest of us.
When the Congress subpoenas information from your company usually a letter from lawyers that says 'sorry, atty client privilege' is not sufficient to end the inquiry.
If you got Netcraft and point it at www.nsa.gov:8080 you find out that it is running Apache. The NSA does open source.
NSA = No Such Agency
CIA = Christians in Action
Cheers,
WFE
===========
*** The problem I see is that in any job where you're working on classified material you can't tell anyone about it. That would suck, to find out something cool and not be able to share it.
... which would make it VERY hard to use whatever tremendously cool experience you have there to get another job - hence, it would seem like a poor career choice, except for someone who planned to stay there forever.
On a related note, the managers there obviously know that the fact that you can't talk about what you did there limits your market value. I wonder how well they pay.
I think it would be reasonable to assume that, like bureaucracies everywhere, over time the effective purpose of these agencies evolves towards self-perpetuation.
There are a large number of uniformed military personnel that support the NSA. These are the people who may find themselves in dangerous situations while attempting to collect intelligence. The ships Pueblo and Liberty were intelligence collection platforms. The Pueblo was captured by Noth Korea and the Liberty was attacked by Israel. A number of aircraft have been shot down while on intelligence collection missions. It isn't James Bond, but it can still get you killed or captured.
Mea navis aericumbens anguillis abundat
Oh sure, you see blatant drug dealing, hustling, etc going on. But that doesn't mean that they're getting away with it per se. Most of them are professional loosers who spend a quarter of their adult life in jail. I wouldn't call this success and they're not fooling anyone.
Futhermore, drug dealing isn't as profitable as it is made out to be. Most of these street hustlers are just part of the chain, the bottom end distributors, and they live very day to day. You'd be better off trying to smuggle freon car A/C units -- its more profitable and lower risk.
I can tell you several things that the NSA does/has done.
They sponsor a mathematics competition (the USAMTS) for high-school students.
They helped design the DES algorithm, specifying components (I think it was the S-boxes specifically) in such a way to protect DES against differential and logarithmic attacks. Public cryptanalysis didn't develop these attack techniques until well after DES was released.
They do a lot of crytographic research, and a lot of research in mathematics in general.
They also have a very informative web page (unlike Transmeta's) which tells about several more of thier activities.
The NSA isn't some mysterious organization that never gives out any information. It just happens that most of the information that they collect is sensitive, and can't be public. But what they do is no big secret, it's just the results of thier activities that have to be hidden.
That's my $.02
Last time I checked the big old NSA HQ. With the BIG rocks and fences and armed security guards is not in D.C. Rather it is 20 miles north of D.C.'s outter beltway loop; between Columbia and Odenton. (Sharing land with the Fort George Meade (Fort Meade) military base. I pass by it every day.
If you had visited this you would know it is a hike from D.C. (no metro or anything like that)
Just thought I would set that part of the record straight.
Rather than wonder, why not trot over to their website and look? :)
:(
They've all sorts of interesting positions, and even better, I'm fairly sure I can pass most of the background checks involved. Unfortunately, not all, im afraid
I get *far* better precision than 100-300m with my (cheap, commercial) GPS receiver. I use it to navigate within cities all the time, as do many residents of Japan, where I understand it is quite common.
Now... I know you'll all rape me if I'm wrong with this, but here goes...
If you apply two cryptography schemes to something, are you really adding double protection? If you encrypt a DES cipher using RSA, and send that over a network to the client who's going to encrypt some data. The Attacker intercepts it and sees the encrypted DES Cipher. The Attacker then sees the data encryped with DES pass over the network. Would there then be the possibility for a formula to do this:
X == RSA
XC == DES Cipher encrypted with RSA
XCD == Data encrypted with the DES encryption cipher and the DES scheme.
Could there possibly be the existence for a formula that could do XCD-XC = D? This is not mathematical. The symbols are representative of something higher that I don't feel like doing out mathematically. I'm not saying that you could make a little box like they did in Sneakers, all I'm saying is that I think its possible to reduce (or increase) the keyspace needed to be checked. I dunno though, maybe RSA would prevent this. Let me put it another way. If you have your data X, and you pipe it through X^n where n = 3 * z, then pipe that output through (X^n)^y, you'd be dealing with X^((3*z)+y), which is a 3D function possibly with limits. If you have limits, then you don't need to check _all_ possibilities. Depending on what those limits are, maybe it'd be easier to crack. I'm all but certain that this has been done before.
I was talking about the NSA being able to brute force a unix password in 1sec. I did a little rough math and came up with that number, but I like that figure of 6 years. Not sure if its right or not though ;)
Actually, thats impossible, but I think I'm wrong as well. Last time I checked (and I could be wrong about this), a PenII 450 could do 400M FLOPS. ;) Anyone find a problem with this? Maybe I have the FLOPS wrong I dunno, but this also isn't even including the salt.
So lets say there are 70 chars that can be chosen in a passwd.
There are 8 chars in the actual passwd.
Gives us 8^70.
8^70 == 1.6455x10^63
1.6455x10^63/400,000,000 (FLOPS) == 4.1137x10^54 seconds to brute force it.
4.1137x10^54/60 secs/60 mins/24 hrs/365.25 days == 1.3x10^47 YEARS
The universe isn't that old
The difference between the way a PC does it and what the NSA does is that a PC simply guesses, based on the salt and a dictionary, certain combinations.
More likely, she just didn't know. The biggest misconception people have about large government agencies is that
they function as a single unit. That is contrary to one of the most basic rules of security -- unless you need to
know, you don't.
Just a note... After I told this woman that I had watched this Discovery special, she told me that she was supposed to be one of the people interviewed about the system. This would mean that she has hands on experience with the system. She's a Computer Scientist and Mathematician, this means that she is mostlikely writing the programs that crack the crypto. Besides, she new every single fact about RSA,DES, etc. How could she not know about PGP?
Yeah... Read.
The point is that the system can do more than 5.76x10^14 FLOPS. This is roughly equivalent to 1.44M PenII's.
Well I think there's another reason behind using 40-bit encryption for devices like Airport. Simply put, you can't stick a PenII processor in there and expect it to encrypt on the fly with 512 bit keys. They also (like you said) better keep it under US exportation laws so they don't have to change much when shipping, thus saving money. One question this whole hoopla about NSA_KEY (which personally I think is a crock) brought to mind is if in the NSA's processes of regulating cryptography, are they weakening the systems of our own govt? Just a question, not necessarily conspiretorial.
No.
There are 8 Slots.
[x][x][x][x][x][x][x][x]
They can each have 1 of 70 characters.
i.e. 8^70.
Not 70 slots that can each have 1 of 8 chars.
;)
Echelon is a network of satelites and "listening" stations around the world. I know there's one in England, and I think there's one in New Zealand as well. It's been said that they have the ability to take a signature of someones voice and check against all electro-magnetic traffic and if that person were to use a cell phone, using the satelites they could triangulate your position, and lobb a missle and have you dead in only a few minutes. There are rumors that this happenned to some guy Yeltsin was fighting with in Checznya (or however its spelled). Yeltsin had asked the US for a favor... When the guy (I can't remember his name for the life of me) used a cell phone to negotiate a peace settlement, Yeltsin dropped a missle on his little house in the middle of nowhere. Here's a Link to a site with a picture of one of the listening posts. Not sure how relevent the site is, but if you do a search on any search engine for it, you'll find plenty of grubb.
Shit, no you're right. ;)
[x][x]
x can be a,b or c
that'd be 3x3
So then it'd be:
70^8 == 1.4M secs
== 16 Days
So I'm completely wrong then.
I was using a minimal-case scenario of whatever static operation I knew for sure. The point is that it would take roughly 70^8 operations not taking into account the salt, and doesn't change the amount of time it takes by very much. I wasn't trying to be scientific about it, I was trying to throw a rough estimate up there. Besides, doing an incrimental DES algorithm would be more than 2 instructions per second, and a PenII can only do about 800MIPS or so, so you've made up the difference right there. The point is that the system does more than 5.76x10^14 operations/sec which is probably equivalent to about a million machines. Do you have a problem with this estimate? or is it 1M-1. The 8^70 was a stupid mistake, but the FLOPS difference isn't much. Its still a factor of days. This is the only relevent doc I can find on MIPS at Intel.
Actually, I think the question is a bit thornier than a simple matter of law and ethics.
I think according to law and ethics the answer is no.
Given American society's current mindset, I think that's true (and, actually, I think it's true also, but, as a current member of American society, I would); however, in the fifties and sixties, American tolerance for militant social activists was a bit lower than it is today (and tolerance for them in today's society, it seems, is going down rather than up).
So, more generally, the question is whether we should assist any kind of government in repressing groups that we would repress ourselves. Sometimes, even when the people being repressed are `on our side,' the answer may be yes.
Consider Taiwan, for example. I don't think that action by militant reformers in the early- to mid-eighties would have helped anybody out, and might, in fact, have been a major setback, considering the KMT's typical reaction to such things.
Please understand that I am so some extent playing Devil's Advocate here. I am extremely opposed to a lot of the things that our government has done, and has assisted other governments to do (hell, one word--Diem). However, stopping radicals from forcing governments that are already reforming down the wrong path at a critical juncture isn't necessarily a bad thing.
One might raise the objection, of course, that there's no way for us to know which is the 'right' path. However, doing nothing is also doing something, if you know what's going on, so you're placing a bet either way, it seems to me....
Jeez...I can't seem to write this morning. Please excuse my poor grammar and horrible sentence stucture, lack of cohesiveness and, at points perhaps, lack even of coherence. I think, however, that you can get the gist of what I'm saying.
-k. ^-^ ^D
If their responses sometimes seem like the petulance of children, it may be because that is indeed the developmental stage where those needs crystalized. (A similar process has been documented in group psychological studies of policemen and cadets)
The problem with this emphasis on power and the trappings of respect is that any perceived threat to their standing is as real (to them) as a genuine risk of mobs rioting in the street. An 'unbreakable code' is just such a threat because ire represents somethin that their power (and the resources at their disposal) can't do
Arbitrary whim ain't much, but it's all they've got.
The trick is to accept and utilize this fact,rather than smirking cynically and dismissing it, or leaving it to run its own course
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
To provide a little clarification, there were indeed other issues behind the Whitlaw ouster.
... well, now you have an answer.
e.g. the 'anti nuclear' stance that one reader cited prohibited nuclear weapons -- or any warship carrying them -- from docking at an Aussie port. This meant warheads had to be transferred to other ships before refuel/resupply/repair in Australia. Principled stand or uppity insubordination? You decide. Of course, a formal tenet of institutional US policy is that it borders on uppity insubordination to even take an inconvenient 'principled stance' without approval by the US (much less in the face of our disapproval)
The more interesting element (to me, as an American) was the means of the ouster: the US prevailed upon the UK to simply 'fire' the duly-elected Aussie PM via the Governor General, an unrestricted power that this largely ceremonial office retained under post-colonial law.
Next time you hear someone from a British Commonwealth nation throw up his hands and say -- "Why would we want a Constituion, we're fine the way we are -- and it does sem a rather un friendly act" [a rather common view, e.g. in Canada, before The Queen granted it permission to draft a constitution]
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
those were exactly who we would go for when we were trying to get intel -- wave a little pussy at them and they would happily tell you anything, everything, and thank you too.
Can you really blame them? It's tough to get laid when you have to wear those damn bunny suits...
I don't care if it's 90,000 hectares. That lake was not my doing.
That makes more sense. I just got out of the AF and went to basic training with a budding cryptolinguist. This guy new Russian, Mandarin Chinese and some other language. He spent the last couple of years touring Russia and China, in fact.
It was hell for him to fill out his security clearance questionaire. He was supposed to list all his prior addresses, he ended up having a whole stack of pages. I would hate to be the OSI investigator that had to followup and all that.
The cool thing was that they wanted to train him in annother SE Asia language. He had orders to Georgetown University, all expenses paid by Uncle Sam. Better than tech school, where it is just like mommy & daddy watching over you, with curfews, dress codes, and scant "privileges".
He was supposed to be finally assigned to Hawaii, where he would fly out and intercept radio/telephone transmissions and translate them.
Well, that's my story, and I'm sticken' to it.
-- Remember: Wherever you go, there you are!
Loading paper-tape keys SUCKS! Had to spend a whole day doing this when we got our new weather satellite system. The funny thing was, you could get the same quality images unencrypted from NOAA. But having a tracking dish outside downloading enrcypted images from military satellites did win us many cool points though. (At least the way I described it!)
-- Remember: Wherever you go, there you are!
Haven't known many identical twins, have you?
If you know twins for a while you can easily tell the difference between them - parents can tell their identical babies apart within a very short time of them being born, and the differences only get more exaggerated as they get older...
Recursive: Adj. See Recursive.
Anyway, more info can be found here - be sure to check the links for "The Scoop," and "The Players."
You mean long as in the book of random digits that they produced in the 50's or 60's (I can't remember which, but it was awhile ago).
Actually the NSA "Agent" you are refering to was a cyptological -linquist-. They are interpeters basically. And he was in the Air Force. He simply received his orders from the NSA.
I happen to know, because I was a linquist in the Air Force also.
-caleb
much of what we know about the nsa comes from nzl, where there are partners in the echelon multi-
national group. the local partners in the echelon group the gcsb (government communications security bureau---the body in new zealand which keeps it's end of echelon) regularly advertise for translators, particular in asian languages (take a look at where nzl is on the globe to see why this is understandable). i'm surprised that the article implies that there are no translators in the nsa.
or is there a strict seperation of the international collection of this data from it's initial handling.
Let me think of a reason why the NSA doesn't want the American public to know they're just a bunch of geeks... can you say ego boost? I mean, come on. It must feel like you're James friggin' Bond all day! VERY self-validating!
To the editors: your English is as bad as your Perl. Please go back to grade school.
Hiya sparky!
Geeks and nerds at the NSA? Where? Where? I can honestly say, after being a "consumer" of the NSA's cryptography products, mainly punched tape. I'd have to say the NSA I saw was very very very dull. There's a reason though, why they call it the No Such Agency. It's cause everything they do, (99% cyrptography) is at least S E C R E T. It's not cause there is anything interesting there... It's just cause they classify their toilet paper waste at least confidential...
All intelligence efforts, regardless of which group or nation conducts them, are attempts to protect the interests of the country in question. The NSA, in collaboration with all of the other intelligence agencies in the US, is attempting to make sure that the United States, as a nation, continues to exist by both enhancing its own position and knowing as much about the weaknesses and strengths of everyone else in the world.
