
NSA Owns Everything (2015) - smokelegend
https://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html
======
dleslie
The basic premise is false.

> "Why did we never see it coming?"

Many people saw it coming. I was warning about the possibility of dragnet
surveillance, the existence of ECHELON, the use of the American security
apparatus to steal trade secrets, the surveillance of non-American
politicians, et al... For many, many years before Snowden. And I'm just some
rando on the internet who follows the mainstream news!

We were called _Conspiracy Theorists_; but when the action is _probably_
fact[0][1][2][3], why is it still ridiculed to say it might be happening?

0: [https://www.theguardian.com/us-news/2015/jul/08/nsa-
tapped-g...](https://www.theguardian.com/us-news/2015/jul/08/nsa-tapped-
german-chancellery-decades-wikileaks-claims-merkel)

1:
[https://en.wikipedia.org/wiki/ECHELON](https://en.wikipedia.org/wiki/ECHELON)

2: [https://fas.org/irp/program/process/991101-echelon-
mj.htm](https://fas.org/irp/program/process/991101-echelon-mj.htm)

3: [https://cryptome.org/echelon-cia2.htm](https://cryptome.org/echelon-
cia2.htm)

~~~
badrabbit
There were others before snowden, like: James bamford
[https://media.ccc.de/v/31c3_-_6600_-_en_-
_saal_2_-_201412281...](https://media.ccc.de/v/31c3_-_6600_-_en_-
_saal_2_-_201412281245_-_tell_no-one_-_james_bamford)

What snowden did was provide independently verifiable content and details of
their activities. His leaks were outdates by half a decade by the time they
were public too. Everyone sort of accepted the IC will do shady stuff to stop
terrorists after 9/11 because "american lives" so it was a solid conspiracy
theory backed (not proven) by facts at the time. We sort of hoped they didn't
care enough to snoop into our boring lives.

~~~
grey-area
If the tools are there, they will be used for evil.

When you can surveil and blackmail the entire world, including your political
taskmasters, what sort of person will that role attract?

~~~
Spooky23
2016 answered that question.

~~~
Proziam
The issue far predates 2016. The NSA and the mass-surveillance apparatus has
been around far longer, with massive bipartisan support.

------
jacquesm
The difference between a theory, a conspiracy theory and the truth are best
described by varying levels of evidence. A theory is not currently accepted as
the truth, but it might be the truth. A conspiracy theory is something that
has been _proven_ to be untrue, but people still believe it and pass it on.
The truth is the internally consistent and fact supported state of the world
as it was and as it is.

There were many people who were going out on a limb with the assertion that
the NSA was probably vacuuming it all up, they had means, motive _and_
opportunity handed to them on a golden platter, on top of that it corresponded
with what we would expect to do ourselves when in that position (not that
there was any such temptation). The hacker community was well capable of
seeing this as a theory, rather than as a conspiracy simply for absence of
proof. That didn't stop others from labeling the hacker community as a bunch
of conspiracy theorists simply because they could not imagine it to be the
truth, but a lack of imagination is not the same as proof and the output of
such a process is better described as wishful thinking than rational thought.

Snowden changed all that. All it took was one person willing to burn their
career to provide the proof. But beyond that nothing much has changed.

~~~
BickNowstrom
Snowden was even willing to burn his future career, as he took a job with Booz
Allen Hamilton with the sole purpose of leaking as much information as he
could get his hands on.

As an admin at BAH he was using his colleagues' passwords for discovery. He
was willing to burn their careers to hack access to more leaks.

So much leaks that he could not vet these all. This was no Ellsberg tasked
with copying some confidential papers and reading lies in them. It was
wholesale collection of all Snowden could get his hands on.

Then, instead of making his point with his own whistleblower findings, he went
to journalists and handed them over all the documents, instantly making them
available to intelligence agencies all over the world, burning all NSA/CIA
analysts with records in the dump (for instance, everyone who contributed to
Intellipedia, which had zero reason to be in a dump meant for whistleblower
purposes).

Then instead of facing justice (and there are whistleblower protections for
doing the right thing), he cooperated with Wikileaks and fled to China and
Russia, causing a permanent PR disaster for US intelligence with his new
public speakings, book deals, and social media influencing career.

The reason Snowden's leaks got a lot of attention is that they "proved" (we
never got confirmation that they were real) that data on Americans is being
collected. We already knew, by law, that the Americans are allowed to fully
spy on European civilians. That's how they are able to warn on impending
terrorist attacks and improve their buy-in with European countries leadership
(or how they are able to perfectly copy Germany-invented motors or Belgium-
invented speech-to-text technology before these countries are even building
it, because a strong US economy is a matter of national security).

