This is exactly what the NSA should be doing. Everyone (rightfully IMO) complains about overly broad data collection happening within the USA, but here (as with stuxnet) you have the exact opposite, a targeted foreign activity conducted with care and targeting. I know it's not for everyone (not least because not everyone is in the states, huh), and it could be considered a bad precedent, but it's not like Iran asked our permission before they launched their nuclear program, or other states are actually waiting on the US's example to have their own intelligence services do their jobs. If you hold that something like 9/11 should be prevented, and that (actual) WMD programs should be stalled, then it follows that this is a fine way to go about it.
You make a good point, but the part about Iran asking for our permission before starting the nuclear program doesn't really add much. Of course they didn't ask, just like the US didn't ask before starting our nuclear program. A nation state is an autonomous entity, and doesn't ask permission before making any action within its own borders.
The US, and any other nation state, will of course conduct covert operations, including spying on other nation states. I don't find anything inherently wrong or immoral about this, but I don't think anyone can act surprised or indignant if other nation states don't like being spied on or hacked. You don't gain the moral high ground by pointing out they didn't ask for our permission to build something in their own borders.
Yes, we spy on other nations, and we probably should; but the consequence of that is that other nations will trust you less when you are caught, and that is just the natural consequence of spying.
As a signatory to the NPT, which has been ratified by the United States and is therefore law, Iran is legally entitled to have a nuclear energy program.
It's not particularly easy to tell facilities for making enriched uranium (viable as fuel) from facilities making weapons-grade HEU.
Sure it is: anytime you enrich uranium beyond 5%, you're trying to make a bomb.
Iran was proudly announcing enriching over 60%, which is the highest amount anyone, anywhere, ever, needs to do (60% is for neutron-optimized research reactors).
Not to sound snarky but Saddam was boasting sitting on an arsenal of WMDs before the world found out there was zero truth to it. That's why UN inspections are used, however effectively, you just can't rely on Government propaganda to establish facts.
The NPT works the other way around. It is a bargain between the nuclear weapons powers and the non-weapon powers. Non-weapon powers get access to civilian nuclear technology and know-how in exchange for a promise (and safeguards) to not develop weapon systems. Additionally weapon powers agree to negotiate towards an end to all nuclear weapons (but in a very woolly, no real commitment kind of way).
Non signers get no access to any technology or know-how from signers but are free to act as they please. Israel, Pakistan and India all fall into this category. They can act as they please.
1. US law provides for ratified treaties to have the same force as federal law (https://en.wikipedia.org/wiki/Treaty_Clause)
2. The US and Iran have both ratified the NPT
3. The NPT guarantees the rights of signatories to establish peaceful nuclear programs
4. It's therefore, in theory, illegal under US federal law (which of course, at least applies to US persons) to interfere with the establishment of a peaceful Iranian nuclear program.
The practice of course, differs greatly from the theory. This is because, as per usual, law is more about politics than law.
I am from germany and I hope most of americans don't have this point of view.
1. give up freedom for some stupid terrorist attacks? why should we? We've lost the keystone of freedom when we do this and they have already won.
2. Do you really think these extensive intelligences do stop terror? (maybe they do sometimes, but terrorists will find new ways)
3. IS and others are the result of the Iraq war which was a offensive war from the US justified by a lie (Sadam had no weapon of mass destruction). Do you still think that America is the world police? The reputation of the US has gone rapidly down in the last decade. For the most here in germany the US are not the good ones any more. Other countries have their own way of life. America has to accept that.
> "give up freedom for some stupid terrorist attacks?"
What level of freedom is lost here? We're NOT talking about mass surveillance generally but the targeted access described by the OP. It's the difference between the police parking a van outside a suspected gang hideout (hopefully after getting a warrant), and parking a van outside every home in America. Most Americans are OK with the former and NOT OK with the latter. And, IMHO, that's a valid trade-off to make in a democratic society.
You might object to a particular surveillance target (Merkel), which is understandable. But would you object to spying on Putin? I suspect even Germany (especially Germany) would be okay with the NSA conducting targeted surveillance of senior members of the Russian military with ties to Eastern Ukraine.
In an ideal world, there would be no surveillance or any surrender of liberty in any scenario. But the world is not ideal and compromises are made. Germany is not immune to this. Case in point: Hate speech is illegal in Germany, which is understandable given German history, but a violation of free speech rights in the U.S. The challenge is not to reject all infringements of freedom wholesale but to identify where lines can be drawn between what can be tolerated and what must not.
They excluded a few countries and two usernames. Medium-level infection reached 18 countries.
I think it's foolish to defend alleged NSA operations when the NSA won't even acknowledge such operations.
If the government wants to have a debate about the rules of digital warfare (or a particular war), then let's. If they don't, then why should we defend their secret tactics? We have no idea what the motives and objectives are of these operations. And we have little knowledge about how they've affected people, innocent or otherwise.
Your casual analogy to parking vans outside homes seems reasonable. Until you consider what that actually means in our real life. For instance, vans outside homes has been a large part of the war on drugs which has imprisoned a staggering number of black youth. What do you think is the analogous fallout of this malware? Drone strikes? Defend those.
The notation that a debate on the rules of digital warfare will do anything is questionable.
Arms control limitations (SALT,START), the hague convention, etc, work because there are means of verifying countries adhere to what they agree on (and ostensibly punishing those who don't).
Given the difficulty of attributing cyber attacks (e.g. Sony), much less cyber espionage, there's little reason to think this is possible in this case. And that's just for direct action.
If we're talking about tactics and capabilities, it's impossible. How are you going to make sure there aren't 30 people somewhere writing malware for a government? You can't, at least absent far more invasive spying or some kind of DRM that makes writing malware illegal.
My point was mostly that I will not defend secret war/aggression/cybercrime especially in light of recent history. I'm surprised so many people here defend this malware claiming that it's (1) justified and (2) targeted. Since, we have no idea what it's for and it's heavily infected 18 countries. I'd guess they also support targeted torture and rectal hydration too. Just as long as it's not citizens. Except for just the really bad citizens.
No one in this thread has said they support torture. This malware has nothing g to do with torture. What was the point of that fake argument? Supporting targeted malware is not supporting torture.
There was some sarcasm in my comment above and I didn't fully detail what I meant.
The point was that something doesn't become ok just because it's targeted at non-citizens or the targets are more limited than simply everyone. (Unless other context can justify it... but we're being kept in the dark). It's still dragnet surveillance. Similarly torture is wrong and no amount of "targeting" can change that. So I think there's a disconnect in people who oppose mass surveillance but approve of this. I presume many people ok with this malware are opposed to torture; it wasn't to be taken literally.
If so, then it's hard to imagine how you could distinguish between those in such a way that labels the methods described in the article as dragnet surveillance, rather than non-dragnet.
When the state conducting torture and assassinations without due process of its own citizens is the one making the calls about who to round up or kill via metadata they are vis a vis.
> Case in point: Hate speech is illegal in Germany, which is understandable given German history, but a violation of free speech rights in the U.S.
Germany gave up that part of their free speech because of the horrors they inflicted upon the world, they wanted to prevent happening ever again no matter what. I've yet to see the USA make any kind of adjustment for the atrocities, torture, murders, war crimes they pulled.
Point is, the USA doesn't have any more slack left over. So yeah targeted surveillance that might otherwise considered fine and just if it were done by the "good guys" or even just a responsible party, is going to be met with a large amount of suspicion. And for good reason. These are powerful capabilities the USA doesn't even seem to be able to keep in check internally, who knows what it'll be used for (at the very least it'll show up in economic/corporate espionage, that's a certainty).
> Germany gave up that part of their free speech because of the horrors they inflicted upon the world, they wanted to prevent happening ever again no matter what. I've yet to see the USA make any kind of adjustment for the atrocities, torture, murders, war crimes they pulled.
This comparison really isn't apt or constructive. Not only has none of the top US leadership been indicted for war crimes in the ICC or by the UN, but the German state and quite a number of the German people knowingly participated in the extinction of at least 12 million people. Whether you think that the Iraq War was right or legal or not doesn't matter unless there is an indictment and conviction. In addition, the sum total of the crimes-- whatever they may be-- do not add up to total societal or national culpability.
There is this Bush guy, easily the most hated US president to date by rest of the world (ie those +-95% of human race outside US). Let's not get too much into his lackey Rumsfeld...
If in some ridiculous alternate reality Iraq would defeat US & UK and would actually went on and conquer them as nations, theye guys (joined by UK PM for examlpe) could easily end up in similar trial and be hanged.
As you know, rules and history are written by vinners ;)
There is this Bush guy, easily the most hated US president to date by rest of the world (ie those +-95% of human race outside US). Let's not get too much into his lackey Rumsfeld... If in some ridiculous alternate reality Iraq would defeat US & UK and would actually went on and conquer them as nations, theye guys (joined by UK PM for examlpe) could easily end up in similar trial and be hanged.
That really doesn't matter to my argument above, though, does it? Whether or not the world hates the guy doesn't make him a war criminal. And whether or not he's hated doesn't change the fact that there hasn't been an indictment, much less a conviction, outside of Malaysia.
To briefly comment on your alternate scenario it's important to point out that Victor's Justice is not the same as a War Crimes trial.
As you know, rules and history are written by vinners ;)
History PhD here and I can say with confidence that this isn't true. In the US there is and was an enormous amount of literature by former Confederates and neo-Confederates defending the antebellum American South and the American Civil War. Similarly, in the aftermath of the Second World War there was a large number of exculpatory memoirs by German generals. These more or less informed the historical literature in the aftermath of the Second World War for an entire generation.
Re-read the comment chain. Was not denying the existence of mass surveillance. But the comment at the top of this chain states that targeted malware (the subject of the OP) is distinct from mass surveillance. Which seems to be mostly true.
The difference between the NSA and German Intelligence is that the reach of NSA is larger than that of the BND. Other than that the BND also is not required to afford foreign nationals any privacy protections and is known to regularly intercept metadata in Germany. Unrestricted surveillance of foreign nationals is regulated in the G10-law, named after the article in the Grundgesetz it circumvents, but the BND has simply overreached its power and also collects data on German nationals. The control committees are also secret, just like the US FISA courts.
So before we get all high and mighty, we should probably clean up our own act here in Germany. Of course the G10 laws were dictated by the Military control committee, when they relinquished direct control in the 70s. For that reason it will be somewhat hard to simply change, especially because our interior ministers have had an unblemished record in support of more mass surveillance.
I think if you start with the assumption that it would be unacceptable for the US government to do nothing about protecting the American people from terrorist attack, the kinds of targeted cyber-espionage described in the article sound pretty reasonable.
They're better than launching entire wars that kill hundreds of thousands of people, cost unfathomable amounts of money, and last for over a decade, without really achieving the objective of making the country safer.
They're better than torturing people.
They're better than mass surveillance of the entire population of the country - if not the world.
Of all the things the government could be and should be doing, spying on people that in high likelihood are a threat to the US sounds like the one I'm OK with them continuing. You have to admit, slowing down another country's nuclear weapons program with a computer virus is vastly preferable to pretty much any other option on the table - even including "peaceful" sanctions which end up having a human cost.
It's almost as if there's some mutually beneficial relationship going on between US and European intelligence and military agencies, and the anger of Europe's governments is mostly political sideshow...
The USA works very hard to radicalize anti american factions within a country. If the choices are US backed dictator, or religious nutjob, its not much of a hard choice.
I can understand feeling morally opposed to it, but a realist might tell you that it's important to spy on the German government simply because it's a powerful actor, even if it's an ally of the United States.
That realist would be a fool who takes the exasperated statements of politicians at face-value. Were any long term trade agreements threatened? Embargoed in a way where they actually did it, not just talked about it? Was military cooperation withdrawn, diplomatic ties severed?
Absolutely none of this happened. A lot of words happened. Mysteriously, for exactly as long as Snowden was in the news right up till Russia invaded the Ukraine.
It is unreasonable to do nothing to stop the loss of innocent lives.
However the war on terror is a media beat-up that sells papers, keeps eyes glued on tv's and serves to support the agenda of politicians who capitalise on the state of fear to get elected.
This is particularly evident in the United states- as a visitor there over the past several years the level of discourse on terrorism is completely out of keeping with the actual threat, or the level of fear in my own country (australia) despite our proximity on all cultural datapoints
how many terrorists in a cave have the sort of it infrastructure that require the equivalent of a Manhattan-project of cyber-espionage? (I mean, re-writing manufacturers hdd firmware?! Wow!)