Why everyone? Good question; the answer is that everyone else is doing the same thing. At least the countries that can afford to in any reasonable manner. I have an interesting perspective on this, having recently recieved intelligence training in the Army. The unclassified records we were shown during training regarding people who were recently busted spying on us (mostly our own people), showed that they were working for Germany, Israel, France, even England.
As altruistic as we may want to be about things like the secret service, spy agencies in general, etc., nations don't have friends, they have interests. They look out for their own, and we look out for ours. In the intel community, this is called "the gentleman's game." You either play, or you lose. Here in the US, we play to win.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
If you're a high school or college student, and you really want to learn about the NSA, check out the Employment section of their website.
They have a co-op program (internship with pay) for CS, CE, EE, and Linguistics majors. Could be interesting...
-do i sound too much like an advertisement?
grow up
photosMy Photostream
You know that Ollie was the one who leaked the news of the pending attack on Lybia. The reporters came forward after he tried to make political hay by criticizing the media for printing the leaked story. The death of that pilot was partly his fault.
What was his role in the Heroin for arms in Viet Nam? That's where he met Richard Secord.
photosMy Photostream
We drank a lot, smoked too much pot, messed with the ladies, got in fights, and a lot of trouble, but we came to work sober (usually) and did our jobs(always).
. Vigilant Always
We are the eyes and ears of the military. Pure and simple. The military branch is taken from the top ten percent.
Though our unit no longer exists, we still remember.
The NSA is your best friend and worst enemy. Best not to think about them, best not to worry about them, it won't do any good, it won't make a differnce. Anyway, their good outweighs the bad, just leave it at that.
photosMy Photostream
NSA geeks make good drinking buddies. NSA, ASA forever!!! A tip of the hat to all present and former agents. You're the best and will always be my brothers and sisters!!!
John H, where ever you are, come back. we miss you. I KNOW YOU READ THIS SITE!
photosMy Photostream
No Ollie was CIA, and had too big a mouth for the NSA. don't associate that scum with a fine organization like the NSA. That's an insult to all hard working honest NSA agents past and present.
photosMy Photostream
i was a fresh graduate with a masters' from MSU in applied mathematics. Jimmy Carter was president when i interviewed and they had a hiring freeze on. Except for mathematicians. i got the job as a CryptoMathematician. Mathematicians ruled the roost. Never been any place like that before or since.
it was like living inside a Clancy novel. lots of toys. lots of secret stuff. and a lot of self-importance you don't notice until you're away for a while: the really secret stuff that i did had already been written up in Jack Anderson's column.
you'll never get into an office with more stimulating and smart people than NSA. most of the guys there were flaming liberals, which was surprising, but it makes sense, since government workers tend to lean democrat, not republican. i was a civilian, the military guys were fun.
the process of getting in was a little demeaning, but i didn't notice in my youthful idealism. they basically give you all these psychological tests to discover (1) are you a genius? and (2) are you in any way untrustworthy? then there's polygraph tests to make sure that question #2 is correctly answered. lot of lifestyle questions had to get answered right. (i'm straight as an arrow sexually, never done drugs and in '80 that was important.) they didn't want to hire people who were "blackmailable." Thus at the time gays were discriminated against. That's probably no longer true, because if one is in the closet, there's don't ask/don't tell, and if one's out of the closet, there's no basis for blackmail.
btw, Alan Turing committed suicide because he was gay, worked at GCHQ (the British NSA), the Ruskies found out and tried to blackmail him.
What kinds of secret stuff goes on there? imagine the best science you can find on the best university. now apply that to figuring out what the bad guys are doing. meanwhile, have the brightest boys play with the biggest toys to push the state of the art in mathematics and computer science.
sorta sad though. i went to the National Cryptologic Museum last summer and saw that one of the computers i worked on was no longer state-of-the-art, but was now literally, a museum piece. sigh. i'm getting old. it's probably all changed in the last 20 years.
anyway, it was a good first gig out of grad school and if you can get in, you'll have fun.
The point is that the underlying principles were accurate, not the props or set pieces. Modern cryptography is based on the insolubility of problems like prime factorization. If someone were to discover a fast algorithm for solving an NP-complete problem, it would represent the end of privacy. "Too many secrets."
The atmosphere of the movie is definitely hokey. No question there. But it's very refreshing to watch a movie that grasps the basic problem and explores what would happen if someone actually did solve the prime factorization problem.
For all we know, the NSA could be sitting on a proof that "P != NP" and none of us would know any better!
That is possible, but it would be much more interesting if it turned out to be a proof that P = NP.one classification above Top Secret per se
would be "Top Secret - CNWDI" which stands
for "Critical Nuclear Weapons Design Information".
SCI: Sensitive Compartmented Intelligence
It's not "above" Top Secret, just a subset of it. There are many compartments, and most people only have access to one or two of them.
And, the "Q" level is a corporate creation, not governmental.
Illegitimi non carborundum
Have you heard of Korea, or any of the other places our soldiers, sailors, marines, and airmen are deployed to currently? I'd hate to point out the obvious, but we ARE at war constantly.
As a military member, I'm a tool of policy, I don't make it. So, although I don't agree with our policy of engagement in so many theaters (I'm very much a Libertarian Constitutionalist in views), I'm part of it and I'd certainly hate for some important piece of info to fall into Kim Chong-Il's hands and see the North Korean infiltrators do some real damage for a change.
I too believe the military should stay home, but we AREN'T all at home, so we need secrets. We need secrets from our own citizens because American citizens often talk too much to Bad Guys for money. A pitfall of a capitalist society, I suppose, and I'll keep capitalism if you don't mind.
Our classification system REQUIRES disclosure after a certain period of time, depending on the initial classification of the document. So, I believe all the info about JFK (if there is anything to see) should be de-classed in the next 10 years. I'd be curious to see that, myself.
And, I applaud everyone who is skeptical of the U.S. government's ability to follow their own rules. I hope you are just as vocal in venues that matter to the politicians as you all are in Slashdot. If (big if) we are doing illegal or immoral surveillance of our own citizens, nobody that I work with would like to see that continue and we would all be glad if it stopped. I don't think it's really happening, but Echelon does look ominous.
**My opinions are mine, not the U.S. Army's, and they should not be construed as any kind of official statement.**
Illegitimi non carborundum
Well, all the VCRs at work have had the recording heads removed, we can't take cassette decks to work because they might have microphones in them, we can't have magnetic media of any type go out once it has come in without special checks by the Special Security Office, so why should a Furby be different? It's a recorder, to some degree.
What is funny is when some folks have told me that CDs are prohibited (in 1991), because they were a recording medium. I was looking for that CD-Recorder for a long time...
Illegitimi non carborundum
Hey! I'd send you an email, but since your email is not listed...
Anyway, I'm another KP, at GAFB currently. Maybe we have friends in common.
Don't let the bastards get you down.
Illegitimi non carborundum
NRO is in charge of the platforms, not the intel.
Illegitimi non carborundum
I very much hope that the NSA records are NEVER open to public scrutiny. Secrets save lives, in my line of work. If other countries (read: hostile) find out our capabilities and limitations, they can foil them.
For more on the topic of misdirection and misinformation, read the new non-fiction book "Between Silk and Cyanide" by Leo Marks. Very interesting look at how much SIGINT and codes matter to the military efforts. Oh, and the absolutely awesome Cryptonomicon, of course.
Illegitimi non carborundum
No, LTC North was assigned to the NSC (National Security Council) as a liaison. See, it's just acronym trouble. :-)
Illegitimi non carborundum
WHEW! Was that a run-on sentence or what? :-)
Honestly, I'm not able to say much about my job (duh) but if you look at the NSA homepage and look at the DLI homepage you'll find out enough that most folks can put together the rest.
Illegitimi non carborundum
Yes, there actually are a large number of Crypto-geeks on Slashdot. I know of several just in my own workplace, and we're not a large piece of the puzzle.
Illegitimi non carborundum
Great post. I am glad that I read the comments below the original "article", which told me nothing. I suppose that one reason that capitalized neologisms might have become popular is that they would be clearly distinguished from ordinary typographical errors when embedded in ordinary speech.
I love it! Have you ever read Robert D. Hare's book "Without Conscience: The Disturbing World of Psycopaths Among Us" ? He makes a parallel argument to the one that you do - namely that there are people devoid of natural empathy who are very manipulative and charming and lack fear, thus being willing to take high risks. When stupid these people become low-life con-men, but when clever they have _exactly_ the qualities that would make for selective success in our system: cool-headed, risk-taking, ambitious and unscrupulous!
What about what people found with the Stasi in the FDR (E.Germany) after the wall came down? It seemed like they were trying with 1950's technology to record and intercept communications of a huge proportion of their citizens and all sorts of people were informing on each other. Apparently a lot of the transcripts of these spy sessions were sold to the U.S. and the Germans now want them back (they don't even know exactly what they are trying to have returned). Some of the information that was captured after the wall came down revealed that there were all sorts of incredible situations of spouses informing on each other (Petra Kelly (sp?) of the Die Grune and her husband), etc. So, I guess I'm asking, perhaps there is actually a use to all this? You set up a paranoid unpleasant situation, give people the chance to screw each other over, and then as the arbiter (you the government) have psychological control over your subverted citizens.
Shouldn't that have been BDR? Sorry.
When was the last time you saw something come out of hollywood that was accurate? (Look at all the 'hacker' movies). Hollywood warps anything and everything to what makes a 'better' movie.
I've read a little on the NSA's history and their public mission. They relate more to geeks like us. They are computer, math, and science people. I've heard some say they are the biggest collection of brains in the US. I think that's probably true, except for maybe RAND. Some of the smarest people in the world work there, they just can't talk about what they are doing.
- AMW
I belive more correctly that the CIA is the one mainly involved in Columbia. It has been since the Regan administration. Now, if the NSA feeds to the CIA....that's a totally different issue.
:)
But if you want to get into columbia....well, this isn't really the place. But we've had troops/people involved in columbia fighting the 'drug war' for years.
- AMW
Not being James Bond or a gun-toting Gary Busey type means jack. I have a friend who works for the USDA (Agriculture) and he has a department issued service piece. He works behind a desk analyzing data on welfare cheats. The gun sits in a lockbox in his bedroom closet.
If there's one thing that us geeks should be able to understand, it's that today INFORMATION is the name of the game. If the NSA is so innocent, why won't they discuss Echelon with Congress? Monitoring private citizens is not in the best interests of National Security.
-"I talked to God and here's the deal/ He said to floss between each meal" -- Uninvited
Note terms: average, stupid.
=)
I remember a story on CNN, how they banned Furby's because they could be a recording device. It seems they were afraid that the Furby would start talking classified or something..
Now thats funny.
Executive ability is deciding quickly and getting someone else to do the work. --John G. Pollard
In fact her answer wasn't "I don't know" but rather "I can't discuss that" (not verbatum). I probably should've said this earlier though.
Now that is interesting. If she cannot discuss it, it means she has been instructed not to, for one reason or another. It might simply be NSA policy not to discuss specific commercial products... or that some aspect of the research on the algorithms PGP uses is classified... or maybe the NSA has discovered a weakness somewhere.
Food for thought, for sure. Cool. Thanks for the reply.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
2^56 = 72057594037927936 keys
:-( Well, foo.
Actually, it's more like 94^8 (the size of the set of printable characters raised to the number of significant characters in a UNIX password). My computer says that is 6,095,689,385,410,816. Still damn big, of course.
Seeing so many different numbers flying around for how long this should take, I decided to try an experiment. I wrote small C program to call the crypt() function repeatedly in a loop, and timed it. It look about 140 seconds to invoke crypt one million times. Doing the math, that works out to roughly 2706 years to process the entire DES keyspace for a single password. This on my AMD K6-2 at 300 MHz, lightly loaded.
Now, this is hardly an optimized case, but I cannot imagine optimization taking more then an order of magnitude or two off the total. So, 27 years, best case (likely longer). Hmmm. I guess that demonstrates that my information was erroneous. Either my memory is foggy or I was misinformed (or both).
Somebody flag that post of mine "Overrated".
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Besides, she new every single fact about RSA,DES, etc. How could she not know about PGP?
:-)
Because she was not part of this hypothetical PGP cracking unit, and she did not need to know.
You have said she was working on a large supercomputer for NSA. Simply working on such a system certainly doesn't mean she has access to the status of every algorithm NSA is aware of. Working on such a system might not even involve any crypto, if she was, e.g., just an OS implementer.
She knows RSA and DES, which is a better sign, but there are a lot of algorithms out there, and I doubt she knows all of them. Maybe her unit is focusing on cracking hardware-based products -- PGP wouldn't even be on their radar!
Come to think of it, isn't RSA used in some flavors of PGP?
Anyway, Occam's Razor says the simplist answer is the correct one. Unless you know otherwise, if she didn't know, it likely means she didn't know.
:-)
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Actually, thats impossible, but I think I'm wrong as well.
:-) So I cannot speak for your math stuff.
I don't know jack about the actual crypto algorithms. I am a system admin and an application programer, not a math weenie.
But I do know that there are freely available tools that will check UNIX passwords for weakness, and they don't take long to run at all. Granted, they don't cover the *entire* DES keyspace.
I also recall an old college friend getting in trouble for trying to brute-force a UNIX password. His program ran for a couple days on a fairly heavily loaded machine, and covered a good chunk of the keyspace, before they caught him.
So I imagine that there is more to this picture then simply how many IOPS or FLOPS a processor can do.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
For years, Canada's RCMP has had an agreement with the NSA that the RCMP eavesdrops on American citizens and vice versa.
Not at all true.
If crypto helps someone without harming society, then it helps society.
Society is a collection of people, and this group as a whole is helped if individuals are happier.
Crypto has MANY non-evil uses. Encrypting credit cards numbers, or using e-cash is one. It doesn't do anything new, just enables us to conduct financial transactions over insecure connections.
Crypto can also help in keeping bids secret, promoting fair play in bidding for contracts, something that is often messed with by organized crime.
Crypto for unions allows them to hold discussions about striking without the management catching on and firing or punishing the ringleaders. (Something that happens a lot, even though it's against the law.)
Your argument against crypto is as spurious as it would be if you were trying to ban Rider trucks with Timothy McVeigh as your case.
Converge this!
