We (the Dutch) have one of the most watched societies and it's never enough. All phone/internet data is saved for years with almost dragnet like strength, even though it was deemed excessive by judges. The police buy their traffic information from TomTom, the highways are littered with camera's with licence plate-scanning abilities, cities have permanent bluetooth capable scanners around them (to monitor traffic it is said) and there are there is talk to add a RIFD chip to the official licence plates... And still it's not enough...
> If you work with us there are benefits, for example if we ask you to crash a system in a public place and you would be arrested for that, we make sure you don’t get arrested and nobody will know about it, not even the police
"If you do us a favor, there's the amazing perk that you might not even go to jail for it!"
Yeah but that sort of thing is also a hook...once you do it once they begin to own and have greater control over you. Similar to how even when the individual might not want to take anything in return for information, they will want to get the individual to take money or something else in return (free trips to stuff, ego stroking, sex, drugs etc). Especially on a regular basis.
This means the individual has a) compromised themselves and now cannot feel "clean" in this previous environment and b) are starting to get used to/spend the new perk/cash so pretty soon they can't live without it. The power relationship then swings more towards a needs based one. Suddenly the handler(s) are the only people who really know the truth about how the informant truly is. Also the handler(s) are the only people how can meet the new need that the person has got hooked on.
My basic understanding of this matter is this: never co-operate with the intelligence community.
Shit on these people and burn their identities whenever you can because they're not your friends. You might even be able to limit the future career opportunities of a younger intelligence officer who's approached you by not only telling your friends, but informing the entire internet.
These people may be a necessary extension of diplomacy, but history shows that it's likely toxic for any individual to be ensnared as an asset in any kind work for this sector of the government, foreign or domestic.
There are enough 'useful idiots' who will fall for this, you don't need to be one of them. Unless you're an actual employee of an intelligence agency or a contractor, these people will fuck you over in a heartbeat.
Anyone unfamiliar with this line of business could do worse than to read any old basic textbook on intelligence and counter-intelligence work (such as 'Thwarting Enemies at Home and Abroad', linked below. There's a good audiobook version on Audible).
Training in this business is based on cultivating anti-social behavior in susceptible individuals. Just as you don't want any garden variety sociopaths in your life, you don't want to deal with people who've been trained to fuck with you.
Dutch Pirateparty founder and sometimes information broker here. During my 10+ years of both national and international activism, politics and intelligence trade I came to realize that approximately 2 out of 3 people, NGO's, etc. is compromised. Furthermore, the report is matching what I encountered in reality.
It is dishonest and dangerous to claim that NGOs are compromised without providing any proof. I've worked in that space, and it is critically important that aid workers are seen as politically neutral and with pure intentions.
As an example the Taliban was targeting NGOs in the Afghanistan/Pakistan region because they believed efforts to vaccinate against polio were in fact an attempt to poison Muslims. Dozens of doctors, nurses, and volunteers were killed because someone like you decided to start a baseless rumor.
Most first world intelligence agencies have policies against embedding spies in aid operations. When it became common knowledge we used a vaccination campaign to collect on UBL, many people resigned from the Agency.
Been working on security for NGOs and activist groups all over the world and in every part of the space for a long time. I think your figure is on the high side and overly alarmist. Perhaps with Pirateparty-style groups it is higher than most but not across the whole sector. It's certainly not the case that two-thirds of all groups and activists have been compromised. People forgot that human intelligence operations are actually pretty cost intensive and fairly difficult to pull off well. Some parts of the community make the problem worse once a genuine compromise is found by then creating biases and accusations where none can be confirmed.
It really depends on many factors - location, group activities, training, personal, the threats they pose to the actors with the will/desire etc to target them, also how you define compromised (a cleaner keeping tabs? a phishing email opened? a disgruntled volunteer? a paid staff member who walks out the door with data? a leader who has been turned?)
I am really not sure how I feel about this, being dutch myself. Isn't this how any country would recruit new people? I don't see what is so wrong about it. Isn't it logical for secret agencies to monitor possible recruits? Isn't that what other companies do as well, to an extent? (Using linkedIn, buying data from Facebook/Twitter/whoever sells).
