
Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border - uptown
http://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-expands-internet-spying-at-us-border.html
======
kisna72
If NSA had spent all its resources in increasing the security of internet,
they would have a lot less reasons for such spying.

~~~
ibejoeb
I think of this as part of a broader failure of the USA to build, repair, and
fortify infrastructure. We have crumbling roads, failing bridges, and, now,
telecom and computing services that are rather unimproved since inception,
decades ago.

Now, I realize that, as an intelligence agency, NSA's core mission is to spy.
But I take issue with the intentional weakening of our infrastructure, e.g.,
Dual EC DRBG. You don't see DOT going around sabotaging asphalt production.

~~~
forgottenpass
_Now, I realize that, as an intelligence agency, NSA 's core mission is to
spy._

Funnily enough, the NSA has a dual mission: spy on their communications,
protect ours. Now that everyone uses the same tech, one of those missions has
overshadowed the other. Makes their weakening even harder to stomach, eh?

~~~
chiph
Technically (yes, I am being _that guy_ ), their protection mission only
extends to the DoD and selected US government agencies. Not to the general
public or US business. That's done by NIST and the Department of Commerce. The
NSA does occasionally cooperate with NIST on encryption matters, but that's
fairly arms-length.

~~~
Eridrus
> cooperate with NIST on encryption matters, but that's fairly arms-length

Heh, you might want to read up on Dual_EC_DRBG.

Technically you're right, and I think that people who claim that these
missions are fundamentally at odds have not fully games out what options the
NSA have; where they see fixing bugs as the only way to increase security, but
despite their responsibility being technically only to the government, there
has been quite a push for the NSA to help defend civilian networks too since
they're being routinely targeted by nation state actors too, and the economic
damage there is arguably worse.

------
logn
The media told me that recent historic legislation ended mass surveillance, so
I can't imagine there's anything to worry about.

Sections 214 and 217 of the Patriot Act arguably authorize this surveillance.
Or maybe FISA 702. But journalists have zero imagination or critical thinking
skills and need powerpoint slides directly illustrating things. And they'll
immediately forget even what the slides show when Congress promises that a new
bill outlaws that.

~~~
higherpurpose
Ironically, the NYT is probably the most guilty of putting this "message" out
there that the NSA surveillance was "sharply limited" with the passing of the
USA Freedom Act.

[http://www.nytimes.com/2015/06/03/us/politics/senate-
surveil...](http://www.nytimes.com/2015/06/03/us/politics/senate-surveillance-
bill-passes-hurdle-but-showdown-looms.html)

~~~
swalsh
There are some people[1] who believe that the NYT will print (or more
specifically not print) nearly anything that comes from a top official in the
Whitehouse as a way to maintain access.

[1]
[http://www.salon.com/writer/patrick_l_smith/](http://www.salon.com/writer/patrick_l_smith/)

~~~
dmoy
Agreed, and it is not just one person pointing this out:
[http://www.utne.com/media/us-officials-
say.aspx](http://www.utne.com/media/us-officials-say.aspx)

Lot of journalists have been pointing this out about NYT for a long time.
(This is not to say NYT _only_ trumpets what us officials say, just maybe,
they don't always provide enough context an skepticism.)

Also worth noting that NYT is hardly the only place that does this.

~~~
jeff_marshall
It's worse than just publishing what the administration wants. They've also
demonstrated that they're willing to kill pieces that the administration wants
killed (at least until they realize their reporters are just going to write a
book with the story anyway...).

In a recent Frontline episode[1], they do a good job of speaking to some
primary sources about an interesting specific instance of story killing
related to domestic surveillance, and how that fed into Edward Snowden's
decision regarding publication venue for his whistle-blowing leaks. In my
eyes, they've fallen a long way since the days of the pentagon papers.

[1] United States secrets, part one.

------
dkopi
This might be less of a popular opinion, but I believe this is exactly when
NSA surveillance is rightly placed.

In a world where hacking has left teenage basements and has become weaponized
and used by governments around the world - collecting information about
foreign hackers is a legitimate use of surveillance powers for Military self
defense.

~~~
nickysielicki
I disagree.

> "hacking has left teenage basements and has become weaponized and used by
> governments around the world"

Source? Particularly with respect to "weaponized". The worst I saw was North
Korea alledgedly being responsible for pirating a crappy movie, and a 10
minute shutdown of github a few months ago.

> "Military self defense."

Who and what are you afraid of? And how does this policy help with that? No
truly dangerous information would ever come close to US borders. This, just
like massive traffic collection, can only be said to be an invasion of privacy
for the average man. The people we'd like to catch were never at risk at all.

I just don't buy into the fear, and I see the consequences as huge.

Terrorism is modern day McCarthyism.

~~~
timtadh
> > "hacking has left teenage basements and has become weaponized and used by
> governments around the world"

> Source? Particularly with respect to "weaponized". The worst I saw was North
> Korea alledgedly being responsible for pirating a crappy movie, and a 10
> minute shutdown of github a few months ago.

Arguably it has been "weaponized" by the NSA and their allies. See, stuxnet
and related threats. There is good reason to believe other nation state actors
also have "weaponized" threats. For instance the recent "man-on-the-side" DDOS
attack via the great firewall on github. There is also a healthy business for
buying and selling vulnerabilities and exploits and the .gov organizations are
known buyers.