So they make chips to ENcrypt things? But since they don't make chips to DEcrypt, they'll never be able to read their own stuff!! :-)
--
SCO employee? Check out the bounty
just remember that our job is to help prevent wars, and help minimalize the loss of american lives in case one breaks out, and i think we do a damned good job of it. ...or have you bought into everything they taught you in basic?"
So I guess the question that I have is: "How do you justify monitoring U.S. citizens' communications (even if it is in a swap with Canada or via Echelon)? Doesn't the loss of privacy and freedom outweigh the "protection"?
not you want are mips, or just ips, istructions per seconds. a modern day CPU can do 3 or 4 ops per second, depending on the persentage of catch misses and stuff as well.
so a PII/III or athlon could probably run about 4*clockspeed instructions per second, so a athlon 800 could do about 3200 mips.
I would say that there are probably about 230 useable characters in a password, although most people use far less (I'd guess about 40 - 80 depending on weather or not they used mixed case, like there supposed to).
now, it would take far more then a single cycle to run the encryption on the password to check it though
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
then shouldn't it be called decisexa DES?
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
you know what I ment :P
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
- Confidential
- Top Secret
- Q
Beyond this, I really don't know what Q is supposed to be, but I distinctly remember seeing it on there.Sorry, couldn' resist. ^_^
if one is making 8 char passwds using an alphabet of 70 symbols, the number of possible passwds would be 70^8, not 8^70.. that accounts for the *HUGE8 number you have ended up with in your calculation.
There's a story a friend of mine (whom we suspect works for the French secret services although he won't admit it) likes to tell. DES encoding was, as we know, introduced by the NSA. When, some twenty years later (slight exaggeration there), differential and linear cryptoanalysis were invented, one of the obvious ideas was to try those upon DES. And, much to everyone's surprise, it was discovered that DES was already protected against differential and linear cryptoanalysis. This could be no accident: it meant that the NSA already knew about these methods long before anyone else did. Kindda scary.
However, I like to think that this isn't the general rule. Simply because I don't think efficient research (on mathematics, cryptography or any such thing) can be conducted in secret. The NSA might get the best brains - and even then, I doubt it (which math genius would prefer to work in secret rather than get due recognition for his work?). They might have the most expensive computer equipment in the world. They might intensively specialize on certain topics such as cryptography and cryptoanalysis. But even then, it won't get much ahead of the rest of the world scientific community. Simply because research does not work that way. There might be exceptions, naturally, but on the whole, I think the advance they may hold exists mainly in the conspiration-lovers' fertile imagination.
I'm quite persuaded the NSA doesn't have a P-time algorithm for factoring integers. Simply because I'm quite persuaded that no such algorithm exists (and then, they can put all the money in the world forth, you just can't buy math). That being so, RSA is probably secure forever (however, symmetric ciphers, or hash functions, being used in PGP might be more vulnerable, that is another problem).
To conclude with a blasphemously political statement: I think secret services are mainly a waste of the taxpayer's money. Using which money ``they'' can buy expensive guns, or, as it were, huge supercomputers, and show off a lot. But that's about the full extent of their usefulness.
None of the agencies, FBI aside, is allowed, by law, to monitor US citizens.
Isn't that the reason why they set up Echelon with the British. They monitor our citizens, we monitor theirs and exchange notes. It's not big brother, it's big brother's freind Sir Stanley.
+&x
yup, they dang smart o'er there.
+&x
are on opposite ends of the electromagnetic spectrum. well opposite ends of the spectrum we actually use. The Microwave "cameras" you are thinking of are most likely the millimeter wave, synthetic aperture radar satellites. these are used to augment visible light satellites, because they can image through clouds and at night. they cannot see through walls. They have a much poorer resolution than visible light imaging, because microwaves are a much longer wavelength. The maximum theoretical resolution, i think, is about 1 metre (vs. ~10 cm for the big visible light cameras)and in practice is probably worse. X-Rays would be useless for satellite photography, because the atmosphere absorbs them almost completely. Longer wavelenghts are used to see through obstacles like trees, but their resolution is worse ( longer wavelenth = poorer resolution).
.^ .^
The NSA may be exempt from many laws, but the laws of physics are not among them.
^.
( @ )
^.
I've seen people's resumes that worked at the NSA for years and that's about all they can say, that they were there. From their homepage: Because of the nature of our work, the employment process is thorough and lengthy, so you should apply to NSA several months in advance of your availability date. Applicants must undergo an extensive background investigation, psychological and polygraph exams, and several interviews. If you are accepted for a position at NSA we believe you will find NSA is more than just a place to work - it's a place to succeed!
That sounds pretty intense. It seems like they could use a proofreader though.
Why do you think the feds had to resort to tax evasion to nail capone? Not all criminals are stupid, just one ones who usually get caught. If I were a criminal you can bet your ass I would be using the strongest crypto I could possibly find. Assuming of course that doing so would help me cover whatever I was doing.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
So what are the reasons the NSA doesn't like us having large keys?
Furthermore why should what the NSA wants be the law of the land? This is a democracy, at least on paper. Last time I checked this was supposed to be a government of the people by the people for the people. What the NSA wants just doesn't figure into that in any way I can see.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
If all they did was design neat stuff for the other agencies to use, you would likely be correct. On the other hand if you take into account the rumor that the NSA also intercepts a huge quantity of message traffic and other sundry communications snooping, they would need several boatloads of personnel. .
In the immortal words of Socrates, who said; 'I drank what?'
Pray tell, what book is this. I want to read it.
My understanding is that the NRO is responsible for the photorecon sats, but NSA runs the signals intelligence sats.
-- Remember that we live in a world where all the really big decisions are made by people with short attention spans.
the nsa is now supposedly good about not listening to U.S. citizens, but thier track record is not all that great, they headed 2 major operations that violated this rule: MINARET and SHAMROCK
now, i cant remember which is which, but one was responsible for tracking dissidents and rabbel rousers such as King and abbie hoffman, and the other was for tracking drug lords.
from what i understand they are pretty much limited to electronic, or signal inteligence (SIGINT) and leave human intellegence to the CIA exept for some limited cooperation where the two overlap.
its been a while since i researched this, but check out The Puzzel Palace and a series of articles in the Baltimore sun 4 years ago called "No Such Agency"
~clearcutting prevents forrest fires
This article clearly illustrates that the Hollywood portrayal of the NSA is often wrong, but how many people actually trust movies? I don't. But the fact remains that the NSA is a top secret government agency; just because it doesn't come in with guns blazing doesn't mean that they are a harmless bunch of nerds.
Personally, I am more interested in the rumors of 'information analysis,' the allegations that the NSA spies on internal and external communications - of everyone. Although such a mass-scale operation is hard to envision, I believe that it may hold a grain of truth - Big Brother could be watching, some of the people, some of the time.
Ok, I've read through a hundred or so of these comments. To be sure, there are lots of extremely smart people working for the NSA. We spend, what, 13 or so billion for them? We also learn what they do and why they do it.
What no one has bothered asking is why, with so much money and so many smart people, they fuck-up so regularly? No, this is not a troll. Here's a shortlist of incidents where a little real intelligence would have gone a long ways...
Castro taking over Cuba
Saddam's invasion of Kuwait
The India/Pakistani nuclear tests
North Korean Missile tests ("3 stages?" oops)
The location of Chinese embassies
and I'm sure others can supply more examples.
Give me just one good example where intelligence gathered by the NSA has done the world any substantial good.
I can think of many other things to do with with 13 billion dollars and thousands of brilliant minds.
Many, many other things...
It seems that people are making the assumption that they're using regular CPUs for the cracking. This is most likely untrue. They're probably using something more like the "DES cracker" that EFF made (don't have the link on hand). I don't know how what the DES cracker did and what an NSA machine might do relate, but the point of the DES cracker was the DES was highly parallizable and able to be brute forced fairly easily.
One of the theories that floated around after the sacking of the Whitlam government (non-Australians, it's too complicated to explain, just imagine our version of Watergate without the grubby criminal aspect) was that there had been US government involvement in the double-dissolution. Seems Gough Whitlam wanted to shut down Pine Gap, and with something like over 50% of the covert ops sattelites downlinking through the place, that was risk they couldn't take. Maybe he also knew something about a little espionage of ones allies. Seems that what Australia is for, for the Poms and Yanks to either blow up half the place, or use their military spy systems to gain economic advantages for their homegrown companies. Thanks guys :)
_______________________ I am the eggman, wooo! _______________________
Cheers,
Warren
Not surprising. There is a huge area of Australian desert where nobody is supposed to go, due to radioactivity or something. Australia has never had any nuclear weapons, but for some reason all the Brits or Americans like to come and test their's over here.
And about a year ago, there was some big fireworks show or something near Sydney, and our prime minister got a phone call from the US president, who thought we were firing missiles ourselves. heh.
I seem to remember some quote from an NSA official that went along the lines of
... pretty good"
"PGP is just that
> Keep in mind the real goal of these agencies.
> National security.
Of course, we have to take their word for it that that is their real goal, since the very nature of their activities has made a joke of civilian oversight.
A professor here at CMU, Dan Siewiorek, consulted for the Army on their Land Warrior infantry battle computer. He claimed that the NSA crypto chips it used were quite poor compared to contemporaneous commercial products. In particular they consumed much more power.
When you think about how much a good fab costs these days, it's not surprising really, even with the NSA's budget.
A professor here at CMU, Dan Siewiorek, consulted for the Army on their Land Warrior infantry battle computer. He claimed that the NSA crypto chips it used were quite poor compared to contemporaneous commercial products. In particular they consumed much more power. So I doubt their in-house chip capabilities are to be feared.
Rather than have more wild speculation back here on 'page 2' of reader comments (overload mode being the absolute norm these days), here are two good references, each giving a different perspective. Slashdot could even have a 'see Amazon, give us a kickback' button for such subjects as this...
The Puzzle Palace : A Report on America's Most Secret Agency
by James Bamford
(c) 1983, ISBN 0140067485 (paper)
Viking Press
This is a relatively old (15+ years!) book that gives a functional overview by way of covering the history of how the NSA got to where it is (well at least up to 1983ish). Previous respondents claiming knowledge of NSA's past should read first, then write.
Then to understand the NSA in contemporary times, one should understand the entire US intellgence community. I suggest:
The U.S. Intelligence Community
by Jeffrey T. Richelson
4th ed (c) 1999, ISBN: 0813368936
Westview Press
Slashdot's signal to noise ratio on this subject was pretty poor. What can we do to improve the random, groundless, spouting that people seem to be doing? Moderation didn't seem to keep the factless down this time.
Classifications go like this:
Public
Confidential
Secret
Top Secret
Confidential is a type of 'okay, the public shouldn't know this, but it doesn't hurt anything if they do find it out'. Secret is where 'the public is NOT to know this'. Top Secret is where 'even those people we trust with a Secret clearance are not to know this'.
On top of this, Confidential -should- not be shown to anyone outside of the need-to-know group; Secret and Top Secret -cannot- be shown to anyone outside the need-to-know group.
(Sorry, I just applied for a position at Rand not too long ago, and their network has an unclassified portion and a Secret portion. Anyone else ever read the Rainbow books?)
It is likely that much of what the NSA dose it treason.. That is to say it should be unlawful for the U.S. gov. to hide philosophy, theorey, or motivations from the public (during peacetime).. and it should never be able to prevent the development of things in the public sector. The NSA occasionally comes in and tells some mathematician to stop work on whatever he is working on and not to talk about it. This is wrong in so many ways.. All I can say is, if your thinking about working for the NSA, you should serious reconsider.. just imagine not being able to talk about what you do all day. That is not living.
Anywho, very few things piss me off quite as much as the though that the NSA developes things which could help us all and then sits on them.. that is treason.
Jeff
BTW> Not being able to talk about your life is even worse if you take memes or related ideas seriously (ala Church of Virus). The idea is that a very importent part of you is contained in the content of your thoughs (as opposed some metaphyiscal mumbo-jumbo) and communicating with other people is a kind of imortality (maybe the only kind you would want anyway). The point being it really sucks to dedicate most of your life to something that will sit in a box.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I think we seriously need to do something about the NSA. One thing we can do, is express the importance of being about to talk about your life to people.. you are what you communicate to other people. I've known people who worked in black programs.. and it really dose ``tear out a piece of yuor soul'' (drama alert). Another thing we can do it cut funding.. I would like to see a good long list where the Echelon money comes from so I can call my congressmen arround budget time. (I know much of it is comes from the DOD.. err.. maybe that's the CIA.. but if we can find the parts of the DOD that pay for it we can go after them) We can also make it easy for people to screem ``help help I'm being repressed'' if the NSA comes nocking (like the cell phone makers or the occasional mathematician that gets too close to something they don't want known)
Any branch of the pseudo-military that can say no to an information request from congress needs to be shutdown.
Jeff
BTW> Hey, funny conspiracy theory.. maybe we think there is no polynomial time algorithm for factoring since they shutdown research into anything that gets close. I suggest we all keep a very close key on the job changes (or deaths) of the people involved in Quantum Computing.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
First, they very well might have a P-time algorithm for factoring. They might just know what lines of research would lead to in and suppress them in ggeneral mathematics. They have been known to force mathematicians to stop what they are working on and not talk about it any more. This is unlikely, but possible.
Second, a P-time algorithm it's self may not exist and it might not be dangerous even if it did (due to a large constant). What we need to worry about are the really good aproximation algorithms. The existance of really good NP aproximation algorithms is (as I understand it) part of why we have no encryption based on P != NP. Again, they may be supressing the number theory that would lead to these algorithms.
I really don't care much if they ``can'' crack codes, but I care a great deal about how they restrict and hide the development of theory. This is just plain evil no matter how you look at it.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I am currently working in the military as a mindless paper pusher, (very soon getting moved to a sysadmin position, yippee) and while I am here I am getting college, when I get out in 2 and a half years I intend on looking into the NSA as a career option. Why you may ask, well i look at it like this, I have become spoiled with my military benefits. I recently broke my ankle in a sporting inncident and had to have a prosthetic plate installed, cost me nothing. Two weeks of convelecent leave also helped out. I do not know for sure, but I do intend on looking into it, I am hoping there are military like benefits involved with working in the NSA as they are DOD as well...
Note to self: No more arguing with the faithful.