I am not really patriotic, but this is about 'protecting' your country, right? And if we will have some WWIII I think it will be mostly 'cyber'.
Regarding the threat: well duh, you are doing something that might make you an accomplice of a crime (with whatever law they make) so yeah, they could arrest you then. How is that even surprising?
But eh, I am not an (ethical) hacker, I just build software...
Theoretically, yes. But when you have agents allegedly asking civilians to "crash a system in a public place" while promising they won't "get arrested and nobody will know about it, not even the police," other possibilities emerge.
You may be deployed for political or commercial purposes, domestically or abroad. If you push back, your prior assignments, done while you were a civilian, could be used against you. Consider, too, how easy it is for foreign governments or criminal syndicates to pose as the AIVD and recruit patriotic civilians thusly.
> WWIII will be mostly 'cyber'
We are not at war and he was not being recruited to be a soldier. He was allegedly being asked, as a civilian, to commit crimes, domestically and abroad, under the alleged cover of an intelligence agency.
---
Buro Jansen & Janssen only verified "the existence of this person and confirmed their existence." We should consider this account plausible but unconfirmed.
There's nothing particularly wrong with them trying to recruit him (though opinions regarding covert internal observation services differ), but they're not just interested in him for his technical prowess. They're asking him to report on people in hacker spaces, hacker conventions, etc; ie. to spy on many of the people that participate in this forum.
There's always been running gags about spooks at hacker conventions, but it's "nice" to have a confirmation (even if it's hard to verify).
Instead of talking about the hacker community, lets talk about HN community which we are all part of.
How would we all feel if secret service people were recruiting moderators/ycombinator people that wrote paid comments and informed on the content of private conversation between founders and investors?
Personally I would trust the community less. I would expect contributions to have lower quality, be less insightful and more hostile, resulting in a general distrust that in the long runs kills the community from within.
If it was reported correctly, to me the conversation sounded more like an attempt to subvert Tor nodes and perhaps get access to the Tails developers and repositories or similar projects in the long run. Not that I know anything about this, but it may be better to counter such attempts not in an adversarial manner, but by playing such a dumb idiot and making so stupid jokes that they lose interest in you. Talk them down with irrelevant bullshit. After all, these kind of conversations really are sort of job interviews or attempts to intimidate to coerce cooperation, so any behavior is fine that would definitely spoil a job interview and make you unhirable. (Unless you want to work for them, of course...)
Regarding the threat: well duh, you are doing something that might make you an accomplice of a crime (with whatever law they make) so yeah, they could arrest you then. How is that even surprising?
Running a Tor exit node is probably not a crime in the Netherlands - I haven't checked on this. In any case, if it's a crime, it should maybe worry you that they also promised to protect the guy against police if he works for them. That's at least dubious. If on the other hand running an exit node is not a crime, which seems more likely to me, then the guy was really just threatening and harassing him.
Running a Tor node doesn't make you an accomplice of a crime. That's like saying a taxi driver is an accomplice because he (unwittingly) drove a terrorist around.
That student's account of meeting those AIVD suits reads like a spy-thriller fanfic, but if it's true then he's pretty brave publishing it like this.
I'm sure the AIVD's cyber division has some talent, but the AIVD leadership is pretty naive about the internet. Last year the director publicly criticized WhatsApp for providing end-to-end encryption because it makes his job harder. Sure. It's not as if any half-decent terrorist wouldn't use advanced cryptography or simply use burner phones to plan and coordinate their attacks.
Maybe, but remember that people used to laugh about the capacities of the FBI (and to some extent the NSA) before the Snowden leaks...
Besides, high level statements like that (that make the main stream media) aren't meant to be factually correct or framed considering all nuances. It's political maneuvering. People don't always mean literally what they say; part of social intelligence is understanding this, and being able to read between the lines. I wish I had learned about this 2 decades ago. I guess us computer types aren't predisposed to have this come natural to us.
Having more encrypted traffic definitely makes spying harder.
It's a lot easier to track, store, and attempt to crack one single terrorist's encrypted traffic in a sea of non-encrypted traffic, than try to pick out the terrorist's encrypted traffic in a sea of other encrypted traffic.
