39 comments

[ 2.8 ms ] story [ 78.0 ms ] thread
Multinationals that give preference to one nation's TLAs have no right to complain when they're penalized for being preferential.
Once again the meme that China was hacking to find dissidents was a lie for propaganda purposes, and the actual motivation was to see who the USG had wiretap orders on, to see if any of China's own spies had been burned.

But, it makes China sound evil when you tell the public that they are doing it for human rights reasons.

http://www.washingtonpost.com/world/national-security/chines...

If you know anything about China activities in Tibet, you would know that China IS evil.

Its important to remember that unlike China or Russia, the US government is tame in comparison with how it handles dissidents.

Guantanamo is bad but nothing in comparison to the political prison camps across China.

No one wants to live in a county where something as simple as an online comment will make you disappear in the middle of the night. This is what we want to keep America from becoming.

There is a list of over one million "missing" Tibetans. A common crime: possessing a picture of the Dalai Lama.

<quote> There is a list of over one million "missing" Tibetans. </quote>

I'm going to call BS on this one.

The population of Tibet is only 2.91 million.

http://en.wikipedia.org/wiki/Tibet_Autonomous_Region#Demogra...

Are you saying they "disappeared" 1/3 of the population?

The Axis powers of World War 2 killed at least 7 million outside of "legal" warfare. Ukraine, Anatolia, Congo, Cambodia, and Nigeria have all experienced genocides of 1 million people or larger.

Do not make the mistake of thinking that anything is too monstrous for a national government, particularly one that cannot be held to account by anyone except a strong alliance of other national governments: China, Russia, or the U.S.

The population of "Tibet" includes Han occupiers. It is entirely possible that someone has "vanished" more than 1/3 of Zang (Tibetan) in that region. But some Zang also live outside the nominal political borders of Tibet. And due to forced displacement, and the manner in which Beijing handles China's ethnic minorities, like Zang and Uighurs, or even Han peasants, it is also possible that the "missing" people are still alive, but shoved into a bureaucratic black hole that prevents them from communicating with anyone connected to the rest of the world.

I believe the claimed list of 1+ million missing Tibetans is since 1950 (64 years of time to date).
"If you know anything about China activities in Tibet, you would know that China IS evil."

Following that rule, the US is evil too. How many native Americans they exterminated? Millions in California alone.

How many innocent people died in Iraq after US invasion for taking their oil?. How many people have died in Libya from the war US promoted?

Of course, most of Americans(that don't travel around the world, know languages and understand other countries) believe the propaganda that says that the invasion of Iraq(or any other country) was to promote freedom and democracy and lollipops. So do the Chinese, they have their own propaganda machine, like the US.

But war is a racket, it has always been: http://www.amazon.com/War-Racket-Profit-Motive-Warfare/dp/14...

Now, for example, most Americans have a strong opinion against Putin, without having traveled to Russia or the Ukraine because what they know about it is given by a channeled(and powerful controlled) media they believe to be truthful.

Having lived both in the US and China,and traveling there often I perceive the US had freedom in the past but is decreasing fast with the 9/11 NSA abuses and whatnot, while China lacked freedom but increases it day after day.

Americans believe using words alone is enough, like saying "we are the land of the free", but in practice they are giving away the freedoms they have in exchange for other perceived qualities, like "security".

Your assertion comes from a statement that Microsoft later retracted (according to your article) and said was from an incident unrelated to Aurora. Most likely, it was some script-kiddie checking that he wasn't being monitored, and that Microsoft employee mixed it up with the Chinese attack.

It says that Google found that the Chinese had also gained access to surveillance data in their systems after they discovered that the Chinese had gotten access to dissidents' accounts. The Chinese weren't solely doing counterintelligence.

I would believe this, but where does it say that Google found the Chinese gained access to surveillance data in their systems after they discovered the Chinese had gotten access to dissidents' accounts?

> Your assertion comes from a statement that Microsoft later retracted (according to your article) and said was from an incident unrelated to Aurora.

Definitely. Microsoft was hacked to get a list of surveillance targets, but not as part of Operation Aurora.

> Most likely, it was some script-kiddie checking that he wasn't being monitored, and that Microsoft employee mixed it up with the Chinese attack.