From the recent breaking of 512 bit RSA keys by a bunch of workstations, I think it's pretty clear that with an organization of the scale and determination of the NSA, it's likely that they can break significantly larger keys. Methods used to do this are a combination of: better factoring algorithims, better/faster special-purpose chips, and lots of them, due to the availability of dedicated fab facilities. If you want to stay safe from the NSA, set your crypto program at the highest strength possible, and then don't count on absolute security.
They also do security for classified equipment.
Because their faces are different/similar in much the same manner that their fingerprints are different/similar. The simple fact is, there isn't enought DNA to code the exact positioning and construction of everything - instead it codes for how the cells decide what they should do at the structual level (i.e. Position of capilaries).
"So how are they so similar" I'm sure you're now asking. Well, the answer is that the differences are on a small scale, and end up cancling each other out when casualy examined. But, if you look close enought, you can find the differences.
Hence, it's just as acurate. As for beating diguses, I think they do thermal imaging. It would be a short step from dealing with varietions in the ambient temperture and distance from the messuring device to dealing with sunglasses or makeup or a mask interfearing with it.
"The genetic code does not, and cannot, specify the nature and position of every capillary in the body or every neuron in the brain. What it can}do is describe the underlying fractal pattern which creates them.
-- Academician Prokhor Zakharov,
"Nonlinear Genetics""
As an ex-spook, I can say that your description is not too far off from my (somewhat dated) experience. All the intelligence agencies you mention, and quite a few more, are actually consumers of NSA product.
They prefer to leave the headlines to the CIA and others so they can do their work in peace and quiet. Codebreakers are an odd lot and don't seem to have changed much since the days of the Enigma machine.
My guess is that all that's changed since my departure is that most traffic now goes over the internet instead of by radio. Oh, and the satellites can see and hear better too, naturally.
See ya,
WaRtHaWg
Well, you see, it's all a CONSPIRACY by the NSA to get the HACKERS that everyone talks about on CNNBCBS news shows to notice the LACK OF INTERNET SECURITY and HACK THE NSA SITE. Then, they HIRE OR KILL the EVIL HACKERS that RISKED NATIONAL SECURITY for EVIL HACKER bragging rights.
It's all about headlines...
this was sarcastic, and I doubt that it's even coherent.
Dan
For a good outsider view check Cryptome
1 2-echelon.html
http://jya.com/crypto.htm
also look for references on the Net/Newsgroups to Echelon the UK-USA joint project between their respective communications interception agencies (GCHQ and NSA), there is a European Commission report on Echelon heres one of the many stories on it from The Guardian newspaper in the UK
http://online.guardian.co.uk/technology/9053603
Theres a lot of information and misinformation around, if you start from a good well researched resource like Cryptome, you have more of a chance of getting a realistic view.
Any sufficiently advanced man is indistinguishable from God
I agree. I would like to know what the NSA does for us. However, I would also like to know what the NSA does *to* us. Specifically Echelon, the hindering of strong crypto, and forcing software companies to insert backdoors into their products.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
So does anybody know actually how many people it does employ, or are those numbers classified? If it's very high, we can only assume that most of them are involved in some type of Echelon operation (since NSA is certainly not going to employ 70,000+ highly trained mathematicians and computer scientists).
-cf
Will: Why shouldn't I work for the N.S.A.? That's a tough one, but I'll give it a shot. Say I'm working at N.S.A. Somebody puts a code on my desk, something nobody else can break. So I take a shot at it and maybe I break it. And I'm real happy with myself, 'cause I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East. Once they have that location, they bomb the village where the rebels were hiding and fifteen hundred people I never had a problem with get killed. Now the politicians are sayin', "Send in the marines to secure the area" 'cause they don't give a shit. It won't be their kid over there, gettin' shot. Just like it wasn't them when their number was called, 'cause they were pullin' a tour in the National Guard. It'll be some guy from Southie takin' shrapnel in the ass. And he comes home to find that the plant he used to work at got exported to the country he just got back from. And the guy who put the shrapnel in his ass got his old job, 'cause he'll work for fifteen cents a day and no bathroom breaks. Meanwhile my buddy from Southie realizes the only reason he was over there was so we could install a government that would sell us oil at a good price. And of course the oil companies used the skirmish to scare up oil prices so they could turn a quick buck. A cute little ancillary benefit for them but it ain't helping my buddy at two-fifty a gallon. And naturally they're takin' their sweet time bringin' the oil back, and maybe even took the liberty of hiring an alcoholic skipper who likes to drink martinis and play slalom with the icebergs, and it ain't too long 'til he hits one, spills the oil and kills all the sea life in the North Atlantic. So my buddy's out of work and he can't afford to drive, so he's got to walk to the job interviews, which sucks 'cause the schrapnel in his ass is givin' him chronic hemorroids. And meanwhile he's starvin' 'cause every time he tries to get a bite to eat the only blue plate special they're servin' is North Atlantic scrod with Quaker State. So what do I think? I'm holdin' out for somethin' better. Why not just shoot my buddy, take his job and give it to his sworn enemy, hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and join the National Guard? I could be elected president.
-- You are in a twisty maze of passages, all alike.
One impartant thing you're missing - the other reason we rarely see smart criminals is that most smart people can find better things to do in life than crime - crime is incredibly high risk, low stability, and hard to raise a family on. You don't get health care or retirement benefits, and finding a normal job later on is difficult at best.
Not to say that there aren't smart criminals; just that there are fewer than you might think.
You're right... Cryptography in the hands of criminals does no good to society. But, so does .....
Cryptography in the hands of Chinese dissidents does no good to society.
Cryptography in the hands of people like Timothy McVeigh does no good to society.
Cryptography in the hands of communists in the united states does no good to society.
Cryptography in the hands of unions does not good to society.
Cryptography in the hands of employees does no good to society.
Cryptography in the hands of geeks does no good to society.
Cryptography in the hands of ANYONE does no good to society.
Ya know what, you're completely stupid and wrong.
Hey! I am all the hell for crypto! It was satire against the person I was responding to.
Regardless, no matter how unbreakable the encryption is, it can ALWAYS be broken at either endpoint. The police may not be able to anonymously sniff the airwaves, but they can put a bug in the cellular phone, or in the phone its calling.
with an ultra secret agency like the NSA, there is no real way to find out what is and isn't true. the NSA budget may be more than $13B, and who knows, the NSA may have already developed a quantum computer too classified to share with the world. this is the same case as public key cryptography, which was developed at Britain's GCHQ and later announced to the world independently by RSA. the disinfo stream from the NSA will always muddy the waters. do governments really pay $26 for toilet paper because they "are out of touch," or are they just padding various purchase lists to pay for something else they'd rather not talk about? it's easy to get into conspiracy theories here, but that's not my point (or belief). secret agencies will always require educated speculation by outsiders because of propaghanda and misinformation, and the NSA is no exception.
You bring up an interesting point about government agencies that most intelligent people realise but forget when thinking in terms of conspiracies -- they're inefficient and relatively slow. Have you ever considered how long it would take, if you had an action plan, as President, to wipe out poverty? Or to enact heatlh care reforms? With the government the way it is, it just would never happen because it takes several months (to a year) for a piece of paper to get from one desk to another and be marked "stupid idea" because it's too old now.
... beaurocratese has probably bogged down the NSA as much as Dilbert from one day to the next.
:).
When we think of the NSA as a conspiratorial group, we tend to think of them as a group without links to the regular government channels (which is actually how they were created to some degree) but I doubt they have that complete freedom anymore. Even the army and navy have to answer to government protocol these days
Hopefully they have at least as much fun at work as I do though -- with bigger computers
- Michael T. Babcock (Yes, I blog)
... because our democratically elected officials created that branch of government -- so indirectly it is democratic.
If you actually know something they're doing that you don't like, you write to your representatives
(Canada's CSIS - Canadian NSA/CIA - was accused of that one in the Airbus scandal between Canada and France).
- Michael T. Babcock (Yes, I blog)
I'm a bit confused by this--does he mean weirdos like us, or is he implying that we're actually normal?
Not to imply that slashdotters aren't normal or anything..
/jbm
Exactly. Politicians are mostly involved with getting re-elected. Unfortunately, the people won't really agree (or vote for) no tax cuts because sound economic theory states that their potentially inflationary economy will indirectly put *less* money in their pockets. All they think about is the direct effect to themselves. Therefore, politicians are only worried about the political acceptability.
You, however, underestimate the power of fiscal policy. If the government goes on a mass spending spree for a coming election, it will be difficult for the FEDS to exercise their monetary policy. It is also up to those exercising fiscal policy to act in cases of cost-push inflation. Unfortunately, monetary policy ain't going to cut it in that case, cause they can't force banks to give out loans with a easy money policy. That's where increased government spending must come as a result of easier fiscal policy. Alluding back to the original comment by the guy who mentioned reagan, though, the simple fact was that his policies were incredibly stupid and unsound. This is the guy who believed the laffer curve, where cutting taxes didn't have to mean decreased government revenues. Unfortunately for them, their leap of faith, believing they were right of the curve instead of left, ended up costing them the economy. So you see, both sides of the economy come hand in hand.
----------
I don't know exactly what the NSA is about, but I think I'd be really fun to work for wither them or the FBI - A programming / analysis job with the gov't would probably be fairly interesting.
I wonder what kind of requirements the NSA has for applicants?
cyanoacrylate wrote:
> You obviously didn't read the summary
I read the entire document. You have a interesting point, let's not get personal.
> The whole point was that a repressive government > was vulnerable to a netwar if and only if it is:
>
> 1. In a state of political flux
> 2. In the process of opening up political freedom
> 3. Requiring greater world participation in its
economy
Although you don't say it, you seem to imply that even if the foreign government is repressive, it is OK for our government to aid them in repression. It is supposedly justifiable because if foreign government is assisted in destroying the militant social activists then they'll become less repressive sooner. And militant social activists are exactly the people most discussed in the RAND study ( see ch2 pg20 for example ).
This is naive, IMO. Repressive governments become less oppressive when it becomes clear they can't sustain their society without healing internal divisions. See, for example, the history of South Africa. Governments try to open up 'just enough' to spur economic growth, but not enough for people to have real control over the elites who oppress them. However, as events in Eastern Europe, South Africa, etc.. show, once given some freedom, people will try to get more freedom and push past the false limits set by the ruling elites. This pushing does not 'set the country back 10 year', it propels it forward.
The question is, should the United States use its spying expertise to assist repressive governments in destroying networks of militant social activists. I think according to law and ethics the answer is no.
-Merlin
p.s. there are a lot of papers written by various
folks about what 'netwar' is and is not. Stick to the '.mil' analysis, for example as it by and large avoids the hype. Netwar, to the extent that it is different from psychological-warfare, is about connections between people, institutions, etc... Intelligence helps repressive governments pick exactly who/what will 'disrupt the network' if eliminated, discredited, threatened, etc....
Not that I doubt the NSA could recover a UNIX password in seconds, but your estimate of 30 years is grossly understated. Your average pentium (not pentium pro or II or III) can do about 20k crypt()s per second -- using ufc. Granted, this is not the most higly optimized DES setup one can find, but it's certainly the easiest to find.
There are 2^56 possible inputs (i.e. passwords).
(2^56/20000) / (60*60*24*365.25) == 114168.368377 YEARS
Assuming a highly optimized DES routine (and only DES processing time matters)...
(2^56) / (2000000/16) / (60*60*24*365.25) == 18266.938940 YEARS
Now, let's use DeepCrack...
(2^56) / (88000000000/16) / (60*60*24*365.25) == 0.415157 YEARS
The odds are good that you'll find it without trying every possible input.
Actually, the acoustic coupler was used during the call to the NSA. I doubt it was a modem, but still. I'll give 'em that one -- anything to throw some techno toys in there. Sure, there's alot of holloywood in there...
The bit about the "Russian codes" is completely true. If you were to build a device to cut through DES like water, then it's not going to help much with blowfish encrypted data.
Look at DeepCrack...
We are being destroyed by becoming too much like our late enemy, the Soviet Union.
Our own gov didn't believe (or want to believe) in the power of open, limited gov relative to totalitarian gov. (No comprehension of computational complexity, which forbids central control ever working.)
Now, we have a huge Fed gov police/intelligence apparatus being turned against the American people.
No matter how noble their goals, the NSA, the FBI, the CIA and all other fed police forces are unConstitutional and antiFreedom.
Lew Glendenning
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
I remember seeing a face recognition device on some TV show quite a while ago that said that it was able to differentiate between identical twins. It also said it could see attempts disguise your face. This was a commercial device that banks and credit card companies were looking at for verification purposes, but they said it was too expensive at the time. So if commercial entities have access to something that accurate, I'm sure the NSA has something way better. What I wonder is if you lost or gained a lot of weight in a short period of time would it still be able to recognize you as you considering how sensitive it is supposed to be. Or even worse you were involved in some type of accident and needed plastic surgery what process would you go through to regain your identity?
Who ever said the US Government controls the NSA? The President doesn't even have clearance to some of their top level shit.
I don't think they would allow the export to happen unless all known exportable encryption codes are readable by the NSA.
Woomera and Pine Gap both still exist. The Australian government happily lets the US operate
a station so that they can spy on us!!!!
Of course the US claims it's for maintaining
communications with submarines and sattelites,
yeah right!
Of course we really fucked things up for our good
buddies in the NSA by admitting
the existance of echeleon and that Australia participates in it a few months back,
search slashdot for more details. Maybe we're not
so dumb after all...
Another Australian
That's one of the things I liked about Enemy of the State -- the actual NSA agents were nerds. All of the gun wielding grunts were hired hands. Of course, like any of those movies, it wasn't made to be taken as reality, but it was good, fun action, with that little twist. (I vaguely remember another film -- Mercury Rising, I think, where the NSA agents, or at least some of them, were computer/math types. Which is another stereotype all by itself.)
The purpose of the NSA seems geared to economic espionage directed against the allies of the USA. The interception site at Menwith Hill, (North Yorkshire, UK) is designed primarily for non-military interception, alledgedly intercepting millions of telephone calls (including diplomatic communication) to be passed on to US companies for their commercial advantage.
The NSA (alledgedly) takes the lead in this kind of signals intelligence. This is in my mind a greater threat to the free world than anything a military machine could construct - subverting competition is a far more dangerous threat to the aims of a democractic nation - even the one they are alledgedly supporting.
See http://www.iptvreports.mcmail.com/ic2kreport.htm for a rather splendid summary of how it all works.
