Would the NSA prefer to have these dumps be vaguely attributed to an insider?
I wonder if they would because any mistake in handling data calls into question their competence which calls into question their ability to keep that big database safe. The one with all our call records, etc.
The (mainstream) Snowden narrative was one of disgruntled employees and treason. The contents of the leak drove some muttering about NSA regulation, but the nature of the leak didn't. It just led to a lot of calls for "internal whistleblowing", which has been repeatedly proved useless.
Enemy action, by contrast, doesn't support a focus on the attacker. Nobody expects Russia to play nice, and nobody can realistically suggest 'discouraging' state powers from hacking and leaking. The tools will be misused (from a US government viewpoint) since the new owner has US-unaligned goals. The only barrier left is security, which appears to have failed.
If insiders leak details, then it's just a conversation about what the NSA does with its tools. If foreign powers get those details, then the "reveal and patch" crowd is bolstered by the knowledge that outsiders are using the same tools.
I do! I expect Russia, China, the US, the UK, Australia, and even places like the Middle East to play nice when it comes to their Intel services.
Why? Because I expect them to be staffed by exactly (precisely) people like you and me and the people reading this forum, and I believe there is an incentive for the intelligentsia to completely ignore all political things and simply be awesome stewards of a safe world. In fact, I think that there should be a secret conspiracy by every single intel worker worldwide to band together online in a meta-community. I think they should state in this very forum (HN) if they are being asked to do evil - such as in reply to this comment - because they're part of this meta-conspiracy.
I don't think this is hopelessly naive because I can say with certitude that there are people reading this from intelligence agencies all over the world. Why wouldn't they?
I expect this to be viciously downvoted and I don't care. I think I'm on the right side of history and I think that the people who expect these geeks to wage war on each other are on the wrong side of world history.
It's very black and white. (The reach and extent of the activities of these respective services is a different matter entirely and not a subject of this comment.)
I don't think your comment is naive. Given some basic life necessities and niceties such as food, shelter, personal freedom, financial security and access to social services, most people would rather do the "correct" thing and think of a global benefit rather then a state benefit. But when the state is the entity providing those necessities in the first place, on the condition that you switch around those two priorities, then the number of people willing to do the "correct" thing drops off significantly.
Now if those people can be assured of anonymity in their actions and safety from persecution by the state while still receiving the benefits of the state, the number goes up again by some percentage.
Many physicists didn't want to work on nuclear bombs but they were convinced to help develop it because they were afraid other scientists with even less ethics would build one first. It only takes one Leo Szilard to ruin it for the whole human race.
That story is an excellent read - first hand accounts of the Hiroshima bombing. I'd forgotten the article existed - I seem to remember it being released for free in the last year or so? Thanks.
What you're missing is that people respond to incentives on a local scale, not a global scale. As in, people want to satisfy their managers in order to get paid more, not cure global warming or whatever other lofty goal that would benefit all humanity.
You're presuming that a member of an intel service views "the correct thing" from the perspective of the whole human race, rather than from the perspective of their specific nation-state. So I think that you are hopelessly naive.
Well put. People talk like Kissinger was a lunatic, but his actions made a lot of sense if you value American success much higher foreign wellbeing. There are plenty of people doing intelligence work in the sincere belief that they're right and the internationalists are wrong.
I don't think this is hopelessly naive. History is filled with brave insiders who stood up for what was right. And this doesn't necessitate career suicide.
Oskar Schindler, Daniel Ellsberg, and Smedley Butler are some notable examples within the 20th century.
On a smaller scale, internal pushback has changed policies in government organizations and corporations. It is not always possible, but proposing an alternate, less-destructive method of accomplishing an organizational mission is one way to achieve this.
I think the best example of this in action is Stanislav Petrov, who defied protocol to launch a retaliatory nuclear strike against the Americans. It turned out the alarm was raised by a fault relating to weather conditions.
One country's/government's definition of "nice" may vary from another's.
I somewhat agree with your point, but note that these people are enforcing the will of their country's top leadership. And the Russian government has every reason to not play nice with the US government.
I actually wouldn't be surprised if NSA is one of the "nicest" intelligence agencies out there, though. Relatively speaking.
It's hard for the US to express anger that the Russian government's secret services hacked America secret services to steal the tools the American government used to hack other governments...
Precisely. If it's just internal dissent, then you can say "the tools would be safe with us if not for these whistleblowers!" When it's your exact counterparts in another country robbing you, there's not much to say except "oops".
Makes sense. A bit like how during Stalin's regime and later, there was a lot of emphasis on enemies of the people, on saboteurs, capitalist spies and so on.
The idea was it could effectively explain away the internal inefficiency, waste, stupidity, corruption and bureaucracy as everyone can point to and say "See, we can't have nice things because we have traitors in our midst"
> No team of “hackers” would want to piss off Equation Group this much. That’s the kind of cojones that only come from having a nation state protecting you
I like that part. Yes, don't make the middle aged dads from Fort Mead angry.
Yeah, not only would they be willing but it practically be what they existed for. I think your typical black hat has very different weights on risk and reward for these sorts of things than your typical software engineer; hence why they went the life path they did.
...and your typical blackhat is not Lulzsec. I suspect that the media-hungry blackhats are the tip of the iceberg. No surer way to getting a taskforce assigned to finding you than doing high-profile media stunts (ask DPR), most hackers don't want this, but some clearly do.
EXACTLY! This is what they were trying to prove that if you think you are that good but do not practice good hygiene you get what you get. Who wouldnt want to drop that on the NSA who is trying to prove they are protector of the USG but can't protect themselves.
