NSA Worried About Implications of Leaked Toolkits (businessinsider.com) 272
Reader wierd_w writes: According to Business Insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the 'Shadow Brokers' absconded with a sizable trove of penetration tools and technical exploits, which it plans to sell on the black market. Among the concerns are worries that active operations may have been exposed. Business insider quotes an undisclosed source as stating the possibility of the loss of such security and stealth (eg privacy) has had chilling effects for the agency, as they attempt to determine the fullness and scope of the leak.
(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)
(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)
I still think (Score:3, Insightful)
Re: (Score:2)
I'm still waiting for the NSA to put out a press release stating "this is for realsies, if you buy this you can spy on us and we can't do anything about it, pinky swear".
"Right! That DOES It!" (Score:3)
"This is not a joking matter. You're ALL on a list, now!
Oh, damn!
I'm on the bloody list now, too."
Re:"Right! That DOES It!" (Score:5, Funny)
Re:I still think (Score:5, Insightful)
...if you buy this you can spy on us and we can't do anything about it, pinky swear".
So they were sitting on a pile of zero day exploits and rather than making the internet a safer place they kept them for personal use.
I will laugh myself sick if it turns out they were breached by one of the very zero day exploits they decided not to report to the product owner for fixing.
Re: (Score:2, Informative)
I don't know...in the series of tweets that Snowden made on the topic, I (believe) he implied that it was more likely someone had access to a secure facility, threw a bunch of files that should have been secured onto a USB thumbdrive and walked right back out. Nothing so dramatic as a zero-day exploit, it almost sounds as if they (amazingly) haven't learned anything from Snowden's example at all...
I'm not sure what worries me more, the fact that these people are conducting surveillance on a global scale, or
No Farks Given on NSA feelings (Score:5, Insightful)
Welcome to how the rest of society feels.
Re: (Score:2)
Re:Why do you speak on behalf of the rest of socie (Score:4, Insightful)
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
It shouldn't matter who the DNC leaker was. Blaming "the Ruskies" is just a diversion.
Re: (Score:2)
It shouldn't matter who the DNC leaker was. Blaming "the Ruskies" is just a diversion.
The question here isn't 'who leaked?', so much as 'if it's the Russians, what are they holding back?'
I'm a fan of leakers, but would prefer leaks from people who don't have a horse in the race. The age-old question 'cui bono?' (who benefits?) is a key element to establishing the value and completeness of a leak. I say this, by the way, as a professional journalist who has relied on leaks and whistleblowers for some big stories.
Re: (Score:2, Funny)
If you believe that has anything to do with Putin you are Hillary's chump in the first place. It can't be fixed short of a 9mm 'game reset'.
Re:Why do you speak on behalf of the rest of socie (Score:4, Informative)
Since 1994, when Ukraine established relations with NATO, and since 2008, when the Bush administration voiced support for Ukraine joining NATO.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Since then, the official US designation for Ukraine is a "major non-NATO ally" (MSNA):
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Interesting. Though your wiki link states that Ukraine, Moldova, and Georgia are proposed members. I don't see that the language has ever actually passed in H.R.5782 - Ukraine Freedom Support Act of 2014 [congress.gov] or other similarly named bills. Do you have a reference?
Re: (Score:2)
It goes back before that. It was signed into law in October of 1992.
In 1992, George H.W. Bush signed the FREEDOM Support Act, which also started US economic support of Ukraine.
https://en.wikipedia.org/wiki/... [wikipedia.org]
And the United States conti
Re: (Score:2)
If you talk about "coup junta in Ukraine" you're nothing but a Kremlin troll.
Paid or not paid, I have no idea, but you're still a Kremlin troll.
Re:Why do you speak on behalf of the rest of socie (Score:4, Interesting)
That isn't fair criticism.
The facts are there was no provision for impeachment of a sitting president under their constitution at the time, and yet it happened.
It does not matter they guy was corrupt and in the pocket of the Russians, a coup is still a coup. The rule of law should matter. The people should live with the consequences of who they voted for or use a predefined process for impeachment or recall. You don't get to make one up after the fact.