~~~
TheMblabla
>Then instead of facing justice (and there are whistleblower protections for
doing the right thing)

I think it was pretty well understood at the time that the Obama
administration could not be dependant on upholding whistle blower protections.

~~~
BickNowstrom
Snowden could have exposed this too.

~~~
nyolfen
the media was already filled with stories about the obama administration's
record number of whistleblower prosecutions in 2013. there was nothing to
'expose'.

------
staticassertion
Not really many relevant comments in this thread. Everyone seems to have read
the first sentence (if even), interpreted it as 'why did no one think the NSA
was hacking?', and responded. It's a shame, this is a great piece, I think.

The question is, with all of these companies performing IR, why didn't they
see mass exfiltration and C2?

I think the article lays out largely correct claims.

I personally would imagine (2) and (5) to be the most significant.

Regarding (2), it is so hard during an incident to know exactly what is
attacker behavior and what isn't, to know that it's all the same attacker,
etc. It isn't so uncommon to go digging into an incident only to find some
unrelated malware - and in fact many companies find out they're owned from
their pentesters.

With regards to (5), defenders have frankly been to slow to evolve. The people
investigating these attacks likely only have a rudimentary understanding of
TCP/IP, have virtually no ability to read or write code, and mostly are
trained to build and enforce policy. The idea that they can catch even basic
attackers in realtime is a joke, that they are to also be tasked with catching
the NSA is just a depressing, hard to swallow reality.

Attackers are out here building up toolchains from scratch - anyone who isn't
doing that is called a script kiddy. And yet defenders who can't build a
single thing, who can only throw tools at a problem, are _the standard_.
Attackers are flat out _better_ than defenders - they work smarter, they have
better capabilities, and defenders don't even seen to care en masse.

As Alex Stamos said (paraphrasing), most companies aren't even "playing the
game", and it's a select few that even know what game to play - not even that
they're playing well, but at least they showed up to the right ballpark (I'm
butchering his statement). The vast majority of companies employee outdated
models of security and incident response is probably the least mature, with
devops pushing more and more infrastructure and product security engineers
over IT admins.

No doubt that NSA's scale allowing novel forms of exfil like passive
collection also played a major part.

What a sad state.

Having taken VC money to try to improve the situation I do always laugh when
thinkst talks about that :) but much respect!

~~~
jnwatson
> The question is, with all of these companies performing IR, why didn't they
> see mass exfiltration and C2?

1\. Good tradecraft means that, except for skilled IR folk, they wouldn't see
mass exfil/C2.

2\. American IR companies know what side of their bread is buttered on. From
both employees' personal allegiances to their former employers and the
company's active government contracts, there's not a lot of incentive to
report on their own government's actions.

~~~
closeparen
How would they know it’s their own government? If the NSA were in the habit of
leaving calling cards, then sure some info-sec people might keep quiet out of
patriotism, but others would be screaming from the rooftops about proof of
conspiracy.

More likely, as the author mentions, the NSA disguises its attacks as less
sophisticated than they really are.

