Interview With An 'NSA Hacker' Published By The Intercept (theintercept.com) 93
The Intercept published a 4,000 word article based on a journalist's three-hour interview with an "NSA hacker" who recently left the agency for a career in cybersecurity. Offering a portrait of life within the U.S. intelligence agency, "Lamb" says he worked on "ridiculously cool projects that I'll never forget... Technically challenging things are just inherently interesting to me."
He's the author of some of the memos leaked by Edward Snowden about how the NSA tries to identify Tor users or break into sys-admin accounts. ("One of his memos outlined the ways the NSA reroutes (or "shapes") the internet traffic of entire countries, and another memo was titled "I Hunt Sysadmins.") "If you tell me, 'This can't be done,' I'm going to try and find a way to do it."
It's interesting that he ended one memo with "Current mood: devious" and wrote in another that Tor "generally makes for sad analysts". But in his interview, he warns that "There is no real safe, sacred ground on the internet. Whatever you do on the internet is an attack surface of some sort and is just something that you live with."
He's the author of some of the memos leaked by Edward Snowden about how the NSA tries to identify Tor users or break into sys-admin accounts. ("One of his memos outlined the ways the NSA reroutes (or "shapes") the internet traffic of entire countries, and another memo was titled "I Hunt Sysadmins.") "If you tell me, 'This can't be done,' I'm going to try and find a way to do it."
It's interesting that he ended one memo with "Current mood: devious" and wrote in another that Tor "generally makes for sad analysts". But in his interview, he warns that "There is no real safe, sacred ground on the internet. Whatever you do on the internet is an attack surface of some sort and is just something that you live with."
no sacred ground (Score:5, Insightful)
Re: (Score:2)
Re: (Score:1)
No offense, but Breitbart isn't exactly the most trustworthy of sources. I'm sure that I am not alone in this opinion. I'm completely unable to find anything other than Breitbart listing Rodham as the owner of the company, but I can find multiple sources listing him as a member on the board of advisors.
The Common Sense Show is just another right-wing conspiracy-tard site. FFS, they're talking about those dumbass Bundy and Hammonds.
Please find better sources. I'd sure like to believe you.
Re: (Score:2)
Either the information is accurate or it isn't. The source doesn't matter outside that regard. If you have reasons to believe it is inaccurate outside of you not wanting to believe it, then list it. If not, either accept it or understand that you are wilfully remaining stupid and blindly ignoring information presented. You will be no better than a flat earther.
Re: (Score:2)
The links seem referenced enough to be just as valid as anything on Wikipedia or any other site. If you are dismissing it out of hand because of your dislike of the politics of the site you literally are no different than a flat earther. You even proudly proclaim it just like they do.
This isn't some hocus pocus alternative health link but your reaction is typical of the antivaxers. They made specific charges and backed them up from what i can tell with a cursory glance. You can close your eyes and claim it
Re: (Score:2)
The problem of inference is that the information in hand is usually not enough, whether or not you succeed in determining it's accuracy, considered in isolation.
The gap between a smattering of accurate information and assembling an accurate world view is a real doozy.
You can't assess the representativeness of your "smattering" without also considering your sources and the net they weave.
Re: (Score:2)
If you think it is all a conspiracy, you can present evidence of such. If all you are doing is ignoring something because you don't want to believe the source, you are anti-intellectual and unthinking. If you choose to ignore it and keep it to yourself, no one will know you are intentionally stupid. If you bragg about it, then don't be upset or surprised when you get called out on it.
All it would take for you to become a blundering idiot (as in the original meaning) is for sources you think are valid for w
Re: (Score:2)
Nice deflection there. I bet you even won your kindergarten debate class too. The links cite references for fucks sake. It is absolutely nothing like that. It if anything is like Wikipedia having factual content because they do the exact same thing - cite their reference.
Now you could look at the links and decide they are unsubstantiated opinions or they are factual. Anything else is intellectually dishonest and judging from your comment, you are comfortable with dishonesty.
Re: (Score:2)
I checked the first link and it references a book making the claim as well as the website of the company who got the gold permit bragging to investors that they are one of only two able to exploit the gold in hati.The website of the company also listed Hillary's brother as being on the board of directors.
I'm not sure how you consider that not relevant. I'm betting you never bothered looking and are just spouting nonsense in order to justify your wilful stupidity.