We saw the same thing with the Muslim brotherhood in Egypt. Are the people there better off having removed them, oh probably but it was NOT legal or democratic.
What is even worse is in the case of both Ukraine and Egypt we violate our own laws and sacrifice our own integrity continuing to provide aide and honor treaties with these countries after these coups have occured, despite the fact our laws say we can't do that. We could/should probably recognize the new governments as new governments and consider it a diplomatic reset, but that is bad for business and our State Department / Congress is lazy and corrupt itself.
Re:Why do you speak on behalf of the rest of socie (Score:4, Insightful)
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
Then see my initial comment of 0 farks given. You think that inside info from TLA places like that hasn't been used against people internally already? It's about time that these organizations and the people in charge get outed and embarrassed. There's been too much power, corruption and insider BS for too long now and it needs to be balanced out.
Blinders (Score:2, Insightful)
Instead of worrying about things like the democratic process being broken as demonstrated by the leaks, you are worried about the source of the leaks.
Yeah, I worry about the rest of society but more that they think like you do.
History is a pretty good crystal ball for everything going on. I won't give you any lessons here, you seem content or frightened so remain ignorant. I will simply state that all weapons through history, including espionage devices used for weaponry, have moved from place to place.
Re:Why do you speak on behalf of the rest of socie (Score:5, Insightful)
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
They got what they deserve. Instead of monitoring every single American and putting backdoors in every program they can, the NSA should have focused on monitoring foreign actors while helping to ensure that domestic institutions (companies, political parties, non-profits, and of course the population as a whole) have access to privacy and secure communications. The NSA should be the national equivalent of an IT security department. Leave the detection and investigation of domestic bad actors to the FBI(if you run across any domestic malfeasance then by all means pass it along but don't go looking for it specifically) and coordinate with the CIA when it comes to foreign actors. Develop tools and programs to protect Americans-and this is important: your job is to protect Americans (the people) not "America"- and their homes, not to watch them in them.
Re: (Score:2)
Re: (Score:2)
I'm more worried that parts of my society might actually see exposing political parties' communications, as being akin to "meddling in our affairs" or even more absurdly as "intervening in our elections."
I hope that these people are lying, faux-outraged in an attempt to get their crappy party an emotional edge over another crappy party, but I fear they're being honest, every bit
Re: (Score:2)
You don't get it. These jokers can only spy on us because they've purchased or discovered vulnerabilities in the systems we use. Instead of going all noble, protect the American citizen--their job--and notified the appropriate parties of these vulnerabilities they keep them for themselves to exploit wherever possible. An argument might be formulated in their defense if this was a one-sided deal. But, it's not, if they can discover/purchase these vulnerabilities so can others. If they can exploit them,
Re: (Score:2)
What if the rest of society is really worried over the fact that a sophisticated adversary is meddling into your domestic affairs (via DNCLeak and DCLeaks, incl Wikileaks) and at the same time confronts one of your main intelligence agencies in public, calling it bluff.
We are mostly okay with that because Capitalism. See Facebook, Microsoft, Google, Apple and Amazon. This time around it's just a different person looking to make a profit.
Until we as a society actually take a stand on privacy and stop sharing every meal and bowel movement with all of our friends, this kind of crap will always fly under the radar to "ZOMG Zac Efron at the olympics!"
Re: (Score:2)
I have been wrestling with this quandary recently. Illegal activities performed by unknown perpetrators (Yes they are still unknown, no we don't know for sure they are Russians, put down the Kool Aid) have resulted in the first inkling of transparency the American people have seen from their government and their government officials in a long time. I'm a law-and-order kind of guy on most subjects. This concerns me greatly.
What has allowed me to sleep is simple. Whoever is making these leaks is acting not
Re: (Score:2)
The NSA should make it its PRIMARY MISSION to warn industry about the exploits it finds rather than keep them secret for years while our foreign adversaries also utilize them to undermine us.
Fine let the NSA use newly discovered exploits for 90 days to give the US a head start in both fixing our own systems and exploiting the vulnerability, but then mandate that the NSA inform industry to fix the security vulnerabilities WITHOUT EXCEPTION.
