I find these allegations are deserving of some scrutiny. The entire story is quite bizarre when you begin to consider it. The NSA is apparently leaking like a broken pipe with this information. And it's peculiar because this is information that makes our intelligence agencies look completely inept. That is a very good thing if this story is fake, but a very bad thing if its true.
It is stupefying that NSA contractors/employees would be genuinely copying classified information that is heavily related to national security, and then just loading it up on their personal Windows PC with no apparent encryption or access controls. For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine? Then there are issues like the NSA being so anxious and happy to leak this information, and then them indirectly 'wink wink' confirming it publicly completely destroying the purpose of we don't comment on speculation --- when you start commenting on certain speculation, it indirectly says something about other speculation that you actually choose not to comment on. They're also seemingly unconcerned that somebody is leaking information that, if true, shows the NSA to be incompetent and also exposes attack vectors for enemy actors. There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?
Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia. Or at the minimum start Red Scare 3.0. I have no idea why they would want to do this, but I tend to abide Occam's razor, and this all being true requires a lot more effort than this just being "Yellowcake 2.0."
I'm going to take it that you've never done public sector contracting. The security rules are in reality less 007 and more school library, and this is totally believable. There is another story in the news now about soldiers smartphones being hacked in Eastern Europe. The troops are therefore made to go through water every day but some of them just put their phones in condoms. Defense contractors aren't even state employees and the security checks are basically akin to credit checks.
Russia (and China and others) have an advantage here in having recently been run as controlled states and having much of the bureaucratic apparatus and social habits still in place (e.g. bring your passport to buy a train ticket to another town; little old lady stationed on every floor of a hotel keeping an eye on comings and goings etc).
> Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia
I mean, there's verifiable evidence Russia tried to influence our election. That's pretty new for a lot of Americans. I imagine that's why the government and the media are running wild with it. Mueller is still investigating. I would say to wait till that report comes out before jumping to conclusions. I personally don't think the media and government are gearing up for some Russia conflict. This is just the first time Russia has been so involved in our politics since the Cold War, and the media is rightly running with that idea. Is it that unbelievable for some people that Russia was involved in trying to influence our election? I can't tell if you're rightly scared of the media or just can't believe Russia would do something bad.
With respect to the quality of work at the NSA?
"Never attribute to malice that which is adequately explained by stupidity"
And finally with respect to all the leaking... I think it's pretty clear that's just the NSA's lack of confidence in its leader.
> Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war.
Uh, while there were some media collaborating with the government propaganda, the government's case for war was thoroughly and pretty completely debunked in the mainstream media, nearly in real-time.
Few people paid as much attention to that as what the government was saying, which the media reported as, well, what government officials were saying, but the media would have been negligent not to report that. They can hardly be responsible for the strong effect of confirmation bias combined with official-sources bias among the population.
While I agree with your assessment of the Establishments role in the promotion of the Iraq war, I don't think an actual conflict with Russia is either desirable or possible without severely wrecking the current global order. It seems more like the kind of behavior I've seen when you impose tedious security protocols universally without explaining it properly to those expected to follow it.
I'm willing to bet that as the NSA continues to expand its digital monitoring divisions, it has increased the use of contractors a lot. And not all of them might be aware of the supremely sensitive nature of the information they are dealing with.
The thing that makes me even more convinced that this is what's going on is that you don't see a lot of leaks/breaches from NSA officers(agents? not sure what the correct terminology is) but mostly from contractors. Hell, Snowden was also a contractor and not a member of the NSA. Maybe they need to realize that this kind of cost cutting is just not worth it.
A 25 day old anonymous HN acct is controlled by a shill attempting to deflect attention in readers minds (which we know Russia does along with every other nation state)
Or
WSJ made the whole thing about Russia hacking computers up, which really we already know their intel community does, just like every other nation states
Occams Razor again:
Google, Equifax, Yahoo, NSA are incompetents with technology as they have all suffered data breaches recently (waymo+uber is a breach in the same sense the NSA contractor took home data they were vetted to access and it was used outside its scope of access)
Or
We’re suffering a mass delusion driven by marketing and fear that perfect security is possible, just these very good tech groups sucked at it (of course no one out there benefits from the public doubting these groups abilities right?)