------
submeta
I remember how the public was shocked in Germany in 2013 about the
revelations. What we learned was way beyond what everybody thought possible.
One of the most important figures discussing the implications for our
democracy and the impact on our behaviour in light of the knowledge that we
have no privacy at all was the editor of the German newspaper FAZ: Frank
Schirrmacher. Unfortunately he died in 2014, very young, aged fiftysomething.
After 2014/2015 these topics were discussed less and less here in Germany.
Currently nobody talks about these things anymore.

~~~
phito
I am still being labelled as a conspiracy theory nutcase whenever I talk about
this subject to people.

~~~
6510
Then, if you explain that there is reason to believe the term _conspiracy
theories_ was created and popularized specifically to indoctrinate them into
responding exactly the way they are responding (like programmable robots)..
then they just call ``conspiracyTheories(yourTheory)`` again to "validate" it
and you lose 20% of your remaining credibility.

I just go with a bit of ridicule. Something like: It is not that
sophisticated, educated, wealthy and influential people in power could get
together and have some kind of plan. If they did it couldn't possibly escape
your attention but if it did it wouldn't be interesting enough for you to talk
about.

Or maybe it isn't that. Maybe the quality of government depends entirely on
the citizens? If you think drag net spying is a good idea is a yes/no
question. If you don't care means yes which in turn means they _should_ be
doing it. Same goes for enriching themselves at your expense. I mean if you
approve of it?? Or is not caring and approving not the same thing?

------
feralimal
The Snowden stuff was the event that shook me to my core. I was a happy
technologist till then, thinking that such was the nature of life and progress
simply was unfolding in front of me.

However, the way the event was covered by the media - told a different story.
The media focussed on the man rather than the info he provided, so the
conversation was 'where was he?', 'where was his girlfriend?', etc - that told
me everything. They hardly touched on what was provided and what that meant
(that we were being spied on 24/7). And what was provided took years to come
out...... So, the media are complicit - just another arm of the governance
structure we find. The intercept, the MSM, all are just playing a role in mis-
informing the people.

Since then, I have even come to change my views on the Snowden event itself. I
think this was an intentional release of data, an orchestrated event. Snowden
is probably a character created by some agency. He may not be a real person -
things like bits of his glasses disappearing indicate that he could be CGI.
Perhaps this sounds crazy - but if you are in the business of governance, you
want to manage everything, even the opposition. (Think 1984 and the way that
the opposition is created and controlled in that book).

Why would "they" create Snowden and the release of apparently top secret
files?

Well, if you know what is coming you do not respond with shock, you do not
reject it out of hand. You acclimatise to the new reality. There was little we
could do with the Snowden event, except watch it play out. We were put on
notice and informed of what was/is coming. And what's coming is a technocratic
system with very fine grained control in the hands of the technocrats.

~~~
neolog
I found this comment so shocking I went and read your post history and I'm
really interested how this view arises. Can I ask your background that made
you think this way?

~~~
feralimal
My background is a technologist who observed the Snowden story. I followed
some of the details and was genuinely shocked at the revelations therein. I
was looking at HN for more info at the time. But I also followed main stream
media. The gulf between the technical details that were reported on HN and
mainstream news sites was so large, it was clear to me that a damage
limitation exercise was being undertaken. That in itself raised loads more
questions for me.

Here's a link to a video on Snowden's disappearing glasses:
[https://www.youtube.com/watch?v=5QqxLalvh-4](https://www.youtube.com/watch?v=5QqxLalvh-4)

Cutting to the chase, if it is as I suggest it is - that most media is there
as part of the governance structure to beam a particular type of messaging to
us - you then have a few options.

You can refuse what I say, and accept the media as is presented. This is
surely the path of least resistance.

If you care about the truth, you can look more deeply and research all ideas
before accepting them as true. Just because you see something on TV does not
make it true. My thesis is that news media is just production of a show, like
a film or cartoon. You don't trust films or cartoons - so don't trust the
news. Here's a fun example:
[https://www.youtube.com/watch?v=5cDYKXMkSRs](https://www.youtube.com/watch?v=5cDYKXMkSRs)
\- check the folder change colour live on the news! Is it fair enough to
manipulate what we see on account of a "green" budget?