A script kiddie? Unlikely. I mean... man, I hope our surveillance services can't be owned by script-kiddies...

Another example of a state sponsored attack on Microsoft surveillance requests is SEA who hacked into Microsoft to gain access to the team that does data intercept requests for the FBI.

Other readers, please be aware that lern_too_spel and I have a bit of a feud (I guess?). Please find our latest discussion here for context: https://news.ycombinator.com/item?id=8614037

The two things I got from this story:

- If anyone of us, that didn't work for Google, had cracked into a sever that breached our servers and just looked around, not destroying data. Wouldn't that be illegal?

- The NSA is getting access to software and hardware back doors before the public is made aware so they can try and catch Chinese hackers. Doesn't this also give them the access they would need to route all our traffic to their giant datacenter and mine it? Aren't the 'Chinese' hackers giving them a convenient excuse?

Going out on a limb here, as I posted a pretty lengthy comment on Nation State attacks in the past [1], but does this Google/NSA relationship qualify as terrifying? Google finds out it has been targeted by a Nation State, who is actively siphoning off user data and company crown jewels, so they enter into an agreement with the NSA to share information about the attack, and develop technology and methods to prevent future attacks. I would argue that Google must share knowledge of Nation State APTs with the US Government, and other Silicon Valley firms, once they found out the scope included Symantec, Yahoo, and Adobe, Northrop Grumman, etc. NSA/Google/Facebook/Apple/Microsoft/Amazon should be trying to advance countermeasures and leveling up the industry as a whole, because they arguably have some of the most exposed attack surfaces, host most of our data, and have the financial resources and in house expertise to deal with it best. I would be terrified if Google did not have a relationship where it shared intrusions of this scope with the US Government.

[1] https://news.ycombinator.com/item?id=8316430

You've interpreted the data in the most positive way possible. Yes, that is one of many ways in which things could have unfolded.

But as the article says, this is all secret. We don't know what exactly Google and the NSA built together in that first agreement shortly after the Chinese hacking scandal. And we don't know what else has happened since then.

Maybe it's all innocuous stuff, as you said. Maybe it isn't. To just assume it is all good or all bad seems unjustified by the amount of actual facts that are public.

The problem is, of course, most people will assume "all bad" because of the ongoing narrative.
It's a really bad narrative. Given the extreme, illegal erosion in privacy at the hands of the State, it sure seems a lot safer to bet on "all bad" or "pretty bad" when it comes to these tech giants doing deals with the NSA.
It does happen to be a positive interpretation, but there's no reason to think that's why it was chosen, since it's also the simplest explanation.
I also think it's the most likely explanation.

It is not advantageous for Google's executives to collaborate in the tracking of US citizens; it adds a lot more work and it makes for absolutely awful PR. I'd also like to think that they possess some moral compass (even if it's a bit slanted) which lets them understand the difference between wide scale "anonymized" tracking for the purpose of advertising and giving all that data to a bunch of humans to scrutinize and judge for the purpose of spying.

It only makes for awful PR if the public knows about it.

What do you mean by anonymized tracking? Isn't building a profile on every user necessary for targeted advertising?

>What do you mean by anonymized tracking? Isn't building a profile on every user necessary for targeted advertising?

Yes. Anonymized wasn't the right word, perhaps "behind the curtains"? Google employees aren't actually making, looking at, or (not 100% sure of this last one) "splitting" and filtering the data to learn things about you. The process, beginning to end, is automated. This is in stark contrast to the NSA, where when they get a "hit" they will carefully and personally inspect you, your interests, and your activities.

Money is the oil that runs the firms. Kickbacks, favorable contracts, consulting opportunities, (legal) protection and maybe business intelligence from the most well funded vehicle on Earth? It's a cushy deal.
The fact that nobody blinks when agencies openly admit doing this for economic interests is the part I find terrifying. Could there be a more blatant admission of the unethical nature of military-industrial complex?
(comment deleted)

    The NSA helps the companies find weaknesses in their
    products. But it also pays the companies not to fix some
    of them. Those weak spots give the agency an entry point
    for spying or attacking foreign governments that install
    the products in their intelligence agencies, their
    militaries, and their critical infrastructure.
That's probably the most frightening thing imaginable, but where is this info coming from? What are the sources on all of these accusations because it feels like a pretty casual mention that all of the hardware/software manufacturers in the US intentionally leave in back doors.
As someone who has been very closely involved with Infosec and who has followed all the vulnerability market rumors, I have never heard of "pays the companies to not fix them" before, and I strongly doubt the veracity of that statement.
(comment deleted)
I agree, I think the author is confusing mandatory monetary compensation for FISA/warrants etc with just straight up paying for a company to comply. Companies don't want to be paid especially because the monetary gains aren't worth it and the reputation risks are enormous.
I agree.