Given humans long history of buying in to mass delusions (religion, nationalism, what brands one buys matters), Occam’s razor seems clear on this
The problem is that people are fallable, often wrong, and always overconfident. Many presidents believe they can delegate the work of actually being president by blindly trusting those below him. In practice, you find the government to be filled with normal human beings doing their best in an organization where the shareholders are insane and irrational.
>There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?
First, even if they were giving access to their genuine source code repository, there's absolutely no guarantee that the binaries aren't backdoored by Kaspersky, FSB, or both. Alternatively, they could just hand over a phony copy of the source.
It's kind of a pointless offer. There's no real reason to deny, but there's also no reason to accept. If the fear is that their products might be influenced or backdoored by hostile intelligence agencies, the only reasonable solution is a total boycott.
(And yes, I very much understand the exact same could be said of the NSA and a lot of US-made software.)
> For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine?
At some point you have to actually use your exploits, they can't all stay in secure airgapped machines. Malware is made to be used and to be used it must be copied. Obviously taking it home is egregious, but it's not like securing a private key or launch codes.
>And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia.
Russia invaded Ukraine & Crimea, ended up downing a civilian airliner killing them all.
Slaughtered hospital workers in Syria after following victims of regime chemical weapons attack to the facilities.
Has been funneling heavy weapons like T90 tanks into sub-state militias, including the designated terrorist org Hezbollah.
Is currently attacking people who have documented all of this, regardless of what nation they live in. Has attempted to get Canada to take down and expose citizens using their services to publicize Russia's actions.
What will it take to get you to understand Russia is at war with the world? Does another civilian airliner need to be downed? Should another analyst/journalist get kidnapped and brought into Russia to be disappeared?
Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia
Our current president has never had a critical thought enter his mind and not have it escape his lips, or his tweeting fingertips – yet Russia (and Putin in particular) have never been in his crosshairs. I think that this fact directly contradicts your hypothesis. Then there is also the mysterious change to the GOP platform around the time of the convention.
I'm going to go out on a limb and propose a hypothesis:
The DoD's hyper-innefficient contracting system rewards DC insiders and effectively limits the department's ability to invest where investment is needed while draining the public coffers of unfathomable amounts of money.
The DoD's hyper-ineffective personnel system inhibits personal development while at the same time making it nearly impossible to move laterally within the organzation, thus preventing thousands of experts in many fields (that is, many thousands of experts) from self-organizing into effective functional units.
These two issues have made the DoD ripe for attack in the digital domain, an area that has nothing to do with their other core missions areas which are all organized around delivering kinetic energy to adversaries.
Contracting instead of developing in-house capabilities is completely destroying the DoD and American military effectiveness. The corruption around that is posing a real, impactful threat to national security.
Fuck these people and their "free market" lies as a cover for outright theft of public funds.
It's not just in the cyber domain that this is a problem, but the cyber domain is one in which the corner-cutting, half-assed nature of the corruption is most visible because the damage is most easily exploited by foreign powers.
The power on the inside is more of a effective deterrent and great asset than a deficit for the DoD.
Economically how it works is that the DoD secures assets and locations around the world relating to the means of production of consumer components. American interests, especially the interests of the American consumer are definitely protected and represented for.
Where this model has failed for us is put a huge deficit in our self reliance with regards to consumer production. Due to globalization, American politicians have no urgent need to educate the workforce more than they already have, they can provide security and investment to produce a source of worldwide talent, all thanks to the contractors playing their crucial role in the ecosystem of American security.
What people fail to understand is that no organization or system is perfect. The DoD isn't organized for the new kinds of warfare being performed. The main job of the DoD is to protect American interests abroad, not operate in the background on American soil against hundreds, thousands of nation-state and criminal organizations.
The FBI does this job, they successfully work with hundreds of private contractors. You'd be surprised by the scale on which they are resourceful and helpful.