Oh, my. What quaint naivete. Child, what makes you think the NSA is not sharing it's intel with it's corporate overlords? The fact that it isn't shared publicly? If you were in a position to do so, wouldn't you insist on an exclusivity clause? That's a huge competitive advantage, worth a fair chunk of change. Why in the world would you let that "investment" be squandered by some bullshit, social responsibility notion? Poke fun at my foil hat if you like, but for amount of money that we're talking about here, not much is really in the "too paranoid" category, and certainly not the notion that there are other customers of the NSA's output.
Re: (Score:2)
Re: (Score:2, Insightful)
Is it ironic that a song about irony written by a former English major doesn't contain a single example of actual irony?
Re: (Score:3)
Give her a break. She's Canadian.
Re: (Score:3)
That's the whole point.... now you get it.
"tickled"? (Score:2)
Good work guys! (Score:5, Insightful)
Re: (Score:3)
Re:Good work guys! (Score:5, Insightful)
Hell, they probably got exploited by exploits they hoarded and were discovered independently.
But hey, remember folks, everything should have a Government-approved back door in it which only the Government can use, just in case they need access. It'll absolutely be secure...
Re: (Score:2)
One hopes they would patch local binaries for exploits they've discovered.
Re: (Score:2)
I spoke with someone who works for the NSA, about this very topic. It is kinda complicated. Suppose an employee develops an exploit for some OS. The IT department for their network isn't authorized to know that. The NSA probably doesn't have the source code to the OS anyway to patch it. In some cases, they can tell the IT people "Disable feature XYZ on your web server, and don't ask me why." That's a bit dicey already. But what about a buffer overflow or something like that? What if they find a hole
Re: (Score:2)
The latest date on the files is 2003. Could be that whoever release them only released older files, or could be that was when they lost access (it was a few weeks after the Guardian posted the first Snowden leak based stories).
So if there is anything unpatched in there, it's been aiding the enemy for at over three years now.
Re: (Score:2)
How much longer are people going to believe that foreign is bad, homegrown is good ?
Think about their actions when evaluating them, not their ancestry.
Re:Manhattan project also failed to keep its secre (Score:5, Insightful)
If, hypothetically, the Manhattan Project had squandered the opportunity to make us nuke-resistant in order to preserve the utility of their weapon; then, yes, I'd say that they screwed up pretty atrociously. The difference, of course, is that no such option existed, while the process of disclosing bugs to vendors is very much an option.
The "you aren't the only ones who could exploit those vulnerabilities" argument was previously largely hypothetical; now, not so much.
We are probably talking about different things (Score:3, Insightful)
My worry is that the NSA is likely penetrated by moles or it was successfully penetrated by foreign hackers. Regardless of the actual way those files were exfiltrated, this public stunt is nothing less than a public attack on one of your main intelligence services, by a foreign adversary, a brutal undemocratic and illiberal regime.
The fact that the NSA is under attack (and a public one) is what worries me, not that a bunch of 0-days is made public (and some of them are already fixed).
Re:We are probably talking about different things (Score:4, Insightful)
My worry is that the NSA is likely penetrated by moles or it was successfully penetrated by foreign hackers.
Wikipedia estimates that 30-40k people work for the NSA. Some of those people are bound to not be happy with the direction the NSA has taken over the past few years.
Re: (Score:2)
Evidence suggests they haven't been MY intelligence agency for a long time. They struck the colors several years ago.
Re:Manhattan project also failed to keep its secre (Score:5, Insightful)
Imagine if the researchers of the Manhattan project not only discovered how to create a nuclear bomb, but also discovered a defense against nuclear weapons. Then, rather than telling anyone about the defense, they tried to keep it a secret so they alone could use the bomb. That would have been incredibly foolish! But we do not judge the Manhattan project this way, because they didn't actually have a defense against nuclear weapons.
Yet the NSA did. They found security bugs, created exploits for them, then refused to disclose the bugs to vendors so they could be fixed. This intentionally left their own country vulnerable to attack. The security community beseeched them to release this information, and warned them that others could find these exploits too and use them. But the NSA figured that nobody else was as smart as they were and so no one else could discover these exploits. They have been proven wrong.