Keep in mind the real goal of these agencies. National security. However, it is profitable for the media to blow out of proportion and distort their efforts. Granted sometimes there are "necessary evils", but the benefits greatly out-weigh the evils...at least if you live in the US.
If people are leaving the NSA for private companies, wouldn't the NSA worry that they may try to take the technology with them? I know that would come under official secrets act (although that is designed to protect officials, not secrets in "Yes Minister") or whatever, but it's a bit late after the event.
Also, if NSA could break PGP or had a proof that NP != P, wouldn't that info be valueable to private companies?
People may ask how much M$ is paying me to say this. Let me tell you: nothing.
I get options instead.
Ah, but we do! The charges are different, though: trying to gain a market monopoly.
People may ask how much M$ is paying me to say this. Let me tell you: nothing.
I get options instead.
On the other hand, I like low-inflation, and I also like the fact that I personally have easy access to 128-bit encryption but that the average stupid criminal doesn't.
Will somebody show me a stupid criminal? Who makes 'em? Where do they come from? Man when can we create a test that shows whether you can tell the difference between evil, stupid, ignorant, arrogant, disturbed, and just plain nuts. Course, that would probably lower National morale and then the end of the world would come soonmer than 2007.
The message on the other side of this sig is false.
All them IngSoc words are scaring me. Stop that.
The message on the other side of this sig is false.
It does. *not*.
The message on the other side of this sig is false.
all that i've known sounded like they had nothing better to do
Yesterday I was downloading Netscape Domestic/128-bit Version. It was going kinda slow, so I used FTP Search to look for the file elsewhere. It's all over the place, anyone could download it...
--
A friend of mine works for the Treasury Department, aka the Secret Service, and his viewpoint of the NSA collaberates with this one, with the added feature of a bunch of think-tankers, working on such things as unusual photos, surveilence info, handwriting analysis, etc. They don't do anything other than act as a giant brain for the other organizations to use in order to help their own efforts.
Of course this is from someone "on the inside" so my word is second hand and clearly biased.
But we can imagine a bunch of MIB-like guys out for world domination, can't we?
Karma Whoring for Fun and Profit.
This is probably a good idea. There was a
thread discussing it on sci.crypt a couple
of weeks ago, if you're interested in it.
Alex.
ahh... Sneakers. watched it for the first time when i was 11 years old, and have watched it many times since. but ya, the NSA is more of a think-tank and R&D for the government than anything.
Useless Factoid about the NSA, they actually handle 90% of the US's intelligence work, the CIA handles about 7%, and the FBI takes care of the rest.
I have a relative in Maryland who works for No Such Agency. Though she quite frankly can't tell us what she really does at "work," she holds a masters degree in Russian Language.. so from there it's easy to guess. She has mentioned that she is "on the phone a lot."
The higher, the fewer.
Hrm. I know that one shouldn't take their website as representative of their overall security policy, but take a look at this:
Apache 1.2.0? I don't want to second guess to security leaders of the world, but guys... ever heard of "patch"?
Actually, there are regularly scheduled declassifcations of classified information. That is how some of the footage used in the documentaries of the nuclear weapons program got used. It was declassified on schedule and then requested by the producers. Another example is the information that will be released soon on the Kennedy Assasination.
Alpha Centauri!
Grin..
RAND are the people who came up with MAD, Mutually Assured Destruction. Including the idea of, during "tense moments," of keeping nuclear bombers in the air at all times. John Nash, game theorist, also work from them.
For all the bad rap the NSA might get for being on the "protective" side they are one of our country's great national rescources. The US armed forces would be very inefective without an orginization like the NSA to support it. Brawn is rather inefective withought the brains to back it up. Although we give the NSA a lot of crap we have to realize the good they do in protecting our freedom greatly outweighs the infringes they make upon it.
Option 1: Thwarting off international terrorists by intercepting coded communications.
Option 2: Thwarting off international terrorists by posting guards armed with M16s at the gate of all international flights.
Hmmm that's a tough one...
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
Argh, NO! North was attached to the NSC, the National Security Council, not the NSA. There's a joke in this somewhere. ("I didn't order the agent to die today, I said go buy a Cray").
Another in the same vein I've heard recommended is Codebreakers : The Inside Story of Bletchley Park
My best friend of 20 years has worked at the NSA since his co-op days in college. And here's what I have gleaned from him.... ABSOLUTELY NOTHING! I know that he writes code, travels the world, and can point out satelites in orbit. Kind of makes you wonder. I do know that if you live in Maryland, you most likely know at least 5 people who work for the NSA in some way. As Maryland's largest employer, 20,000 people (give or take 3), it's hard not to bump into them.
Basically, he's a regular guy whose seen a few more Crays than your average geek. He is into guns and other weapons, but only as a hobby.
Of course, you realize this is all being monitored.
SIGINT's modern era dates to World War II, when the U.S. broke the Japanese military code and learned of plans to invade Midway Island. This intelligence allowed the U.S. to defeat Japan's superior fleet.
Eh ? I thought it was the BSC which did that, and that they were Brits and Canadians - not the US. I don't have the info here right now, but I do recall that they had the direct (and secret) support of FDR and certain members of the Rockerfeller family, but Hoover and the FBI didn't like them one bit, and Congress didn't seem to either. I do know that the FBI at the time claimed certain victories which weren't theirs at all.
I also recall that the BSC told the US military that certain encryption codes were insecure, but could tell how they new that - it would have meant admitting that they had a working Enigma machine. Certain people in the US military didn't want to be told what to do by "a bunch of foreigners" and continued using these codes to inform each other of allied movements, thereby also informing the enemy and causing major casualties. If the US military had found out that the allies really could crack enemy codes, the Nazis would have found out too and would have changed their encryption machines which they had believed to be uncrackable.
Read William Stevenson's biography ("A Man Called Intrepid") for more info. A lot of what's in the book couldn't be published until the BSC archives were opened many years after the war. Some things still are kept under wraps.
I don't expect the NSA to behave any differently. Some time in the future, we'll probably find out that a vast amount of what they did was in our interest, but there are some things they'll never tell.
As in WW2, there are corrupt elements who pass information to "the other side" (whoever that happens to be at the time). If you don't know precisely who you can trust with information you don't trust anyone. In some cases, it really does mean life or death.
The BSC wasn't a paramilitary organisation by any means - they dealt mainly in information. However sometimes certain extreme measures became necessary. Many people like to point out that James Bond type scenarios are far fetched and unrealistic, but don't forget that Ian Flemming (creator of 007) worked for the BSC and that there are a number of things in his stories which are taken from real life. Truth is sometimes stranger than fiction. Did you know that Noel Coward worked for the BSC too ?
I'm sure that the NSA is prepared to go to great lengths to maintain the intergrity of its data, control who has access to it, and protect its data sources. Whether they do so themselves or employ others to do so is a different kettle of fish.
-- Steve
Poor Gary, whether a knowing or unknowing dupe, dupe nonetheless. Any organization with this much power and money that is not accountable to the American people should be scrutinized carefully and NOT taken at their word.
As an example:
Recently, information has become public that workers at Paducah, Kentucky were not told that they were handling plutonium. As a result, a number are dead. Same story at Hanford, Washington. Same justification given, National Security.
NSA routinely monitors communications traffic around the world. If anyone is so naive as to think that they do not monitor domestic traffic, they probably believe Gary and his nice story.
Every government agency with surveillance and police powers has abused their authority. It's a facet of human nature that power corrupts and the NSA has a lot of it. Whether they have ninety-nine percent of the geeks and scientists in the world working for them, the geeks don't call the shots. They just do as they're told. Geeks are notorious for having their heads so far up their ass and into their monitors that they miss the bigger issues. Take a few days and read a little U.S. history since WW2. Our government has committed crimes that would land any of us in prison, but no apparatchik pays, just the citizens, again and again.
The sad fact is that our government is probably one of the best in this regard, but that doesn't mean they should be trusted. Do you know anyone in a position of higher authority at NSA? If you don't, then why would you trust them? Trust is earned, not given.
"Computers are useless. They can only give you answers."
"Computers are useless. They can only give you answers."
-- Pablo Picasso
Actually, the head of the NSA is supposed to be a three-star admiral or general (last I read, it was a Lt. General of the USAF), and is public knowledge. Obscure, but public. However, NSA is a part of the DoD, so those "official" positions are in all likelihood their legitimate titles.
I would assume because they might let you work on projects you would never be able to do in the private sector, give you tons of experience in devloping and working on mathematics (which must be important to you if you actually decided to shoot for a Ph.D), if you showed a high aptitude and interest early on they might pay for college and such. And if you do feel like leaving, you casn wait until your five years are up and then head on over to RSA and work for them.
While I agreee with AC that the money just isn't there in all probably, this does not preclude the NSA from keeping contractual agreements with RSA and such anymore than they did with Ma Bell in the 50s to tap the trunks directly or with IBM and DES. It sure beats having to pay those that leave while still keeping track of them and the corps' progress in general.
Not that I know, but ... the popular idea is far from correct concerning the population of NSA, CIA, etc. It really is a bunch of geeks out doing what they have been tasked by their employer to do. The taskers are citizens of this country as well, and they understand that what they do directly effects them as well as everyone else. None of the agencies, FBI aside, is allowed, by law, to monitor US citizens. There really is no Orwellian "Big Brother" in the US as there is in, say, China or Soviet Countries. NSA just breaks code all day, and then spends their paychecks at the local strip joint like the other geeks.
Still, Sneakers had a lot more technical accuracy than just about every other movie that dealt with "today" technology. Most of the wire transmissions were text. Many of the graphical displays seemed like home-cooked interfaces for things. The blind stuff was neat. I really laughed my head off when I was watching Hackers, because it seemed to be about an alternate universe, yet they referred to publicly available documents (albeit ones that have no relevance to hacking--orange book, red book, peter norton book). Other things were funny, like large, plain-text passwords displayed on a very important computer. And I was told by many "hackers" that they had all of those books, ergo the movie was tech-right. I smiled, nodded, and thought for a few seconds about modifying their web pages, but who really wants these people to learn anything.
This should give you a better general overview of the National Security Agency. If you're interested in the bibliography send me and e-mail. "Secrecy and a free, democratic government don?t mix," -- President Truman. This is obviously one man's opinion rather than a fact. Many democratic governments keep secrets from their people. In fact, the United States government controls two, very large agencies, the Central Intelligence Agency (CIA) and National Security Agency (NSA), who deal mainly in the secrets of others. It is, therefore, ironic that President Truman would make such a quote when he was responsible for the NSA?s creation. The NSA is now the largest and most secretive, intelligence agency in the western hemisphere. The goals and activities of the National Security Agency today are as interesting as the history it has spawned. Of the NSA's two main branches, its first, INFOSEC, is of lesser importance. INFOSEC stands for INFOrmation systems SECurity. This is the division of the NSA that protects the secrets of the United States. The NSA?s INFOSEC team develops products and services that protect America?s classified and unclassified government systems from exploitation, interception, unauthorized access, or any other technical, intelligence threats (About NSA 3). The primary way in which the NSA protects American intelligence is through encryption. INFOSEC creates and employs the strongest encryption currently available. With current computer technologies increasing in performance and decreasing in price, creating unbreakable encryption is becoming more difficult. However, the NSA assures the American citizens that U.S. government security systems will remain impenetrable. The second division of the NSA, SIGINT, is what has made it infamous. SIGINT stands for foreign SIGnals INTelligence. SIGINT intercepts foreign communications; it then collects, deciphers, translates, and processes this information. James Bamford, author of The Puzzle Palace said, ?The NSA is much more high-tech. They downlink communications from satellites, pick up microwave links, etc. They do it all over the world... the NSA is at work? (Hancock 2). With these technologies, the NSA can follow a rocket?s trajectory, or intercept radio communications between two pilots in the air. The computers that process this information are also highly advanced. They can listen for a keyword in a conversation at a rate of four million characters per second. This means the NSA?s computers could read through a large novel before a person was done saying the title (Knightley 371). Both foreign and domestic communications are monitored by this equipment. The NSA publicly admits to perpetually monitoring certain individuals and organizations. Just a portion of these are oil companies, banks, newspapers, commodity dealers, civil rights leaders, radical political groups, politicians, embassies, and terrorists (370). The origins of the NSA date back to 1952 and a man named Harry S. Truman. Unlike the CIA, which was created by an act of Congress, the NSA was established by a secret, presidential signature. The seven page National Security Council Directive Six, signed by President Truman, brought about the NSA?s existence (Volkman 74). This document, which is still classified today, created a separate organization within the Department of Defense that replaced the Armed Forces Security Agency. The founding date of the NSA, November 4, 1952, was chosen deliberately. On this date the election coverage of Eisenhower defeating Truman would overshadow all other news (Andrew 197). The NSA was given unprecedented resources under President Eisenhower. In 1956, after only four years, the NSA already employed 9000 people (216). With so many resources going to the NSA during the ?50s, both the CIA and the Federal Bureau of Investigation (FBI) became jealous and tried to discredit the NSA whenever possible (Wright 145). As the NSA grew, it encountered a few problems, but continued to be an important tool for the Presidents? use. Under President Kennedy the NSA began to have problems analyzing the large amount of top secret data that they were acquiring. Even with the largest and most advanced computers of the time, and more employees than any other western intelligence agency, the NSA could barely cope with the amount of information (Andrew 273). This problem can be better understood by this quote from an NSA official in 1980, ?There are three satellites over the Atlantic, each capable of transmitting on about 20,000 circuits. There are eight transatlantic cables with about 5000 circuits. We listen to them all? (Knightley 371). Knowing everything that was happening in the world made the NSA the President?s best friend. In 1986 Ronald Reagan became the first President to visit the NSA headquarters. Reagan also gave the NSA control over INFOSEC in 1984, and both operations security training missions, and the combat support agency of the Department of Defense in 1988 (About NSA 1). President George Bush heavily relied on the NSA?s ability to decrypt information before and during the Gulf War. He was so pleased with the NSA?s performance he called them, ?the unsung heroes of Desert Storm,? and said this in a press conference: My association with the NSA goes back many years. And over the years I?ve come to appreciate more and more the full value of SIGINT. As President and Commander-in-Chief, I can assure you signals intelligence is a prime factor in the decision making process by which we chart the course of this nation?s foreign affairs. (Andrew 526) The continued growth of the NSA for forty-six years has made it the extremely large and advanced organization it is today. The NSA is still headquartered in Fort George G. Meade, Maryland, where it was placed in 1957. The campus is located half-way between Washington D.C. and Baltimore. Its main building occupies 1.4-million-square-feet, and the perimeter is ringed by double-chain fences topped by barbed wire with electrical strands running through them (Knightley 372). On July 14, 1997, the NSA was estimated to employ 38,000 people. These employees include analysts, engineers, physicists, mathematicians, linguists, computer scientists, researchers, customer relations specialists, security officers, data flow experts, managers, and administrative and clerical assistants. The NSA also employs the best codemakers and codebreakers in the U.S. (About NSA 1). Many of the NSA?s true motives have come to light in the past few years; however, its mission is still built around secrets. Until approximately sixteen years ago the NSA was completely secret to the general public. Even today, the phone number to the director?s office is unlisted. Furthermore, not one decrypted message produced by the NSA has ever been declassified (Andrew 537). It is no wonder that the NSA has been jokingly called ?Never Say Anything,? or the ?No Such Agency.? Ever since its founding, the NSA?s biggest secret has been its annual budget. Its funding has always been hidden deep in the Pentagon?s total expenditures. In 1976 the budget was estimated to be $1.5 billion with a ten percent increase each year. This meant the NSA was given $3.5 billion in 1986. Over twice as much as the CIA or KGB received that year (Knightley 4). In 1995 the NSA and two other Pentagon intelligence agencies officially asked for a combined budget of 13.2 billion dollars. The NSA has an interesting, albeit secretive, past that is only fitting for an agency with such intriguing objectives and endeavors. The NSA was secretly formed in 1952 by President Harry S. Truman. It then continued to grow becoming the largest spy agency in the western hemisphere and a valuable tool for U.S. Presidents. The present NSA has two primary functions: to protect America?s secrets through INFOSEC, and to learn the secrets of others through SIGINT. The power of SIGINT and the devices used in its operations are amazing. Still, some of the NSA?s biggest secrets are about itself. The existence of the NSA shows that secrecy and a free, democratic government do mix, and they will continue to in the foreseeable future.