If terrorists are the only ones using encryption, then their traffic will stick out like a sore thumb. While if everyone uses encryption, their traffic will simply blend in.
It's always hard to believe a second-hand story on the Internet, but suspending skepticism for a moment: kudos to the guy for telling this. There's easily enough information in there to be identified by the agents he spoke to. He's taking a huge risk.
Or maybe he included some false info for noise injection... if so, how do we know which parts to believe? Skepticism suspension lifted, I suppose.
I understand how it can be viewed that way and it's certainly a bit of a risk but realistically it's not a huge risk.
If this is AVID, at the end of the day, despite what many may think due to outlying examples, they are an intelligence organisation working in a democracy and their agents aren't normally going to be in the business of retribution for someone turning down a pitch. Plus, if they became known for unnecessary retribution for minor things like someone saying no to a pitch, it would damage their long-term efforts in other areas.
They will expect that probably the majority of the pitches they make will be rejected. It's not something new to them. Similarly they will have risk assessed and planned for the eventuality of it being made public. Yes, it will annoy them but they will still just keep on moving through the social network analysis diagrams until they find and pitch the right people they are looking for.
Plus, while it will make some people more weary in future, occasionally exposure of efforts like this often leads to a softening up of others who might be interested in doing this sort of thing for them in future. Maybe a few months down the line someone in the community gets pissed off with others and remembers this article and drops AVID a mail........
This isn't that strange. The police (more public than secret service) and national cyber crime team (also public) are very open in hiring IT and especially infosec talent from the industry, universities and at conferences. They even commercially sponsor IT related news outlets and communities and organise hacker challenges to recruit talent in that space.
By far the biggest part of what those teams do isn't secret and fits within the law. The "problem" is that Dutch law is very liberal on wire tapping, decryption etc as long as there is a reasonable suspicion and/or court order. Actually not far behind the rubber stamping in the US, but without the limitation that they can't target our own citizens (so: much worse than the US for locals, but similar for foreigners)
Obviously the military and domestic secret service hire the same people and have even wider abilities within the law and quite a wide grey area. Most of the public doesn't care enough to make it a political topic, so nobody stops them.
I may be wondering because I'm standing on an atoll of ignorance in a sea of knowledge, but I wonder why the intelligence themselves can't became Tor admins and do away with needing to recruit anyone.
Something very similar happens in the movie The Recruit. Must watch for hackers.
I hope the authorities don't go after him for making this public though.
I don't know what it would take for Governments around the world to acknowledge the importance of encryption and anonymity tools. Access to private data cuts both ways, if the Government can do it so can the black hats. Maybe a large scale hack of Government networks devastating the economy will bring them to their senses.
Given the allegations of Russia's involvement in the recent election, whether true or not, I was expecting Governments around the world to think deeply about cyber security issues. Looks like that won't happen anytime soon.
Tor is a huge inconvenience to a government that wants to suppress the exchange of controversial ideas within the civilian population.
It is also a huge problem to a government struggling to halt, for instance, Islamic terrorists that are well established within that population and potentially use Tor for communication.
I think this is a case of the latter and I don't disagree with the sentiment 100%. The region faces some substantial challenges and we're going to see civil liberties erode.
I'm surprised they're interested in infiltrating hackerspaces.
Is this where they spend our tax money on?
Our surveillance state is going in the wrong way.
So they have looked at publicly available information and asked them to work for them. What's the surprise? That the intelligence agencies have people working for them that go to security conferences? That they will say that if you hack a system under their responsibility they will shield you and otherwise they won't? I don't really see the problem here.
> That they will say that if you hack a system under their responsibility they will shield you
Promises are cheaper than deeds. You don't need to actually protect anyone. It's actually better, from the agency's perspective, if they can convert an asset from an honest law-abiding man to someone who has "crash[ed] a system in a public place". They have leverage over the latter.
This is how criminals work. Given the secrecy involved, you could never be sure you weren't working for one.
This is a new strategy of AIVD and MIVD, they are desperately trying to hire skilled hackers.