So yes, I think it is fair to say that "hacking has left teenage basements".
That part of the statement the gp's statement it obviously true when you look
at say sophisticated carder rings.

------
rev_bird
I wonder how long authorities will be able to preface awful things with
"Hunting for Hackers," before people get fed up.

~~~
Someone1234
"Irishmen," "Germans," "Communists," "Terrorists," "Pedophiles," "Terrorists"
(again), and now "Hackers." Just add it to the list of justifications the
government uses to impede people's freedoms (or to generally act immorally).

Soon I'm sure they will find another moral hazard to use to justification
whatever overreaching powers they want this week.

------
bediger4000
Oh, sure - BILLIONS for "foreign hacker threats" that probably don't matter
much, but NOTHING to track down "Anne from Cardholder Services".

That's my takeaway. The US executive branch is letting the NSA and FBI, spy on
its own citizens, but doesn't do anything that would practically reduce real
problems.

~~~
MrZongle2
Solving _real_ problems is tough.

Monitoring a relatively docile citizenry to ensure it doesn't create a threat
to those in power is much easier, especially if you can scare them into it
with the terrorism boogeyman.

I'm sure there are individuals and even small groups within the NSA and FBI
doing legitimate work to track down and neutralize real threats to the United
States. I suspect, however, that they and their budgets are greatly
overshadowed by the Keith Alexander types who see their organizations as an
authoritarian playground and a stage for creating further personal private-
sector opportunities.

There was a time when working in such agencies, if acknowledged, was a badge
of honor. Now, it should be a mark of shame.

~~~
bediger4000
The _real_ problem I want them to solve, that they are in a unique position to
solve, is that of the super-annoying robocallers like "Anne" or "Rachel" or
"Barbara", that claim to be from a credit card organization, and claim to be
able to lower your credit card rate. I'm pretty sure that these companies are
using hacked PBXs to do their work, but at the very least, they're spoofing
caller ID information, and doing things that verge on fraud. Oh, and calling
numbers on the "Do Not Call" list.

The FTC seems powerless to stop Cardholder Services, or perhaps is actually in
cahoots with them. None of the phone companies care, they're still getting
their monthly payments for your cell phone, so they'd almost rather have
"Anne" robocall you. It's up to someone outside of the telecom system, and
it's captive regulatory apparatus, to stop Cardholder Services. Who better
than the NSA and their domestic tools, the FBI? They can find the hacked PBXs,
track the boiler rooms, and send in SWAT teams to make sure the boiler rooms
are shut down, and salt is plowed into the ground there. That would be a real
problem they could deal with, and not even reveal their Sekrit Teknolgie!

~~~
MichaelGG
The FCC doesn't care. If they cared, they would end up killing fake callers
and robodiallers very quickly. Only the most stupid and flagrant offenders get
fined.

The FCC just needs to start handing out fines, tracing the liability up. So if
little VoipCo signs up some guy from XX and lets him set any calling number
without verification or lets him make a high rate of calls, bam, fine VoipCo.

It's easy and the FCC could clean it up in a couple of months. They choose not
to.

------
Zigurd
What if we had an agency that was dedicated to finding an eradicating vulns,
and creating tools to secure data from all threats?

You get what you allocate your resources toward having. For now, security is a
sideline, a hobby.

~~~
higherpurpose
We could even put "Security" in that agency's name. That would surely do the
trick.

I'm not sure how we can change the government's (executive mostly) mind on
this. Right now it thinks more offensive capabilities + more surveillance =
cybersecurity. Just like with the War on Terror, they're using "cyber terror"
to give themselves even more power, instead of _actually solving the problem_.

Thanks to the Iraq war, the USA set in action what led to the creation of
ISIS, and with its war on strong security and encryption, it's making all of
us less secure, and therefore _more open to cyber attacks_.

So it's worse than "not having a real solution" to these problems. They are
actually exponentially making the situation _worse_ with their "solutions".

------
patcheudor
Geezzz, I'm kicking myself now for changing my occupation from "engineer" to
"hacker" on my 1040. Stupid, stupid, stupid.

------
joesmo
Honestly, at this point, the _only_ solution I can see is to end the NSA
altogether. It is clear that it cannot be in check. It is also clear that it
mocks rule of law. If the US still likes to call itself a country ruled by
law, this is one of many necessary steps at this point. Otherwise, let's call
the situation as it is: we do not live under rule by law. It seems that the
ambiguous wrath one faces when pissing off the king (NSA, gov't, big corps)
today is no different today than it was under feudalism and that in fact,
while other countries actually make an effort and succeed at being ruled by
law, the US is not even making an effort. And we have the gall to call out
other countries on their human rights abuses. What a disgusting, primitive,
uncivilized, and sick country the US is these days.

~~~
happyscrappy
>What a disgusting, primitive, uncivilized, and sick country the US is these
days

Plus it is hard to get a visa.

~~~
kisna72
None of the people I know got selected for H1-B this year. Getting a work visa
in the US definitely sucks.

------
kordless
Well, now we know what they do with that cloud Amazon runs for them.

------
higherpurpose
I guess this is part of Obama's "surveillance reform" for which he has been
calling "for years"?

