47 comments

[ 2.1 ms ] story [ 33.9 ms ] thread
So with all the attention (advertisement/panic) the NSA has generated, the CIA wants a cut of the cake for themselves?

That whole agency disco in the US is so confusing that I have the feeling this has to be the plan all the way or it's some kind of old cold war virus spawning divisions and agencies. Don't they all overlap? Is there enough reality for all of them to spy on?

The NSA is primarily charged with Signals Intelligence, Where as the CIA is Human Intelligence. So it's actually a pretty clear line. They also have their own security clearance process (though they tend to recognize each others in join work).

The Department of Homeland security is a bit different, they're charged with domestic operations and support (TSA).

The FBI is a Domestic Detective agency for lack of a better description. They're charged with being the Federal investigative force vs relying on varying state and city groups.

So yes, theres plenty for all of them to spy on / work on. Each have their own laws and limitations. That's why they're incestuous and work together on many projects.

Add to this list the Secret Service for financial fraud related things (as well as protecting government officials), including credit card fraud, phone fraud (at least in the 80s), and the odd whatever-the-hell-we-feel-like-doing fear-based thing (e.g., Steve Jackson Games).

Rule of thumb: If something contains the word 'Cyber' in it, it's gonna be clueless, bureaucratic and political, and utterly incompetently done.

>Rule of thumb: If something contains the word 'Cyber' in it, it's gonna be clueless, bureaucratic and political, and utterly incompetently done.

Yet somehow Chinese and Russian cyberwar programs are pretty effective. Sounds like the US needs to catch up.

Yet somehow Chinese and Russian cyberwar programs are pretty effective.

1. That vaunted "effectiveness" may be Just Another Missile Gap, i.e. a realistically non-existent threat used to drum up fear in the USA, to get greater funding from a terrorized public.

2. Lots of analysts say that both China and Russia tolerate unofficial hacking/cyberwar groups, as long as the targets are outside of China and Russia respectively. With some small amount of guidance done surreptitiously, the governments take advantage of a huge number of semi-criminals to serve "national security" needs without attribution.

3. Because of (2), ISO-9001, CMM level N don't apply. Faster coding. Similarly, Script Kiddies, Honkers and Nationalist Hackers don't do clearances, much less compartmentalized projects (http://en.wikipedia.org/wiki/Security_clearance#Compartmente...) - this means that more people are available, from very diverse backgrounds, and they can collaborate and communicate as necessary.

Unless the USA is willing to quit being bureaucratic to the point of paralysis, it will never catch up.

It doesn't seem like a clear-cut line to me; aren't Internet communications "signals"? Isn't that why the NSA has taken the lead on Internet intelligence operations up to this point? So how will what the CIA is planning to do be qualitatively different from what the NSA is already doing?

I agree with the parent; there is substantial overlap in capabilities and responsibilities among the agencies that do intelligence work for the U.S. government.

These overlaps led directly to the mistaken Iraq invasion. DOD and CIA reported very different things about the Iraq WMD program, and the U.S. leadership could choose which one they wanted to believe. Cheney and Rumsfeld convinced Bush to listen to DOD, and we all know how that worked out.

It's partially intentional and partially a holdover from Cold War strategies.

Our own military and government barely know what the hell is going on within its own circles, there is absolutely no chance someone will be able to make sense of what is important and relevant. It's essentially a strategy of overwhelming with force and noise signal.

As the economic and global power we had been over the American Century we were able to play fast and loose and wild, whether our strategy will still work in this new century is a different story though. It may very well still work, it may very well lead to our demise. The only thing going for us is that there does not seem to be any alternative power and authority that is any less shitty than ours; whether that is due to natural factors of by CIA sabotage is a different story. Are we really all going to support China's or Russia's supplanting of American power in the world? It's not a good choice, but as horrible as we are, I'll go with the less bad over the worst any time.

I'm guessing that's exactly what it is. I think some of the Snowden leaks showed NSA already has a bigger budget than CIA and is also growing that budget at a much faster rate. Their budgets probably increase by $10 million for every "cyber" word they say in their presentations to Congress. The CIA wants in on that action.
It also might make sense that the NSA is a corrupt juggernaut and expecting them to do your heavy lifting isn't appropriate, especially when its clear that Clapper runs a security theater-like organization.