He thinks that AIVD wants him to infiltrate hacker scenes. Reality is probably that they want him to recruit more hackers.
Same story about the tor nodes, AIVD knows that hackers want to have tor nodes. They obviously do not care about Tor, thus want to look like they are cool.
Note they did offer him a position to manage young hackers.
I guess the sad part is the threat. Hackers have to decide for themselves if they want to work for the government or not. But is bad if part of recruitment is making threats (and demanding that those threats kept secret).
Please don't comment uncivilly like this. You've gone way too far in assuming malice on behalf of both the parent commenter and the voting community members. In addition, please don't create throwaway accounts for every comment like this—we ban them. Hacker News is a community site and, while pseudonymity is fine, users should be able to expect a mostly continuous identity in their fellow community members.
hm, what's wrong ycombinator? Is that a technically/database problem? I don't no it's possible to post double content, with same headline and same link. I mean, that's (in my personal opinion) bad database design.
[+] [-] digitalengineer|9 years ago|reply
[+] [-] StavrosK|9 years ago|reply
> If you work with us there are benefits, for example if we ask you to crash a system in a public place and you would be arrested for that, we make sure you don’t get arrested and nobody will know about it, not even the police
"If you do us a favor, there's the amazing perk that you might not even go to jail for it!"
[+] [-] secfirstmd|9 years ago|reply
This means the individual has a) compromised themselves and now cannot feel "clean" in this previous environment and b) are starting to get used to/spend the new perk/cash so pretty soon they can't live without it. The power relationship then swings more towards a needs based one. Suddenly the handler(s) are the only people who really know the truth about how the informant truly is. Also the handler(s) are the only people how can meet the new need that the person has got hooked on.
[+] [-] apecat|9 years ago|reply
Shit on these people and burn their identities whenever you can because they're not your friends. You might even be able to limit the future career opportunities of a younger intelligence officer who's approached you by not only telling your friends, but informing the entire internet.
These people may be a necessary extension of diplomacy, but history shows that it's likely toxic for any individual to be ensnared as an asset in any kind work for this sector of the government, foreign or domestic.
There are enough 'useful idiots' who will fall for this, you don't need to be one of them. Unless you're an actual employee of an intelligence agency or a contractor, these people will fuck you over in a heartbeat.
Anyone unfamiliar with this line of business could do worse than to read any old basic textbook on intelligence and counter-intelligence work (such as 'Thwarting Enemies at Home and Abroad', linked below. There's a good audiobook version on Audible).
Training in this business is based on cultivating anti-social behavior in susceptible individuals. Just as you don't want any garden variety sociopaths in your life, you don't want to deal with people who've been trained to fuck with you.
http://press.georgetown.edu/book/georgetown/thwarting-enemie...
[+] [-] coretx|9 years ago|reply
[+] [-] dsl|9 years ago|reply
As an example the Taliban was targeting NGOs in the Afghanistan/Pakistan region because they believed efforts to vaccinate against polio were in fact an attempt to poison Muslims. Dozens of doctors, nurses, and volunteers were killed because someone like you decided to start a baseless rumor.
Most first world intelligence agencies have policies against embedding spies in aid operations. When it became common knowledge we used a vaccination campaign to collect on UBL, many people resigned from the Agency.
[+] [-] secfirstmd|9 years ago|reply
It really depends on many factors - location, group activities, training, personal, the threats they pose to the actors with the will/desire etc to target them, also how you define compromised (a cleaner keeping tabs? a phishing email opened? a disgruntled volunteer? a paid staff member who walks out the door with data? a leader who has been turned?)
[+] [-] rahkiin|9 years ago|reply
I am not really patriotic, but this is about 'protecting' your country, right? And if we will have some WWIII I think it will be mostly 'cyber'.
Regarding the threat: well duh, you are doing something that might make you an accomplice of a crime (with whatever law they make) so yeah, they could arrest you then. How is that even surprising?
But eh, I am not an (ethical) hacker, I just build software...
[+] [-] JumpCrisscross|9 years ago|reply
Theoretically, yes. But when you have agents allegedly asking civilians to "crash a system in a public place" while promising they won't "get arrested and nobody will know about it, not even the police," other possibilities emerge.