> They're better than launching entire wars that kill hundreds of thousands of people, cost unfathomable amounts of money, and last for over a decade, without really achieving the objective of making the country safer.
So is doing nothing at all.
> They're better than torturing people.
So is doing nothing at all.
> They're better than mass surveillance of the entire population of the country - if not the world.
So is doing nothing at all. We have three horrible solutions, and one that's just terrible. Maybe we should look for a good solution instead.
Most Americans are apathetic. Of those of us not apathetic, those opposed to the widespread espionage of the three letter agencies are in the minority.
It's been heartbreaking watching the American reputation decline worldwide while also watching the inverse rise of the amoral and unrepentant technocrat here in America. It's a Golden Age for technology and a Dark Age for culture.
Most Americans probably have no idea what the NSA is, even now. I'm sure most of my college friends who weren't computer science majors couldn't say what it was or what it did.
Soviet citizens probably knew more about what was going on than Americans do now.
Many Americans are uninformed and many are apathetic. But Thucydides said the same thing about Athenians. I don't believe it's as simple as blaming American citizens.
Americans get information about the world through substandard education, uninvestigated journalism and high-fructose entertainment. The reporting on American policy outside America is far better than the reporting on it inside the country. Yes, Americans inherit this government, but as long as America is a superpower, so does the rest of the world.
1. I don't think the scope of these efforts are based solely around terrorist activity. They are very wide-ranging in scale, and seem to be a natural extension of the USA's foreign policy. In an ideal world it would be nice if neighbours didn't spy on each other, but in the real world, everybody spies.
2. Yes, clearly they do, and also alter the course of some very dangerous activities a la Stuxnet and Iran's nuclear program. Just because it's possible to circumvent these measures, doesn't mean they shouldn't be use either. Firstly, you've made it more difficult for terrorists and other parties to communicate effectively, which is already a win. Secondly, they will of course be updating their methods as well. I doubt very much that what we're seeing here is the be all / end all of NSA's capability. This is implied in the article, where the group hands down certain exploits / technologies for actual implementation, but tends to keep things back. A blow, to be sure, but I doubt we've seen it all yet.
3. ISIS are not the result of the Iraq war. It's very important to understand that ISIS are simply the most recent manifestation of a fundamentalist Islamic sect known as Wahhabism [1]. As convenient as it is to blame them on simple cause and effect, the reality is, as always, far more complex. Essentially this is a group of ultra-fundamentalist muslims, who have for a long time been part of Saudi's political structure. What we are seeing now is a return to their radical roots, backed by disenfranchised and poorly educated muslims across the Middle East. These are people who were left out of the massive oil money influx during Saddam's regime, and are now fighting tooth and nail against any and all transgressors - muslim and Westerners alike.
If anything this makes a case for the NSA's activities, not against it. It's not the US's meddling that caused these issues (although it certainly hasn't helped); these are deeply ingrained philosophies in Middle Eastern culture. I don't know about you, but I'd rather have a very good understanding of their power structure and where they're putting out feelers, than not.
So killing hundreds of thousands of civilians had no effect whatsoever in allowing extremism and hatred of the US to thrive? How about our arming of the Syrian rebels, do you also believe our policy of handing out weapons like they're candy did nothing in assisting warmongers to engage in war?
No, I don't believe that handing weapons to people turns them into fundamentalist terrorists, and I don't believe the Iraq war created a group whose modus operandi has been the same since the 1800's.
Take a look at the article I linked above; this form of religious extremism has been a powerful ally to those seeking political power in the Middle East for a long time. Saudi Arabia was built on the back of Wahhabism, which it then tried to subvert into a conservative institution to ensure its rule.
In short, these guys like to play with fire to further their ambitions, and ISIS is the latest explosion. If you reduce ISIS to 'this happened because we did this', then you're missing a whole lot of narrative, not to mention understanding of the situation.
Why do you think they're so well-funded, and well-organised? This is not the result of a corrupt war that decimated Iraq's population, it's an ambitious power play that appears to be getting out of hand (again).
Religious extremism, and in fact extremists of all kinds, always exist everywhere. What the USA has done has been to topple organized states or regimes that were able to keep some order and rule of the law in their territories, fuel hatred and desperation by killing hundreds of thousands of people, bombing the cities and destroying any form of economy, also with the aid of a decade long and ferocious embargo (the estimates put to a million the victims of the embargo, mostly children), and finally providing weapons and training to "rebels" to produce internal revolts to weaken the "enemies". A myopic and downright evil strategy that is now fully showing its obvious results.
It's not just terror. We've got Mr. Putin out there, who at best can be described as someone willing to pursue his own interests no matter the cost. So, should we have no capabilities to defend against him. Sorry to say, but since Europe spends so little as a percent of GDP on defense, it effectively outsources defense to us, while simultaneously making fun of us for our low spending on social programs. You cannot pretend there is no tradeoff here.
Putin is no hero, but Russia's response to a USA sponsered coup of a Democratic Ukraine is hardly surprising. God-honest Nazis run Ukraine, i'm not joking, NEO-NAZIs, that is the sort of people US policy planners are willing to support in their idiotic attempts to create failed state on the border of Russia. What do you think US response would be if China or Russia or Iran tried that same bullshit in Mexico?
> "Do you really think these extensive intelligences do stop terror?"
I was under the impression that stuxnet had a demonstrably negative impact on the capacity of the Iranian nuclear program to enrich uranium. Of course, there's a whole different argument on whether or not that's in support of "terror".
The problem is it undermines trust in American technology products in general. If the Snowden revelations were that the United States was bugging Iran, Libya and North Korea and monitoring all their communications, that would be one thing. However, we know now that EVERYONE is under surveillance. Therefore, how do we know they aren't doing this to everyone as well?
Fair enough - although with this set of revelations at least it's been credited at least to mail interdictions. I was responding in a limited matter to this project, this is an example of what I'm personally fine with them doing. Other people may very well have more trouble mentally compartmentalizing the broad range of activities that the NSA (and other digital espionage agencies within the US government) are up to. Many of which are clearly unconstitutional and should be (and appear to, in some cases) now being scaled back.
In any case, to answer the specific question, we can be pretty sure that our we're not infected with official US government 0day malware by the practical considerations - they go to pretty considerable lengths to keep the spread limited (per the reporting) because once Kaspersky or any other researcher gets their hands on it the utility of the toolsets goes away or becomes highly limited.
This malware isn't needed to infect every individual machine. This is just another tool in the long list of tools that the NSA has. Compromise the CA's and a few other key infrastructure machines, and now all our communications are laid as bare as plaintext. The fact that I'm not interesting enough for the NSA to target me individually does not mean that my communications are secure.
CAs are not magic decryption boxes. If you compromise a CA, you can generate a false certificate, but this certificate is non-repudiable: it is a sequence of bytes which you must present to the system you are attacking, and which is conclusive, independently-verifiable evidence that the CA has been compromised. While the NSA almost certainly could do something like this, they would run a very high risk of detection every time they did it.
Pretty much everyone is going to carry on plugging in US-sourced media just as they did before, and be happy and unconcerned about it.
To borrow from James Mickens [1] the vast majority of people's thread modelling falls into the 'NOT-MOSSAD' category. People with a 'MOSSAD' threat model should not have been inserting arbitrary removable media into their secure computers in the first place, so their habits don't need to change. Although obviously some people either incorrectly assessed their threats, and need to upgrade them, or were careless and need to be more careful...
This statement is the most upvoted piece of propaganda I've ever seen on Hacker News. I think the shills that Greenwald told us all about are all over HN too.
There's no point in praising anything the NSA does unless you are perfectly happy with them destroying security for the entire world and spying on everybody at all. The NSA has the power to blackmail politicians and run the country. They lied to congress. They are a completely rogue agency. And you praise them!
You need to pick your battles. Nobody is going to listen to your serious concerns about NSA overreach if you're freaking out any time the NSA does anything at all. If you hope to rein in the NSA, impose real oversight, and limit its power, you're going to have to start by acknowledging that "shut down all US intelligence agencies" is not a real policy proposal and not everyone who thinks the NSA has some legitimate role to play in US security is a paid government shill.
Yep, it is exactly the same rhetoric, word for word as used in other NSA-praising comments on HN. Posted by a 1-year old account that had exactly 1 comment in their history until today.
It's a shame HN doesn't auto-minimize the sub-comments once they get to a certain size and depth to make it easier to view other OPs. I often find that the first comment dominates the tone of the discussion about an article making it an easy target for astroturfing campaigns like this one.
To your point, I read the OP and thought to myself that it seemed very familiar, I then checked the details on the user account and feel reasonably confident in thinking that it is a targeted attack. It's just sad that it worked so well.
That's not exactly the same wording, and there are many expressions of the same sentiment in different words. Why insist on believing that this is some nefarious conspiracy rather than the simpler explanation that some - perhaps even many - people sincerely believe that it's acceptable for governments to perform espionage?
It's not propaganda, it's a reasonable observation about the NSA's duties, and it's not meant to tell the whole story. The conspiracy types need to tone down a bit so that a thought-out and nuanced discussion can take place. You're just ranting and throwing Alex Jones and Greenwald buzzwords around, disabling any real insight.
But the pro-government shills ARE here. That's not paranoia, that's fact, unless you think they'd target Reddit only for some reason, which makes no sense. So why can't we talk about them? If we don't face up to the reality of this kind of propaganda, we won't be able to have proper discussions about important topics like this one.
As the other responder to me pointed out, this account had ONE post to its name almost a year ago before the post I responded to today. I don't think they got their money's worth out of this one due to how easy it was to spot, but all the other ones upvoting it are earning their pay.
You think I am accusing him of being a shill because I don't agree with him? Have you seen his posting history? That's pretty much the definition of a shill who isn't trying very hard. Much more dangerous are the ones who actually make normal posts on stories throughout the year and only turn on the propaganda when the discussion turns to the NSA and government activities. Those ones you can't detect.
I don't understand why you're more upset with me for pointing out propaganda than the propaganda machine itself.
Because your evidence that yeahyeah is a shill is circumstantial at best, and sowing doubt by invoking an intangible enemy within whose only observable property is disagreement with some orthodoxy is itself blatant propagandism.
And even a cursory glance throughout this thread would reveal that it isn't exactly brimming over with warm and fuzzy feelings about the US, so I don't know what it is you're worried about. This pervasive shilling you claim is happening here doesn't seem to be working.
You may be right. You may very well be right. But you're not accomplishing anything except signaling to people that if they think too hard about certain points of view, then they're just being stooges. You can argue against it without stooping to the same tactics you're accusing others of.
I'm not attacking someone just because of his opinion, nor am I advocating that. I'm calling out a shill. Look at the facts. One post before today. A pro-NSA post that reads like rhetoric. This post is voted up to the very top comment of the discussion, DESPITE the lack of "warm and fuzzy feelings about the US". Now, in a conversation where the sentiment is so anti-NSA, why do you think this has so many upvotes? That's evidence of rigged voting. That he has failed to sway opinion here does not at all mean that he isn't a shill.
That's enough evidence to convict.
Look, here's an article where you can start reading about these kind of psyops: http://ultraculture.org/blog/2014/02/26/reddit-shills-tried-... Discussion forums like this one need to be aware of this sort of thing going on. We have to talk about it. We have to try and point out people whose job it is to steer conversations to their liking. It is the right of a free people to associate and freely converse with their peers and make up their own minds free of malicious interference and cointelpro. If government agents actively manipulate public opinion in favor of them, and the public opinion is different from what it otherwise would be, then there is no democracy. That is wrong.
What can we do, when there's no proof? We can use our brains and examine the evidence. We can call out obvious shills to try and stem the tide. That is what I am advocating for. We should point out obvious shills so that discussions have more of a chance at reaching their natural conclusions. You seem to be advocating that we do nothing at all, and that is what I disagree with.
And here I just figured folks would think it was a throwaway account that somebody used to avoid having paranoid internet trolls dig into their online presence. Seemed like such a good cover, too.
>You seem to be advocating that we do nothing at all, and that is what I disagree with.
Not at all. I'm only suggesting that what you're doing is counterproductive.
> Now, in a conversation where the sentiment is so anti-NSA, why do you think this has so many upvotes? That's evidence of rigged voting.