And that is why we judge them somewhat differently.
Re: (Score:3)
But we do not judge the Manhattan project this way, because they didn't actually have a defense against nuclear weapons.
How do we know that? Maybe they were very, very good at keeping it secret and took the secret to their graves. #Conspiracy theories
Remember, S stands for Security..... (Score:2)
Nonono. Its far worse than that. Imagine the government build a nuclear weapon, and then let someone walk off with it. Individual exploits come and go, this is letting someone walk off with a MIRV ICBM. And now they are trying to sell it. On the Internet.
To the NSA: Dear god, you fuckups. Please call your friend over at the CIA who does wet work an
Re: (Score:2)
Re: (Score:2)
The inability to keep secrets in itself has nothing to do with morality. The nature of the secrets being kept does. We judge all these projects equally and your listed projects as well as many others come up far better than the NSA.
Your security services are under attack (Score:4, Insightful)
I don't really see anything funny or positive in the fact that one of your main intelligence services is under attack by a hostile power. And this attack is not clandestine, hidden from unwanted eyes, but it is made in public, so as to call NSA bluff and expose your country as a paper tiger.
And this all is compounded by a poorly hidden active measures campaign to benefit one candidate and to destroy another.
I believe that neither Schadenfreude nor sarcastic gleeing over a major f@ck up at the NSA are appropriate in this case, because want it or not, admit it or not, but your country is under attack by a powerful, sophisticated adversary. And it aint good. at all.
Infowar equivaltent of M.A.D. (Score:2, Troll)
Re:Infowar equivaltent of M.A.D. (Score:5, Insightful)
But Shadow Brokers isn't an agent of a nation with a lot to lose like the NSA is. MAD only works if both sides have a lot to lose. Neither will want to start a war. This is like a major power versus a crazy guy who just happens to have a nuke in his tool shed.
I'm not arguing for major powers alone possessing such tools. Unlike nukes, these can be built by poorly funded but highly educated groups. The NSA should have prioritized its mission to ensure that we (gov't and private entities alike) would have adequate defenses above deploying this stuff.
Re: (Score:2)
Read this. [businessinsider.com] Shadow Brokers ARE the Russians. A lone, non-state-sponsored hacker did NOT break into an NSA server and then keep it secret for over three years.
Re: (Score:2)
Shadow Brokers ARE the Russians
Are an arm of the Russian government? A Russian contractor that works for the FSB on occasion? Or just a group that happens to be operating from within Russia.
I have a hard time believing that a government espionage agency would turn around and sell goods that it stole on the black market. Shadow Brokers may have intended to sell this stuff to the gov't, been turned down and now are seeking to unload this stuff for cash just to get some ROI. The fact that Snowden (a guest of the Russians) felt comfortable
Re: (Score:2)
Re: (Score:2)
An intelligence service won't tip their hand by revealing that they possess even the garbage. Because their counterpart would work backwards, figure out what good stuff they might have, which is now compromised, and plug those security holes.
Re: (Score:2)
I believe that neither Schadenfreude nor sarcastic gleeing over a major f@ck up at the NSA are appropriate in this case, because want it or not, admit it or not, but your country is under attack by a powerful, sophisticated adversary.
A foreign, or domestic adversary?
Foreign (Score:2)
Read:
http://observer.com/2016/08/ns... [observer.com]
https://www.lawfareblog.com/ve... [lawfareblog.com]
Re:Your security services are under attack (Score:5, Insightful)
Positive is a whole other thing, but really, you don't see it as funny?
First, the NSA was doing something obviously-stupid on the face of it. Before a single American tax dollar was spent on developing this malware (or spent on intimidating the software industry into keeping our software and protocols insecure), any reasonably-competent "computer dude" knew that America itself was most likely to end up being the victim. (Of course, we spent the money anyway.)
It's just another example of how we go to so much trouble to shoot ourselves in the foot, and every time we do it, we take away the lesson that we need a bigger gun. Sorry, but this is really is a true-life example of a joke that gets funnier the more times you tell it. Your grandkids are going to think this is hysterical, not merely funny.