You may be deployed for political or commercial purposes, domestically or abroad. If you push back, your prior assignments, done while you were a civilian, could be used against you. Consider, too, how easy it is for foreign governments or criminal syndicates to pose as the AIVD and recruit patriotic civilians thusly.
> WWIII will be mostly 'cyber'
We are not at war and he was not being recruited to be a soldier. He was allegedly being asked, as a civilian, to commit crimes, domestically and abroad, under the alleged cover of an intelligence agency.
---
Buro Jansen & Janssen only verified "the existence of this person and confirmed their existence." We should consider this account plausible but unconfirmed.
[+] [-] morsch|9 years ago|reply
There's always been running gags about spooks at hacker conventions, but it's "nice" to have a confirmation (even if it's hard to verify).
[+] [-] eeZah7Ux|9 years ago|reply
> this is about 'protecting' your country, right?
Something like: "If you do illegal things for us we'll protect you from the police. If you don't... be a shame if you get raided for your exit nodes."
This sounds like setting up a criminal organization. Not sure you want that "protection"
[+] [-] belorn|9 years ago|reply
How would we all feel if secret service people were recruiting moderators/ycombinator people that wrote paid comments and informed on the content of private conversation between founders and investors?
Personally I would trust the community less. I would expect contributions to have lower quality, be less insightful and more hostile, resulting in a general distrust that in the long runs kills the community from within.
[+] [-] JohnStrange|9 years ago|reply
Regarding the threat: well duh, you are doing something that might make you an accomplice of a crime (with whatever law they make) so yeah, they could arrest you then. How is that even surprising?
Running a Tor exit node is probably not a crime in the Netherlands - I haven't checked on this. In any case, if it's a crime, it should maybe worry you that they also promised to protect the guy against police if he works for them. That's at least dubious. If on the other hand running an exit node is not a crime, which seems more likely to me, then the guy was really just threatening and harassing him.
[+] [-] Grangar|9 years ago|reply
[+] [-] tdkl|9 years ago|reply
[+] [-] justinclift|9 years ago|reply
[+] [-] walshemj|9 years ago|reply
Nor is blackmail very good way to recruit
[+] [-] Freak_NL|9 years ago|reply
I'm sure the AIVD's cyber division has some talent, but the AIVD leadership is pretty naive about the internet. Last year the director publicly criticized WhatsApp for providing end-to-end encryption because it makes his job harder. Sure. It's not as if any half-decent terrorist wouldn't use advanced cryptography or simply use burner phones to plan and coordinate their attacks.
[+] [-] roel_v|9 years ago|reply
Besides, high level statements like that (that make the main stream media) aren't meant to be factually correct or framed considering all nuances. It's political maneuvering. People don't always mean literally what they say; part of social intelligence is understanding this, and being able to read between the lines. I wish I had learned about this 2 decades ago. I guess us computer types aren't predisposed to have this come natural to us.
[+] [-] treflow|9 years ago|reply
[+] [-] pricechild|9 years ago|reply
[+] [-] quincunx|9 years ago|reply
I wonder if he could (potentially) be prosecuted for it; the exchange includes "information reasonably assumed confidential."
Artikel 85 Wet op de inlichtingen- en veiligheidsdiensten 2002 http://wetten.overheid.nl/BWBR0013409/2017-01-01#Hoofdstuk7
[+] [-] pmoriarty|9 years ago|reply
It's a lot easier to track, store, and attempt to crack one single terrorist's encrypted traffic in a sea of non-encrypted traffic, than try to pick out the terrorist's encrypted traffic in a sea of other encrypted traffic.
If terrorists are the only ones using encryption, then their traffic will stick out like a sore thumb. While if everyone uses encryption, their traffic will simply blend in.
[+] [-] sjbase|9 years ago|reply
Or maybe he included some false info for noise injection... if so, how do we know which parts to believe? Skepticism suspension lifted, I suppose.
[+] [-] secfirstmd|9 years ago|reply
I understand how it can be viewed that way and it's certainly a bit of a risk but realistically it's not a huge risk.