I hope NSA is doing the same with Russian Cyber Defense systems. This is what NSA should be focused on and not on turning its eavesdropping capabilities towards the homeland.
What if an adversary where to hack the NSA warehouses were all communications swept up by their eavesdropping efforts are stored?
I've been thinking about writing a spy thriller based on that premise, ever since the Snowden leaks. At this point I'd assign 30% probability that it's already happened.
> This is what NSA should be focused on and not on turning its eavesdropping capabilities towards the homeland.
Spying on Americans traditionally would be done by our allies, so we can trade info with them and have it all be "legal." The NSA is simply optimizing that chain away. :-P
They've already stolen a bunch of NSA's spying and mass hacking tools, so we're probably years away until stored data is stolen, too, if we'll even find out about it.
Count me as a skeptic on this one. NSA employee/contractor takes home classified docs and I am assuming hacking tools, Kaspersky detects the hacking tools and uploads them to Kaspersky, Kaspersky determines it's NSA tools, notifies the Russian government, Russian government hacks the computer and gets all files. Then somehow NSA is able to deduce all this information. I'm not saying this is not possible, but I think their level of conviction on this is too high. A home computer is not going to have access logs. So let's say they see NSA malware in the Kaspersky quarantine folder, and there is also other malware on the computer. They of course have to assume the worst, that Russia got all the files. But they are making a couple big logical jumps without proof. This article is just to sketchy on details for me to take it credibly.
Makes me think of the claim Cuba is using some kind of new radio brain weapon on US consulate workers in Cuba.
Remember the Chinese network equipment allegations? The agencies said hey had backdoors. That was never proven but what we know is that the agencies had access over nearly all Cisco equipment.
Now Kaspersky is the next 'unsafe' non-American company... There are only allegations from an unreliable source: the agencies have lied regularly.
I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
> Remember the Chinese network equipment allegations? The agencies said hey had backdoors. That was never proven but what we know is that the agencies had access over nearly all Cisco equipment.
They had exploits for both Cisco and Huawei actually.
> There are only allegations from an unreliable source: the agencies have lied regularly.
I don't recall that happening, do you have a few specific examples?
> I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
Sounds like a very bold claim to make, but no substantiation.
Nov 15, 2017, to Congress: "I can categorically deny that there were any leaks of this nature during my tenure as Director of National Intelligence."
June 22, 2020: "Well, yes, I did say at the time that I denied it. But I said 'categorically denied'- that is to say, under certain conditions, or categories, this could be denied. That is what I meant and I stand by that. I also used the word 'can,' which is a sort of conditional; look it up in your grammar books. I did not say 'I do deny,' but 'I can deny.' There are conditions that might allow one to deny this assertion: i.e. what exactly is a Russian, what does it mean to leak, or to have leaked, or to have an inadvertant leak. That is what I meant and I stand by that also."
This came up in congress a couple weeks ago didn't it? I think Rubio had mentioned Kapersky it knowing that it was a public hearing... some speculated that this was perhaps because he was privy to some classified things he couldn't say publicly but wanted to get the word out that they can't be trusted.
There's always been a strong narrative, but for a government to call out another commercial entity and or government for spying is a dangerous game and only played when it's a big enough issue. It's all politics, they're spying, we're spying, it's when that crosses the line and we need to slap hands that matters. Further the public disclosure of facts to support are risky in that they can give away, tools, capabilities, or accesses that may be unknown to the foreign actors.
For it to hit the news and the government to ban it, took many years of balancing and finally something internal broke the camels back so to speak. I'm not sure if this was it, but I'm going to go out on a limb and say it's probably not an isolated case.
how Kaspersky was ever thought to be "okay" in the US enterprise/government market has always been perplexing to me. Antivirus, something which literally inspects all of your files and network activity, made in the country that's a hotbed of blackhat activity and home one of the most aggressive cyber-espionage militaries outside the US. yea okay great, sign me up.
In general there is much to be said about the huge amount of code that runs from thousands of sources on every machine.
