I don't get all the fuss about portscanning is either - anything connected to the Internet will be subjected to packets sent to it because the Internet is public; if you don't want others, government or otherwise, to know that there's a machine present at an IP, then it should be your responsibility to configure it so it doesn't reply.
There was a lot of noise when the Heise story was released with people concentrating on the use of nmap and saying that using nmap is not shocking.
For me the disturbing thing was the pipeline - nmap, fingerprint, identify weak systems and then compromise those systems. Those compromised systems are then used for further surveillance or attacks.
Before the Heise story, I naively believed that this sort of automated attack was only done by organised crime.
Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.
Yeah, that is disturbing, and it should be made illegal.
I mean, I'm game to make it illegal if it's not already, and it probably already is illegal in the countries where that would be going on.
But when I advocated the viewpoint that unauthorized access to computers was illegal and disturbing back with Aaron Swartz, that viewpoint didn't seem as popular at Hacker News for some reason.
Likewise when Jeremy Hammond admitted to hacking into Stratfor and was duly sentenced, that didn't seem super-popular here.
So if people want strong legal controls (and I do), then great! Let's have those, keeping in mind legal controls apply to everybody, with the state having at least as much authority and power (and often much more) than the public at large.
If people instead believe that the intent and the underlying cause of what you do completely justifies one's actions, then don't be surprised when you see "Bad Guys" doing "Bad Things" because they also deeply believe that what they are doing is right, essential, and good for humanity in general.
Personally while I thought that while Aaron Swartz was guilty of something, the charges DAs were pressing for were disgustingly and flagrantly incommensurate, and I was distressed at the abuse of government power.
I didn't really follow the Jeremy Hammond case, can't speak to it.
I don't really have a problem with penalties for computing crimes, but I firmly believe that the punishment should be commensurate with the crime.
The commonality with NSA and with Swartz is that you have heavy-handed authority figures flagrantly abusing their power with impunity. That's the part that I take issue with. Swartz was headed for a prison term and life as a felon for downloading a lot of documents he technically had legal access to (the issue was with the way he downloaded them). I don't think he didn't break any rules, but what he engaged in was in all respects a victimless crime. The NSA has abused its power in ways that are mind-boggling, lying to the Congress and continuing with illegal programs after being told to stop, abusing the privacy of the public in ways that have ramifications of such a scale that are hard to even sorted out, but nobody is seeing any justice for things that look like serious crimes. Nobody is even being charged with anything.
Comparing computing crimes of individuals vs. the government hacking citizen's computers and violating basic civil liberties is that the government engaging in the same act is doing something far more dangerous, harmful, and abusive, and the punishments should be far more severe, since the dangers from that abuse are far, far more serious, but instead they are non-existent.
Whatever else NSA's been doing, it hasn't been "with impunity", it's been in coordination with allied intelligence agencies (including the German BND that was spying on Turkey, Kerry, and Clinton...), and as Snowden's own leaks demonstrate, a ton of oversight within and without NSA, the intelligence community, and the Executive branch itself.
Likewise with Swartz, it's not the prosecutors' fault that the evidence of what Swartz did was sufficient to cause a grand jury to indict on charges that could easily lead to a 1-2 year sentence (as admitted even by Jennifer Granick, no friend to the DOJ here).
> I don't think he didn't break any rules, but what he engaged in was in all respects a victimless crime.
Mapping the Internet is a victimless crime too. Hell, even hijacking computers to aid in proxying those port scans is a victimless crime. Spammers running botnets on Aunt Edna's Windows 98 box is a victimless crime, so I hope you have something better than that.
> Comparing computing crimes of individuals vs. the government hacking citizen's computers and violating basic civil liberties
Did you read the linked article? NSA isn't hacking citizen's computers, except maybe for citizens in non-Five Eyes countries. Likewise NSA wasn't the one who lied to Congress, but then I can't expect people to keep the agencies that most risk their civil liberties straight now can I? :)
And the tradeoff with "far more severe punishments" even for civil servants trying to stay within the law, is naturally "far less severe restrictions" on operation of those civil servants.
If the deal is "you can do whatever is right and proper, but screw up and you go to Leavenworth" then I'd argue that the civil liberties impact would be much more of a net negative. Putting restraints and oversight and restrictive policy and all the rest is much safer IMHO, but the tradeoff there is that when government agencies make a good-faith effort to stay within those restrictions (as even the Snowden leaks have indicated with regard to NSA) that you wouldn't expect heads to roll even if a court later disagrees.