The CIA and other agencies having its own smaller team probably means better outcomes. This kind of thing probably works best with smaller and more nimble teams than big data gathering focused organizations like the NSA.

From a budget perspective, this is good cause to cut from the NSA and give to the CIA.

The US has built a narrative to justify their surveillance apparatus after getting caught with their pants down spying on the American people and the world.

It's an extension of the national security narrative. Agencies recognize the massive amount of funding and legislature on the horizon and want to see it diverted to them like it was to the DHS in the last decade.

Step 1: Stop saying "cyber"
What do you think would be a better term?

Network security is accurate I think but not specific enough.

What's wrong with "cyber"? - does it not relate to computers?
A lot of my fellow security analysts have an irrational dislike of the term cyber. Personally, I'm indifferent towards the word. When someone uses it, I know exactly what they are talking about. Isn't that the important thing?
It's a term that you mostly find in government circles, media reporting and advertising. Outside of these, it is a warning sign that a person comes from that background and has not much down-to-earth experience with security topics and/or is trying to sell you something. (At least that is my impression from reading various discussions about the word)
It is increasingly used in situations that have pejorative connotations, "cybersex", "cybercrime", et cetera.
I thought cyber meant systems, like cybernetics.
Cyber means to steer and cybernetics is self-steering systems based on feedback and goes back to Norbert Wiener in the the 1940s.
Who cares? Honestly, who cares what word they use. We all know what they mean.

Comments like this one just seem to me like a form of avoidance: let's mock their vocabulary, because we don't want to think about the substance of what they're doing.

Government says cyber to differentiate from traditional "security", which means "establishing or maintaining control by putting people in cages or killing them". When talking with someone who can launch missiles, order soldiers to kill, or dispatch law enforcement officers to assault a crowd of students holding a protest, then saying cyber isn't ridiculous.

Computer security people just say "security" without any qualifiers, because none are required. When a salesman pitching an anti spam product says cyber, he's failing the shibboleth

> In the wake of last year’s attack by North Korea against Sony Pictures Entertainment and numerous other breaches, the urge to hack back, or at least build up the means to do so when and if needed, has increased.

So this is just casually accepted as fact now?

It's sad that Mutually Assured Destruction is the first place they go.

They could get a better understanding of security and enforce, research, and advise standards of protection on consumer data, making everyone in the country better off, or they can "hack back".

I don't really see how knowing what the average Joe in North Korea is Googling is supposed to help when my data is leaking like a sieve, but whatever.

They could, and then they'd be fighting an endless losing war over security. They'd rather like to have their own information attack capabilities.
Security will always be cat and mouse, but in the case of information security a good offense does not at all make for a good defense. Those holes in our information security system will still be there, to be exploited by whomever finds them. The only reasonable course of action is to devote resources to penetration testing ourselves and implementing strong security standards, along with developing good disaster recovery and damage minimizing plans.
Whether or not offense makes for defense depends somewhat on the actor. For some, deterrence does work.

For the rest, we have the basic problem that defense is much harder than offense. Also, the US seems to be far more vulnerable than most.

Those aside, offensive capabilities are needed. It's just a question of balancing them against defensive capabilities. I know firsthand that significant effort is going into defense, it just doesn't get the press that offensive capabilities do.

Their desire for a government accessible backdoor in everything consumers own says something different.
Yes, some of the top-level political efforts are pretty damn ugly... and likely to backfire.

Those shouldn't be mistaken for the whole of ongoing defensive efforts, though. Many of the others are much more practical.

Doesn't matter if it's fact if it creates a nice narrative for increasing and securing funds and power.
Why is suddenly everything the government says automatically a lie/coverup/false flag/conspiracy, yet the opposition in this case just happily accepted as fact?

The USG has no need to falsely accuse North Korea in order to step up it's cyber warfare game. Stuxnet did that a long time ago and was started under the Bush administration.

It still does seem unlikely that a nation state would hack a film company specifically because of a scene featuring their leader being assassinated and immediately publicly dump exactly that clip in a load of stolen email data, so that it ends up all over reddit while still in the process of demanding that it is not released in any format ever.