It might be. But we don't actually know how HN's voting algorithm works (secret sauce), and we do know for a fact that the HN staff will manipulate vote gravity in order to make the content of a thread more accurately reflect 'quality'. So it's not exactly ironclad evidence of government vote rigging, when Hacker News is a black box which is rigged by design.
It's also not out of the realm of possibility that more people who agree with yeahyeah's point of view have upvoted him than people have upvoted other threads. And this is a long thread, so the effect of commenting and upvoting throughout may be cumulative. And some comments in other threads have been downvoted into near oblivion.
>If government agents actively manipulate public opinion in favor of them, and the public opinion is different from what it otherwise would be, then there is no democracy. That is wrong.
Actually, I would argue that is democracy working as intended. The government has the right to present its point of view and try to convince people to agree with it - that is literally how democracy is supposed to work. The government may be trying to 'actively manipulate public opinion in their favor,' but on a discussion forum, so is everyone else. That's the point of a forum, and it's especially true on HN, where die-hard capitalists and anarchists and everyone in between all fight for the intellectual high ground. The government doesn't actually have some kind of magic that makes people believe them, theirs is just one more voice in the herd.
>What can we do, when there's no proof? We can use our brains and examine the evidence. We can call out obvious shills to try and stem the tide.
I think a more effective countermeasure would be to examine the evidence of the arguments presented and call out lies when you encounter them. Attack the comment, not the commenter, particularly since you're never going to have more than suspicion and confirmation bias as evidence.
> It might be. But we don't actually know how HN's voting algorithm works (secret sauce), and we do know for a fact that the HN staff will manipulate vote gravity in order to make the content of a thread more accurately reflect 'quality'. So it's not exactly ironclad evidence of government vote rigging, when Hacker News is a black box which is rigged by design.
> It's also not out of the realm of possibility that more people who agree with yeahyeah's point of view have upvoted him than people have upvoted other threads. And this is a long thread, so the effect of commenting and upvoting throughout may be cumulative. And some comments in other threads have been downvoted into near oblivion.
So because there's no absolute proof, he's not a shill. How about deciding what's more likely? What is more likely: that this post was voted to the top despite lack of support in the thread, or that a circle of upvoters voted it up? Remember, it is a LOT easier to hit that upvote button than to make an actual contribution to the discussion, so you would expect to find that a ring of shills would operate in that fashion. One posts, as that takes actual thought and effort, and the rest upvote.
> Actually, I would argue that is democracy working as intended. The government has the right to present its point of view and try to convince people to agree with it - that is literally how democracy is supposed to work
If they want to convince people of their point of view, then why can't they do it legitimately?
Do you somehow think that this sort of behavior isn't subversive? That it doesn't work? And that makes it okay for the government to manipulate public opinion in this way?
It's okay. I can't believe you think that. There is one hell of a difference between presenting your own point of view and having thousands of fake people presenting the views that they are paid to.
> I think a more effective countermeasure would be to examine the evidence of the arguments presented and call out lies when you encounter them. Attack the comment, not the commenter, particularly since you're never going to have more than suspicion and confirmation bias as evidence.
No. Doing both is much more effective. Otherwise they control the first posts, they make a sense of a false consensus in their favour, and these things really can influence how people think. Don't believe me? Research it yourself.
I would much rather people make up their own minds instead of being tricked into thinking what the government wants them to. I still find it hard to believe that I live in a world where the latter is what actually happens.
>What is more likely: that this post was voted to the top despite lack of support in the thread, or that a circle of upvoters voted it up?
You're assuming those are the only two credible possibilities. This thread could also be at the top because of the cumulative lack of upvotes, or the weight of downvotes (which have been biased to count more compared to upvotes), in other threads. Or because of the effect of upvotes on individual posts, or its relative length compared to the others. I think it's too complex and opaque a system to read so definitively, particularly given the effort put into it by the staff to prevent exactly the sort of gaming you're talking about.
Although, yes, given those two scenarios specifically, the 'circle of upvoters' is the more plausible.
>If they want to convince people of their point of view, then why can't they do it legitimately?
That's the problem - what you're calling out as evidence of illegitimate actions could just as well be legitimate. Your evidence is that people apparently agree with and voted up yeahyeah, and that yeahyeah's account seemed insufficiently 'real'. Have you taken into account the possibility that people might actually agree with the post?
>Doing both is much more effective. Otherwise they control the first posts, they make a sense of a false consensus in their favour, and these things really can influence how people think. Don't believe me? Research it yourself.
But I have a hard time believing that people are that malleable, or that such a simple tactic could be so effective. Although there is perhaps a good argument to be made against karma-based systems being in any way meritocratic, 'consensus' on Hacker News doesn't really count for much.
Just for giggles, I'll let you reply to yourself on this one:
> You seem to think it's a good idea to summarily believe accusations with no evidence and no attempt to involve the legal system and convict someone in the court of public opinion just because somebody said something.
Me thinks you managed to derail the conversation to a much greater degree than yeahyeah ever could. Saying this as someone who likes voluntaryism but acknowledges that it might be an idealist view that is incompatible with many hidden variables of the real world, I acknowledge that three-letter agencies might have a place in this world. Yeahyeah just pointed this out. He didn't prevent you from creating good counterarguments. He made a very valid point, that unlike dragnet surveillance of snowden this revelation is more targeted, and invited you to a discussion of whether it has a right place in this world. You on the other had shat across the screen with tangential accusations. Me thinks you are the shill.
> There's no point in praising anything the NSA does unless you are perfectly happy with them destroying security for the entire world and spying on everybody at all.
That is a ridiculously absolutist statement. Do you really stand by this? It's not possible that some things the NSA does are good and beneficial, because other aspects of that organisation are questionable?
I'm sorry, but your entire post comes off as very partisan - and quoting Greenwald plays into this as well. Hell, I am left-leaning by nature, but I've had to unfollow him on twitter recently, as he portrays everything in the worst, most dramatic light possible. Don't get caught up on the hate train.
Any sort of praise or tacit approval for the NSA reduces people's anger towards them. Any reduction of anger towards them helps breed complacency. This is why they would make a post like this at all. People need to be mad at them in order to want change badly enough.
This is a big story about cyberespionage. It comes out of Kaspersky Labs, a Russian company and hardly a front for the NSA. It would be surprising if the story _didn't_ make the front page, and it would be surprising to me if in a forum which prides itself on serious discussion no one would make the comment that heads this thread.
That such a comment would be the most popular suggests nothing about psyops involvement unless you assume such an opinion doesn't exist in the theater in which the conversation takes place. The suggestion of such manipulation is useless without evidence, and is therefore not an actionable accusation. It assumes by default bad faith on the part of those who disagree with you and makes actual discussion difficult or impossible.
Furthermore, such an accusation is as much of a sideshow as any manipulation you're alleging.
If, rather than making wild assumptions, you made actual counter-arguments (as many are doing above), you might convince others of what you believe to be true, and you might bring those who once disagreed with you to join in the fight on your side.
Not right. If the US was peaceful, there wouldn't be much of an argument for developing nuclear weapons, but the US is the most aggressive nation in the world, and nuclear weapons are the only thing that give them pause. The actions of the US since the end of World War II - invading other nations at will, interfering in their internal affairs, starting secret wars - give legitimacy to nations who want to develop nuclear weapons for their own defense. Nuclear weapons bring safety from you.
As far as superpowers in history go, the United States post WWII is downright benevolent. The other contenders in recent memory being: the Soviet Union, the British Empire, Nazi Germany, Imperial Japan, the French Empire, the Italian Empire, Austria-Hungary, and so on and so forth.
Once the United States starts claiming pieces of South America and Arabia as their sovereign territory you can start shouting about Iran's self defense. The United States is far from perfect, and all the criticisms you leveled are completely true. But be honest about the situation. The only thing that Iran's government is protecting by developing nuclear weapons is their own corrupt regime and their influence in the middle east.
Why run an overt colony system when you can achieve the same control by destabilizing existing governments?
The CIA is known for its activities in countries like, gee, Iran, where they overthrew the existing DEMOCRATICALLY elected government and installed a monarch instead.
Or see the case of Guatemala, where on the advice of businessmen the democratic government was overthrown on charges of 'communism' with lots of help from the US.
Yeah, iranians screwed up when they took US embassy hostages. It's a fact (too lazy to put references) that that embassy was actively messing with the iranian state (I would like to see how US would react if some foreign embassy did same intensity stuff in US) and that revolution was overthrowing corrupt dictator directly installed by UK & US. They should just politely kicked them out of country, and not giving US administration more cannon fodder.
Without those hostages situation, right now Iran might have been on par with Dubai/Abu Dhabi or similar. They have the richness in oil & gas. Been there backpacking last year, people are amazingly, no AMAZINGLY friendly and nice. One of best trips of my life. They have their issues, some rather big ones, but so does other places.
The CIA went into foreign countries and purposely destabilized them and started civil wars. It continues to this day: see the Arab Spring. The Soviet Union's actions were quite tame by comparison.
For every Soviet or Russian invasion, there's a corresponding US one that is just as bad: Vietnam, Iraq, Afghanistan, and the US interferes with the internal politics of many more nations to boot. See Pinochet in Chile, the Shah in Iran (although the British had a big part in that too). Russia threatens its immediate neighbors, yes. But at least they oppose the US. Think they are all bad? They keep Snowden safe and sound. The US threatens any nation in the world that doesn't fall into line. When they thought Snowden was on board an official government aircraft, they had their cronies in Europe force it down in violation of international law. Think that the European nations make their own decisions? Think again.
This is the threat that the US poses to the world, and most of the world is already under their control. Iran isn't, so they are threatened with war. They've been threatened with war since Bush's idiotic "Axis of Evil" speech. Since before that. You think they don't have the right to try to defend themselves? To prevent that? Nuclear weapons, in this world, bring freedom. See how North Korea has never been invaded. See how the US knows better than to engage Russia in outright conflict. Nations that have nuclear weapons can have actual independence.
With the Trans-Pacific Partnership, they are trying to force their laws onto the entire world, and that is just one of many such agreements. Canada is already a puppet state of the US. The current state of the world is that no nation can try to free themselves of US influence without getting an internal revolution or even an outright invasion, and that is a much bigger threat than Russia is, or China, or Iran, or anyone.
not that I don't agree with all you say but... having lived under outright occupation by vast amounts of russian forces (former czechoslovakia), seeing how lack of freedom of speech, travel and... well just lack of freedom, centrally planned everything and the rest of it screws up entire generation of people, I would still opt for US.
But that's the thing, that goes thought topics here too - US stepped down, and is continuing downwards, from "that hunky good friend of yours that you don't piss off and do what he says, and all is more than OK, otherwise he'll steal your lunch and breaks your leg" to simply lesser of all evils... BRAVO :(
As far as superpowers in history go, the United States post WWII is downright benevolent
I'm not sure the citizens of Guatemala, El Salvador, Nicaragua, Uruguay, Paraguay, Brazil, Argentina, Chile, D.R., Honduras, Panama, the Philippines, Vietnam, or any of the other sovereign nations the US has invaded, would agree with this statement.
Sorry, please remind me of when the US invaded Paraguay, Brazil, Argentina, or Chile?
Our involvement in Vietnam was in fact, at the time, conducted with the full cooperation of a sovereign country, the Republic of South Vietnam. To be fair, US forces definitely did violate the sovereignty of Laos and Cambodia during that conflict.
I believe I understand your general point here, but can we at least get basic facts right when we have these discussions?
Just because the US doesn't invade by name, doesn't mean they aren't involved, often at a fundamental level. Look a Chile; Nixon gave the orders and supplied to weapons and CIA support behind the coup that brought Pinochet into power. 3,000 people were killed and 200,000 were exiled during his reign. The US has always tried to get its way by pulling strings behind the curtain, where public awareness is absent.
> The U.S. provided material support to the military regime after the coup, although criticizing it in public. A document released by the U.S. Central Intelligence Agency (CIA) in 2000, titled "CIA Activities in Chile", revealed that the CIA actively supported the military junta after the overthrow of Allende and that it made many of Pinochet's officers into paid contacts of the CIA or U.S. military, even though some were known to be involved in human rights abuses.
Nowadays invasions aren't explicit like in colonial times (where every superpower raced to colonize as much as possible), but there is definitely covert "warfare" going on.