It is, however, true that there are many cases where intelligence agencies research, develop, and weaponize vulnerabilities in products without informing the pertinent companies. Stuxnet is one of many examples.

The author seems to be confusing documented surveillance access points used by various governments for their lawful wiretaps with hidden backdoors inserted solely for the US government, which stretches credulity.
The following sentences provide three examples, which if spun properly, can almost be construed to mean that. Paying for advance notice of a fix somehow becomes paying not to fix.
There was something in the Snowden leaks about NSA stockpiling vulnerabilities in software instead of helping vendors fix the vulnerabilities. Also, IIRC they requested an extra delay from some software vendor(s?) after revealing a vulnerability, but before the vendor patching it.
I assume the book has a lot better sourcing and footnotes than this excerpt has, because the excerpt has none of either. The only part of this article you need to read is "It’s not clear what the NSA and Google built after the China hack. But [thousands of words of speculation and innuendo follow]" It's not clear, as in the author doesn't know.
Not mentioned in the article, but I believe that around that time Google switched developers 'en masse' to the Mac platform.
Not quite correct.

Before the incident, developers could use Windows, Linux or Mac laptop for remote access. After, only Linux and Mac remain as options.

In addition, a mandatory two-factor authentication was introduced.

kudos to shane harris for shedding light on our industry's modern story of Gleichschaltung (https://en.wikipedia.org/wiki/Gleichschaltung)

instead of representative democracies regulating, protecting, and/or supporting technology firms and citizens through systems governed by laws and regulations, we're entering an era of opaque and voluntary "partnerships" where all tech companies are equal, but some are more equal than others.

this sort of coordination outside of legal and especially democratic processes has implications for everyone, and should concern us all.

perhaps unsurprisingly, moxie portended these developments in 2010: https://www.youtube.com/watch?v=Uxz7r4E2li8

The article describes two NSA systems almost as something made for Google:

"The cooperative agreement and reference to a “tailored solution” strongly suggest that Google and the NSA built a device or a technique for monitoring intrusions into the company’s networks. That would give the NSA valuable information for its so-called active defense system, which uses a combination of automated sensors and algorithms to detect malware or signs of an imminent attack and take action against them. One system, called Turmoil, detects traffic that might pose a threat. Then, another automated system called Turbine decides whether to allow the traffic to pass or to block it. Turbine can also select from a number of offensive software programs and hacking techniques that a human operator can use to disable the source of the malicious traffic."

But if you followed all the news since Snowden appeared, you'd know that the TURMOIL is simply the NSA's global passive internet (and more!) monitoring system and the TURBINE one cog of the global active "attack on the internet" one.

https://robert.sesek.com/2014/9/unraveling_nsa_s_turbulence_...

"TURMOIL is a “high-speed passive collection systems intercept [for] foreign target satellite, microwave, and cable communications as they transit the globe"

"The TURBINE system “provides centralized automated command/control of a large network of active implants”"

So $random chinese hackers seen from chinese/taiwanese IP space duped Google into allowing the installation of these systems?

Mission accomplished!

It would be ironic if the original attack was actually the NSA pretending to be China as a false flag.

Google then willingly accepts the NSA's 'tailored solution', which was simply a trojan horse to monitor Google assets (I.e. users) from inside the network.

Unlikely but would make a good fictional story nevertheless!

Yep fictional, ironic.

> The only things Google seemed certain of was that the campaign was massive and persistent, and that China was behind it. And not just individual hackers, but the Chinese government, which had the means and the motive to launch such a broad assault.

Are we all still so certain that it was the Chinese government? Google must have pulled off some top notch detective work to work that one out, with their extensive overseas network of men on the ground.