

SKYNET: Applying Advanced Cloud-Based Behavior Analytics [pdf] - Errorcod3
http://cryptome.org/2015/05/nsa-skynet-intercept-15-0507.pdf

======
peterkelly
Some context here about the 4th-last slide: After all the effort that went
into building this sophisticated system, the highest scoring selector it
identified that traveled to Peshawar and Lahore is a journalist who works for
Al Jazeera:

[https://firstlook.org/theintercept/2015/05/08/u-s-
government...](https://firstlook.org/theintercept/2015/05/08/u-s-government-
designated-prominent-al-jazeera-journalist-al-qaeda-member-put-watch-list/)

Michael Hayden, former director of the NSA and CIA, once publicly stated: "We
kill people based on metadata":

[https://www.youtube.com/watch?v=UdQiz0Vavmc](https://www.youtube.com/watch?v=UdQiz0Vavmc)

This seems pretty worrying to me.

~~~
kenbellows
Makes me wonder how they judge their rate of "false alarms".

~~~
jjoonathan
No need to wonder, it's a matter of public record: "U.S. Drone Policy:
Standing Near Terrorists Makes You A Terrorist"

[http://www.huffingtonpost.com/2012/05/29/drone-attacks-
innoc...](http://www.huffingtonpost.com/2012/05/29/drone-attacks-innocent-
civilians_n_1554380.html)

------
lawnchair_larry
Context: [https://firstlook.org/theintercept/2015/05/08/u-s-
government...](https://firstlook.org/theintercept/2015/05/08/u-s-government-
designated-prominent-al-jazeera-journalist-al-qaeda-member-put-watch-list/)

Pretty scary what kind of confirmation bias is creeping in to the NSA's
methods there, and the broader implications. Anyone who has worked with big
data knows how easy it is to "discover" all sorts of patterns that are not
really there.

------
chrisfosterelli
Kinda surprising that, at this point, cryptome still doesn't have HTTPS
support. With all of the government spying, a little privacy would be nice!

~~~
djcapelis
For what it's worth, the network doesn't really provide privacy like that.
Anyone monitoring your connection will still see requests to HN, and then to
cryptome transmitting the same amount of data that is in that PDF. The only
privacy related thing https would buy you here is the contents of the document
could remain secret... but the entire world can know the content of it now,
and even before then the U.S. government definitely knew it, since it is their
document and all.

The one thing it would buy you is more certainty that the copy of the document
you receive is the same one cryptome is distributing. Which is a good thing,
but isn't really about privacy.

~~~
chrisfosterelli
Good point, you could possibly correlate the PDF size to determine what
document it was. Didn't think of that. It still doesn't make HTTPS a bad idea
though :)

~~~
rjsw
Sending a known source text using encryption isn't usually a good idea if you
want to keep the key secret.

~~~
nitrogen
HTTPS uses a new key for every session.

~~~
dogma1138
Most web servers out there implement one form of another of key reuse usually
via a dedicated SSL Session Cache otherwise their CPU's would melt ;) One of
the main reasons that SSL is relatively cheap right now is that not only you
have some level of hardware acceleration, but web servers are now every good
at managing and reusing SSL sessions.

On NGINX the default TTL for an SSL session is 5min without constant keep
alive, however on most installations that I've seen this has been extended
significantly. You can store about 4000 sessions in 1 MB of data, that vs the
amount of CPU cycles a handshake will take is a no brainier for most server
owners.

You can however configure your clients not to reuse an existing session, not
sure how well servers will behave in that scenario, some servers which
implement TLS actually use that feature as a security measure.

mod_tls by default iirc only accepts SSL data sessiona with the same key as
the SSL control session while the SSL session is in cache which makes some
clients (old curl for example) actually incompatible with it so you might have
issues when you trying to pull a file from an HTTPS or FTPS/SFTP service.

~~~
e12e
Reusing the session key implies that the client already knows the shared
secret. Sure, if a client goes through his work-place, ssl-stripping proxy,
then you might see that minitor@proxy.nsa.gov retrieved documentX, and that
drone@proxy.nsa.gov retrieved the same document with the same session - but
the traffic would be different unless all response headers were the same. And
the proxy could just log the access anyway.

------
gesman
Conclusion: benefits/budget spent is extremely low. False positives rate is
very high and author tries to wiggle multiple times to make it appear less
worthless.

------
logn
So they're automatically generating selectors. Remember that when they try to
imply that by using selectors and writing up justifications for their
reasonable search/seizures, it's all been automated.

------
RMarcus
Just a kind reminder to USfg employees and their contractors -- if you have CM
on your personal computer, regardless of the source, you're liable as if you
stole it.

~~~
linkregister
DoD issued an exception to the policy for employees reading information
released by the media on personally-owned computers; it's permitted as long as
the personally-owned computer isn't connected to government networks. Reading
classified information released by the media on government-owned equipment is
unauthorized, if it's not certified to process classified material.

Originally members of the DoD were required to report accidentally downloading
or viewing the leaked documents on their own computers, which required them to
turn in them in to be wiped. After it was understood the huge amount of
military members and civilian employees that would be affected by this, an
exception to policy was published.

I can't find the order, but it was unclassified.

------
ZorgLightyear
Feels like click-bait, I am not sure if that has been declassified or not...

~~~
brianleb
First slide says "Declassify on: 20370401"

~~~
ZorgLightyear
So, its certainly not.

------
wtbob
Top Secret information has been determined to cause exceptionally grave damage
to national security if released. Don't read it; don't click on it; don't post
links to it. It's not funny; it's not clever; it's not fun.

The poster does deserve credit for putting the classification in the link
text, so I know not to click on it. Seriously, thank you for that.

~~~
jevinskie
This post confuses me. The cat is already out of the bag. Anyone can see these
slides now. Do you think that, if you read the slides, you will do something
to compromise national security that you wouldn't have done otherwise?

~~~
wtbob
This _particular_ cat is out of the bag; people shouldn't be encouraged to
commit this crime in the future with the promise of fame and/or fortune.
Publicising this sort of thing gives publicity-seekers exactly what they want.