It's probably more along the lines of the vast majority requiring Title 10 authority. The military operators performing the work on average would be younger. 25-35 is probably the norm. Most at that age would move out of the govt. to higher paying contracting positions or into leadership roles.
Lots of people are talking like it's a political move, insiders, super team hackers... but imho this is just to level up the game.
Pretty sure that this tools are know to the NSA to be leaked and probably saw a small guy using this therefore they release the stash of the most "shared" tools to the general public via this charade and the small players start again from zero and the big league players (equation group) can dominate the the field again with his 0-days.
Well if i were part EQ and saw my exploits leaked somewhere else, this is what i will personally recommend doing, to level up the game and meanwhile let's blame russia so my job is secure (finding exploits in TAO) and to keep out of the game the small league players (HackingTeam, NSO, FinFisher, et al).
If I want Cisco to patch the vuln that some small player is exploiting, I can think of better ways to accomplish that than publishing the exploit myself.
Like what? normal disclosure or leaking the exploit to big guys like taviso? nah this won't do shit... cisco will patch and charge you his "premium membership" to download updates and sysadmins won't update now that shit hit the fan and the average kiddie can, cisco will be forced to release the update as free (to protect his stock) and sysadmins will be forced to update asap.
I'm a little naive when it comes to this sort of tech, but does anybody else wonder if this leak could be a notice from the Russians that they do, in fact, have all of Hillary's emails?
39 comments
[ 0.17 ms ] story [ 1514 ms ] threadI wonder if they would because any mistake in handling data calls into question their competence which calls into question their ability to keep that big database safe. The one with all our call records, etc.
The (mainstream) Snowden narrative was one of disgruntled employees and treason. The contents of the leak drove some muttering about NSA regulation, but the nature of the leak didn't. It just led to a lot of calls for "internal whistleblowing", which has been repeatedly proved useless.
Enemy action, by contrast, doesn't support a focus on the attacker. Nobody expects Russia to play nice, and nobody can realistically suggest 'discouraging' state powers from hacking and leaking. The tools will be misused (from a US government viewpoint) since the new owner has US-unaligned goals. The only barrier left is security, which appears to have failed.
If insiders leak details, then it's just a conversation about what the NSA does with its tools. If foreign powers get those details, then the "reveal and patch" crowd is bolstered by the knowledge that outsiders are using the same tools.
I do! I expect Russia, China, the US, the UK, Australia, and even places like the Middle East to play nice when it comes to their Intel services.
Why? Because I expect them to be staffed by exactly (precisely) people like you and me and the people reading this forum, and I believe there is an incentive for the intelligentsia to completely ignore all political things and simply be awesome stewards of a safe world. In fact, I think that there should be a secret conspiracy by every single intel worker worldwide to band together online in a meta-community. I think they should state in this very forum (HN) if they are being asked to do evil - such as in reply to this comment - because they're part of this meta-conspiracy.
I don't think this is hopelessly naive because I can say with certitude that there are people reading this from intelligence agencies all over the world. Why wouldn't they?
I expect this to be viciously downvoted and I don't care. I think I'm on the right side of history and I think that the people who expect these geeks to wage war on each other are on the wrong side of world history.
It's very black and white. (The reach and extent of the activities of these respective services is a different matter entirely and not a subject of this comment.)
Now if those people can be assured of anonymity in their actions and safety from persecution by the state while still receiving the benefits of the state, the number goes up again by some percentage.
[1] http://www.newyorker.com/magazine/1946/08/31/hiroshima
Oskar Schindler, Daniel Ellsberg, and Smedley Butler are some notable examples within the 20th century.
On a smaller scale, internal pushback has changed policies in government organizations and corporations. It is not always possible, but proposing an alternate, less-destructive method of accomplishing an organizational mission is one way to achieve this.
I think the best example of this in action is Stanislav Petrov, who defied protocol to launch a retaliatory nuclear strike against the Americans. It turned out the alarm was raised by a fault relating to weather conditions.
https://en.wikipedia.org/wiki/Stanislav_Petrov
I somewhat agree with your point, but note that these people are enforcing the will of their country's top leadership. And the Russian government has every reason to not play nice with the US government.
I actually wouldn't be surprised if NSA is one of the "nicest" intelligence agencies out there, though. Relatively speaking.
It's hard for the US to express anger that the Russian government's secret services hacked America secret services to steal the tools the American government used to hack other governments...
The idea was it could effectively explain away the internal inefficiency, waste, stupidity, corruption and bureaucracy as everyone can point to and say "See, we can't have nice things because we have traitors in our midst"
I like that part. Yes, don't make the middle aged dads from Fort Mead angry.
might as well consider them government provocateurs.
Generally, "hacking groups" that have picked fights with the USG have a somewhat spotty track record of retaining their freedom.
How does that work? Are older employees promoted away from this work into management? Is there an age limit to joining the hacking organization?
Well if i were part EQ and saw my exploits leaked somewhere else, this is what i will personally recommend doing, to level up the game and meanwhile let's blame russia so my job is secure (finding exploits in TAO) and to keep out of the game the small league players (HackingTeam, NSO, FinFisher, et al).
Don't meet trouble halfway.
You are entitled to your own opinions but not your own facts
There are two kinds of problems: yours and mine and this is not mine
I'm a little naive when it comes to this sort of tech, but does anybody else wonder if this leak could be a notice from the Russians that they do, in fact, have all of Hillary's emails?