You say it's a foreign power doing this, and technically you're right. But they are robotically doing it, just as predicted. Ultimately, America made the choice for this to happen. This foreign power is (figuratively) our own proxy. The minimax solution path that we chose, included this move within it. We rejected solutions which did not include foreign powers taking advantage of the malware that we created. We rejected solutions where we ran decent OSes which weren't compatibile with malware, where encryption keys are exchanged directly whenever they can, and where public keys are introduced by trustworthy introducers. We want a world of malware, and our choices prove this.
Second, there might be something you don't understand about America: we don't exactly think of our government as part of our country. (It's complicated.) If you attack our government, I think about 5 out of 10 Americans is ok with that. Our government is just another country, with whom we're sometimes adversaries and sometimes allied, but never ever loved or respected. The NSA isn't our security service; it's someone else's.
Re: (Score:2)
Re:Your security services are under attack (Score:4, Insightful)
...your country is under attack...
It stopped being "my" country when it started keeping secrets in order to aggregate power. "My" country is run by the people, for the people, and of the people.
Re:Your security services are under attack (Score:5, Informative)
It stopped being "my" country when it started keeping secrets in order to aggregate power. "My" country is run by the people, for the people, and of the people.
Many of us feel the same way, and are concentrating our efforts in one small geographic distribution. We've elected dozens into the State legislature and many more municipally across the state. Maybe you should vote with your feet. Free State Project [freestateproject.org]
Re: (Score:2)
Re: (Score:2)
Foreign countries are always trying to hack infrastructure. What's new
Re:Your security services are under attack (Score:5, Insightful)
I think most of us had assumed it was happening already. If Snowden could get in and pilfer so much material, an well resourced and skilled adversary such as China or Russia certainly could too. This is merely confirmation.
Some good may come of it. We will patch some vulnerabilities, add some new malware detection signatures. We will see some of their techniques and learn to defend against them. And it should put some pressure on the government to reign them in a bit.
Re:Your security services are under attack (Score:5, Insightful)
I don't really see anything funny or positive in the fact that one of your main intelligence services is under attack by a hostile power.
Then you're not looking very hard. This is the best possible event for the defense of online freedom, for our Government has just proven that the world's most advanced security agency can't defend against online intrusion. It is the most powerful argument for unfettered end-to-end encryption that we could have possibly hoped for.
If it is hopeless for the NSA to secure unencrypted data, then it is also hopeless for everyone else to do the same. Therefore, powerful encryption is not only wise, it is necessary. All those Congress-critters and Government agencies calling for back doors, golden keys, and weakened encryption algorithms are actively aiding and abetting terrorists, child pornographers, pedophiles, and enemy governments.
This is the smoking gun that proves the essentialness of strong end-to-end encryption.
Re:Your security services are under attack (Score:5, Insightful)
It also demonstrates once and for all that creating a gold key to all the things and trusting a government agency to never leak it is folly.
Re: (Score:2)
Re:Your security services are under attack (Score:5, Insightful)
I don't really see anything funny or positive in the fact that one of your main intelligence services is under attack by a hostile power. And this attack is not clandestine, hidden from unwanted eyes, but it is made in public,
it's not the NSA that is under attack, it's the entire world. when you create an exploit, you create a weapon but when you submit a fix, you make that weapon ineffective. so now instead of have the world's best armor, we have an absurd cache of weapons and those weapons have been stolen. the moral isn't to protect your weapons better, it's that you should be making better armor.
Re: (Score:2)
The NSA struck the colors years ago. They ARE the powerful and sophisticated adversary that has been attacking the United States. And they've been making us pay for it.
Re: (Score:2)
Now another organization is using them against Americans.
It's way past time for both of these to change.
Who watches the watchers? (Score:2)
They don't know, either.
Welcome to our world, newbie.
Tough break (Score:2)
Duh? (Score:4, Insightful)
The essense of malware is that you offer software to someone else, in hopes that they run it. It's impossible to not realize that when you offer someone this software, not only might they run it to hurt themselves, but they might also offer it to others (maybe back to your own allies), to hurt them. Malware isn't something you can ever "keep" if you intend to use it against others.
