

NSA gets no reply in Dutch cloud provider - lukashed
http://translate.google.com/translate?hl=de&sl=nl&tl=en&u=http%3A%2F%2Fwww.bnr.nl%2Fnieuws%2Ftech%2F663291-1306%2Fnsa-viste-achter-het-net-bij-nederlandse-cloudprovider

======
SpikeGronim
How do you know if this caller is from the NSA for real? I could get up to all
sorts if mischief. Either I can make the NSA look bad, or I can social
engineer my way into ISPs by pretending to be the NSA. Good on this ISP
though!

~~~
cleverjake
When I worked for a data center/ISP, there would be occasional government
calls. The protocol was to get the persons name, then call them back through
the official list of contact numbers (FBI, NSA, CIA, etc).

~~~
TallGuyShort
Also a good strategy when your bank / insurance agency, etc. calls

~~~
sksksk
There's an old scam that's been going round, where a person calls up a mark
claiming to be from their bank.

They say that there are some security issues with their bank account and for
security reasons, they should call the phone number on the back of their
credit card.

The mark hangs the phone up, but the scammer stays on the line and plays a
dial tone the line, when the mark picks the phone up, they hear a ring tone
and then dial the number. The user thinks that they have got through to the
bank, but really they are on the phone to the scammer.

From that point, they scammer has the mark's trust and can do all sorts of
damage.

~~~
jacquesm
It's an interesting story but the phone system doesn't actually work that way.

~~~
bcoates
I haven't used a landline in years now, but when I was a kid it worked that
way: one end hanging up wouldn't disconnect the circuit, and if the other end
took the phone off-hook shortly afterwards it'd still be connected.

This would sometimes wind up being the deciding factor in the eternal battle
of "which sibling gets to use the phone"

~~~
lostlogin
In my memory it never relied on both parties hanging up here in New Zealand,
but on a trip to the UK as as child I noticed that the phone line
disconnecting relied on both parties hanging up. I'm 31.

------
jacquesm
I call bs on this one, time will tell. Lennard Zwart is a guy who clearly has
an economic interest in playing the 'don't host in the US' card. He wrote
another article in 2012 about this with the same angle (see below, hit google
translate if you can't read Dutch) and is totally vague about the call, does
not explain why a C level exec would receive a call like that and did not
report on making the required effort to verify the caller was indeed from the
NSA.

[http://www.isptoday.nl/opinie/overheid-moet-duidelijkheid-
ge...](http://www.isptoday.nl/opinie/overheid-moet-duidelijkheid-geven-aan-
cloudsector/)

I've received a number of calls over the years from people claiming to be law
enforcement, and a whole bunch of email to boot, only a _very_ small fraction
of those were actual law enforcement on sanctioned missions, the rest were
just impersonators and to do a first round of verification is par for the
course in cases like this. "She said so" is not nearly good enough.

~~~
jstsch
I'm a customer there, and from interactions I had with them they take data
security and privacy very seriously.

Of course there is an economic interest in showing the disadvantages of
hosting European data in the US. But what's wrong with that? That is simply
true. For example: in some cases you break Dutch privacy laws when hosting
data about individuals in the US (without taking special precautions).

~~~
jacquesm
Inventing stories is what's wrong with that.

------
anonymuzz
Always try the handle, if its not locked, walk on in. Now that they see its
locked, they'll break the lock.

------
hayksaakian
Isn't the Netherlands under even worse surveillance than the US? There were
many top posts on HN over the last week suggesting this.

~~~
noloqy
Relatively, we probably have the highest number of phone taps in the world. In
total there probably are over 25.000 phone numbers being tapped. Also,
metadata of different types of communications are stored.

~~~
1morepassword
The scary word here is "probably", because the government consistently refuses
to release that data.

Although I'm fairly confident we're gonna win the legal and political battle
over that issue in time. The Dutch government may be no better than that of
the US on an ethical level, the legal balance between privacy protection and
state secrecy is very different.

------
alexchamberlain
Why would the NSA think that data in the Netherlands was covered by US
legislation!?!

~~~
ankitml
Isnt this a general behavior of typical stereotype american? Most of them
believes America as theland of the law and anything else is savagery.

~~~
hysterix
What an utterly useless post. I had to double check I was on ycombinator and
not reddit after reading this.

Isn't this a general behavior of typical sterotype (you can't even speak
english correctly) european? Most them believes europe as theland of the law
and anything else is savagery.

Why even bother making posts like these? We get it, america and therefore
vicariously all americans are horrible people, the devil, and should be wiped
off the face of the earth. We get it, europeans hates americans. Can we all
move on with our lives now?

~~~
Mvandenbergh
>(you can't even speak english correctly)

Son, if you're going to play that card you need to proof-read before you hit
that 'reply' button.

------
Sami_Lehtinen
When you host internet services, it doesn't take too long before one of your
users do something that leads to police investigation. So that's quite normal,
unfortunately. There are also unofficial & malicious requests, like 'private
investigators' simply trying to grab data.

Just tell them that they don't have any authority, and you're not interested
to hear any manipulative reasoning. - Have a nice day.

------
skrebbel
I'm mostly impressed that they just pick up the phone and call. Must've been a
not-very-experienced NSA employee. Or NSA performing social engineering scams,
but I doubt that.

~~~
claudius
Hm, what’s wrong with just calling? It is probably the easiest way to find out
whether someone is generally willing to cooperate, and if they don’t, the NSA
doesn’t lose much either?

~~~
vidarh
NSA was long nicknamed "No Such Agency" for a reason - they were, and to an
extent still are, notoriously secretive compared to other US intelligence
agencies. I'd expect them to approach it via intermediaries.

Frankly it sounds more likely to me that this was a poor attempt at social
engineering rather than a genuine contact from the NSA.

~~~
mindcrime
_Frankly it sounds more likely to me that this was a poor attempt at social
engineering rather than a genuine contact from the NSA._

Seems like you could really play this NSA stuff up in social engineering
attack, especially if you were willing to put some work into it. Imagine
grabbbing the NSA logo off their website, and make some fancy looking,
seemingly authentic laminated plastic ID cards, then show up at someone's
office asking for data/access/etc. and claiming to be from the NSA. Even hand
then a "National Security Letter" and carefully explain the gag order to them,
and let them know that doing so much as picking up the phone to call anybody
else to ask about cooperating could result in them being jailed. Subtly hint
that "jailed" might mean "disappeared to Guantanamo".

Since everybody knows that the NSA is kinda "in the shadows" and lots of
people have heard of NSL's and gag orders by now, I imagine you could get a
lot of people to go along with this. Especially if you had two big, physically
imposing guys in nice suits to play the roles.

(edit: I am, in this case, mainly talking about inside the USA, where NSL's
have authority, etc.)

------
dutchbrit
Wondering if this news is true or just merely a marketing/publicity attempt...

------
walshemj
I doubt the NSA just rings people up would they not approach a dutch company
via AIVD and or a face to face meeting.

------
e3pi
My working assumption is the NSA has God power and root on everything and
everyone. They do not need to call anyone. This is timely PR posturing that
NSA is mortal and deserves our sympathy and further budget aid.

~~~
cleverjake
In what way is this sympathetic to the NSA's budgetary needs?

~~~
e3pi
"Gawdammit Senator, our people actually have to get on the phone to ask these
people for this kind of information, and frankly, its downright embarrassing!"