Most OS comes with hundreds of drivers, many created by hardware makers all over the world, running with root privileges / kernel mode. And then you add to that all of the software that you install, developed by companies or volunteers all over the world, and running all sort of third party libraries, etc.
The chain of trust is huge. I'd be shocked if there was any computer in any US administration that wasn't running some piece of code written by a russian national.
Well, at this point, which anti-virus product you use is gradually devolving to "which state do you want to spy on you?". And the problem is, the answer may not be "the state I live in", since that state is the most likely to tax and otherwise regulate you.
Sorry. I have a point -- towards the end. Even if it's one that gets me downvoted:
In my personal life, I've been wrestling with the decision to "do the right thing" and, for example, pay for digital media I consume. Help a friend in need, who doesn't really reciprocate (because, "the children", among other things). Purchase the health care insurance that takes away money I could otherwise spend on immediate treatment.
In each area, I've felt increasingly screwed over.
Shrinking catalogs, and money I paid spent on lawyers ensuring ever-greater rent-seeking as opposed to actual access to content.
My friend's health on the rebound, while mine has suffered, including from the depression induced by their abandonment of our friendship once I was, apparently, no longer necessary.
A health care system that keeps jacking prices and trying also by legislative manipulation to push me out the door of coverage, regardless of my best efforts to work with it.
In all these matters, I'm coming to think that part of my failed response comes down to a simple matter: Don't pay. Stop paying the very systems and people that or who are screwing you over.
So, here we have the NSA, that is (who are) ever more showing themselves to be incompetent with regard to what we hope they would accomplish, and outright aggressive and abusive with regard to us and matters that we consider commercial contract law, not their business, distracting rather than helpful, etc.
Helping prop up private IP rights and rent-seeking. Domestic spying. Accumulating so much data on everything that they can't see the needle for the haystack -- so, grow the haystack!
I'm hardly one of these bullsh-t "Conservative" (that's with a big "C", to differentiate from the actual noun/adjective, "conservative"), "shrink/starve the government" types. Government plays an essential role: It is the definition of our collective organization and governance.
But in some areas, I really want to say, let's simply stop paying for this shit.
Because when we pay for it, we only make it stronger. Not the effective governance we aspire to. Instead, this incompetence that also threatens aggression against its own society.
WSJ and any other media outlet aligned with the globalist, pro-Clinton, pro-EU world view.
I knew the whole "Putin ate my election" angle was getting completely out of control when I started seeing people claim, with a straight face, that Russian interference was somehow behind Brexit. It's the same people making the same tenuous claims about any political change they hate - it's not legitimate because anyone who disagrees with me has been brainwashed by tweets.
If the article contains the words 'cyber' you can pretty much be assured they've got plenty of 'authoritative' government sources who are inherently anti-Russian. From my experience it's certainly not new, even for WSJ.
I've read plenty of non-fiction espionage books and it's a safe bet to expect the American ones to be dripping with Russian paranoia. Warranted or not. They never gave that up after the cold-war, unlike the public. And non-technical journalists rely heavily on their sources expertise, more so than most subjects.
Is it just me, or is this possibly related to the Vault 7 materials on Wikileaks, and thus the WannaCry attacks that brought the NHS to its knees this past year?
I remember that Kaspersky helped to investigate some of cyberattacks perfromed allegedly by western agencies. Could not these articles be a part of revenge campaign to punish them?
And another thought, if we cannot trust foreign AV software, does it mean that every country must have at list one national AV product? Or maybe it would make sence to make some special API for AV software so that it can check files and processes but cannot send data to the Internet?
I believe the allegation isn't that Kasperky was used to exfiltrate the data, but that Kasperky is passing information about certain files on customer computers to Russian Intelligence.
In this case, they believe the presence of NSA malware samples on the contractor's computer, detected by Kasperky, was used to target him.
Interesting. After seeing the gloves come off in the last month or so, it hit me just this morning that one could make the case for it being a bad idea to have a system with root access to thousands of US systems in Russian jurisdiction.