But for all you lazy but curious people out there, you should check out the book _The Puzzle Palace_ by James bramford (here's the link on Amazon.com).
Bramford chronicles the history of the Agency all the way from its origins in a couple of military intelligence organizations in WWII through its founding by a secret executive order by Harry s. Truman all the way to the present (or to the 80's at least :-) Apparently, he filed hundreds of Freedom of Information Act petitions to declassify material (so much so that the NSA fought the release of the book) and disects the agency very nicely.
I read it back in college when I first discovered pgp and wanted to learn more about cryptography. IMHO, both threads in this discussion (the NSA is an all powerful cabal of geniuses monitoring your every move vs. it's just another stupid govt. beauracracy) are partially true.
For an example of the former, apparently, in the 1950's or so, all international phone traffic was handled through just a couple of trunk lines laid down in the ocean connecting America and Europe. The NSA secretly approached the commuication companies (mainly AT&T and Western Union) and got them to allow the NSA to tap the trunk lines. After that, the NSA was able to monitor *every* phone call between Europe and America. Without such hassles as legal warrants... They also listened in on domestic phone calls without legal warrants despite the express prohibition written in their charter against domestic intelligence gathering (that's the FBI's job).
On the flip side, as an example of dumb beauracracy, the actual head honchos in the agency are supposed to be secret. They're given other "official" positions like colonel so-and-so in the U.S. Army, etc. etc. However, like any large corporation, they have designated parking spots for all these big guys (this space reserved for director of XXX, etc.) . Of course, any Russian spy satellite can easily pick off the license plate numbers of the cars parked there, run them through the Maryland or Virginia DMV and figure out who each person is.
Very interested stuff. If you have a serious interest in the NSA, read this book.
Gough Whitlam is still very much alive. Harold Holt is the PM who disappeared while swimming. (Ironically he was such an avid/strong swimmer that a swimming centre in Melbourne is named after hime). Apparently Pine Gap was cruicial in processing the satellite data required to take out SCUDs in the Gulf War.
>Crypto in the hands of the mafia, or kiddie porn >peddlers, does society no good. Crypto in the >hands of honest citizens who value their privacy >does society no harm. It's a shame that the NSA, >the treasury department, and our government have >taken the first as a reason to hinder the second. It is naive to think that the NSA actually cares about pornographers and the mafia. They keep crypto weak to spy on the citizenry of this country. But saying they're keeping it weak to fight pornography keeps the public on their side.
Ignore Alien Orders
I'm surprised that nobody has mentioned this yet. The NSA is reportedly one of the biggest employers of mathematicians in the world. They have had decades of time to develop their own theories as well as learn from all the work going on in the open. We can only imagine the kind of mathematical wonderland the NSA must have built up by now!
I hope at some point their theorems start being declassified. It would be fascinating to know how many things were done first by the NSA (Public Key Cryptography is rumored to be one such thing) and how many others have no parallels in the outside world. Given the nature of its general mission, I'm sure that the NSA has an interest in Computer Science and Complexity Theory. For all we know, the NSA could be sitting on a proof that "P != NP" and none of us would know any better!
IMHO the problem is not that spies exist, or that someone is working on inventing and breaking codes -- those things are unavoidable. Just like there is no problem in the fact that people are trying to make money. Problems starts when the desire to have comfortable life turns into all-destroying passion to get all money and power in the world, obliterating everything that remotely looks like competition in the process (I believe, you know few examples of that) and reasonable concern about enemies' secrets turns into self-perpetuating activity with one goal -- to get all information that may exist, and find out everything it is related to. It becomes not about security -- it approaches logic like this: "we have found that some random guy went to the airport, and now can find all people who went to the airport -- we now must at any cost make it possible to determine why, and become able to do so for every guy who went to the airport. Or into a gun store. Or into any suspiciously-looking meeting".
No goals, no justifications, no restrictions -- just have to do because in theory we can. There are satellites that carry phone converstaions? We must pass everything through our listening stations, or our missions will be considered failed. There are internet backbones? We won't sleep well until we not only would be able to listen to any particular transmission -- we have to make it possible to listen to all transmissions, simultaneously, and with all possible kinds of filtering/searching/recording. (And there are two guys with smoke signals? We don't care if someone will die, but we must have all their messages). There are laws that forbid us from spying on our citizens? Sign agreement with some other spies to bypass those laws.
What for? Why infringe on people's privacy in cases when it's forbidden by law, and is absolutely pointless for national security, except for cases so rare and unusual that it can't possibly justify the damage caused by spying and especially spying-supporting measures, such as crypto restrictions? After all it damages exactly what it is supposed to protect -- society, its laws and economy.
I'm afraid, the answer is the same as in the case of money -- just like Bill Gates has no use for his billions, and keeps his world conquest efforts just to prove himself that he is not a loser (who he absolutely certainly is -- life of maniac is pretty miserable), "spook agencies" have no use for a lot of information, yet collect it to remain busy, and to be proud of being the largest waste of money in the world.
IMHO if they were rational, they would know that some things are worth spying, some aren't, and some shouldn't even though theoretically they can be of some use. No matter how well funded NSA or even FBI, or even ECHELON will be, they will have no chance against suicidal school shooter (ex: Columbine). And some well-developed technology plus a lot of "normal" intelligence activity will give more useful information to the army (like, location of buildings in hostile countries) than millions of hours of randomly recorded conversations, especially considering that ones that are really "interesting" are still very likely unbreakable in the time when they are still useful.
I don't think that they really are listening to everything, so I may be exaggerating things, however the problem is, their goal is to be able to listen to everything all the time, no matter how useless it is.
Contrary to the popular belief, there indeed is no God.
There is one unusual thing that seems to be limited to their(?) jargon -- abbreviations (but not acronyms) or even complete words written in all caps -- "COMINT", "SIGINT", "COMSEC", "MOONPENNY".
Commercial companies use BiCapitalization with complete words, glued together (lack of creativity, insensitivity to ugliness, treatment of language as a playing field in grab-a-trademark game), government uses acronyms (sounds obscure and important, requires some "inside" knowledge to participate in an argument), but computers geeks language is different. In normal speech only acronyms are capitalized ("TCP/IP", "SMTP"), other kinds of abbreviations are rare and mostly one word (that however may be leaked from a programming language), or abbreviated (or otherwise odd) words in plural, converted to verb, etc.: "sig", "grep", "caps", "sigs", "ifdefs", "to grep". All caps are used in:
I am not familiar with military jargon, it may be from there.
Contrary to the popular belief, there indeed is no God.
I also like the fact that I personally have easy access to 128-bit encryption but that the average stupid criminal doesn't.
Why do you think criminals can't get 128-bit or better encryption? Just because US citizens can't export it does not mean it does not exist everywhere within and without the US. Terrorists in country X are not bound by laws (by definition), let alone US laws. Do you really think encryption is the unique invention of Americans?
And can I get some of that great crack you're smoking?
that budgets can be motherlodes of unexpected info
That is very true, and is an issue. It would be somewhat helpful if secrets were given an expiration date to allow for some sort of checks and balances. After all, other than avoiding embarassment, what reason can there be for keeping pre -WWII information classified? Are we really afraid Saddam will attack us with a fleet of top secret Sopwith Camels?
National security.
The problem isn't their goal, but how they define it and the means to that goal. For example, many people are of the opinion that either the Demicans or the Republicrats are bad for the country. Or that they are OK, but the upstart independants are a bad thing.
Many times, government agencies have decided that a particular fact being in the news would harm national security. Watching how a group of poor black men died of syphallis while telling them they were recieving treatment was once defined to be in the interest of National Security (tm, pat. pend.) At one time citizens of Japanese descent were put in concentration camps in the interest of National Security.
The point is, when you're in power, it's amazing how whatever is good for you is 'in the interest of National Security'.
There isn't some super-secret multi-billion dollar slush fund to pay off spies everywhere.
Considering that their budget is classified, how do we know that? We do know that some people working in the private sector were paid well to engineer faulty crypto products for embassy use.
working unknown to their employer for the NSA
www.aci.net/kalliste/speccoll.htm
http://www.interesting-p eople.org/archive/199610/0041.html
Of course, you backed up my statement for me. Note that I do not claim that there is an ongoing operation, I am just pointing out that it isn't exactly unheard of, and that with congress and the public being kept in the dark, we can't say it isn't happening.
If you can find it, get a copy of "Puzzle Palace". Written by a fellow that retired from the NSA. It's got just about everything you ever wanted to know in it.
Hmm. Interesting:
./queso www.nsa.gov:8080 ./queso www.nsa.gov:80
wolff/queso-980922#
208.212.172.33:8080 * Solaris 2.x
wolff/queso-980922#
208.212.172.33:80 *- Linux-2.2.x or Freebsd.
-- Roger.
I'm floored by the credulity of some people. Time and time again the media expose the scams pulled off by our government's secret organizations and yet there are still people out there who still say to themselves and anyone who asks that they don't know what a secret organization does, but that they're certain it's beneficial and just.
It's sad that the citizens of democratic countries glory in their governments' secret organizations. Government organizations that keep secrets from the citizenry obscure the powers and actions of the government. But in a democracy, the government's power is lent it by the people. Its actions are authorized by the people. It is no less rational for the people to give up the right to observe what their government is doing with their authority than to give up the right to vote; the results are the same: the usurpation of their power.
Perhaps the nation's security demands that the government keep some secrets, but we permit our government to keep secrets from us only reluctantly and mindful of the threat to democracy that secrecy poses.
It's no relief that there are "only geeks," so to speak, in the NSA. One of the problems with our democracy is that too few Americans are willing to exercise their moral autonomy, to get informed, or to clarify and assert their values at the polls or in the workplace. In my experience, geeks are a little worse in this regard, on average. So we're probably a little worse off for there being "just geeks" in the NSA than spooks a la James Bond.
The African dyoung stays cool in its burrow during the daytime, coming out only at night to forage for food.
> Many spy thrillers have claimed there is another classification above Top Secret, without needing to shoot me, can you confirm or deny that? :)
SCI: Special Compartmentalized Intelligence.
It's not any more secret than Top Secret, but it has more stringent rules concerning its distribution. Having Top Secret clearance doesn't automatically clear you for SCI. It's the codified definition of "need to know". SCI information viewed on computers is done in a separate room on separate wiring where even the nearby water pipes are electrically isolated. Very secure stuff. But otherwise a well-known level of security.
The stuff more secret than that is the stuff that doesn't have a classification. It's the stuff the president or the director of the NSA or CIA says to another aide "don't tell this to anyone, ANYONE, got it?" In other words, pretty much all your extralegal stuff.
I've finally had it: until slashdot gets article moderation, I am not coming back.
According to Bamford's Puzzle Palace, the NSA employed over 68,000 people back in 1978, making it larger than any other US intelligence agency. With the increase over the last 21 years in telephone traffic, cell phones, the Internet, etc., and in the corresponding US law enforcement reliance on COMINT, that number must surely have grown.
So you're from Down Under. Ever heard of Pine Gap? Bamford describes it as being in the Australian interior some eleven and a half miles from Alice Springs. He described it as being a listening post, receiving information from NSA satellites, and eavesdropping on Australia, New Zealand, and southeast Asia. Another NSA installation Bamford describes is in the Woomera Prohibited Area, 600 miles southeast of Pine Gap. Bamford wrote over 20 years ago, though, so those operatios may not be operating today.
--JT
And there's also David Kahn's The Codebreakers which is a comprehensive survey of cryptology. And I do mean comprehensive: he goes back as far as 1900 BC, describing unusal hieroglyphics on the tomb of the nobleman Khnumhotop II in Mene Khufu on the Nile. From there, he works his way forward. I'm hoping to finish this kilopage tome sometime this year so I can move on to Cryptonomicon.
--JT
The president definetly should NOT ever have top secret clearance, unless in the case of war, where (s)he should be allowed to know everything relevant to the situation at hand. The presidential post is pretty much a revolving door. New presidnt every four or eight years. That's a security issue. Generals, etc... can and do recieve higher security clearances than the president, because it's their job, and #2, barring unforeseen circumstances, a high ranking military official last much longer than the president (in terms of staying in a role where they would need to have the clearances they do.)
However when I read this post, I was immediately reminded of Pine gap (etc.) and the fact that we (through the British) once effectively overthrew a duly elected Australian administration (ousting the PM) because he asked too many embarrassing questions about intelligence actvities at massive US intelligence installations in their own country.)