Thanks for asking! Argentina: 1890. Chile: 1891, plus direct support for the 1973 coup. Sorry about Paraguay and Brazil, US merely engineered and directly advised murderous corrupt dictatorships. Invasions however also include Bolivia, Costa Rica, Cuba, Grenada, Haiti, Mexico, Uruguay, and Venezuela.
Regarding South Vietnam, does "full cooperation" include assassination of their president in 1963?
The examples you cited for Argentina and Chile were -- in both cases -- the US sending a landing party of Marines to defend the embassy grounds during political unrest. That's an "invasion"? OK....
Replace US with Russia and the comment still fits perfectly. I don't disagree with much of what you say, but there are others who are just as bad or worse, just on a much smaller scale
Not sure if you're just joking around, but nuclear weapons and material from Pakistan and Iran are likely to end up in the hands of terrorists sooner or later, either intentionally or unintentionally. The same is not the case for nuclear weapons controlled by France, US, UK, Germany, and Israel. So there is a huge difference.
Why would "nuclear weapons and material" from Pakistan and Iran "likely" end up in the hands of terrorists? What's so special about the other countries for which this is not the case?
That's a ridiculous argument. By that benchmark any country has a responsibility to stop any other country's nuclear program because it is a potential threat to the world.
I feel like you wanted to reductio ad absurdum with a conclusion I feel is not absurd... um. It is staggeringly dangerous for anyone to have the tools to end civilization, because sometimes we lose track of things, and unless you're a comic book villain, destroying all human life within a multi-mile radius is not a super useful tool in wartime or peacetime.
No, we helped the Pahlavi dynasty launch a nuclear program, whereas the Iranian Republic is now launching a nuclear program using what they've scavenged from that one.
You are conflating two different nations that happen to share a name and borders. The US trades technology with the Fourth Republic of Germany; The US did not with the Third Reich.
Wow, so naive. The Third Reich was established in 1933, WW2 started in 1939. It didn't have time to invent much or to build industry anew. 90% of the technology came from US - directly from US government or through companies like Standard Oil and Ford. Thousands of factories got sold on the cheap in the US after the Great Recession started and all the equipment moved to Germany. A process quite similar to the outsourcing of the last 25 years or so.
Yes IBM. But if you are considering reading this book I would suggest that it might be a waste of time, unless you are a true disbeliever or are doing research on the topic.
Mr Black is angry at IBM and does not try to hide it in his writing. He writes as if he is a prosecutor trying to convince a jury in court. Very frequently and repetitively, he describes the Holocaust and explains why what the reader just read proves that IBM or some of its executives are guilty of murder. I find it insulting to have these conclusions handed to me, even if I don't disagree with them. The repetition gets boring quickly.
You mean like how some in the U.S. said we shouldn't have to repay France for their help in the American Revolution because that was a gift from the French monarchy, but then the U.S. decided to enter WWI & WWII on their behalf after deciding it was a gift from the French people?
Part of the reason not to do that kind of stuff is that you don't know how long the regime you are helping will last. I think we are finally learning that lesson. These days it seems that the risk of arms falling into the wrong hands outweighs our desire to arm what we deem to be the "right" hands today. I am certain if the Syrian civil war happened in the 1980s, we would have been sending the "rebels" all sorts of missiles and gadgets that would have floated around the world for the next 30 years.
I agree; The US should not share any of it's technological innovations with other countries, and establish a strict isolationism policy. Since we didn't see the rise of Nazi Germany, we shouldn't have allowed the Weimar Republic to use our technology or traded with them.
/s
I'm not entirely certain how so few people here get that massive revolutions and changes in political power can change the playing field of what foreign aid and technological assistance we should give to other countries. Perhaps we should be like France, and sell tanks to the highest bidder regardless of international sanctions.
I think people are downvoting you because they're missing that by "technological innovations" you are referring to weapons. I don't care if we share MongoDB with Pakistan, but I'd prefer not to share the new railguns with anyone.
From an American perspective you might be right. But, as a Brazilian, I'd say this is the perfect reason why the rest of the world should stop buying technology from the U.S. You are not trustworthy.
Yes, I know that "everyone does it, get over" but it doesn't make you better or even acceptable.
As an American eho actually agrees with your comment wholeheartedly, I'd love to see a Brazilian Cisco, a German Microsoft, an Icelandic Bell Labs, and a Swiss Apple. Sadly it seems like the US does come up with a lot of tech that is worldwide dominant. Perhaps it has to do with the way the U.S. culture + government can, in some scenarios be conducive to startups, or perhaps it is luck over and over and over again. I highly doubt luck has anything whatsoever to do with it.
All of this being said, capitalism is a game played by multiple parties. If other countries were able to make things like mentioned above as good or preferably better and sell to. Global audience the whole world would be better off. I just wonder why so much tech used everywhere is made in America originally. DARPA has a huge part of what makes this happen I think and like it or not they are part of the security establishment who made things like the Internet.
Eh, take a look at the smartphone market outside the Anglosphere.
Most likely the OS will be developed by Google in America, the CPU by ARM in the UK, those chips will be customised and fabbed by Samsung in Korea, the screens created by LG/Sharp/Samsung again in Asia, the radio chips designed by Qualcomm (USA) but speaking GSM or an upgrade of it (European-developed) in factories using precision specialised devices created in Germany or Switzerland and then shipped around the world on ships owned by Maersk (in Denmark), piloted by seamen from India and the Phillipines.
The USA has done a great job of developing the world's dominant operating systems and cloud software stacks, which gets a lot of attention here at HN. But there's a heck of a lot more to tech than that.
If you hold that something like 9/11 should be prevented, and that (actual) WMD programs should be stalled
Except nothing like 9/11 was ever prevented by broad data collection.
And: There is no "terrorist threat" to begin with, unless you also believe in Santa Claus and the Easter Bunny.
You are still more likely to be killed by a lightning strike than by a terrorist. There's still plenty more and plenty more violent killing going on in Africa than in Middle East. But there's no oil and no convenient media narrative to be had from the former.
then it follows that this is a fine way to go about it
Essentially: "no more countries get nukes, those that have them should get rid of them at an unspecified point in the future but get to keep them for now". It is not an ideal solution, nor a particularly fair one, but much better for human survival than "everybody gets a nuke". Unfortunately, it would work better if powerful countries didn't threaten less powerful ones to the point that violating the NPT and getting nukes seems like the only rational response for preserving their own security. Which brings us to why the U.S. unilaterally launching attacks (cyber- or otherwise) against other countries runs counter to non-proliferation goals, whereas coordinated U.N. sanctions/incentives/inspections/interventions have at much better chance of working.
>The countries that have nuclear weapons, who do they ask to be allowed to keep them?
Well, the 5 official Nuclear Weapon States (with capital NWS) asked nicely with the Nuclear Non-Proliferation Treaty, which is signed by just about anyone. Not that there ever was a chance of them just giving up their nuclear weapons, but they did ask and the world said yes.
(1) This does not actually look particularly targeted to me, but more like a shotgun approach. While Russia and China are the primary targets, there are also plenty of allied nations on that map. Unless, of course, you're trying to say that all non-US targets are fair game.
(2) The NSA targeting medical institutions (presumably hospitals) makes me particularly queasy, because what they are doing is not exactly passive listening, and when they screw something up there (like the router in Syria that they crashed), that could endanger human lives.
If the U.S. can do it, other entities can do it too.
I'd rather that the NSA were disclosing the vulnerabilities they discover to vendors, so they can be fixed.
Failing that, we rely on white hat researchers like those here (not to mention Snowden). They're doing really important, socially valuable, work. I wonder where they get their funding, we need a lot more of them. It's our job as software/hardware engineers to create secure software.
I definitely agree with the second part. It's always going to be a back and forth. As for non-US, well, I don't think we can claim a monopoly on espionage.
I really appreciate it when someone presents and argument that is from a differing point of view than mine, but is well stated and very convincing. Thank you for that.
That said, I'm not certain I agree. The part where they're intercepting mail of citizens without warrants, without much oversight, that scares me. It's one thing to be talented hackers trying to fight the good fight digitally rather than violently, but when we allow the government organizations to violate privacy to further unstated goals, we set a precedent that can be used as a basis to go further next time.
The NSA can do incredible things like this, but they need better oversight, a publicly stated set of rules that they must follow when they do their work.
I'd have to look back at the article, but I believe the mail interception took place during the Bush-era warrant-less wiretapping. The FISA courts were created to remedy the warrant-less part of that, though they don't really seem to have done much for the oversight concern that you mention.
By this I mean to suggest that such interdiction may not necessarily be truly warrant-less if performed today, even if it is still shady and lacking in accountability.
22% of world GDP, the world's largest & most effective military, the permanent seat on the UN security council, & the Treaty on the Non-Proliferation of Nuclear Weapons.
I agree we shouldn't go barging into other countries unilaterally, but are there really people that want to argue it's wrong for the US to use its power to stop other countries from obtaining nuclear weapons?
> but are there really people that want to argue it's wrong for the US to use its power to stop other countries from obtaining nuclear weapons?
Yes, when the USA shows favoritism.
A nation at the eastern end of the Mediterranean Sea has never signed the NPT, has nearly 300 warheads and in 1973 had some of those loaded on US-supplied F-4s about to launch the third-ever nuclear strike in history.
Am not sure the only country in the world to use nuclear weapons in aggression and / or for political reasons has much clout in this area.
"we'll do what we want, you'll do as your told".
In some respects you're right, the leading war lords of the day do get to dictate to the lower players. Has always been the way, and probably always will. Doesn't make it right (or righteous) however those in power deem to "word" it.
As a former US Army soldier / veteran I would hesitate on calling us the largest military in the world. China's military positively dwarfs ours and believe it or not, North Korea has the most special forces of any military last I checked. That being said because we spend more yearly on defense than most countries have as gdp, we undoubtedly have one of the most effective militaries. I'd lump the NSA under the military term since they fall under the DoD and ultimately the Pentagon here.
1. The NSA uses all of these offensive information security technologies in mass surveillance as well as targeted attacks. See Belgacom.
2. The more concerning thing is their appropriation of civilian infrastructure and targeting of civilians using offensive attacks.
3. The vast offensive capabilities of the US government undermine their ability to be trusted in the development of improved defensive capabilities. Defensive research and product development funded by the US govt will produce systems that undermine offensive capabilities that are a key form of US hegemony.
this is horrible and devastates the American information technology industry because there is no chance that any foreign government is going to buy anything from the US that could be infiltrated by the NSA.
It's not though. Everyone hates the USA by now, and that's because they're spying on everyone (even allies), they think they can tell everyone what to do, else they use their military to intervene.
The USA is currently the world bully. For the military aggression, hopefully Americans will at some point realize that fighting the world can only end in tears - the USA is drained financially and simultaneously breeding new terrorists through the drone war which should be classified a war crime as there is no telling how many innocents have been killed.
Karma's a bitch, friends. This is how empires fall.
Really, the USA needs to re-evaluate its foreign policy. Spend half the military budget for 2015, that's $300Bn, on education and hospitals and bingo, you're once again the #1 nation in the world.
Then, instead of making war everywhere, make friends and trade partners and watch the money pour in, the soldiers stay home and stay alive. Fight terrorists with gestures of goodwill and they will go away all on their own - as opposed to killing random children in Pakistan, so their fathers, uncles, and other relatives may justifiably become new terrorists with a life-long grudge against the USA.
And tell the NSA to focus on defense - keep out the baddies, keep out the Chinese and Russian hackers, keep American businesses and business interests safe, stop others from hacking in the USA. But don't go out and listen to everyone's phone calls and hack allies, and enemies alike, and have secret laws like the Nazis did - because honestly, all that shit will get back to you eventually. Do something bad - somebody will find out. That's the new reality we live in, all facts will be discovered.
That Kaspersky was able to uncover the most sophisticated hacker group in the world is a case in point. The internet is the perfect paper trail, no matter how good you are.
The ostensibly noble, good goals that secret laws and secret operations supposedly lead up to never materialize. The ends that the means supposedly justify never arrive. So keep the means good, keep it clean. This whole idea that you must deceive, cheat, and betray in order to survive is a wrong idea, and it's proven again and again until the lesson is learned. Your choice when to learn it.
"... indicate that the NSA used Regin to infect the partly state-owned Belgian firm Belgacom." Do you like their targets? The FBI and CIA frequently target dissent as terrorism while the NSA frequently targets economic forums and large companies. And do you not care about the effects of hoarding (and purchasing) 0-days?