By fake news you mean the stuff that Russia created in the US, and Sputnik and RT and Breitbart and Fox, right? That's the true fake news.
For the reason why people are trying to redefine the term "fake news" into being stuff in real outlets with real journalists like WSJ (this article), read this great piece from Masha Gessen:
http://www.nybooks.com/daily/2017/05/13/the-autocrats-langua...
I agree that there is a lot of Russia blaming and such but this article is pretty credible. Only of course US newspapers aren’t gonna be writing about the hacks that they succeed in.
NSA /CIA and our National Security is as secure as the weakest link. They need not be traitors, just people that got too complacent...while Russia never sleeps (Like NSA does when Russians and others screw up.)
It isn't easy but if tens of thousands people have access to something, it's just a matter of time. And they need access "to connect the dots" so it's a losing game.
This is an oddly one-sided comment on a complex issue. A computer is an incredibly complex, incredibly large attack surface, and when you have millions of computers exposed to the internet and exchanging data, the chances of a state actor gaining a foothold in a government system is almost 100%. This goes for both sides: Russia has likely hacked the US a thousand times over, and the US has likely hacked Russia a thousand times over.
indubitable|8 years ago
It is stupefying that NSA contractors/employees would be genuinely copying classified information that is heavily related to national security, and then just loading it up on their personal Windows PC with no apparent encryption or access controls. For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine? Then there are issues like the NSA being so anxious and happy to leak this information, and then them indirectly 'wink wink' confirming it publicly completely destroying the purpose of we don't comment on speculation --- when you start commenting on certain speculation, it indirectly says something about other speculation that you actually choose not to comment on. They're also seemingly unconcerned that somebody is leaking information that, if true, shows the NSA to be incompetent and also exposes attack vectors for enemy actors. There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?
Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia. Or at the minimum start Red Scare 3.0. I have no idea why they would want to do this, but I tend to abide Occam's razor, and this all being true requires a lot more effort than this just being "Yellowcake 2.0."
dreamfactored|8 years ago
Russia (and China and others) have an advantage here in having recently been run as controlled states and having much of the bureaucratic apparatus and social habits still in place (e.g. bring your passport to buy a train ticket to another town; little old lady stationed on every floor of a hotel keeping an eye on comings and goings etc).
spaceseaman|8 years ago
I mean, there's verifiable evidence Russia tried to influence our election. That's pretty new for a lot of Americans. I imagine that's why the government and the media are running wild with it. Mueller is still investigating. I would say to wait till that report comes out before jumping to conclusions. I personally don't think the media and government are gearing up for some Russia conflict. This is just the first time Russia has been so involved in our politics since the Cold War, and the media is rightly running with that idea. Is it that unbelievable for some people that Russia was involved in trying to influence our election? I can't tell if you're rightly scared of the media or just can't believe Russia would do something bad.
With respect to the quality of work at the NSA?
"Never attribute to malice that which is adequately explained by stupidity"
And finally with respect to all the leaking... I think it's pretty clear that's just the NSA's lack of confidence in its leader.
0xfeba|8 years ago
0 - https://news.ycombinator.com/item?id=15336362
dragonwriter|8 years ago
Uh, while there were some media collaborating with the government propaganda, the government's case for war was thoroughly and pretty completely debunked in the mainstream media, nearly in real-time.
Few people paid as much attention to that as what the government was saying, which the media reported as, well, what government officials were saying, but the media would have been negligent not to report that. They can hardly be responsible for the strong effect of confirmation bias combined with official-sources bias among the population.
pm90|8 years ago
I'm willing to bet that as the NSA continues to expand its digital monitoring divisions, it has increased the use of contractors a lot. And not all of them might be aware of the supremely sensitive nature of the information they are dealing with.