"but the tradeoff there is that when government agencies make a good-faith effort to stay within those restrictions (as even the Snowden leaks have indicated with regard to NSA) that you wouldn't expect heads to roll even if a court later disagrees."
We must live in parallel universes, only bridged by a single message thread. Since in my universe your account of the NSA is a bizarro-world inversion of what we have here, I am pretty jealous of you getting to live there.
I don't think even most prosecutors would have the balls to say something as fucked-up as that. One who scoffs at the threat of criminal court proceedings, in this nation, does so from a very privileged position. A more charitable person than I would hope you never have the misfortune to discover how wrong you are.
What I'm saying is that you cannot have your cake here and eat it too.
Strong laws? Great, you'll have an Aaron Swartz every 5 years at least, especially as long as those laws continue to make common-sense computer crimes like breaking into a subnet (now matter how easy or difficult that was to do technically!) legal crimes as well.
Weak laws? That's fine too, but don't be surprised what a dedicated "advanced persistent threat" can do under a weak legal regime.
That is not at all my interpretation of your other comments on this page, but let's go with it...
If APT were "real" instead of marketing/lobbyist bullshit, like "al Queda" and "the domino theory", what could we imagine "strong laws" doing to combat it? Does anyone suggest we pull a Baghdad in Shanghai or St. Petersburg? How strong is a law that can't be enforced, really?
By all means. Then the government agent will just walk out the building, put on his "private citizen" ball cap, and resume spying using all the authorities any random citizen would have.
That's why I pointed out the state often has much more power, as we wouldn't bother having the state do it in the first place if anyone could do it for themselves.
Yeah. If you consider "Congress" (who can declare war) and "Executive Branch" (the organization that does the spying) are the same "organization"... sure.
For the most part, the US Government is composed of very many different organizations who are specifically designed to not work together very well.
I think they don't care if it's illegal. They believe their actions are justified. The primary problem with that assumption is that they are the ones that justify it.
We are bored in the city, there is no longer any Temple of the Sun. Between the legs of the women walking by, the dadaists imagined a monkey wrench and the surrealists a crystal cup. That’s lost. We know how to read every promise in faces — the latest stage of morphology. The poetry of the billboards lasted twenty years. We are bored in the city, we really have to strain to still discover mysteries on the sidewalk billboards, the latest state of humor and poetry:
Showerbath of the Patriarchs
Meat Cutting Machines
Notre Dame Zoo
Sports Pharmacy
Martyrs Provisions
Translucent Concrete
Golden Touch Sawmill
Center for Functional Recuperation
Saint Anne Ambulance
Café Fifth Avenue
Prolonged Volunteers Street
Family Boarding House in the Garden
Hotel of Strangers
Wild Street
And the swimming pool on the Street of Little Girls. And the police station on Rendezvous Street. The medical-surgical clinic and the free placement center on the Quai des Orfèvres. The artificial flowers on Sun Street. The Castle Cellars Hotel, the Ocean Bar and the Coming and Going Café. The Hotel of the Epoch.
And the strange statue of Dr. Philippe Pinel, benefactor of the insane, fading in the last evenings of summer. Exploring Paris.
And you, forgotten, your memories ravaged by all the consternations of two hemispheres, stranded in the Red Cellars of Pali-Kao, without music and without geography, no longer setting out for the hacienda where the roots think of the child and where the wine is finished off with fables from an old almanac. That’s all over. You’ll never see the hacienda. It doesn’t exist.
Great post! Great link! What a writer! Some subsequent portions are really good: half a century earlier expression of Unabomber-style anti-technocratic sentiment imbued with the Parisian aesthetic. Dreams. Sunrise. Pre-brutalist architecture. Things society has almost forgotten, or banished to the Disneyland of yore... powered by travel selfies.
For one, it's obviously quite good literature, of the "manifesto" style favored by modernist movements.
Second, it makes perfect sense. It describes things seen in strolling around a city (Paris in this case), listing funny street names and shop titles. Plus some references to older art and poetry movements (namely dada and surealism), regarding their promise of a "fuller life" etc.
Not sure what it has to do with TFA, but surely not the work of a "room full of monkeys".
Certainly not a room full of monkeys, but I'm having great difficulty trying to disprove the hypothesis that this wasn't just a Markov chain generator left to generate a few paragraphs.
Probably it's just like with Perl code. Can look like line noise to someone uninitiated, but if you know the syntax, operators etc you see that it's not and what it does.