This comment reads very much like astroturfing. I hope the admins of HN take a look at who registered this account and who up-voted this comment to make it the current top comment in this thread. As mentioned by others, this account is nearly a year old with one silly comment before that.
Imagine Superman actually fighting criminals and keeping America safe.
Now imagine Superman sneaking laxative into criminals' sandwiches so they are slightly inconvenienced, but allowing them to continue to kill people in the long run.
The US government is Superman. But it is the second version, while it can and should be the first version.
---
We know who the enemies are. We know who funds and harbors terrorism. We need to take them out, not spy on them.
---
And no, I am not advocating Vietnam III (note: Iraq/Afghanistan was Vietnam II). That was a purely self-sacrificial program to bring "democracy" to people who didn't want it. I am advocating warfare in the classic sense: Destroy the enemy. I am advocating what we did to the Nazis and Japanese.
> I am advocating what we did to the Nazis and Japanese.
That was a world war if I recall, and the US didn't even care about the Nazis, or Japan until they were forced to. "we" didn't stop the Nazis, the world stopped the Nazis, with our help.
Don't be so quick to call for World War III, because i'm not at all certain we would have more allies than enemies if we unilaterally decided to declare open war against the rest of the world, which is what it would amount to. Because the truth is, most of the world 'harbors' and 'funds' terrorism to some degree, including the US. And we've already proven to the rest of the world that we're willing to drag it into a war on false pretenses, so I doubt they would be eager to throw themselves into another one on our behalf. That political capital has already been spent.
Which is, of course, why we don't do what you suggest.
The US's unilateral declarations of war have caused a huge amount of tension, globally. To do what you propose would be a log breaking the back of many a diplomatic camel.
Contrary to your opinion, the US is not superman, it's just another country that is currently on top of things. Take a look at what has happened to empires who over-stretched historically. Hint, it's not pretty and they're not around anymore.
> I am advocating what we did to the Nazis and Japanese.
How is this not an equivocation with WW2? I apologize if I misinterpreted what you wrote, but it seems pretty obvious.
By "political capital" I was referring to a quote by George Bush, and the Bush doctrine in general. Mainly, that any goodwill we might have had to build a robust global coalition for anything has more or less been squandered by the debacle that was the adventure in Iraq, and the premise of the "axis of evil", and "you're either with us, or you're with the terrorists."
Because the states that harbor terrorism are not the civilizational or military equivalents of Nazi Germany or Japan. They are much closer to fruit flies.
A country that acts morally, in its own self-defense, does not need political capital. If nobody at all sides with the US, fine. But nobody is going to side against the US that matters in a just, morally correct war to stop state sponsors of terrorism.
Well, from the IRA to the Mujahadeen, it's largely been the folk with the most money to spend.
However most of them live in the USA, so perhaps a local criminal investigation would do to start with before breaking out the tanks on a jolly abroad.
I only make political comments on threads of conversation that are inherently political. In technical discussions, I make technical comments only. I take this commitment very seriously.
That doesn't even deserve a response, but against my better judgement...
I have 3448 karma and have been here for 2472 days, you have 20 karma and have been here for 64 days. You have no right to say something like that to me.
Also, since I mainly lose karma on any comment I make talking about politics, yet have a large net positive amount of karma, I am obviously not a troll.
Sorry, I was not attempting to intimidate. Anybody has the right to say they think you are trolling them and you have a right to refute them and try and show good intention.
Besides, someone who only trolls when it comes to politics would have the same points pattern and there is a very common sense of humour that is someone adopting a far more extreme version of whatever political persuasion they may chose to hold when thinking that they are mostly in the company of overly sensitive folk of an opposing political philosophy.
Personally I think that you are being sincere, but I can also see why people might think you are acting a part.
And to be honest, I think what they call "about impossible" is just a question of investing enough time and having a somewhat decent understanding of microprocessors and reverse-engineering. I'm not trying to downplay Equation Group's achievement, but it feels like arstechnica is starting to exaggerate here.
The whole "embedded programming is scary and impossible" sentiment seems to be pretty common these days. I mean, it's impressive, but well within the reach of an interested nation-state or even a skilled hobbyist like Sprite_tm.
It seems like the prevalence of modified router firmwares (and botnets based on them) should make it clear that firmware modification is A Thing That Happens(TM).
Anyone who thinks this kind of work requires nation-state backing should look at the (hobbyist!) projects to jailbreak the Xbox, X360 and PS3. Low-level kernel- and hypervisor- programming in which obstacles are casually overcome by dropping zero-day memory corruption bugs in core libraries that would be worth tens of thousands of dollars today just from bounty programs, deploying crypto bugs that make "custom RC5" and "thousands of iterations of SHA1" look like the shoplifted- from- Schneier technique that it appears to actually be (TEA hash collision, ECDSA nonce repeats, &c).
And these were, more or less, student side projects.
That doesn't mean that it's easy, it just means that hacking a PS3 is highly motivating. Making some lame centerfuge explode half-way around the world is high on patriotism (I guess) but short on lols.
It's not easy (the sophistication of some of the console jailbreaking work is extremely frustrating to some of us in the pro vuln research community, in that they treat as footnotes things that would score a whole Black Hat talk).
He didn't say that it's easy, just that it isn't so hard that you need nation-state backing to do it. Judging purely from their capabilities, Equation Group could be a small group of college graduates who make a living with hacking and don't settle for the low-hanging fruit.
Of course the other evidence strongly suggests that this group is NSA-employed, but the real reason why their malware is so much more sophisticated than anything else out there isn't that nation states have staggering amounts of resources, it's simply that normal malware doesn't need to be sophisticated.
You are saying that you think it is reasonable that a small group of "college graduates" have created and executed a global espionage campaign against airgapped military targets using software that makes previous nec plus ultra NSA cyberweapons look obsolete.
There's still a difference between finding the weakest link in a big chain and then attacking into it, and creating large amounts of features out of thin air. The latter is not any more difficult, but it requires one or two magnitudes more effort, which is almost impossible without a larger team. I'm thinking 2 people in a garage vs 30-60 people in an office building.
"Piracy and cheating" isn't always a gateway to serious programming.
Exploring the software on your purchased devices can be a gateway to serious programming. What you call that process is subjective, but arguably not piracy and cheating.
It's idiocy to think "outsiders" are needed in the first place. The CIA ACD FBI had multi decade breaches that cost the Soviets/Russia less than a couple million dollars.
If FBI agents can be flipped for so little, it's silly to think the NSA cannot get detailed engineering plans and source code for every electronics product they desire.
Not to mention they can always recruit people to work totally undercover in industry. Hire top performers, give them coaching or even sabotage rival colleagues. It certainly cannot cost more than a few million per agent to deeply infiltrate target companies. Hell, in their place, I'd be trying to get multiple people into MS, Intel, etc. to be in position to use root keys if needed.
That statement isn't from ars, it's from experts, and it's correct.
Reverse engineer 12+ firmwares, make extensive modifications to their functionality, recompile them, properly QA them, and use them as just one element of a complex malware chain is not a student project.
The link you provided shows how much investment it takes to identify a small bit of firmware functionality and not even do anything useful with it.
I remember reading this on HN a while back and came here to post it as well. Techniques like this show funding and/or determination but not really brilliance.
If someone asked you to permanently infect hardware, the hard drive controller might be the first place you look, and certainly not the last. The interdiction seems to be the strongest indicator of funding level.
The so-called Equation Group doesn't sound like much more than a group of average engineers doing their job. Breaking into systems is mostly childs play. Securing them is the more interesting challenge.
It is incredible, even the most generous estimation of the NSA's capabilities before the Snowden disclosures now look conservative. This is the stuff conspiracy theories are made of.
UR = UNITEDRAKE ("Regin", basically?). And that'd probably be rmgree5@nsa.gov: that's the format their addresses are in.
This does seem to be, broadly-speaking, NSA's top-dollar brand-new 0-day-laden (at the time) malware, that they use to launch their less shiny stuff, which is more awkward and a massive overfunded modular boondoggle. This does not seem to be as freely shared around with the "Five Eyes".
By the way, there are innocent machines in the US infected with this thing, at this very moment. Anyone care to explain that?
The hard-drive component should be completely detectable, if you don't boot from it, based on the (small, sadly incomplete) fragment of (Cortex-M0?) stuff I've seen. Power-cycle it, send an ATA reset, read the MBR and following sectors. Look out for the NIC "option rom" persistence module, too - you may be well-advised to do it from something really exotic that doesn't run x86, just in case! (Independent hackers are running (µ)Linux on hard disks now, so it's not surprising a huge agency able to spend billions of dollars of tax money funding contractors on tiny pieces of this project got something of a head start!) Not sure of a good way to detect it in software, but it's not perfect, so it probably can be redpilled somehow.
Watch for "CD-ROM"s that unexpectedly have ATIPs, I guess?
Detecting an infected hard drive in software would be the usual malware arms race: you find some characteristic of it, they improve the firmware.
But if we start to systematically check for it, it should be easy to discover via hardware debugging. Find the JTAG interface on the hard disk controller (or whatever debugging interface the specific processor uses), dump the firmware and compare it to firmware dumps from other hard drives of the same model. I don't see how they could fool that process (given that you have a clean machine to read out the firmware).
Of course to be thorough you would have to check pretty much the firmware of every component of the computer.
> dump the firmware and compare it to firmware dumps from other hard drives of the same model
And then ponder the unstated assumption that said other hard drives may or may not have been exploited already. Dealing with a state level actor is hard, in the "trusting trust" sense.
Well update your threat model appropriately. What are the realities if they've somehow hit every single hard disk in the US? What is the likelihood this level of subterfuge can be maintained? How many people are involved?
Just because you can imagine it doesn't suddenly make it practical, and it certainly doesn't mean they're going to burn that capability outing some guys porn habits either.
> What are the realities if they've somehow hit every single hard disk in the US?
Who knows. The problem is you're not so concerned with "every single" hard drive in the US, but you may well be concerned with the other one you wish to use as a benchmark.
When you're dealing with things like hardware being compromised on the way from the plant to the store, or (as mentioned) a burned CD being compromised in the mail, and other things that really only governments can do, it changes the whole nature of the threat model.
The malware might remain quiescent unless the examination techniques mimic a computer that is booting.
I might prefer to use an analyzer to monitor the disk channel of a machine that is booting and running.
Building an SATA probe/analyzer is within hobbyist knowledge and skill levels now. If you have money you can simply buy it from LeCroy and many others, or rent it by the month/week.
There's a specific reason I said to send an ATA reset first! IRATEMONK (for it is that) isn't that smart. Doesn't need to be.
If you want to test more thoroughly, or actually dump the object for analysis, as wongarsu says below, the JTAG port or the serial port is the way to go. That's how they get it in there.
Usually a booting PC will issue several identify commands and try a SMART health check, and if there is a RAID option ROM then specific series of READ will be issued. If it would really disclose itself with simple RESET, READ interrogation then I must be a better malware author than those players. I don't think I am, and I feel that if it would give itself away without ensuring that the OS is really booting, this is a big flaw. If it were my project, it would be a showstopper. I'm a noob in the sense that I have never considered malware before, so probably the developers (who are smarter than me) thought about it long before I did.
This flaw would also make it much simpler to write a script for MHDD that would reveal the infection on the infected target itself after booting from a floppy.
I think a JTAG probe is not especially useful to analyze a hard disk. The flash on the board is usually only a bootstrap and "physical driver" of sorts. The rest of the firmware is stored on the media - you can see that many disks do not even know what they are if you disconnect the heads and try to identify.
I think JTAG is not commonly in the toolbox of the data recovery guys who dump firmware modules and trade them. DR sometimes involves replacing corrupted firmware that is on the disk, or reprogramming a controller board to match one that's failed. They have bought software and serial port cables, and this seems to handle it for them, so I concluded that there must be a way to dump all of the firmware - on chips and disks - with ATA commands or the serial port, and we know from field-service tools that there is usually a way to update it all with only ATA commands.
Had a family member that worked for SPEA (test equipment manufacture). Said different government organizations would bring in boards with massively parallel sets of chips and input/output on them, like nothing they ever saw in any other field. They were expressly forbidden to take pictures of them.
Between that and the massive data centers they are building I'm guessing they have rather impressive capabilities.