Re: (Score:2)
It doesn't say illegal stuff. No one that I know of said illegal stuff. It says that the co chair of a relief fund bill was in charge of is now on the board with her brother and they got a sweet deal after dishing out relief funds. If you go to the vcs website and select press, you will see that the two people in question recently resigned.
I'm going to say it is unethical and looks badly but you are the only one I know of saying it was illegal. Maybe you should do more than pinky swear. When friends and fa
Re:no sacred ground (Score:4, Insightful)
The NSA must surely be compromised. If Snowden could do it, you have to figure that professional spies from other countries have too. The NSA is a very attractive target, having virtual dossiers on all US and many European citizens that are ripe for plundering. Access to NSA backdoors and non-public vulnerabilities would be quite valuable too.
Re: (Score:1)
They can't hack for shit.
I suspect you are right. We certainly don't have any evidence they accomplished any major incursion. There is the Iranian centrifuge story, but I have my doubts about it, and we don't really have any reliable details.
I *do* have experience in assessing state governments' level of technological prowess, and it is beyond pitiful. Basically, they pay for everything, and if nobody is offering, there is no internal means to accomplish anything. I should clarify my "assessment" is way old by now, but I would gue
Re: (Score:1)
Anyhow, there are other illustrations of NSA's ineptitude.
Re: (Score:3)
Its pretty common when mocking a post to respond in the same style.
For example, one might have responded to yours with:
You must be [insult] ; either that or [insult]; and you [insult].
Anyhow [final insult]....
You might be right and its the same AC; but its just as likely to be using style imitation as part of the mockery.
Re: (Score:3)
Flawed as SELinux is, it's on top of other security measures. It cannot give permissions that aren't already there.
Most of the criticism I see about SELinux is that it's too cumbersome to use correctly, so those without a special interest often turns it off. Often by the same people who don't understand acl either, and think 666 and 777 permissions are practical. Many of them even rely on Windows-like privilege escalation like gratuitous ALL=(ALL) ALL in /etc/sudoers.
Re: (Score:2)
Most of the criticism I see about SELinux is that it's too cumbersome to use correctly, so those without a special interest often turns it off
The criticism is that the tools do not exist to make it convenient to create new SELinux profiles, so those without a special interest rarely turn it on — at least, for anything that some application or distribution doesn't include for their benefit. There have been efforts to create such tools in the past, but last time I looked it wasn't convenient to even build the tools, and they were outdated in other ways as well. If you know better, I'm interested.
Often by the same people who don't understand acl either, and think 666 and 777 permissions are practical.
They are practical for many purposes, when comb
NSA has a lot of resources, no superheroes. Easy (Score:3)
Being in the information security field myself, I've hung out with some federal government infosec people once or twice. My read is that the feds have a lot of money and other resources. They don't have superheroes on staff. "Garcia" from the TV show CSI doesn't work there. So they're good, but cerrainly not orders of magnitude better than those of of us in the private sector. We can't get billion dollar datacenters, though, to record information about every phone call in the country.
HOWEVER, most of the
Re: (Score:2)
I think you are comparing apples to oranges. The NSA has a charter that includes expertise in this field. That's very different from having license to engage in computer drama in the course of discharging duties, as state governments would have.
Re: (Score:2)
Legit story? (Score:1)
Re: (Score:3)
Legit-ish. "Lamb" was in one of the terrariums full of haxxors that the spooks keep for research and observation. Obviously, he wasn't even valuable enough for them to aggressively hold on to.
Re: (Score:2)
The biggest thing that a place like the NSA can offer is "this work is really really cool, even if you can't tell anyone about it." But at some point, that just doesn't measure up to ot
NSA is just like the other digital thungs. (Score:1)
NSA buys their exploits on the black market [theatlantic.com] just like all the other criminal skiddies do.
They even point and click to deploy their attacks, like skiddies using babby's first pre-packaged metasploit-ready exploit vector.
"Devious" is buying exploits from real black hat hackers? Pretty much, yeah.
With everything having such shit security there's not much incentive to spend a lot of money on "really neat projects" aside from running a fuzzer on new software, or fingerprinting a sysadmin's systems then deployin
Worthless article (Score:5, Informative)
Re: (Score:2)
Which is EXACTLY why The Guardian, Glenn Greenwald, The Intercept, and all the other bullshit journalists... suck. They're in it for themselves... content, truth, openness, sharing, facts and publishing the whole thing unredacted and without permission from authority... are completely secondary.