For me, who know the surrelist and dadaist history references (and the place, so to speak, this text is coming from -- it's a plea from a bored existential youth for an "exciting" city and an exciting life) every line makes sense and has its place.
What I mean is, it's not absurdist -- like some dadaist poetry. He picked his words to convey a specific message, and the references and metaphors work in this context.
In any case I guess the revelance of said paragraphs depends on what the Markov chain generator had been fed. Leaves me wondering if we are or can be, at times (and when), Markov chain generators.
I really hope all this some day is just some horrible chapter in a book that remembers how governments used to spy on their own citizens and how crazy that seems to everyone "now".
Governments are either kept honest by a vigilant population of actual citizens (instead of people only interested in their personal affairs) or are mostly a tool for the rich and powerful to maintain a favorable order.
(The only third alternative to a government for the multitudes and a government for the rich is the direct rule of the rich and powerful without or with minimal government, as in the calls for "deregulation" which seldom favor the average Joe).
() What the ancients of the Athenian democracy used to call "idiots". The word comes from "idiotis", the term for someone not caring to participate in public affairs and policy decisions -- and literaly means "private".
Deregulation in the sense of removing price controls and barriers to entry is typically good for everyone, examples include airlines and craft beer brewing.
Deregulation in the sense of stripping very specific regulations designed to prevent exploitation are typically good for the owners of capital and bad for everyone else. Examples include the Depository Institutions Deregulation and Monetary Control Act (Led to Savings & Loan calamity), the Gramm Leach Bliley Act (Led to GFC), California's attempts to deregulate the energy market (Led to Enron and the energy crisis). It's easy to imagine many more scenarios where industries could be deregulated that would cause massive harm to most of society -- virtually all environmental controls fall into this category.
Some of those scenarios could have been prevented if more facets had been deregulated, but they weren't so we lost trillions of dollars in real value and drove debt through the roof.
I see what you and shiven mean.
I agree those partial deregulations are bad. I say partial because that's not what I usually mean by "deregulation". "Stripping very specific regulations" is just that, just another law being passed, that flips some switch on or off.
When I asked for examples I thought we were talking about total deregulation (I previously thought deregulation was a binary thing - either something is regulated or it isn't at all) but I see it is used in other senses (although it is a bit perplexing to me).
> Some of those scenarios could have been prevented if more facets had been deregulated
Deregulated Wall Street Banks --> Products like CDOs --> Real Estate bubble --> average Joe's Retirement Funds investing in said bubble (via Wall Street Banks) --> Bubble burst (as always) --> Retirement Funds lose huge amount of money --> average Joe's golden years are now made of lead (Pb) --> Bad for average Joe, his wife Jane and his kids and grandkids (go on, think how).
Deregulation, throughout history (explore the pre-1930's, pre-GreatDepression US economy), has always left average Joe in a badly disadvantaged state, for the long term.
Isn't the local network block always at least a /64 or /80 or so? Thus even knowing which blocks are handed out means you still have an IPv4-Internet-sized task for each one.
>I really hope all this some day is just some horrible chapter in a book that remembers how governments used to spy on their own citizens and how crazy that seems to everyone "now".
Sadly I'm not sure if this will ever happen, at least not for a very long time. Governments are just going to make the surveillance more subtle, as technology and research improves.
Ironically Jacob Appelbaum, allegedly an investigative journalist who reported this issue, is responsible for this project on GitHub that does exactly the same thing:
I don't see where blockfinder is actually reaching out and pinging servers to see what's up where. blockfinder seems to be downloading well known data sources as to where IPs are. The project the government is being accused of doing is essentially running a distributed nmap along with geo information.
Please, read the article that's referenced on GitHub:
"He beckons me over to one of his eight computers and presses several keys, activating Blockfinder. In less than 30 seconds, the program lists all of the Internet Protocol address allocations in the world — potentially giving him access to every computer connected to the Internet. Appelbaum decides to home in on Burma, a small country with one of the world's most repressive regimes. He types in Burma's two-letter country code: "mm," for Myanmar. Blockfinder instantly starts to spit out every IP address in Burma.
Blockfinder informs Appelbaum that there are 12,284 IP addresses allocated to Burma, all of them distributed by government-run Internet-service providers. In Burma, as in many countries outside the United States, Internet access runs through the state. Appelbaum taps some keys and attempts to connect to every computer system in Burma. Only 118 of them respond. "That means almost every network in Burma is blocked from the outside world," he says. "All but 118 of them."