This particular set of exploits has little to do with collecting information. This seems to be directly related to command and control operations, including over systems that aren't connected to the internet.
There are a pretty scary set of discovered exploits.
I believe this is not the correct thread, but how can anyone sift through so much data, in general? Private companies need simpler things, like people you are likely to know in the real world, from the data they acquire. But intelligence agencies need actionable intelligence. That would require something way more intelligent than a simple spam filter.
That depends on the data you are talking about. The operations described here don't seems to collect huge amounts of data. If you're talking about the usual dragnet surveillance: a lot of it seems to be relatively simple filters and simple data correlation.
For example, you can build huge social graphs with simple metadata. Then you can search for all people who communicate a lot with people who communicate a lot with some known terrorist leader. Of those people, you take just those using tor. If any of them plans to enter the US, you flag them to be detained and searched at the airport. If any of them is already in the US, you can tell FBI to check them out.
Or you can look for sudden changes in message volumes. If terrorist leader A suddenly starts to communicate a lot more with random person B and random person C, who in term start communicating with other people, you suddenly have a whole list of people who might be planning a terrorist operation.
Of course you still need huge computing capacity even for these relatively simple operations, but they certainly have the funds for a few datacenters.
> intelligence agencies need actionable intelligence
For the most part that hasn't really been how it's worked so far. Generally intelligence agencies have used the information they've gathered so far to try to manipulate people.
'were', I think, may be more operative. I first heard that statistic about a long time ago, more like the '70s. Mathematicians don't seem to be very useful to the NSA's current hacker paradigm. (Note what we haven't gotten from the Snowden leaks so far: any sort of major mathematical or theoretical advance. Amazing hacking infrastructure, though.)
NLP's foundation is in statistics, so calling it "not maths" seems rather short-sighted. Mathematics, especially statistics, play a crucial role in all data interpretation when you get to any kind of scale and they seem to be the biggest of them all.....
Its only really useful against non-terrorists, but that doesn't mean its a waste of money: if it is used to make money.
So maybe its being used to make money - i.e. targetting non-terrorists (i.e. industrial espionage) - precisely because it is a huge waste of money. Wow, its almost like the whole thing was just a bad idea in the first place - its become self-serving.
I think the lesson here is not so much that governments can do this, but that entities with extremely large budgets are implementing broad, interconnected initiatives like this.
I think realistically any entity with over $20M could participate meaningfully in these kinds of exploits. The key is that in order to be useful many overlapping initiatives need to exist.
It seems like exploiting things like firmware would be pretty easy: You just get a member of your team who is a bit overqualified to apply for a job at the target company. A relatively small team could accomplish this in a few years, aided by the scarcity of top tier engineering talent.
The hard part is the social aspect of the attacks, but a single clever individual can come up with many.
well, in TFA it's a little easier for the NSA than embedding a mole, NSA just tells WD they want to buy drives, but need to audit all the source code including firmware for security issues, then modifies firmware, then intercepts hardware orders from targets and replaces them with ones with compromised firmware.
True, but I think it makes more sense to look at these tactics in the most general way possible. Firms could be doing them, as could much smaller governments.
Most press about itesec is focused on individual vulnerabilities and the tactics used in specific exploits. What we're seeing is tremendous "long game" strategic sophistication. Stuxnet was one example of using many attack vectors to eventually achieve a goal and these revelations suggest that was just the beginning.
Sure, intercepting the mail could be difficult, but all it takes is a few compromised UPS drivers and warrants are no longer needed.
We should all be aware of the fact that these people are the enemy. They don't do these things to "protect freedom", they do them to destroy freedom.
Most of the people on Hackernews are uniquely placed to resist. Secure your software. Refuse to cooperate unless legally compelled. Analyze and publish any evidence of government attacks.
If you work for the NSA, understand this: you aren't American. You are the Internet Daesh. You will lose.
In what way are people who work for the NSA not American? They are literally working to protect American citizens from violence. While you may not agree with their methods, saying you are somehow "more" American than they are, let alone that they aren't American at all is a huge stretch.
I think I'm too young and naive to really form a good opinion on what they are doing, but I do know that I definitely haven't done anything I can remember for the sake of this country. Maybe they're being harmful, maybe not, I don't know, but at the very least I like to think they are trying to be helpful.
Anyone whose work actively undermines the principles of the US Declaration of Independence and the US Constitution has no moral right to the title "American," though they may be Americans in a legal sense.
Ignorance is no excuse, but it is an explanation. I have no doubt that most people at the NSA can accurately claim ignorance.
As they say, "The road to Hell is paved with good intentions."
Outside of the rhetorical zone, outside of the we-can-believe-any-feel-good-idealistic-high-minded-righteous-principles-we-want-as-long-as-we're-just-talking-comfortably zone, this is not true.
You know how politicians have a certain style of rhetoric they use when addressing the public? How when they go on talk shows or try to speak about some platform/policy they are tendering to the public, there's this whole pretense of them actually believing in not only that the policy being tendered could work after you elect them and people like them, but also they have these "American" ethics/values, or even sometimes universal ethics, which form their motivation for wanting to be in politics, and wanting to enact policy?
I'm asking if you notice the gulf between how politicians speak, and what motives they give you the impression they have, versus how they really feel on the inside. One can say I don't knows how they feel on the inside, yet we've been lied to so many times, and we have seen contradictions between their public rhetoric and their private motivations in the past, that we should actually be considered gullible / abused-victim battered-wives if we take the rhetoric and policy prescriptions for, say, the 2016 elections at face value. I can safely predict that these candidates are pushing policies with a pretense of justice and ethics, yet they are for all literal definitions lying about what they say they believe.
I used the sort of politicians you vote for as an example that you should already understand. It shouldn't be controversial that Hillary Clinton and Jeb Bush are actually speaking words from behind a more-electable "persona" that is actually a lie. They effectively "pander" to us by talking about doing things "for America" and "for Americans". We've seen their lies in the past contradicted by their actual actions.
Anyway, military and civilian contractors in positions of power in the government need to be understood in this light.
"In what way are people who work for the NSA not American?"
Simple. No one who is not self-deceived, or deceived by others, works in that way. They are self-interested for the most part. They don't want to help everyone in America; there are millions of people in America they despise. The higher the stakes, the less altruistic they are. Give up your "hard-earned" money in taxes? In private charity? Too high of stakes. They be more likely to help other Americans if the others were "the sort of Americans" they prefer, and they prefer to leave the sort of individuals they don't like, or don't know and don't trust, to fend for themselves.
That applies to low-level workers, and it applies also applies to individuals at high levels of power. The fact that individuals at high levels have to use political-style fake rhetoric and personas to be appointed to their contracts and their stations does not mean they actually believe it. What truly motivates them is usually selfish things: attaining more wealth, ownership, control, more agency to mold their personal worlds to their will (cars, country clubs, whatever), and more agency to mold their greater civilization to their will (forcing other people to exist in ways that are more pleasing, or convenient to the powerful).
You see, there is no America, in reality. The reality that people fundamentally care about, will care about over the deceptive rhetoric when the chips are down, and that the military serves to exist, is wealth, power, and control.
We exist in a planetary civilizaion, but we presently pretend that old national civilizations are what motivate us, even as we take action year-in-and-year-out to further along the globalness of our order: we try to globalize/standardize our finance and governance system over every single individual person in every old nation.
So it's global power that motivates the ones in power, and building and preserving their own individual status in the global order that is what they are really beholden to.
That is why things like "Homeland Security" and NSA domestic information gathering exist: though the people with their hands on the levers of power here say it's to "protect America," they actually don't love all of America. "When the chips are down, these civilized people will eat each other, you'll see." They can't possibly save all of Americans, and they're building a lockdown-safe domestic order that will treat non-conforming Americans just as poorly as they treat non-conforming non-nationals.
They are working to protect themselves from violence, not the "Americans" they pander to. You will be protected precisely to the degree that you endorse and support the global regime, and you will be oppressed precisely to the degree that you resist and combat it.
Their professed "to protect America" motive is just a fork-tongued, or sugar-coated, rhetorical device that does not comport to the reality in their own heads when they put their heads down on their silk pillows at night. They are protecting their global economic and political order: corporate power, corporate governance, financialization, ueber alles.
> I'm asking if you notice the gulf between how politicians speak, and what motives they give you the impression they have
okay.
> No one who is not self-deceived, or deceived by others, works in that way. They are self-interested for the most part. They don't want to help everyone in America
wat. maybe you're the one who is self-deceived. how could you even know?
> You see, there is no America, in reality.
wat
> Their professed "to protect America" motive is just a fork-tongued, or sugar-coated, rhetorical device that does not comport to the reality in their own heads
wat
None of your rambling and incredibly cynical post precludes the idea that a person who works for the NSA can have strong beliefs that are sympathetic with (some portion) of the USA. Or maybe they intend to help out other parts of the world. If you are not too dulled by your own view of things, you should be aware of various crises that have occurred and are occurring around the globe. Accurate and timely information in these events can and will save lives.
Why join the NSA? It can be hard to help people when you lack the wealth or resources to support your endeavor and when you lack the power and control to execute. The NSA has all of these.
Or maybe they're all terrible people. Maybe they're in it for the thrill. Maybe they have no choice. I don't know. But there's just no way you can be so certain about any of this.
> We should all be aware of the fact that these people are the enemy.
By "these people" do you mean the NSA or the other countries? Because your ending making it sound like you might be talking about NSA, but your content makes very little sense if that's what you mean.
> They don't do these things to "protect freedom", they do them to destroy freedom.
The hell are you talking about?
> Analyze and publish any evidence of government attacks.
A government attack on another government? What's the problem? That's what the NSA is supposed to do.
> If you work for the NSA, understand this: you aren't American. You are the Internet Daesh. You will lose.
I think we might need an amendment to Goodwins law. Seriously? You think spying on another country is the same as enslaving and raping children?
You need to sit down about think about your mental status that allows you to say (and think) things like this. There is something really twisted in your thinking, and you should try to find out what.
This is what the NSA should be doing. It's what I expect them to do.
Spy on your own country? Not cool. Spy on another country? Yes - keep it up and do more.
I would like to ask anyone reading this to hypothesize with me. What if the US government was broadly and knowingly corrupt? How comfortable would you feel knowing that they had such broad and powerful technical capabilities? How would you fight against such a machine, to uproot the corruption?
I'm in awe of these technical feats, but also cautious about the implications of an all-knowing, all-powerful government presence who can infringe on your basic rights at-will.
It's not a what-if actually, the US government - or at least the higher-ups, like the senate - are bought by those with money. And buying votes / power / votes is the core principle of corruption.
What is the NSA is doing here is more subtle and I do not think they fully realize it. They are heavily financing and accelerating the speed of damages that people on the dark side can do.
They are "inspiring" a bunch of curious teenagers (in the best case) or a bunch of cyber criminals (in the worst case) to create another malware like that. They are putting out there first of all the ideas, second the conviction that it is possible to do so, and third sample code to study, improve and deploy. This race to being the "smarter" spy is unfortunately leading us in a very risky world to live in. A lose-lose preposition.
The press and the antivirus researchers are also not being too smart here to make this public available.
By the way, would you put a bunch of secret technology (maybe a new bomb) partially hidden in a manhole in the middle of the street, just in case a spy passing by needs to use it?
That is pretty much what they are doing here... code is easy to move around and to copy. Today (or in relatively short amount of time) who wants that code bad enough will be able to find it. That technology that took yeas and million of dollars to develop is now available to the bad guys. Face palm!
Based on the article, are we to presume that this only affects tech in hostile countries? Or are they doing this to US-based equipment as well?
Seems like this will backfire spectacularly when foreign countries and companies stop buying American made tech for fear of these hardware backdoors. Spectacularly irresponsible.
According to the report, the malware was delivered to researchers in dozens of countries, including the UK, India, Mexico, Switzerland, France, and the US itself.
This is pretty intense malware, but at some level it's reassuring how narrowly-targeted these attacks seem to be. Arguably, this is what the NSA is supposed to be doing: targeted attacks against key systems in hostile nations, not mass dragnet-surveillance of everyone on the Internet.
I don't know what's more disturbing: the fact that US government does this with impunity or the fact that a sizable group of technically competent citizens defends it.
I think the "sizable group of technically competent citizens" realizes that espionage between nation-states is as old as nation-states themselves, and that because of the nature of humanity, it's not going away anytime soon.
