US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet 367
An anonymous reader sends this news from the Washington Post:
"U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents [from Edward Snowden]. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions. ... The implants that [an NSA group called Tailored Access Operations (TAO)] creates are intended to persist through software and equipment upgrades, to copy stored data, 'harvest' communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others."
Re:wow (Score:5, Interesting)
Yeah. And to think that they can't secure their own networks, hence that Snowden got this out.
Sometimes I wonder if the NSA planted some or all of this stuff to impress the hell out of the world and strike fear into the hearts of the Opposition. I mean, this is straight out of a Sci-Fi plot: Homer Simpsonvich brings one infected iPod into his FSB headquarters, and soon the whole goddamned place is full of programs that are listening in on anything in sight, autonomously making cuts to exfiltrate back to Ft. Meade, copying anything that looks interesting, and surviving whatever the Opponents do to the host machines.
Securing a network is always harder than attacking a network and you can never fully understand a person's intentions when you grant them access. I'm sure a small part of what they publish is a psyop of some kind but for the most part, yes, sci-fi is reality. We are not the only ones doing it and we may not even be the best.
When you start to consider everyone who is "operating" on the Internet, things get really scary, really quick. The new cold war will be one of constant paranoia of an attack that can influence a piece of critical infrastructure. There have been small rumored instances but until the Hiroshima of the online world happens, it will be a constant game of shadows and you never, ever, fully know or understand an operator's capabilities.
Sci-fi, indeed.
holy shit (Score:4, Interesting)
Re:Allies? (Score:5, Interesting)
Personally, I take comfort in knowing that this will only be used against foreigner's computers, since I am a US citizen. Just like how we were assured the collection of phone data only applied to foreigners. Damn it, why does my CPU usage keep spiking?
Re:Now, for the other angle, is this treason? (Score:2, Interesting)
Whistleblowing on a secret US government agency that's governed (if at all) by secret laws and secret courts, and is clearly out of control?
Sorry, that would never cross the line into treason. It's the agency which is breaking the law.
So if the identities of operatives were leaked, is that treason? What would be too far even for you?
Re:Now, for the other angle, is this treason? (Score:2, Interesting)
As a non-american, I think Snowden went far enough for one man. I think we need other Snowdens to stand up and speak the truth. Treason against his government or all of humanity. Tough choice to make.
Re:Now, for the other angle, is this treason? (Score:2, Interesting)
Since the line for treason gets drawn by the government he is exposing, of course the answer is yes.
The question is, does he care?
I'm asking what line do Snowden supporters draw. Or should Snowden have no limit to what he can leak?
Serious question for the Linux community (Score:4, Interesting)
Like everyone else on slashdot, I only run Debian and must say I smile when I see reports such as country sponsored malware strikes like this. But it does make me ask an honest question:
How can we be sure that the Linux kernel isn't compromised? I don't really have the time to go through all lines of code and I doubt my security analysis and development skills are up to the task anyway.
Re:Now, for the other angle, is this treason? (Score:4, Interesting)
It is NEVER treason to expose government wrongdoing or unconstitutional behavior. It is NEVER treason to expose government coverups or lies. It is NEVER treason to disclose programmes that should have had proper congressional or public oversight but didn't. Everything so far disclosed has fallen into the above categories. If ever disclosing one of these wrongdoings or unconstitutional behaviors or coverups has put an operative or operation in jeopardy - then the blame rests solely on the shoulders of whoever perpetrated that cover up. Otherwise, any wrongdoing could be hushed up simply by entangling it with something else.
At least, that's my view as a Snowden and Manning supporter
Re:Serious question for the Linux community (Score:4, Interesting)
I'm wondering if many of us have backdoored ourselves with Skype.
It has been reported that it accesses /ect/password and also reads the bookmarks in firefox. While the later seems harmless initially isn't this similar to the meta-data collected from email exchanges that the nsa is known to collect. I'm sure there is value in knowing what people are reading at some point you may become discontent enough to become a radical or terrorist.
Unfortunately Skype is generally installed by giving the skype installer root access. There is no need to find an exploit when the system user installs your trojan willingly.
We already know skype is not secure for communication and has changed from peer to peer communication to running via microsofts servers. However it is still pretty useful, about the best cross platform messenger client out there. I don't use skype to say anything that is likely to warrant any action from the nsa, so its not a real problem right?
However the access that skype has to my machine is bothering me especially the potential access to passwords, am I giving the nsa the equivalent of ssh access to my machine?
I believe its possible to install skype as its own user and without giving skype root at anytime but apart from some instructions on securing skype on arch wiki I can't find anything else.
Is there anyone here who can share how to install skype sandboxed so it has a much more limited access to peoples machines?
As someone who doesn't feel there is any reason for the nsa to want to snoop on him i still see some utility in skype (what is the cross platform alternative) but i really don't like the idea that the nsa already has access to my personal files and my passwords.
It is a bit cocky to be thinking you're secure since you don't run windows, when you may well have welcomed in the nsa giving them the keys to your 'secure' systems.