So what? This is real life, not some fairy tale movie where the journalist hero saves the world and wins the girl. There will never be a side of pure good. There will never be a clear victory over evil.
Re: (Score:3)
And with that kind of support... you will never be free.
In the real world, you use the tools you have to make the world a better place. Not the magic pink unicorns you wish you had.
Re: (Score:2)
In the real world fuckwits abuse tools meant to make the world a better place, in order to enrich and empower themselves, regardless of how much those tools now make the world a far worse place. Until they starting testing to psychopathy and rejecting those shown to be psychopaths, this problem will get far worse.
The whole nonsense of NSA power is insane, want to effectively castrate them, simply deploy EMP because that is exactly where all this will end up. Losing the hacking war, just EMP the oppositio
Re: (Score:2)
As for the original purpose and intent of the internet - it's just as naiive. It was deigned by people who were privileged and grew up in a free country and never read history books and never dared to step outside their extremely comfortable comfortable zones and imagine how it could be abused.
And the above paragraph was written by someone who didn't think. If you're trying to fix human tyranny via modding the TCP/IP stack, then you're doing it wrong.
Re: (Score:2)
If you're trying to fix human tyranny via modding the TCP/IP stack, then you're doing it wrong.
On one hand, you are very right. On the other hand, it still might help, and trusting the network so much is foolish.
Re: (Score:2)
Until they starting testing to psychopathy and rejecting those shown to be psychopaths, this problem will get far worse.
I too want those magic pink unicorns to catch all the bad people. The thing you don't seem to get here is that psychopathy is a normal human reaction to great power and unaccountability. There's no magic test for this.
Re: (Score:2)
Oh, psychopathy would happen even with accountability. It just means the psychopath has to get rid of one extra thing before going full throttle on the psychopathy.
If your accountability is well designed, then it's a very big obstruction which is the whole point of accountability.
When we act with intent to better the world, we just get socialism, and we know that doesn't work.
Self-parody right? Socialism without accountability is a playground for the sort of behavior you claim to care about.
Re: (Score:2)
Doesn't matter. If the power being watched is great enough, psychopaths will appear to try and take it, no matter how big or how many obstructions you put in the way. That's the point of great power.
Which is why division of power happens. And what again was the point of testing for psychopathy as the original AC proposed? That's just another thing to work around. At least, accountability works better than that.
Re: (Score:2)
You answered your own question: it's a division of power thing.
Having a new entity that tests for psychopathy will mean a redistribution of power, some of it going to this new entity. So it really is just another form of accountability aka another thing to work around.
I don't buy it. My view is that the testing is useless except as an arbitrary exercise of power. If you're going to do things like that, why not do something useful with that entity, like passing laws or judging breaches of the law (the traditional two divisions of power common to most democracies)?
See, you act like what the other AC propose and what you think works are different things and that one is better or worse. To a psychopath, they aren't, and they'll both work just as well or not.
Again, I don't buy this. I'm not a psychopath and hence, don't share this alleged equivalence.
Re: (Score:3)
So what? This is real life, not some fairy tale movie where the journalist hero saves the world and wins the girl.
I don't believe Glenn Greenwald is particularly interested in winning the girl.
This can't be done (Score:2)
"If you tell me, 'This can't be done,' I'm going to try and find a way to do it."
How to be rich in 10 seconds:
1) say, "I can't have your bank account. This can't be done."
2)He's 'going to try and find a way to do it'
3)????
4)Profit
Unprecidented (Score:3)
Re: (Score:2)
Computer Network Exploitation.
CNO = Computer Network Operations, an umbrella term which covers offense and defense. CNE is offensive CNO.
So does this mean.. (Score:2)
he's turning in his back hat for a white one?
Re: (Score:3, Insightful)
It means he sold his soul and now he repents. But in reality it's like Satan posing as a humanitarian worker.
His curiosity toward IT was exploited by a rogue agency, no doubt. I just hope he realizes all the damage he's done to the basic and human rights, let alone diluting the values outlined in the US Constitution. There's no amount of "cyber security" he could ever do to make up for that and there's no amount of righteousness he can hide behind to justify his actions. What he did was pure evil.
Re: (Score:2)
What I got from it was that Lamb wants to be a security consultant. You'd pay him to run Nessus against your network or whatever.