I just thought I'd provide that bit of background so his post could be properly appreciated (I hope that I haven't misread the Australian's intent) since I know thesefacts are not widely known in the US. We don't just mess with banana republics (Chile, Allende) or even 'darkie' NATO allies (Greece, where we actively assisted in a military overthrow of of a democratic parliament)
I say 'darkie' because, though many of the principals were unprejudiced and principled, the overall institutional outlook seemed to be -well, racist isn't quite the right word, but it's close.
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
"Grave Damage" is the definition of Top Secret in the U.S. security agencies.
:-)
"Serious Damage" is Secret, and "Can be expected to cause damage in some degree" is the weaselly-worded definition of Confidential.
Seems like we could classify nearly anything as Confidential if we wanted to.
Illegitimi non carborundum
I was a radioman in the USN with a TS/CRYPTO/SBI
ticket. I worked down in Key West in the mid 70's
at a receiver station. We ran most of the crypto
gear for comms at the base. Most of the crap the
NSA collects is total junk. We snooped Cuban broadcasts "TV, radio" typed it up and sent it to
FT. MEADE via TTY. Typing up Casro's 4 hour
speeches was not fun. Scan the net for FBIS, they
are a NSA front to collect overseas broadcasts.
The only time I had any real contact with a NSA
agent was for a lost key card on a KWR-37 crypto
unit. We set the key card down on a table and it
got stuck to the back of a clipboard that had a
wad of gum on it. You DON'T want to lose a card!!
If you do everone in the world useing that keylist
has to dump the correct card and use a spare. After searching for the card to two days we found it. I had visions of 10 years in jail during that
time.
In GOD we trust, all others we monitor.
Isn't satellite monitoring the responsibility of the NRO?
The NRO is responsible for visual spy satalites, i.e., pictures of things the enemy is doing.
The satalite stuff the NSA does is to intercept electronic communications (voice and data), so the NSA can monitor and attempt to decrypt enemy message traffic.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Undoubtedly, their charter mentions the benefit of the US and the US alone, but wouldn't it be cool if the effort could be expended (and the equipment and resources) working on something that will benefit everyone, not just those who have signed the right agreements with the US.
-- Evan Read
Linux -- "It is computing, Jim, but not as we know it"
"The future comes 60 minutes an hour no matter who you are or what you do." The Screwtape Letters - C.S. Lewis
I work in Natural Language Processing at my company, and I work on summarization software for them. It seems that it's difficult (damn near impossible) to keep up with the flood of information that is now available in the open. Never mind the encrypted stuff! I don't know what exactly is going on there, but they listen to everything they can. FWIW, one of my co-workers claims that they are very good about avooinding listening to anything involving a US citizen once they know they are. All I can say is that if they are doing something they shouldn't, well, most people in my department are also very strong advocates of strong crypto, and wouldn't trust anything that the NSA approves.
Anyway, he also once told me that when the movie Sneakers came out in 1992, the NSA actually issued an order to all its employees stating that under no circumstances were they to comment to the press or anyone else on the movie's validity (the movie deals a lot with the NSA). Apparently, the movie was very, very accurate in its depiction of the NSA, and even included quite a few details that had been top secret. And aside from all that, it's a pretty good movie, too. :)
Hmm,
Everyone at NSA is a nerd.
All nerds read slashdot.
Every reader of slashdot can be a moderator.
:. some of the moderators work at NSA
Think I better read those Anonymous (score:-1) posts:)
Almost amusingly, the government started thinking about regulating the distribution of manure fertilizer, because it was (supposedly?) a fertilizer bomb in that truck. The talk went nowhere.
My guess is that Congress started thinking about it, but realized that once they banned the slinging of bull???? that they'd be out of a job.
--The basis of all love is respect
I don't know if misclassification is a problem unique to the States or if it happens everywhere. But when you have a department of spooks, they often feel the need to classify information that has no need to be classified. Often, this information is embarrasing rather than strategic. Especially in the States, any government information that does not have to be classified has to be released.
The NSA itself is a secret organization. For a while, its mere existence was classified. Why? The US could have simply gone public and said "We are forming a National Security Agency, which will specialize in cryptography and counter-cryptography". How would that have caused harm to the States? Everybody assumed that this was happening anyhow, since we were code-cracking in WWII.
OTOH, there are a lot of secrets that we should keep. Look at the F-117 Stealth Fighter. The ability to keep that under wraps for so long until it was used in a war kept other forces from getting a head-start on developing countermeasures. Once it made a wartime appearance, we could publicly reveal the weapon, as our enemies had seen it already.
Currently, the NSA is so secretive that its entire budget is classified. I cannot imagine any need for an agency's entire budget to be classified. I can imagine a need for large parts, perhaps the majority, of the budget to be classified. But for crying out loud, how much are these guys spending on #2 pencils?. All that gives away is a clue into the NSA's headcount. Maybe. (Unless, of course, they are working on the dreaded pencil-gatling).
America needs to keep secrets. It needs to keep a lot of secrets. But it is keeping a lot more secrets than it has to, and thus a lot more secrets than it should.
--The basis of all love is respect
NSA is a very hardworking agency. If one wishes to tell how hard they work all one has to do is to check the parking lot at Fort Meade at about seven at night. I have done so. The lot is full of cars. It would seem to me that the media blows their involvement in gunfights and terrorist actions way out of proportion. NSA's main job is to provide the president with info, not go out and blow the world up. NSA still plays a very important role in what goes on in the country. They have their own advisor to the president, while some agencies do not like the DIA . I think we appreciate the work they do in keeping our nation safe far to little. I believe that we think like that because of the media. Someday perhaps, thier archives of records will be opened and we can come to a true understanding of everything they do for us.
Is it progress if a cannibal uses a fork?
I once met a guy at a Safeway store in Laurel, Maryland; which is perhaps at most 5-6 miles from NSA in Fort Meade. He could speak flawless Turkish, and his command of the language and his accent were probably better than most high-school educated Turks. We chatted for a couple of minutes only, and I asked him where he worked. He said he was working for the Dept. of Defense. He then cut the conversation short and told me that he had to leave, walked to his car with a Maryland licence plate and left.
I used to study at a university where NSA has a research facility disguised as an administrative building in a remote area of campus, and there used to be lots of NSA-sponsored grad students around. (University of Maryland, College Park) All of those students will tell you that they work for the Department of Defense.
Zigbee Central: A Zigbee weblog
I think that the best way for this problem to be solved, would be for a government agency to obtain a code breaking computer, and operate it publicly. It would require a warrent to use. Then they could encourge the use of strong crypto, at least dommesticly. Internatioally would be a bigger problem, but it the millitary operated simillar machines in the public eye, it may work.
The problem with this is that it would require the NSA to admit they have the technology to crack strong crypto (granted that they can, but with their budget and personal, it seems likely). It would also stir up many paranoid people, who would only see it as more evidence that their being watched.
I know many paranoid people would consider this even worse, i think that it would be a huge step forward. I would hate to see a child molester get off because he encrypted the photos that he took and then just got rid of the key.
Anyone remember the Hunt for the Red October? And its send-back to the authour for rework?
That book offers a lot of insights in to who is really in charge in the US.
In Canada, we have CSIS. Noone ever seems to have even heard of CSIS. (Canadian Security Intelligence Service), and they keep getting in trouble with the mounties. A couple of years back, they were informed by the RCMP that they did not, in fact, have the authority to use wire-taps without a warrant and permssion from the RCMP.
The RCMP, on the other hand, afaik, does do internal spying, to make sure no one is doing spying on our country. (Like Canada has any military secrets, anyhow.)
The NSA, from what I gather, is a bunch of laptop toting geeks who are endlessly obsessed with breaking codes, tracking technology in foreign countries, know who's doing what, when, and how, and reading slashdot.
They are secretive, but I can't think of a government agency, of this nature, in any country (KGB anyone?) that actually tells the country what they're doing.
Its not in the government's best interest to spy on its own citizens and not tell them anything that they are doing. The populous is a gigantic mind that has been taken by social darwinism, and has an interest in protecting itself. It builds itself a government to protect it and choose what to do to get to that end. The NSA is just a reaction to this. It is there to figure out who is doing what, when, and how, that could possibly jeapordise the safety or survival of the populous. It is _not_ there just to see if they can break code.
To them, seeing someone using stronger encryption sends a flag to them saying 'I wonder if this person has something to hide" and they want to make sure they don't.
Just my $0.02 (add GST if in Canada)
OFTC: By the community, for the community
Um, not that I like getting off topic even more, but have you ever heard of reaganomics? Reagan was a supply sider who relied on unproven, wishful economic policies that ulimately hurt the economy. He believed in big business tax cuts -- while cutting goverment spending -- hoping that it would take a turn for the business cycle. Well unfortunately, cutting goverment spending while cutting taxes for big businesses, is more like a trade off. They both offset each other, leaving the economy where it was before. If anyone here has ever read any keynesian literature, they would know that much government spending is automatic stabilizers such as unemployment insurance and welfare. The problem with stagflation (higher prices[inflation] and lower output), however, is that you dig yourself a hole that is hard to climb out of. Therefore, it's a good thing that sound keynesian economists like greenspan are in power today.
In times of economic prosperity, where inflation is starting to show its ugly face in the gdp deflator or core cpi, it's smart to raise interest rates and cut government spending. Just as it's smart to increase government spending and decrease interest rates during the dips in the business cycle. Yes, general economic theory does state that as inflation rises, so will employment. However, fiscal and monetary policy have to be working and reacting in the first place to adjust for unknowns such as high rising oil cartel prices (happening now as in the 80's)-- otherwise you get big dips and peaks in the business cycle.
----------
My NSA?
;)
Kinda like the Springfield Nuclear Power Plant where Homer Simpson works. Lots a little switches and do-hickeys. All scientific. Everybody is a phony. High security sure, but layed back work.
They definately have doughnuts and vending machines. O ya, and they crack code nobody else can. But who care about that?!?
And the biggest parallel of them all? -- Evil Bosses...
Mr. Burns = US Goverment
:p
-----
While I was still working for the Treasury Department last year, I was asked to do some research on certain technology businesses, but the one article that caught my eye was about the number of people from the NSA who were leaving to go work for RSA or Netscape or such designing crypto systems from 3x what they were making at the NSA. One of the comments was from a guy who had worked at Ft. Meade before leaving, and had mentioned that while there was nothing like being launched off the deck of an aircraft carrier (I would assume on an E-2 Hawkeye), he was enjoying his new job (and extra money) even more. The article made a point of mentioning that the NSA was having a hard time keeping people on after the usual four-five year stints they spend out of college. They'd get experience working on crypto for the government, and then when the time came they'd jump ship to go work in the private sector, and this had become a bit of a problem even to the point of NSA starting to offer even more money, but they just can't compete. It reminds me a lot of the numerous people I know who have left the military or just the numbers of people leaving the military because the rest of the DoD is investing so much in things like the F-22 that they can't afford to pay (opinionated) decent salaries to the guys who actually work on the tech.
Just kidding Gary...if in fact that is your real name, after all, Anonymous Coward is my real name. wait a sec,some one's knocking at my doo ~h?#~~~~DISCONNECT
When my dad was in Vietnam (5th Special Forces) his team was under the direction of the NSA and he answered to them. So I don't know if the NSA carries guns themselves, but they can control those that do. Their charter (or whatever), Executive Order 12333 of 12/4/1981 states "The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests." To me, this would indicate that they can proform "operations" to gather information for "national security interests". Sounds like employing spys to me. FYI: my dad's missions involved being in countries that the US was not supposed to be involved in doing recon.
Probably true, but they do have field agents; what sort of activities these guys do is anybody's guess. One interesting piece of trivia is that the first American casualty in Viet Nam was an NSA agent posing as a USAF SSgt.
They're also doing some of the leading work in things like computerized face recognition. They've already got this working surprisingly well, and claim that it's far more accurate than a fingerprint. 'Course if they admit that much, who knows what they've actually got going there; maybe it can guess your weight too. ;)
The most interesting thing to me is that they have their own fab; they can design and build all the custom chips they want in house. I'd be willing to bet they've commited some sweet things to silicon in there. It's also interesting to note that they say the fab is for designing chips for the purposes of encryption, not decryption. Personally, I wonder how big a wink comes with that statement.
I never said this was a fact, and I even said that this is _NOT_ a conspiracy theory. All I was stating was that I thought it was weird that she'd know shitloads about everything else, but when it came to PGP specificly she wouldn't answer any questions. From her reaction, I got the impression that there was something else going on other then her just not knowing. In fact her answer wasn't "I don't know" but rather "I can't discuss that" (not verbatum). I probably should've said this earlier though ;)
As A Class Level C security holder, I must now take all of you in custody. You have discussed a three letter anacronym that shall not be observed without the proper clearance, which we all have not * since the reason why I have not said ...SAID anacronym *
Seriously folks, my father and I have both worked for the intelligence community, and it is NOTHING LIKE we see in the movies.... Especially the NSA,
Picture a bunch of tie-dyed dead-head ( oh Hell forget the stereotypes) THEY ARE GEEKS JUST LIKE SOME OF US!!!!!!!!!!!! they just have better paying jobs with more security concerns than the average BOFH (like me)..... Like DLR said on "Everybody wants some"..... " come on guys.... Gimme a break "
-- Life: Hate the Game... Love the cereal
They also said that it was able to brute force a regular unix password in less than a second!
:-)
A modern day PC can brute-force a typical UNIX password in under ten hours. Far less for a password based on a dictionary word, etc. Put a supercomputer on it, and I'm sure it won't take long. This is why we have shadow passwords...
I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it
More likely, she just didn't know. The biggest misconception people have about large government agencies is that they function as a single unit. That is contrary to one of the most basic rules of security -- unless you need to know, you don't.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
If you're interested in the NSA James Bamford has done a great job writing a history of No Such Agency, _The_Puzzle_Palace_ It doesn't have the latest developments (written in the early 80's) but it's about as good as I think you can get being on the outside.
They also have a homepage: http://www.nsa.gov:8080/
The NSA is an organisation designed and designated to, in secret, subvert both American and non-American privacy and freedom for the larger cause of "national security" (and to some extent even some international security).
... you know the cliche.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
However, national security is a thing of the past. What threat is their towards american national freedom? Really?