I'm for it when it doesn't target only US tech like we see here... that harms trade. I'm an American and thus I benefit... plus I think the skills are awesome (to me the tapping optical fiber without cutting it off is more impressive, however).
The attack is just like any other malware attack at that point, which everyone will always need to defend better against. If anything this creates a better challenge for SV & tech in general to react to. Apple already has responded and is making it harder to intercept which is good for everyone in the long-run.
The US might just be the first ones discovered with it, but to think that no one else will also figure it out (nation-state or not) is very unlikely. Internet + digitized everything makes our current paradigm vulnerable unless everything starts getting more secure.
do we really need to encourage people to go into this line of work with language like this:
>A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources.
with the effort these people spend contributing next to zero value in the world (strongly negative value if you add up all the energy wasted on all sides including their 'enemies'; if all these sides spent the same resources on positive constructive research instead, we would be ahead). This genius could be applied to making a compiler/interpreter that just does what you're trying to do, regardless of whether you're a programmer.
it's a binary choice: have these people perform 'superhuman' feats of self-destruction and obfuscated encryption and finding zero-days....
... or give humanity the tools that every one of the seven billion people on it can instantiate any idea in seconds and have it actually be correctly interpreted and done.
Resources are spent tricking people so they don't notice something. Where are the resources being spent helping people do what they're trying to?
The example I always go to is: since the creation of the United States, how much inter-state (Iowa and Massachusetts) spying, warmaking, border control, etc, is wasted?
Could this have something to do with its performance over the last couple of centuries?
I think of these types of programs as 'welfare for geniuses'. give them an office and something to do.
but for God's sake, spit them out again. The optimal amount of state spying is, let's face it, much closer to zero than its current levels.
Spend on enough universal education that everyone shares values and nobody is destructive; put the rest into fundamental research and development.
I don't mind that the government exists to do research, employ people, and keep the world safe. But put some limits on it, and please don't encourage this with language like I quoted at the top.
humanity has better things to do with its time. nobody wants to live in a prison.
Might as well tattoo a UUID on our foreheads and be done with it at this rate. God I hate hearing the apologists for the NSA in these threads. Are you so devoid of empathy?
Downvote all you like. I'm over this, and I'm getting out of the IT game. If everything I do can be taken at will by a far more powerful, and greedy, team than I can do anything about, what is the point. Time for a change of career. I've always wanted to protect our dying forests and species in any case.
Renouncing my US citizenship too. This is all too disgusting.
Statements like this make it hard to take your comment seriously, but I'm going to try.
> Time for a change of career. I've always wanted to protect our dying forests and species in any case.
What makes you think you can do anything about this? If you're in tech, it's likely that's where your training, experience, and interests lie and so that's where you're likely to be most effective for now. Why not spread awareness of issues that concern you and work with like-minded people to do what you can. Do you think your fancy new career protecting the environment won't involve working against powerful and greedy opponents?
Empathy for whom? I know pacifists want to believe we live in a post-war world, and if only we would not make guns or do the kind of things the NSA is doing here we'll suddenly live in a perfect world—but by what fantastical mechanism do you actually think that will happen?
The old pacifist keyword, its a bit like the communist keyword.
The only war we have at the moment is the one you (assuming you're a shill) created and want to sustain. Because if you don't, it all falls down. Its about the US dollar, and oil.
Assigning people unchangeable and public UUIDs is worth doing regardless and has nothing to do with espionage. Please don't damage such proposals by associating them with controversial topics like this one.
I'm picturing the NSA engineers laughing at the "advanced hacking" Kaspersky just unearthed, meanwhile working on stuff that would blow our mind and that we'll only discover 20 years from now.
I'm pretty sure intercepting and screwing with mail is a felony... isn't that a felony? How exactly can the US Government have it's employees committing felonies with no warrants or oversight?
I used that line to explain to the police officer why I had been sticking raw fish in my neighbors mail. Luckily, he did not have the necessary security clearance to dispute my claim.
Not exactly - and that's why FISA is so controversial.
The FISA Amendment Act permits the court to issue a warrant if either the sender or recipient is a non-US citizen abroad (since the "target" can be either party involved in the communication). Foreign nationals who are acquired abroad as FISA targets can later enter the US and remain subject to the warrant. And if there is uncertainty about the location or nationality of the target, the dispute is frequently resolved in favor of the surveillance agency.
The ACLU has fought FISA since it was enacted, as they believe it creates a way to unconstitutionally surveil people in the United States.
They can do that without a warrant, or at least they've been acting like it. The FISA court issues warrants to spy on US individuals if the NSA shows "probable cause" that they are "agents of a foreign power".
No, it only applies on US soil. It's aimed at the communications of foreign powers that involve a person on US soil or somehow else take place on US soil.
It is, in general, but for everything there's an exception if you're some kind of law enforcement. Killing people is a felony too , unless you're a police officer acting in self-defense, or if you're a judge that passed the death sentence.
#1 using Jtag, nothing else will matter, and even then it will only work until your drive is reflashed again in another attack. Best way to secure HDD would be modifying firmware to DISABLE firmware upgrades and external access to service area permanently. Afaik HDDs keep some executable modules stored on HDD platters, that means 'simply' cutting WR leg on eprom chip is not enough. We are talking quite significant firmware rewrite here.
One of the images [0] in the article identifies a C&C server used by the attackers, technology-revealed.com. The script appears to embed an invisible iframe pointing to a page on that domain, which probably infects the machine using some zero-day exploit on the browser or one of its plugins. The domain is still registered, but appears not to be running an HTTP server anymore. Might be interesting to investigate if someone wants to look into that.
The article also mentions fanny.bmp as an NSA exploit. Here a post from 2010 [1] from someone who encountered this virus on an USB stick and saved the virus:
https://forum.lowyat.net/topic/1488855/all
Interesting to compare the sophistication of this malware and physical weapon systems such as the Tomahawk cruise missile. One video of cluster munitions shows how the munitions try to attack armor, then vehicles, then groups of people, and then land to become pop up landmines. [1]
One has to assume that the capabilities of the other actors is similar. Makes for a pretty scary picture when you think about it.
Admittedly I've had a few beers, but what was going on there? It looked like a chaff device or something. I didn't see the massive destruction I was hoping for.
I feel bad for the people that work for groups like this. Sure, you get to hack every developed nation in the world and are privy to the most sensitive information in the world. You're also therefore the world's largest liability, and your life is probably very expendable compared to the data you're retrieving. They might have a unique identity just for picking up milk.
Has there ever been a non-theoretical use of microcode in malware? I would expect it to be difficult for a lot of reasons (the maximum microcode size is probably quite limited; the format is extremely proprietary; and there's only so much overhead you can add at the instruction level before you start causing a noticeable slowdown).
Also, microcode updates aren't retained when the system is powered, so you still need to have a persistent backdoor installed at the OS level. Given that, it's not clear what additional benefit a microcode backdoor would provide.
> Has there ever been a non-theoretical use of microcode in malware?
Not to my knowledge. Indeed, the difficulty involved as well as proprietary nature of the format seems to indicate such an attack vector would be restricted to only the most sophisticated actors. So, it's no wonder that there are no real-world examples, assuming that they even exist in the first place.
> Also, microcode updates aren't retained when the system is powered, ...
While true, I don't necessarily see this as a fatal blow to the attack vector's utility. Without delving into raw speculation, I'm sure there's plenty of clever ways to craft attacks unique to what microcode affords.
That said, it seems likely that microcode attacks would be treated more as a specialized capability augmenting something like what the article outlines, rather than a method of attack unto itself.
Looking at the timeline Im guessing they were recruited under cover of Darpa from regular Defcon attendees. L0pht is a good example, Mudge probably was involved at one point, he lured a lot of geeks and hackers to the dark side.
So there is this new shodan-like database that takes data from massive scans of the Internet (I think?) etc... Might be worth running all C&Cs through it to discover more domains , for example https://rateip.com/ipv4/190.60.202.4
The point isn't whether we should be surprised this is the NSA, the interesting thing is that this layered strategy is what you do if you have access to lots of money and talent.
While this is undoubtedly scary, it looks very Windows-specific and would seem unlikely to affect a somewhat security-conscious Linux user.
Java and IE exploits, autorun files, NTFS...
> The malicious firmware created a secret storage vault that survive
> military-grade disk wiping and reformatting, making sensitive data
> stolen from victims available even after reformatting the drive and
> reinstalling the operating system.
And that's why it's possibly not the greatest idea to replace simple firmware and drivers with small operating systems (Intel AMT, microcode, SSDs, Smart TVs etc.).
> unlikely to affect a somewhat security-conscious Linux user
Obviously the reported malware is Windows specific, but there's no fundamental roadblock to implement something similar in Linux.
- malware injected in the boot process: Have a patched grub/syslinux/gummiboot that, after loading the Linux kernel, patches in the first stages of a rootkit. Common syscall tables and important system functions (kalloc, ...) are easy to identify, as long as the API doesn't radically change.
- secret, encrypted, storage vault in the registry is surely harder to hide, because there's typically not ONE huge monolithic binary configuration database. So, probably one would have to find a feature of ext4/btrfs/xfs/... to hide things in some internally used filesystem object that's not visible to userspace (you can, after all, patch the fs kernel module if necessary)
- patching the SSD or harddrive is surely doable, just have a look at the hdparm manpage for inspiration. (--fwdownload is the official undocumented API :-)).
[just thinking about the parallels, a sophisticated attacker will surely spend some time tailoring his rootkit/malware better]
But obviously it would be much harder to persist on a machine, given that internal APIs are much more unstable and bootloader frequently overwritten on OS updates (the Win Bootloader/boot partition, afaik, never...). On the other hand, the targeted users (industrial/military corporations) will probably stick with yesteryear's RedHat Enterprise, rather than "bleeding edge" Arch/gentoo.
I suspect that most of their targets use Windows, so we have more malware samples from Windows hosts. The article specifically mentions that they heavily suspect that a Mac malware exists, yet they haven't found it yet. Consequently we don't know which exploits they use to get on Macs. They also talk about a wide range of servers being infected, only attacking Windows servers would be very limiting.
My best guess is that if you are a target, using Linux makes their work harder but not impossible. They had over a decade to figure this out and vulnerabilities in Linux software are found all the time.
The site shows a PHP script targeting vbulletin. Obviously there are lots of ways of attacking servers, especially if they run PHP applications and such.
There was once a PDF exploit for iOS that made it possible to jailbreak the phone (or run any code) if the user opened a PDF, so the PHP program could have been redirecting to something like this.
Linux malware would probably have a much lower effectiveness / $, so it doesn't pay off for them.
The attacks were highly specific to the targets they were going after. It's a large team with massive resources - if you become a target, being a Linux user will not protect you from their attacks.
What's worse is the fact that this would be more terrifying if this weren't an action to the NSA's credit. Chinese, British, and Russian governments also have the capability of developing intrusive malware at such a scale.
I see that this is confirmed as the NSA, but the world has been awfully silent on the intrusiveness of Chinese malware practices. You can not travel safely in China without your domestic devices being breached, yet we don't hear about large-scale projects from their government, which also possesses "near limitless resources" at their disposal.
I just think it's interesting there's so much attention on the NSA.
Absolutely! I live in Bulgaria, Eastern Europe, a poor, small country, which has been accepted in NATO and the European Union, but still is hosted by the past-Soviet`s secret intelligence services of Moscow, which are now illegal, but has agents and the absolute power over the legal secret services in Bulgaria. The surveillance is much larger, than in the USA, but all the info goes to Moscow.
So, what are you troubling about, when NSA is pure American, and has the purpose to protect you from the legions of Russian, Chinese hackers - officially military, or just playing and stilling criminals, and all the Islamic recruiters, who are trying to recruit American citizens for their Jihad against The Civilization...
I don`t understand, are you stupid, people, or what? NSA has the duty to protect you, and you are acting as children, whom parents has been installed a security program on your PC, to protect you from pedophiles... It`s the same case with the NSA surveillance!
We definitely throw our weight around and interfere with Iran's domestic affairs. But this is definitely a case of "we think our morals are better than yours" (and we have bigger guns so we're gonna enforce those morals).
The Iranian government funds terrorist groups around the world, and has called for the destruction of certain other countries. So yeah, if we have the ability to stifle them (particularly their nuclear ambitions) I say we go for it.