That said, from another point of view, monumental fuck-up is a consistent feature of many human endeavours.

Stuxnet was a complicated maneuver that was directed at Iranian civilian facilities and wasn't retaliatory or relatable to the layman at all.

The reveal of Stuxnet was before the reveal of the reach our surveillance apparatus has. The narrative was one of plausible deniability and a nod to the fact that nations were engaging in offensive online attacks.

The NK hack was an attack on American culture and values. It was symbolic in a way that attacking Iranian civilian nuclear power plants isn't. It also doesn't involve exposing and admitting to running offensive campaigns on civilians of countries we aren't at war with.

NK hack says that we need cyber defense front, since the internet is the new land bridge across the Atlantic and Pacific for anti-American extremists to attack us directly.

It fits the narrative that the measures we are taking regarding near total electronic surveillance are justified and warranted. It also is a call for more funding and power to the agencies that are engaging in the activities.

"They will not, he said, work on behalf its corporate interests"

Unless it's the RIAA, MPAA, MAFIAA or American Oil Interests... in which case, it's business as usual.

At least in the RIAA and MPAA cases, aren't the feds just enforcing piracy laws that are on the books?

I mean we can argue that RIAA/MPAA were the ones who got them into the books in the first place, but it's not like corporations can approach the CIA to perform economic espionage, despite what some may think.

The way they handled the MEGA thing it sure seemed like they were acting as mere hired guns.
I imagine it was less like them acting as hired guns and more like "someone" convincing them that if they didn't act they'd look like idiots who have no power to uphold "the law."... the end game is the same, but the politics that got it there were a lot muddier I'm sure.
How about we talk about the CIA's next projects after we finish the prosecution of those in the chain of command that are responsible for torture.

Or are attention spans so short and/or the agency so completely removed from the rule of law that we're going to let them get away with their crimes? If we're not even going to bother with the trial - acknowledging that we won't even bother trying to maintain the rule of law - then I guess that's sufficient proof that we have lost our republic, as we let it be replaced with feudalism.

meanwhile Obama gives pretty speeches about fighting extremism and tries to drum up more support for killing people an ocean away. American Democracy is a farce.
It is too bad it does not seem like Europe will ever get its act together enough to be a balance against the US.
>to drum up more support for killing people an ocean away

To drum up more support for pumping billions or trillions of dollars borrowed from America's descendants into the pockets of the US elite via the military industrial complex.

Don't like it? You're welcome to protest but make sure you do it in the designated "free speech zone" over there, well away from those you're holding the protest against.

Oh and while you're doing it we'll increase the attention we give your NSA profile, everything you look at online, your emails, everyone you've ever interacted with in a trackable way and more. Can't have you radicals trying to upset the system the elite rely on, after all.

>Or are attention spans so short and/or the agency so completely removed from the rule of law that we're going to let them get away with their crimes? If we're not even going to bother with the trial - acknowledging that we won't even bother trying to maintain the rule of law - then I guess that's sufficient proof that we have lost our republic, as we let it be replaced with feudalism.

No, there will never be accountability for any of the gross abuses of the constitution, people's rights (including all those in the USA) and foreign "captives" physical and mental wellbeing highlighted in the NSA and CIA revelations.

Let's not kid ourselves. Representative democracy has shown itself to be a charade, particularly in the USA where you've two very similar entities who have billions pumped into them at election time to ensure no other entities have a shot at power, and then once elected those two very similar entities spend their time serving and protecting those that pumped in those billions.

The worst thing about it that I can't see any way out of it for the American people. The system is now so thoroughly stacked against them that any attempt at radical change - whether it's passive through the political system or more active through protests or at worst a revolution - will be very rapidly quashed. As a European I absolutely loathe that this very same, corrupted, abusive entity - the US Government - is reaching its tentacles into our governing and is now vying for power here via the TTIP and similar.

If the NSA hadn't been systematically weakening encryption and security processes, maybe we wouldn't be quite so vulnerable!
Sounds like they're jealous that the NSA gets all the cool toys and they want to play too.