The thing that makes me even more convinced that this is what's going on is that you don't see a lot of leaks/breaches from NSA officers(agents? not sure what the correct terminology is) but mostly from contractors. Hell, Snowden was also a contractor and not a member of the NSA. Maybe they need to realize that this kind of cost cutting is just not worth it.
jejeuei73737|8 years ago
A 25 day old anonymous HN acct is controlled by a shill attempting to deflect attention in readers minds (which we know Russia does along with every other nation state)
Or
WSJ made the whole thing about Russia hacking computers up, which really we already know their intel community does, just like every other nation states
Occams Razor again:
Google, Equifax, Yahoo, NSA are incompetents with technology as they have all suffered data breaches recently (waymo+uber is a breach in the same sense the NSA contractor took home data they were vetted to access and it was used outside its scope of access)
Or
We’re suffering a mass delusion driven by marketing and fear that perfect security is possible, just these very good tech groups sucked at it (of course no one out there benefits from the public doubting these groups abilities right?)
Given humans long history of buying in to mass delusions (religion, nationalism, what brands one buys matters), Occam’s razor seems clear on this
c3534l|8 years ago
shallot_router|8 years ago
First, even if they were giving access to their genuine source code repository, there's absolutely no guarantee that the binaries aren't backdoored by Kaspersky, FSB, or both. Alternatively, they could just hand over a phony copy of the source.
It's kind of a pointless offer. There's no real reason to deny, but there's also no reason to accept. If the fear is that their products might be influenced or backdoored by hostile intelligence agencies, the only reasonable solution is a total boycott.
(And yes, I very much understand the exact same could be said of the NSA and a lot of US-made software.)
nickbauman|8 years ago
Remember Vietnam? Same thing happened. GoT Incident was a joke.
https://en.wikipedia.org/wiki/Gulf_of_Tonkin_incident
unknown|8 years ago
[deleted]
jonknee|8 years ago
At some point you have to actually use your exploits, they can't all stay in secure airgapped machines. Malware is made to be used and to be used it must be copied. Obviously taking it home is egregious, but it's not like securing a private key or launch codes.
RandVal30142|8 years ago
Russia invaded Ukraine & Crimea, ended up downing a civilian airliner killing them all.
Slaughtered hospital workers in Syria after following victims of regime chemical weapons attack to the facilities.
Has been funneling heavy weapons like T90 tanks into sub-state militias, including the designated terrorist org Hezbollah.
Is currently attacking people who have documented all of this, regardless of what nation they live in. Has attempted to get Canada to take down and expose citizens using their services to publicize Russia's actions.
What will it take to get you to understand Russia is at war with the world? Does another civilian airliner need to be downed? Should another analyst/journalist get kidnapped and brought into Russia to be disappeared?
What is your threshold of acknowledgement here?
pohl|8 years ago
Our current president has never had a critical thought enter his mind and not have it escape his lips, or his tweeting fingertips – yet Russia (and Putin in particular) have never been in his crosshairs. I think that this fact directly contradicts your hypothesis. Then there is also the mysterious change to the GOP platform around the time of the convention.
runesoerensen|8 years ago
"New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats"
https://twitter.com/e_kaspersky/status/915946040561487875
Edit: Kaspersky press release https://usa.kaspersky.com/about/press-releases/2017_kaspersk...
tlrobinson|8 years ago
unknown|8 years ago
[deleted]
killjoywashere|8 years ago
The DoD's hyper-innefficient contracting system rewards DC insiders and effectively limits the department's ability to invest where investment is needed while draining the public coffers of unfathomable amounts of money.
The DoD's hyper-ineffective personnel system inhibits personal development while at the same time making it nearly impossible to move laterally within the organzation, thus preventing thousands of experts in many fields (that is, many thousands of experts) from self-organizing into effective functional units.
These two issues have made the DoD ripe for attack in the digital domain, an area that has nothing to do with their other core missions areas which are all organized around delivering kinetic energy to adversaries.
SomeStupidPoint|8 years ago
Fuck these people and their "free market" lies as a cover for outright theft of public funds.
It's not just in the cyber domain that this is a problem, but the cyber domain is one in which the corner-cutting, half-assed nature of the corruption is most visible because the damage is most easily exploited by foreign powers.
zghst|8 years ago
Economically how it works is that the DoD secures assets and locations around the world relating to the means of production of consumer components. American interests, especially the interests of the American consumer are definitely protected and represented for.