If this is AVID, at the end of the day, despite what many may think due to outlying examples, they are an intelligence organisation working in a democracy and their agents aren't normally going to be in the business of retribution for someone turning down a pitch. Plus, if they became known for unnecessary retribution for minor things like someone saying no to a pitch, it would damage their long-term efforts in other areas.
They will expect that probably the majority of the pitches they make will be rejected. It's not something new to them. Similarly they will have risk assessed and planned for the eventuality of it being made public. Yes, it will annoy them but they will still just keep on moving through the social network analysis diagrams until they find and pitch the right people they are looking for.
Plus, while it will make some people more weary in future, occasionally exposure of efforts like this often leads to a softening up of others who might be interested in doing this sort of thing for them in future. Maybe a few months down the line someone in the community gets pissed off with others and remembers this article and drops AVID a mail........
[+] [-] t0mas88|9 years ago|reply
By far the biggest part of what those teams do isn't secret and fits within the law. The "problem" is that Dutch law is very liberal on wire tapping, decryption etc as long as there is a reasonable suspicion and/or court order. Actually not far behind the rubber stamping in the US, but without the limitation that they can't target our own citizens (so: much worse than the US for locals, but similar for foreigners)
Obviously the military and domestic secret service hire the same people and have even wider abilities within the law and quite a wide grey area. Most of the public doesn't care enough to make it a political topic, so nobody stops them.
[+] [-] DavidWanjiru|9 years ago|reply
[+] [-] Neliquat|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] anondon|9 years ago|reply
I hope the authorities don't go after him for making this public though.
I don't know what it would take for Governments around the world to acknowledge the importance of encryption and anonymity tools. Access to private data cuts both ways, if the Government can do it so can the black hats. Maybe a large scale hack of Government networks devastating the economy will bring them to their senses.
Given the allegations of Russia's involvement in the recent election, whether true or not, I was expecting Governments around the world to think deeply about cyber security issues. Looks like that won't happen anytime soon.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] fixxer|9 years ago|reply
It is also a huge problem to a government struggling to halt, for instance, Islamic terrorists that are well established within that population and potentially use Tor for communication.
I think this is a case of the latter and I don't disagree with the sentiment 100%. The region faces some substantial challenges and we're going to see civil liberties erode.
[+] [-] neoeldex|9 years ago|reply
[+] [-] Grangar|9 years ago|reply
[+] [-] microtonal|9 years ago|reply
If others do it, you have to do it too.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] lawless123|9 years ago|reply
Is it after tax?
[+] [-] tinus_hn|9 years ago|reply
[+] [-] JumpCrisscross|9 years ago|reply
Promises are cheaper than deeds. You don't need to actually protect anyone. It's actually better, from the agency's perspective, if they can convert an asset from an honest law-abiding man to someone who has "crash[ed] a system in a public place". They have leverage over the latter.
This is how criminals work. Given the secrecy involved, you could never be sure you weren't working for one.
[+] [-] whazor|9 years ago|reply
He thinks that AIVD wants him to infiltrate hacker scenes. Reality is probably that they want him to recruit more hackers.
Same story about the tor nodes, AIVD knows that hackers want to have tor nodes. They obviously do not care about Tor, thus want to look like they are cool.
[+] [-] phicoh|9 years ago|reply
Note they did offer him a position to manage young hackers.
I guess the sad part is the threat. Hackers have to decide for themselves if they want to work for the government or not. But is bad if part of recruitment is making threats (and demanding that those threats kept secret).
[+] [-] 101930199012|9 years ago|reply
[deleted]
[+] [-] sctb|9 years ago|reply
We detached this subthread from https://news.ycombinator.com/item?id=13490564 and marked it off-topic.
[+] [-] thecatspaw|9 years ago|reply
[+] [-] franzpeterstein|9 years ago|reply
> https://news.ycombinator.com/item?id=13484071
[+] [-] DanBC|9 years ago|reply
https://news.ycombinator.com/item?id=11273241#11273580
[+] [-] pc86|9 years ago|reply
[+] [-] sjbase|9 years ago|reply
[deleted]