The issue here is the conflict of interest. They now have an incentive to hoard 0days instead of having a moral responsibility to responsible disclosure. We pay for them (the gov't) to discover these things, and then they fail to protect us when they know full well they exist.
IMO they should have to disclose 0days and using them between disclosure and patch is an ethical grey zone.
I saw many in the infosec community cheering on the alphabet gang re qakbot takedown.
The alphabet agencies have proved time and time again they cannot be trusted with this type of power. Yet federal judges and secret courts continue to rubber stamp.
At what point does this start being used to wipe the trail of other agencies malicious actions via foreign proxies? How do we know, with this level of unprecedented access and overreach that the FBI isn't going to quickly become the domestic clean sweeper for all other bad acting agencies chartered for foreign surveillance and activity?
That's pretty much nonsense. You're making a claim the foreign intelligence agencies are already illegally acting domestically, but you've somehow conjured up that cleaning their tracks is a redline of illegality they won't cross? Doing illegal things means you're more likely to cover your tracks-not less.
And then, the answer to your question is the same as it's always been. Inspectors general. Congressional oversight, both routine & impromptu. The various civil liberties offices created post 9/11 that you've been ignoring. Journalists and foia. And last but most important: God forbid you go out and vote
‘HalJordan largely responded to your debatable points, this reponse to him is largely attacking ‘halJordan themself. Thats not really appropriate commenting for HN.
Except that many of these oversight things have been toothless or rubber stamps (see Snowden revelations). And WRT go out and vote, these issues have continued to degrade under both major parties. Unless you're advocating independents, in which case there's a hard discussion about the effectiveness of that...
Utterly horrible idea that 100% will be abused. Look at the hundreds of thousands of illegal searches FBI did just last year or the outright lies on some high profile FISA warrants or the intimidation the FBI had been engaged in of late. One minute it’s fighting a botnet next minute it’s illegal collection or worse. This must not happen in any form.
I wonder what the FBI has for running on linux/unix? I'm sure the FBI budget allows the means to create a botnet for any OS, but the easiest thing to do (maybe) would be to stop using windows..?
If you look at the Vault 7 leak (which is probably NSA) the Linux stuff seems less advanced than the Windows tools. In conjunction with infosec people being mostly Windows junkies, my guess is the FBI Linux tools aren't as effective as their Windows tools.
It's a giant leap to conclude that they used this outside of infected machines. There's just no reason to do that. If the assumption is that they would do so to spy on civilians, then it's just as obvious to assume they were doing that already with far better tools.
Why the downvote? You have evidence that they definitely used this tool or that it's somehow better than other tools? I'd be interested to read about how you know that.
20 comments
[ 3.7 ms ] story [ 111 ms ] threadIMO they should have to disclose 0days and using them between disclosure and patch is an ethical grey zone.
I saw many in the infosec community cheering on the alphabet gang re qakbot takedown.
The alphabet agencies have proved time and time again they cannot be trusted with this type of power. Yet federal judges and secret courts continue to rubber stamp.
And then, the answer to your question is the same as it's always been. Inspectors general. Congressional oversight, both routine & impromptu. The various civil liberties offices created post 9/11 that you've been ignoring. Journalists and foia. And last but most important: God forbid you go out and vote
If you look at the Vault 7 leak (which is probably NSA) the Linux stuff seems less advanced than the Windows tools. In conjunction with infosec people being mostly Windows junkies, my guess is the FBI Linux tools aren't as effective as their Windows tools.