These 118 unfiltered computer systems could only belong to organizations and people to whom the government grants unfettered Internet access: trusted politicians, the upper echelons of state-run corporations, intelligence agencies.
"Now this," Appelbaum says, "is the good part."
He selects one of the 118 networks at random and tries to enter it. A window pops up asking for a password. Appelbaum throws back his head and screams with laughter — a gleeful, almost manic trill. The network runs on a router made by Cisco Systems and is riddled with vulnerabilities. Hacking into it will be trivial.
It's impossible to know what's on the other side of the password. The prime minister's personal e-mail account? The network server of the secret police? The military junta's central command? Whatever it is, it could soon be at Appelbaum's fingertips."
"Mapping the domain" is one thing all military agencies try to do, just like if you were a hacker who gained access to an unfamiliar subnet you'd likely try to figure out the lay of the land.
I'm more surprised that NSA didn't already have programs to map the Internet, given how long nmap has been around.
However it has the key words N, S, and A so let's just assume it's something sinister and evil.
It is just how their bureaucratic apparatus evolved within its rules and constraints.
At some point a 3 letter agency got a large sum of money and was told "here, gather intelligence". So they did. Hired people, poured money into projects, training, equipment, contractors, promotions. All this wrapped in secrecy and hidden in its own world. Joe Schmo head of department X heading cellphone baseband radio firmware hacks will make sure to lobby for his department and tell everyone how there are all these terrorists everywhere running around discussing dirty bomb plans over cell phone conversation, and only his department can save the world. Does he care about the world? No, but he cares about getting more recognition, more money, a larger budget, more people under him and so on.
Every time something like a terrorist attack, war, defections, leaks happened the tendency is not to evaluate, scale down and reconsider where they are headed. But to ask for more budget, more equipment, more projects. Basically double down.
So it is not that there is a cabal conspiring to hold us down that meets in a dark basement some place. But rather the constraints and rules present, if not actively thought against will lead to this.
Another element in this is that those that might disagree with how things are run, don't get to rise high enough to the top to make a difference. Here we had Binney, Snowden and a few anonymous leakers. But it is not like they could have reason to the top in the administration to make a change from within so to speak. To steer the agency on a Constitutional path. So the top if full of those who believe in doing things the same way they are already being done.
Their goal for some time now[1] is to keep cash flowing through the military-industrial-complex. They obviously don't have any kind of focus on actual intelligence work, or they wouldn't be so bad at basic practices like compartmentalization[2]. Even the ways they could abuse their surveillance capabilities seem to be more of a "bonus". They could be much worse, but that would distract form their business of piping cash to their "contractor" friends.
Interestingly, the recent mess the EFF has been reporting on (Jewel v NSA) where they tried to retcon the public court record has - in the public court record - the DOJ lawyers delivering[3] and incredible Freuidan-slip. While arguing that basically nobody can ever have standing to challenge their Section 215 based activities, they mention this: (caps in original, emphasis mine)
ALL THESE TERRIBLE DISCLOSURES THAT OCCURRED OVER THE PAST YEAR -- IN FACT,
THIS IS THE ONE YEAR ANNIVERSARY -- DISCLOSURES THAT WE ARE CONVINCED THAT
HAVE SERIOUSLY HARMED THE NATIONAL SECURITY OF THIS *COMPANY*, WE HAVE CONTINUED
TO PROTECT THE IDENTITY OF PARTICULAR TELECOMMUNICATION CARRIERS THAT ARE
ALLEGED TO HAVE ASSISTED THE NSA,
"national security of this company". wow.
[1] According to William Binny and others. This recent interview mentions it, as to many others.
[2] For example, how the hell did Snowden even have access to that many sensitive docs? Even as a sysadmin, he didn't "need to know" a lot of that. They use to take that kind of practice deadly seriously.
I think the assaults on your sanity are likely more the result of sensationalized/incomplete reporting. The biggest issue I have with most of the Snowden reporting is that if the article doesn't outright jump to assumptions that aren't supported by the source material, they usually have unanswered questions and written in such a way that would cause the reader to jump to the worst possible conclusion. I'm not sure on the entirety of what's actually going on, but the only hard facts I can gleam from the original article[1] are: 1) GCHQ has an nmap/zmap-like tool (not surprising) 2) the various intelligence agencies hack their targets (not surprising) 3) they apparently gain control of relays to obscure their tracks (potentially disconcerting, but makes sense...) 4) the only criteria that was discussed was the fact that the relays can't be located in Five-Eyes countries (Slide 18).