Where this model has failed for us is put a huge deficit in our self reliance with regards to consumer production. Due to globalization, American politicians have no urgent need to educate the workforce more than they already have, they can provide security and investment to produce a source of worldwide talent, all thanks to the contractors playing their crucial role in the ecosystem of American security.
What people fail to understand is that no organization or system is perfect. The DoD isn't organized for the new kinds of warfare being performed. The main job of the DoD is to protect American interests abroad, not operate in the background on American soil against hundreds, thousands of nation-state and criminal organizations.
The FBI does this job, they successfully work with hundreds of private contractors. You'd be surprised by the scale on which they are resourceful and helpful.
uptown|8 years ago
Access via Archive: https://archive.fo/szjBQ
el_duderino|8 years ago
strictnein|8 years ago
iloveluce|8 years ago
What if an adversary where to hack the NSA warehouses were all communications swept up by their eavesdropping efforts are stored?
comicjk|8 years ago
Synaesthesia|8 years ago
Re: Spying on the homeland, governments generally regard the domestic population as a threat and and enemy.
white-flame|8 years ago
Spying on Americans traditionally would be done by our allies, so we can trade info with them and have it all be "legal." The NSA is simply optimizing that chain away. :-P
mtgx|8 years ago
zghst|8 years ago
deeth_starr_v|8 years ago
Makes me think of the claim Cuba is using some kind of new radio brain weapon on US consulate workers in Cuba.
mhkool|8 years ago
Now Kaspersky is the next 'unsafe' non-American company... There are only allegations from an unreliable source: the agencies have lied regularly.
I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
willstrafach|8 years ago
They had exploits for both Cisco and Huawei actually.
> There are only allegations from an unreliable source: the agencies have lied regularly.
I don't recall that happening, do you have a few specific examples?
> I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.
Sounds like a very bold claim to make, but no substantiation.
austincheney|8 years ago
mtgx|8 years ago
https://www.salon.com/2013/06/11/500000_contractors_can_acce...
Also, I believe I read a recent article about them allowing even more private companies access to this stuff, but I can't find a link right now.
mhneu|8 years ago
https://20committee.com/2014/11/24/how-many-snowdens-are-the...
cl289|8 years ago
Nov 15, 2017, to Congress: "I can categorically deny that there were any leaks of this nature during my tenure as Director of National Intelligence."
June 22, 2020: "Well, yes, I did say at the time that I denied it. But I said 'categorically denied'- that is to say, under certain conditions, or categories, this could be denied. That is what I meant and I stand by that. I also used the word 'can,' which is a sort of conditional; look it up in your grammar books. I did not say 'I do deny,' but 'I can deny.' There are conditions that might allow one to deny this assertion: i.e. what exactly is a Russian, what does it mean to leak, or to have leaked, or to have an inadvertant leak. That is what I meant and I stand by that also."
ericfrederich|8 years ago
086421357909764|8 years ago
For it to hit the news and the government to ban it, took many years of balancing and finally something internal broke the camels back so to speak. I'm not sure if this was it, but I'm going to go out on a limb and say it's probably not an isolated case.
random023987|8 years ago
Brilliant
jakelarkin|8 years ago
cm2187|8 years ago
Most OS comes with hundreds of drivers, many created by hardware makers all over the world, running with root privileges / kernel mode. And then you add to that all of the software that you install, developed by companies or volunteers all over the world, and running all sort of third party libraries, etc.
The chain of trust is huge. I'd be shocked if there was any computer in any US administration that wasn't running some piece of code written by a russian national.
joe_the_user|8 years ago
unknown|8 years ago
[deleted]
unknown|8 years ago
[deleted]
pasbesoin|8 years ago
In my personal life, I've been wrestling with the decision to "do the right thing" and, for example, pay for digital media I consume. Help a friend in need, who doesn't really reciprocate (because, "the children", among other things). Purchase the health care insurance that takes away money I could otherwise spend on immediate treatment.
In each area, I've felt increasingly screwed over.