It kind of reminds me of biological weapons. You gave the enemy Anthrax? Great, now your enemy has Anthrax. You'll be seeing that exact same strain of Anthrax again.
Criminals now have superior tools (Score:4, Insightful)
Still not conviced (Score:4, Interesting)
Imagine you're the NSA and you've been unable to get inside of some other countries likely air gapped cyber security operation... putting some juicy tools out there they're likely to snatch up and play with at least get you to see who the players are and maybe these tools work maybe they blow up... As for the vulnerabilities, with so many people playing this game, any vulnerability not found by the NSA is likely to be found by some other organization.
Even the vulnerabilities could be snares... I'm suspect of all of this and think it's just part of a big ruse.
Re: (Score:2)
Bespoke code fragments for each mission get lost in logs, as apps, ads, malware, random bots.
Risking MI6, SAS, Australian, Canadian, CIA teams globally to track down users and clean up after downloaded files could invok
Re: (Score:2)
I'm still not convinced this isn't some sort of odd false flag operation.
Imagine you're the NSA and you've been unable to get inside of some other countries likely air gapped cyber security operation... putting some juicy tools out there they're likely to snatch up and play with at least get you to see who the players are and maybe these tools work maybe they blow up... As for the vulnerabilities, with so many people playing this game, any vulnerability not found by the NSA is likely to be found by some other organization.
Even the vulnerabilities could be snares... I'm suspect of all of this and think it's just part of a big ruse.
MEMO
To: Equation Group
From: General Keith B. Alexander
CC: Not China; Definitely not Russia
Subject: OPERATION INCOMPETANCE -- TOP SECRET
Since your nerdy version of what I'm pretty sure is some kind of witchcraft has failed to breach the enemy's 'cyber security operation', I've come up with a plan of my own. We simply need to make our entire agency look wildly inept with regard to what is supposed to be our core specialty by publicly posting years worth of your teams research to a public github account, clai
And yet another reason to run NSA proof encryption (Score:5, Insightful)
Its no longer just fed.gov you're trying to defend against, its all the script kiddies now running around with fed.gov's latest and greatest exploit toys.
Tojan detected! (Score:5, Insightful)
The NSA is a riddle, wrapped in a mystery, inside an enigma. This whole things smells fishy. "bad actors" will buy this software on the black market, use it to spy on other people all the while the NSA actually gets to watch everything over their shoulders: backdoors into the networks of those that installed it, side-channel copies of all the surveillance etc.
Installing stolen NSA software obtained on the black market would be as smart as installing that cool new game downloaded from a warez folder found on a porn site.
Remember this next time the FBI sues Apple (Score:5, Informative)
"No, we swear the tool won't ever get out to the public! We 100% guarantee it!"
6 months later: "well... shit"
Precisely Why... (Score:5, Insightful)
- Apple didn't want to release a tool to unlock iPhones.
- Back doors should never, ever, ever be required for any type of device.
- Encryption keys should never, ever, ever be given/managed by any government agency.
- Etc., etc., etc.
When will the masses wake up and realize that a large, controlling government will never be a good thing for freedom?
Ramley-out!
Lockpick toolkit lost? Boo hoo! (Score:3)
I'm not concerned at all about these tools being used to penetrate Joe Sixpack's computer.
I am, however, tickled pink that these tools will be used against the tools of the Government and Commerce.
Yes, you tools! Let's see what happens when your sordid affairs, your innermost secrets and every repulsive, nauseating detail of your rape of America for the past half century are revealed!
In other words, Commerce and Government, fuck you with a splintered phonepole. I hope it hurts every bit as bad as what you've done to this country.
(Provided this toolkit is as powerful as claimed, and its leak isn't some False Flag operation.)
Pot vs. Kettle (Score:2)
Good! (Score:2)
Looks like they got a taste of their own medicine and they don't like it a bit, just like us.
The REAL Irony (Score:2)
Damned if you do (Score:3)
and damned if you don't.
IF this whole thing has any truth to it at all, the NSA has a serious dilemma.
In one hand, they have a bunch of tools complete with unpublished exploits now in the hands of the masses. ( oh noes ! )
In the other, they have a desire to keep their tools and unpublished exploits their dirty little secret so they can continue to spy on folks the easy way.