I do feel bad for many of the Iranian people. Many of them do not like their government and are therefore held hostage by the events around them, which they have no control over, and may disagree with.
Hmm, and what about the Saudi government that actually does fund terrorist activities and opposes almost everything that America claims to stand for?
America is fine with propping up that regime, so why is Iran an issue, when from everything that I've read and experienced (12 years in the Middle East) there have been no implications of Iran in modern terrorist activities?
"when from everything that I've read and experienced (12 years in the Middle East) there have been no implications of Iran in modern terrorist activities?"
- Iran does not recognize Israel.
- Iran supplies political support and weapons to Hamas,[14] an organization classified by Israel, the United States, Canada, the European Union and Japan as a terrorist organization. Mahmoud Abbas, President of the Palestinian National Authority, has said "Hamas is funded by Iran. It claims it is financed by donations, but the donations are nothing like what it receives from Iran".[15] From 2000 to 2004, Hamas was responsible for killing nearly 400 Israelis and wounding more than 2,000 in 425 attacks, according to the Israeli Ministry of Foreign Affairs. From 2001 through May 2008, Hamas launched more than 3,000 Qassam rockets and 2,500 mortar attacks into Israel.[16]
- Iranian proxies killed an estimated 1,100 US troops in Iraq.[35] In addition, insurgents supported by Iran reportedly committed acts of terrorism.[34][36][37]
Neither does Saudi Arabia! Why does it even matter, since 32 countries do not recognize Israel; including huge US beneficiaries like Afghanistan, Bangladesh and Pakistan?
> From 2000 to 2004, Hamas was responsible for killing nearly 400 Israelis and wounding more than 2,000 ...
... and in turn Israelis killed 4907 Palestinians and wounded 8611? If the number of killed is a factor in determining one's "terroristness", then surely you can't claim that Israel is a victim here! Just last year, in Operation Protective Edge, 73 Israelis were killed and 664 wounded; whereas 2100 Palestinians were killed and 11000 wounded: http://www.jewishvirtuallibrary.org/jsource/History/casualti...
> Iranian proxies killed an estimated 1,100 US troops in Iraq.
... and Saudi proxies killed nearly 4000 on 9/11 !
I can't help but think that many of the people posting on these boards are either shills or have psychological disorders, because they ignore completely obvious facts like the ones you point out and continue to hold onto their views. That type of willful blind spot is not tolerated with other subjects here on Hacker News.
There are political differences to be expected, but let me try to explain why the USA is willing to rub elbows with the Saudis and not with Iran. My credentials are this: I spent 6 months working on strategy in the CENTCOM AOR bitching about every single country in the Persian/Arabian Gulf every single day. The choice is one of picking the lesser of two evils. The USA has a great interest in keeping and increasing its geopolitical influence in the Middle East (Israel is not included in this region even though we have to plan for their actions). The two main regional powers in the Middle East are Saudi Arabia and Iran. We used to be friendly with both countries back in the 1970s but Iran had a revolution and the Ayatollah didn't want anything to do with us, and it remains that way today. Although the current President of Iran (Rouhani) has mentioned that he would like to improve relations with the USA, he is not the boss regardless of how many people voted for him; the Ayatollah is the Supreme Leader and he still openly calls for the death of Israel and the USA. So we obviously can't be friends with Iran. That leaves us with Saudi Arabia, and while they also sponsor terrorism, they are all we have left. We overlook their actions, and in exchange we are allowed to keep a significant military force there, which props up their government and provides them with a pretty big stick when negotiating with the smaller countries in the region (the only other stick they really have is their gargantuan oil production). So our PATRIOT batteries protect the family of Saud from Iran, and we get to have a little say in their goings on. It's as simple as that. Just about everybody we deal with is a piece of scum that would like to see the USA brought down a peg, but Saudi Arabia doesn't do it openly and they depend on our money and protection, so we get along a little better than them. Iran openly calls for our destruction. The last several US presidents, both Republican and Democrat have decided that it's better for us to support Saudi Arabia than not have any influence in the Middle East at all. The only other option is to withdraw our forces (without Saudi Arabia's cooperation we would probably lose our basing agreements with all the other countries in the region) and have no say whatsoever and watch as the Middle East goes in a direction that isn't beneficial to the USA in the slightest.
--And to get back to the topic of the parent post, yeah, this is exactly what the NSA is supposed to do. It is supposed to do two things: Secure the information of the USA and its citizens, and to undermine the security of everything else. A lot of US citizens were upset when they found out that the NSA vacuum had gotten their information as well, and rightfully so. But the NSA is still primarily focused on targeting external entities, and although those entities are well within their rights to complain, don't expect the NSA to stop just because someone didn't like it. Regardless of what a federal judge says about collecting on US citizens, no judge will EVER tell the NSA to stop its clandestine activities on foreign networks.
I appreciate your informed and reasonable response, but you didn't really address the two main points of the grandparent poster.
1. Iran isn't really different in stance from several other countries. You say that Iran calls for the death of Israel and America, but this isn't really true. The one quote from Ahmadinejad that gets thrown around turned out to be a mistranslation. And even if Iran's leadership did say such things, they are not even close to being alone in such heavy handed rhetoric. And anyway words shouldn't be enough to start trillion dollar wars. Otherwise Iran should have the right to attack the US for McCain and other American politicians' equivalently inflammatory speech.
2. Israel is as complicit in terror as other powers in the middle east, if not more so, but they never called out. The reasons are usually vague or fallacious, such as them being "friends" or "like us" or the only democracy in the middle east.
The question I was answering above was "why Saudi Arabia and not Iran? Aren't they both bad?" Regarding your other points, I'll answer them below (and I admit my attitude upfront on the first one, you just posted that you are frustrated with people with a willful blind spot and then you give me #1):
1. Iran's calling for the death of Israel and the USA is just a single missed translation? Give me a break. A news article from five days ago: "As usual, Iranians chanted "Death to America" and also denounced Israel." http://www.npr.org/blogs/thetwo-way/2015/02/11/385396449/on-.... It's a slogan over there: http://en.wikipedia.org/wiki/Death_to_America. And they aren't alone in their rhetoric. North Korea says it too. And guess what? We've isolated them as much as we can as well. The countries that are willing to openly say "Death to America" are ones that haven't matured enough on the world stage to realize that you should say one thing and do another. The rhetoric alone isn't enough to start a war, but their actions aren't that innocent. Iran's first "blue water navy" excursion was planned to sail all the way to the coast of the USA and enter our territorial waters, just to say that they could (but their ship didn't make it). They built a mock US aircraft carrier and practiced shooting anti-ship missiles at it. They aren't just talking big, they are actively posturing as the opposition to the US influence in the region.
2. Yeah, Israel does some stuff. The Jews have killed a lot of people (even going back to biblical times). They usually get a pass because they are seen as the "small fry" backed into a corner by all the Muslim countries surrounding them. It isn't true, but that is the story that is spun. Similar to how we treat the Saudis, we let Israel get away with a lot of things that we should probably put a stop to--seriously, pretty much anybody with sense can see that compromise is the best way to solve the Israel/Palestine issue, but when two peoples hate each other that much, sometimes it's easier to watch them punch it out. If you try to break up a fight, you risk getting punched yourself. And besides, we don't get along with the Israelis as much as most people think. Seriously, we share more intel with New Zealand than we do with Israel.
Subjective experience here - been in Iran (Tehran, Isfahan, Yazd and places between those, backpacking & mountaineering). I think we all know better than to judge whole country of 80 million based on few radicals that are conveniently showed in TV? I have met several hundred people, most were very fond of west, US too (that surprised me), few didn't care and there was exactly 1 taxi driver in Isfahan, who asked me if I knew Obama - because he is war criminal... arguably not very bright type :)
Maybe my experience isn't representative of the whole country, but few people screaming Death to america aren't either.
We get it, you (US) want influence there, because of oil. And because of... oil. You don't like that there is actually somebody who doesn't care that much and isn't afraid. A bit egoistic, and I don't get what do you expect to get in long term, except for keeping whole region unstable, with weak rulers who bow in front of you... ah wait
> "As usual, Iranians chanted "Death to America" and also denounced Israel."
The "As usual" should tell you that it is nothing new. It started back in 1979 after their revolution; and you must admit that the US did some really shady things in Iran leading up to the revolution (including the overthrow of Mossadegh).
I would really recommend you watch Rick Steves' trip to Iran. The people there are much more liberal than almost any other middle-eastern country, and most don't harbor ill-will towards America; despite the fact that we did everything short of active combat for Iraq in the Iran-Iraq war! No one can estimate the number of Iranians killed based on US intel and US support.
And while you do quote "death to america" repeatedly, how about all the threats that everyone from McCain to Bush to Obama have hurled at Iran? "All options are on the table" ... "military force can be used" ... etc. etc. And what about the sanctions? Nations would be within their rights to consider sanctions an "act of war". And Stuxnet? If Iran did the same to us? Obama has stated explicitly that a "cyberattack" would be considered an act of war!!
About the "Death to America" phrase - that doesn't really have the meaning you ascribe to it. Taxi drivers in Tehran will mumble "Death to traffic" - it's a figure of speech that's much milder than it's literal interpretation.
If you were to say "goddamn Iranians", the literal interpretation would be that you wish for Iranians to burn and suffer for eternity in the depths of hell. Of course, what you're actually saying is something much milder.
Let's use analogy, maybe not 100%, but good enough - do you want to plan and have future where you have friends, which help each other (ie real friends), or do you want a future when where you spy on everybody, including your mother, father, best friend ever, your kids etc?
Because you know, these attitudes will have lasting effects on our future and how will society look. If we don't even try to build fair world for our descendants, we'll never get there by accident.
Or in other words - as a foreigner (would never want US citizenship exactly because of things like these) - we (in europe for example), for long thought we are friends. YOu helped us out in WW2, and it created special bond. Now it seems, you don't care anymore. Okay, we will try to find our own way. Things go both ways...
None of what you say debunks my thesis: Iran is implicated in modern terrorist activity. This was in reply to the person who said Iran has not been implicated. I linked to a reputable source with citations. I am baffled by the down votes. Are we disagreeing with the source material I referenced? How about a response that repudiates my claims instead of redirecting the conversation to something completely unrelated to my comment (Saudis, Israelis, etc). To be blunt: the world has many bad actors (including the US), but it is absurd to say Iran is not at least "implicated" (which is different from proven!) in terrorist activity given the facts I referenced.
> the world has many bad actors (including the US),
So what's the problem? You're using "implicated" as if it's a bad thing; by your own admission, even the US is "implicated" in such activities. The point was: even using your metrics, Saudi Arabia is a worse actor than Iran is.
"America is fine with propping up that regime, so why is Iran an issue, when from everything that I've read and experienced (12 years in the Middle East) there have been no implications of Iran in modern terrorist activities?"
My comment explains why Iran is an issue (from the U.S. perspective) due to being implicated in decades of terrorism. That is the only point I wanted to refute because it is silly to claim Iran is beyond reproach when it comes to terrorism given the facts I referenced. Regarding "implicated" being a bad thing: it is. In english it is usually used in reference to someone committing a crime or being involved in some other nefarious activity.
Your opinion on who is "worse" is not really something I am interested in because all terrorism is awful regardless of the perpetrator.
-Just to point out, but Israel does not recognize and actively suppresses a state for the Palestinian people, and western nations like Canada support this religiously motivated move (Right wing Likud party and extreme right Jewish Home parties have no plans on ever recognizing a land for Palestinian people). You can't say that these actions are morally righteous while looking down your nose at Iran for doing the same thing.
The US flies drones over foreign countries and kills people with them, topples governments that it doesn't like (or that US companies don't like), invades countries on false or trivial pretexts, yada yada. Ob yeah, and funds terroriets and death squads. So claiming moral superiority over other countries is pretty difficult.
> We definitely throw our weight around and interfere with Iran's domestic affairs. But this is definitely a case of "we think our morals are better than yours" (and we have bigger guns so we're gonna enforce those morals).
While I'm not privy to US policy-making, it seems that if morality is involved, it's only by accident. US policy is about protecting US interests, and as such, is primarily motivated by greed, fear and often expansionism. The well-being of non-Americans is completely irrelevant.
This is no different in essence from many other countries, who similarly brandish morality as a shield when it's convenient. The difference is that the US is more interventionist than most, and has the biggest stick.