Shrinking catalogs, and money I paid spent on lawyers ensuring ever-greater rent-seeking as opposed to actual access to content.
My friend's health on the rebound, while mine has suffered, including from the depression induced by their abandonment of our friendship once I was, apparently, no longer necessary.
A health care system that keeps jacking prices and trying also by legislative manipulation to push me out the door of coverage, regardless of my best efforts to work with it.
In all these matters, I'm coming to think that part of my failed response comes down to a simple matter: Don't pay. Stop paying the very systems and people that or who are screwing you over.
So, here we have the NSA, that is (who are) ever more showing themselves to be incompetent with regard to what we hope they would accomplish, and outright aggressive and abusive with regard to us and matters that we consider commercial contract law, not their business, distracting rather than helpful, etc.
Helping prop up private IP rights and rent-seeking. Domestic spying. Accumulating so much data on everything that they can't see the needle for the haystack -- so, grow the haystack!
I'm hardly one of these bullsh-t "Conservative" (that's with a big "C", to differentiate from the actual noun/adjective, "conservative"), "shrink/starve the government" types. Government plays an essential role: It is the definition of our collective organization and governance.
But in some areas, I really want to say, let's simply stop paying for this shit.
Because when we pay for it, we only make it stronger. Not the effective governance we aspire to. Instead, this incompetence that also threatens aggression against its own society.
campuscodi|8 years ago
peoplewindow|8 years ago
I knew the whole "Putin ate my election" angle was getting completely out of control when I started seeing people claim, with a straight face, that Russian interference was somehow behind Brexit. It's the same people making the same tenuous claims about any political change they hate - it's not legitimate because anyone who disagrees with me has been brainwashed by tweets.
dmix|8 years ago
I've read plenty of non-fiction espionage books and it's a safe bet to expect the American ones to be dripping with Russian paranoia. Warranted or not. They never gave that up after the cold-war, unlike the public. And non-technical journalists rely heavily on their sources expertise, more so than most subjects.
I prefer getting my infosec news from infosec people: https://twitter.com/matthew_d_green/status/91601649974720512...
52-6F-62|8 years ago
codedokode|8 years ago
And another thought, if we cannot trust foreign AV software, does it mean that every country must have at list one national AV product? Or maybe it would make sence to make some special API for AV software so that it can check files and processes but cannot send data to the Internet?
dreamfactored|8 years ago
That also goes for pretty much every online platform from search to shopping to social. N.B. The Russians and Chinese are already doing precisely this
beagle3|8 years ago
jpelecanos|8 years ago
open_bear|8 years ago
blackflame7000|8 years ago
NN88|8 years ago
[deleted]
dralley|8 years ago
In this case, they believe the presence of NSA malware samples on the contractor's computer, detected by Kasperky, was used to target him.
1001101|8 years ago
TempleOS|8 years ago
[deleted]
NN88|8 years ago
igivanov|8 years ago
How do we know it's not another piece of fake news riding the wave of "Russia did it"?
mhneu|8 years ago
For the reason why people are trying to redefine the term "fake news" into being stuff in real outlets with real journalists like WSJ (this article), read this great piece from Masha Gessen: http://www.nybooks.com/daily/2017/05/13/the-autocrats-langua...
Synaesthesia|8 years ago
mozumder|8 years ago
I want you to think your cunning plan through. What do you think would happen if journalists actually lied?
beepboopbeep|8 years ago
[deleted]
tryingagainbro|8 years ago
It isn't easy but if tens of thousands people have access to something, it's just a matter of time. And they need access "to connect the dots" so it's a losing game.
TheAdamAndChe|8 years ago
vkou|8 years ago
Do you have a number of reliable sources for this, or is it just unsubstantiated us-vs-them jingoism?
mozumder|8 years ago
He used Kaspersky on his home computer.
Russian government hackers stole the documents."
https://twitter.com/ericgeller/status/915983591737319427
So, yah, avoid Kaspersky AV software.
unknown|8 years ago
[deleted]
unknown|8 years ago
[deleted]
keda|8 years ago