As the NSA, do you:
1) Keep your mouth shut and hope those exploits aren't used against unintended targets ( us ) in order to keep your push-button spy operation working
2) Inform the vendors of the exploits their tools are designed to utilize so they can get patched at the cost of losing all the work put into the tools so far
*My guess is they'll go with #1 and just blame this weeks boogey-man. ( Iran, China, Russia, Terrorists, Islam, Trump, Hillary, whatever )
This quote fits rather well: " Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should. -Ian "
The $570 million dollar question (Score:5, Insightful)
Lastly, if the POTUS does not publicly demand the resignation of the senior management of this TLA, our suspicions will be confirmed: the NSA now answers to no one.
So much for "vulnerability equities" (Score:3)
Good luck, NSA! (Score:2)
So.....Apple was right (Score:2)
The real problem with the NSA (Score:3)
Snowden's leaks showed us the real problem with the NSA and the story continues.
You see, I don't think the problem with the NSA is all the the spying and data collection they do. After all they are an intelligence agency, spying is their job. Or actually half their job. The second half of their job is keeping secrets. And this is where they fail.
Just look at what Snowden, a simple subcontractor without external help managed to do. And now they leak their toolkits to random blackhat groups. No imagine what a big nation like China or Russia can do... that's scary.
I like the idea of "don't attribute to malice what you can attribute to stupidity". And right now, I think the NSA is stupid.
They are bloated, eating more data than they can chew. They seem to prioritize projects that gets them large budgets and jobs for their friends rather that doing actual security. Building massive datacenters to process massive amount of useless data, sure, that's big, that's important. Putting millions of people on "watch lists", sure, it will keep people busy. Implementing sensible security policies to actually keep secrets secret, boring.
Predictions complete. (Score:2)
This is why no security developer in the world that's worth even one molecule of salt will ever allow a backdoor or master key.
And hey, these guys now have a chunk of the NSA trove of nasty tricks, so even going blackma
Link to files and simple summary (Score:2)
https://github.com/nneonneo/eqgrp-free-file [github.com]
Everything (that was made available in the sample tarball) is inside the Firewall folder.
Most of the human readable stuff is in Firewall/OPS and Firewall/SCRIPTS.
From the very little scanning I did, it seems most of the stuff is meant to attack Cisco PIX [wikipedia.org] and Cisco ASA [cisco.com] firewalls/routers.
There are quite a few scripts for preparing/setting up an ops terminal from which an antag
Re: (Score:3, Insightful)
But don't forget they're our guys.
It's possible that you think they are your guys. But you should not suppose they are the everyone else guys. :)
Re:Hate the NSA all you want (Score:5, Insightful)
I'm more worried about "our" guys these days than any foreign country. The government has a much easier time fucking me personally over than Russia, China, etc.
Re: (Score:2, Troll)
With the US being a bad thing for everybody else in the world, an most of its "own" people?
I'd say that what's bad for the US is good for the sake of humaity itself, and I only brook small exaggeration here.
The removal through collapse, of the United States as an actor on the world stage would be the greatest human triumph since the collapse of the Berlin Wall or the ending of South African Apartheid.
God bless us, each and everyone.
Re: (Score:2)
I'm not rooting for Hippie Land to emerge from the wreckage.
Americans will likely slaughter each other in righteous and god-ordained fury for many decades thereafter.
But they will have withdrawn from every corner and space on this planet - where today they distort, extract and oppress as a matter of "interests".
Re: (Score:2)
And the Iroquois. They ripped mercilessly from that people.
Re: (Score:2)
said the virgin neckbeard in the basement of his mom's house, in the USA
Re:Karma (Score:5, Insightful)
Re: (Score:2)
Hahahaha
Re: (Score:2)
The US gov has now been sold on the "cloud" at a city, state and federal level. Every agency has to share more contracts with the private sector, upgrade and share with friendly nations.
A lot of the more useful software is now created by contractors, rented back to the US gov, shared with other nations (5 eye and well beyond)
Lots of private sector and telco staff now have full access to and a