There is only one enemy left, and it is only as dangerous as we are letting it be (for reasons of commerce) and actually more interested in the continued repression of its own people then anything to do with us (hmm, I wonder if Chinese people can access Slashdot... and if they do??).
Instead, the entire intelligence community, which, no doubt, is undemocratic in the very secrecy of its nature, has gotten so happy with its own unbarred existance that it just is not about to let go. To some extent they try to justify their actions in the public eye by speaking of the horrid, but largely imaginary, terrophiles from which they are keeping us and our children safe, but to an even larger degree they don't need to defend themselves. Shadow organizations like the NSA already have their claws so deep in the bumbling, populistic, corrupted to the bone political climates like Washington, that they simply are not under any threat at all.
SAFE will never pass. The NSA knows it, we know it.
What I wonder about, more than anything else is: Where does the NSA find new mathematicians?
They are the largest employer of mathematicians in the WORLD, meaning they are picking the best and brightest of maths majors like me right out of university and using them in a work that is shifting from subverting the freedom of people to the useless struggle to keep an organization with no use alive.
Why do people do it? As I see it, it must either be ignorance or cynisism. Either because they, like the scientists who worked away building bombs and rockets for the Nazis, are too enclosed in their work and research to look even one second at what they are doing, and who they are doing it for.
Or, because they share the simple, yet dark, conviction that a free society needs to be schimera in order to exist. That man kind simply isn't capable of being free without destroying itself. That out of arrogance for people they are doing them a favour by deciding their lives for them.
And maybe they are right. But then I say we might as well let things take their course. Give me freedom or
-
> The RAND Corporation's Netwar report, prepared
> for the U.S. government, recommends that the
> govt assists repressive governments in defending
> themselves in struggles over their reputations,
> and that repressive governments can do this with
> a variety of dirty tricks and covert operations.
You obviously didn't read the summary... The
whole point was that a repressive government was
vulnerable to a netwar if and only if it is:
1. In a state of political flux
2. In the process of opening up political freedom
3. Requiring greater world participation in its
economy.
Thus, only states which are becoming more
liberalized, with greater personal freedoms and
are starting to actually participate in the world
economy and wish to benefit from international
trade are vulnerable to this sort of attack.
Looks to me like the whole concept of a netwar is
empowering a minority to harass a (silent?)
majority. Hmmm...
So... A radical revolutionary group who wishes
to overthrow a burgeoning democratic government
starts a netwar and sets them back 10 years
because there's so much apparent trouble in this
country that nobody wants to do any business with
them. Thus, even though it is the growth of freedom in such a country which provides the
tools necessary to do public damage, and
Don't like my sig? I don't either.
I'm sure the NSA is far less scary than Hollywood would have it, unless you happen to be on their short list anyway.
I guess the major question in my mind is the degree of autonomy they may have. Presuming they are effectively reviewed and controlled by our government and not a hidden branch of it, there's not much more to fear there than with the military. Just make sure the politicians don't use them inappropriately. How you can do that without knowing what the NSA is up to is an interesting question however. Amounts to electing those you trust, which leaves some of us a little unsatisfied.
In view of the lack of normal feedback over operations I consider a distrust of the NSA a healthy thing. If they tried something really horrible, and it got out, people would believe it. You might consider Echelon an example. So they have to be a little careful, both in their security, and not doing stuff that's too embarassing if they get caught, because eventually, everything that's really juicy leaks.
I can corroborate your view- I attended Presidential Classroom in summer of '97- our program coordinator was "flag"-level clearance at teh NSA. (if you don't know, maybe you don't want to) We had a walking tour of the facilities, and this much I can tell you- #- The NSA is the #1 recruiting center for "theoretical" mathematicians (number/ring/field theory, abstract/linear algebra, analysis) in the world. (approximately 70% of the talent pool) Read their recruiting page (easy enough to find)- at least the NSA realizes that pure mathematics eventually advances all of technology. #- Where we visited, the people were quiet but friendly: to sum up, there are numerous signs with 50's-style comic-book people waving their fingers and saying "Remember, no confidential talk." #- The NSA is an impressive R&D dept. in their own rite outside of cryptography- the projects we were "allowed" to view included: high-penetration PCMCIA wireless-LAN (at the time of my visit, 1000 yards through concrete and steel); fingerprint pattern recognition via embedded systems about as big as a credit card (dead serious- we were told to expect it to be a standard in about 4-5 years);and finally, natural language recognition that gives Dragon Naturally Speaking (?) pause. (so far, Spanish, Japanese, and certain dialects of English are recognized) It's an impressive facility, and I would encourage anyone who wants to know more to take the tour- there ARE certain things that the people who work there can tell you about. Not EVERYTHING's top secret.
Are the ones we catch. The ones who get nominated for Darwin awards. The ones who fail.
You will never see a smart criminal because they don't get caught. They get elected for office, own corporations, control institutions, etc. They figure out how to use the system to their advantage.
They probably aren't that different than successful businessmen, excepting that successful businessmen also, as a side effect, benefit the country, the people, or the economy.
-AS
-AS
*Pikachu*
The NSA may just be a bunch of geeks, but the power of geekhood may be used for good or for evil. Don't forget that Hitler had a huge crypto department, too, with Enigma and all. Just because an organization employs geeks doesn't mean that they're doing things true geeks/hackers would approve of. It just means they require skills that only geeks have (math & coding primarily) and are willing to pay for those skills.
Crypto in the hands of the mafia, or kiddie porn peddlers, does society no good. Crypto in the hands of honest citizens who value their privacy does society no harm. It's a shame that the NSA, the treasury department, and our government have taken the first as a reason to hinder the second.
I am the king... of No Pants! www.penny-arcade.com
---- aut viam inveniam aut faciam
In fact.. based on this model of what the NSA is and isn't... many of the people reading this are members of the NSA... /. is afterall 'News for Nerds'.
NSA MONDAY MORNING {at the coffee machine):
NSA AGENT 1: Hey guys, did you check out slashdot over the weekend?
AGENT 2: No, I was installing Mandrake 6.1 and I coulnd't get the darn ppp connection up..
AGENT 1: Well check it out... they're on to us.
/* CDM */
hi, i'm neko, and i work for the nsa. (crowd replies "hi, neko")
:) ). we aren't freaks, and i can attest that we're not all brainiacs (don't make me recall some bad examples *shiver*)
seriously, i'm a korean linguist, and while i put on an air force uniform to go to work, it's the nsa which really calls the shots. although i've not worked in the nsa headquarters in maryland (i don't plan on it either, since it just means getting bounced back here to korea every other year, and korea's not bad anyway), i can tell you what i know from my perspective (well, not all of it, of course).
to be honest, what we do we regard as Just a Job. granted, a deadly serious job, but that's as maybe, it's still a job. we don't go around talking spy talk or codewords, i've never met agent 99, we don't hack into you computer at night, and we spend more time than any of us will admit irritating each other with stupid practical jokes just like everyone else (we locked our flight commander in a phone booth the other night, that was a sight
as for specifically what we do, i of course can't say much about it, but suffice to say that no, we don't spend our time spying on americans, or south koreans for that matter. in fact, there are quite explicit guidelines about making damn sure that we don't. as for the 'black helicopter' conspiracy perception of the lot of us, i have to say it's pretty much bogus from what i've seen. personally i thought the earlier story regarding bar codes with social security number being placed on high school students to be far more disturbing than anything i've seen here. we sure the hell don't do anything like that.
in short, if you don't believe anything i've said here, and hate us because of some book you read or something on dateline, then fine, that's not our job. just remember that our job is to help prevent wars, and help minimalize the loss of american lives in case one breaks out, and i think we do a damned good job of it. i know south korea is happy to have us here (and they do know exactly what we do, sicne we work with korean soldiers side by side), even if you're not.
-- the opinions stated above aren't those of my employer. in fact, they're probably not even my own. you know what, ju
From what I know (based on a Discovery Channel program) they have their own chip manufacturers in their main headquarters making processors for a warehouse-sized supercomputer submersed in a non-conductive coolant (which is located in the basement). They also said that it was able to brute force a regular unix password in less than a second! Thats 30 Years of computing time for those of us with a pentium.
A woman from the NSA recently came to give a colloqium for the math dept at my school. One of the things she talked about was cryptography and why the NSA doesn't like us having large keys. One of my questions was why the NSA has never (as far as I know) attacked PGP. I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it (maybe some type of multiplication by a number). I've been speculating ever since.
I used to work for a USAF contractor developing COMSEC (communications security) accounting software. I can tell you that that primary role of the NSA is making and breaking cryptography. (If you want to speculate wildly on secondary roles, be my guest.)
Ironically, the two parts of their major role are polar opposites. On one hand, the NSA researches new crypto systems, evaluates and approves third-party (i.e., commercial) crypto systems, generates and distributes key, and provides infrastructure to keep all that running.
On the other hand, they are constantly involved in trying to break enemy crypto systems -- providing COMINT (communications intelligence) and SIGINT (signal intelligence) to the rest of the government. They're generally not involved in classic Hollywood "spy stuff". They don't have agents (ala James Bond), domestically or abroad. That's the domain of the CIA.
To the people in the field, the NSA was a source of bureaucracy and paperwork, but did not inspire much fear. The expansion "National Stupidity Agency" was far more common then "No Such Agency".
Which is not to say the NSA is not extremely paranoid. It is. The rules for EMSEC, COMPUSEC, and the like are a royal pain in the you-know-what. The NSA invented them all. But there is nothing "secret" about those rules.
Incidentally, the NSA is trying to get out of the business of generating and distributing crypto key, because it is damn expensive and rather impractical. They distribute over something like 200 tons of crypto key annually. At the same time, however, they want to maintain full, draconian control over everything. The resulting conflicting efforts would be amusing if my tax dollars weren't paying for it.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
For example, Ronald Reagon in the early 1980's purposefully caused the recession at that time. Inflation was at 14% and getting worse. According to economic theory, you should be able jack up interest rates, throw millions of people out of work, and within a year the economy will recover, but resume at a much lower inflation rate.
As it turns out, Ronnie was right. But try explaining that to the people at the beginning of the recession who lost their jobs. I'm sure if they really understood how much control the government has over whether or not to force the country into a recession, they would be majorly pissed off.
Likewise, consider US cryptographic export restrictions. While its theoretical purpose is to make it easier for the NSA to spy on foreigners, it has the weird effect of reducing encryption within the United States. The average person in the US uses 40-bit encryption. Lots of products (such as the new AirPort wireless LAN) use 40-bit encryption because of this, even within the US. I think the government really does understand that export restrictions really have an effect on the encryption used by their own population.
On the other hand, I like low-inflation, and I also like the fact that I personally have easy access to 128-bit encryption but that the average stupid criminal doesn't. In other words, I think I like conspiracies. :)
My grandfather was an agent of the NSA, and so I know a little bit about it, but most of my knowledge comes from everyone but him. He never really talks about it, but I have to wonder what a WWII vet and a NSA employee would think of Cryptonomicon. I know for a fact that he's good with simple cryptosystems, even though we have no knowledge of him ever working in that field. We (family members) believe that at later stages, he was mostly administrative, working on intercepting transmissions.
:)
The NSA is really an outgrowth of what was known as the Army Security Agency, in which he spent a lot of time doing something involving lots of radios and the Philippines [intercepting foreign communications]. The NSA and ASA both exist now, but apparently the NSA is essentially a workhorse agency, taking orders [more like kind requests] from the other cloak-and-dagger types. They have two basic functions, those being to monitor the world's radio traffic [if one visits Fort Meade, Maryland, they will note the large geodesic bubbles on the tops of buildings; apparently the purpose is to obscure the directions their satellite dishes point, for obvious reasons], and the other being to decrypt everything in sight. At the same time, they do advise the rest of the Executive Branch on matters of systems security and in the past, have worked on developing secure cryptosystems ["in the past" because one has to wonder whether the private sector is outpacing them in that respect and rendering those efforts outdated] and implementing them.
As far as what the "real" NSA is like, I suppose it's always been a very real phenomenon for me, and I have never really had any illusions about what they do... it appears to all simple inspections that what they do is exactly what they claim to do, except that now, they have been forced to react to the internet, and have thus extended their resources in that direction. However, at least as far as bursting in anywhere, guns blazing, I think that's most likely the last thing they've ever been involved in. The most clandestine thing I can see the NSA doing is setting up big radio antennae inside sketchy little huts in the jungle. Fun
This thread seems to say "the NSA are technocrats".
Our tax dollars hire them to spy on everyone outside the united states and find the connections between all sorts of people, their bank accounts, their friends, political and commercial organizations. They may or may not be spying on Americans as well--they have stone-walled the U.S. Senate on the issue of Echelon.
> I've heard some say they are the biggest
> collection of brains in the US. I think that's
> probably true, except for maybe RAND.
The RAND Corporation's Netwar report, prepared for the U.S.
government, recommends that the govt assists repressive governments in
defending themselves in struggles over their reputations, and that
repressive governments can do this with a variety of dirty tricks and
covert operations.
If these recommendations are being carried out, and I have seen some
evidence to suggest that they are, I suspect information from Echelon is
being used to destroy human-rights networks.
I personally believe NSA intelligence filters from
the NSA => the U.S. Army =>
to the Columbian army => rightwing paramilitary
If the NSA's powerful data collection capabilities have been used in this pursuit, American money is [indirectly] responsible for the the blood of, for example, Columbian and Mexican peasants killed by pro-military paramilitaries.
Merlin
Gary, care to expand on your visit to the NSA? Here's my story:
In '95, I visited the NSA and the National Cryptographic Museum (adjacent to the NSA headquarters). I didn't make it past the barb-wire fence at the NSA, but I did encounter a few spooks.
The front gate was unattended, so I drove right in and parked as close to the big black monolith of a building as I could. My friend and I began to make silly poses and take lots of pictures, joking that we probably weren't the only ones taking photos of us. A man in a white shirt and black tie (think Michael Douglas in Falling Down) approaches us: "Are you lost?" Without waiting for an answer, he briskly walks away. We jump in the car and head to the museum.
A group of Marines were on some sort of field trip to the museum. As they exited, an officer was giving them coffee cups with the NSA seal on them. Wearing my "Clipper Chip Inside" t-shirt, I approached him and asked how I might get one. After a few minutes of "you punks don't know the reasons the world needs the Clipper Chip...to tell you would be a breach of national security," he agreed to sell me one for $8 cash.
So, no real MIB-types. But there's certainly a spook mentality around that place.