Bruce Schneier made a couple of observations on the slide decks[2]:
24 people were able to identify "a list of 3000+ potential ORBs" in 5-8 hours. The presentation does not go on to say whether all of those computers were actually infected.
...
The slides never say how many of the "potential ORBs" CSEC discovers or the computers that register positive in GCHQ's "Orb identification" are actually infected
Despite this, the article authors have no problem tossing in assertions not made in their source material, such as: "these spy agencies try to attack every possible system they can, presumably as it might provide access to further systems. Systems may be attacked simply because they might eventually create a path towards a valuable espionage target, even without actionable information indicating this will ever be the case." or "Thus, system and network administrators now face the threat of industrial espionage, sabotage and human rights violations created by nation-state ad- versaries indiscriminately attacking network infrastructure and breaking into services." Heck, as far as I can tell they apparently threw in Slide 9-16 (what appears to generic description of network hacking) solely so that they could include the phrase "The NSA presentation makes it clear that the agency embraces the mindset of criminals." (Neglecting to mention that the supposed "tools to support this criminal process" are a Wireshark dump of an ICMP ping response [Slide 14], what looks to be an FTP session labelled "Iraqi Ministry of Finance" showing an attempt at brute forcing the administrator account [Slide 15], and a screenshot of a freshly opened cmd.exe [Slide 16])
If the average person reads through this without looking at the text critically, they're going to walk away thinking "holy crap, they're hacking everyone!", which would indeed be terrifying. The problem is that the evidence needed to reach that conclusion isn't actually there. Nothing is shown regarding any actual process for selecting hosts to use as relays, or any actual number of hosts that they hack into. One commenter on the Schneier article[3] points out that they can't just indiscriminately gain control of hosts - the host isn't necessarily going to be reliable and the chances of them getting caught increase quickly as the number of hacked hosts increases. Nor do they mention if there is any effort to assess the potential political damage that may arise from the target selection. I'd be pretty pissed if I found out that my laptop was being covertly used to hack on their behalf, but on the other end of the scale I don't care if some random open SMTP server in Nigeria is being used by the NSA to spy on North Korea.
Nothing is shown regarding any actual process for selecting hosts to use as relays, or any actual number of hosts that they hack into
To quote parts of figure 18 in the Heise story:
CSECS Operational Relay Box (ORB) ... subsequently used for exploits... 2/3 times a year, 1 day focused effort to acquire as many new ORBs as possible in as many non 5-Eyes countries as possible.
I interpret this as "hack many hosts as possible in a given short timeframe".
But it's still not a number - how many are actually being hacked in this manner? Hundreds? Thousands? Millions? Five? There's not enough context given to tell. That picture on slide 18 with all of the redactions just below the quote you cite shows 63 egg-shaped (or maybe "orb" shaped?) icons with various colored halos and warning symbols next to them. If I were to make an educated guess based on that slide, I'd guess that CSEC controls a total of 63 relays. If I only read the article, I'd assume several orders of magnitude more.
The point that I was trying to make in my earlier comment is that when we read an article like that we tend to instinctively ask more questions, and if the answers to our questions aren't there we tend to make assumptions. Depending on both our own biases and the biases of the author presenting the information, our assumptions are often way off the mark (in either direction).
Here's some questions I would pose to the authors of that article that aren't answered:
How many hosts are being hacked?
Who owns the hosts being hacked? Have the authors taken steps to inform the owners? If not, what is the reason they chose not to?
What are those hosts normally used for and by whom? What is the scale of the privacy implications associated with NSA/GCHQ/CSEC using this host?
What criteria are considered when they select a host to hack to use as a relay?
Thanks, this is the kind of response I was looking for. I was under the assumption, after reading a couple of articles that they were more or less hacking anything they could, and creating a network of vulnerable machines that could then be used as a relays.
I appreciate you taking the time to write this up - I will have to invest some time into going over these sources more carefully.
Notice people with quite a bit of money don't cease money-making activities. They tend to increase them. Sometimes money and power are their own end goal.
I don't get all the fuss about portscanning is either - anything connected to the Internet will be subjected to packets sent to it because the Internet is public; if you don't want others, government or otherwise, to know that there's a machine present at an IP, then it should be your responsibility to configure it so it doesn't reply.