My bottom line nowadays, philosophically speaking, is that I am only prepared
to accept as true that which I can confirm for myself via my own experience.
This may sound a weak position, and it is perhaps. But I stand on solid ground
as I am personally able to verify whatever I claim.

With regards to events that are presented in the media, I take an aggressive
deconstructive position, and ask questions such as: have I been provided
evidence, am I being emotionally manipulated, is the story coherent, etc. I
find my questioning frequently provides evidence that the story is not
coherent, and can be dismissed. That again may sound weak, but the thing with
truth is that it is resilient and not incoherent - when you are presented with
an incoherent story then you can dismiss and ignore _all_ of it.

So, my default position with media stories is to autohoax them and to lend far
greater weight to personal experience.

------
motohagiography
In terms of your experts being wrong, reality is, you likely didn't want your
experts to tell you about this stuff at all. If you added state actors to a
threat model even after Snowden, there were corporate managers in random
companies who would shut down the conversation, end the conference call, or
leave the room and you'd find out indirectly that someone somewhere had found
problem with your contract and it was being ended.

If you knew, what would you really do? There are insiders and outsiders, and
if you talk about this stuff, you are an outsider. Life strategy-wise, which
one are you going to be? It sounds jaded, but really, having been one of those
experts playing in this invisible sandbox, I used the tools I had and worked
with integrity. That I didn't defeat a multi-trillion dollar conspiracy of
hundreds of thousands of people doesn't bother me much, and where I scored a
few points on them, I feel pretty good about it.

~~~
jacquesm
If you walk into any of these things in real life: tread very carefully.

~~~
mellow2020
> _I just sometimes ask myself if people in previous centuries thought and
> lived as superficially as today. Or if, piece by piece, as times fade, their
> bad aspects retreat to the background and their goodness shines especially
> bright? At any rate I think that the individual, regardless of outcome, has
> to be vigilant, and especially when it is made hard for them. You also
> believe that this can never be levelled upwards, as desirable as that seems.
> When there is levelling, it always happens downwards. But here, too, there
> is a brilliant opportunity offered by fate to prove ourselves. Maybe one
> should not underestimate that, either._

\-- Sophie Scholl

~~~
jacquesm
Great quote and great person. And how her life ended is a good indicator that
what I wrote isn't nonsense. But I actually meant it in a more present day
technical and less all-out fascism way. Still, the principles remain the same.

~~~
mellow2020
She was arguably a bit careless in the moment that lead to them getting
caught, and since pushing that stack of fliers wasn't really useful for their
greater aims, that kinda proves your point as well. The idea of the White Rose
not getting caught, so rather shortly before the end of the Nazi regime, and
Sophie Scholl writing more letters, or even books, is fit to make me cry with
homesickness. It's an unspeakable loss.

But otherwise, if you read the interrogation transcripts, I don't think she
regretted anything. She knew what she was doing and why she did it, and she
knew she did well. IMO her life ended _so_ much better than that of people who
just give in to pressure against their conscience. It's not like those are
immortal, and then they have to spend the rest of their time with who they
became, too. Some find a way back, most don't. As Shakespeare wrote, the
coward dies a thousand deaths -- Sophie Scholl died but one, and it was rather
majestic, if you squint just right.

I still wish she would never had a chance to prove her greatness in this
particular manner and had survived instead, so don't take this as me negating
your point.

~~~
jacquesm
All fair. And I feel much the same way. Pick your battles, know when to expose
and when to stay anonymous. Evaluate everything in a situation like that from
a risk perspective and make sure that you indeed engage those risks that will
allow you to look back and say you don't regret any of it.

This can be very hard.

------
walrus01
In 2013/2014, I don't think anybody who had read all of James Bamford's books
was in any way surprised by the Snowden revelations.

[https://www.google.com/search?channel=fs&q=james+bamford+nsa](https://www.google.com/search?channel=fs&q=james+bamford+nsa)

------
exikyut
An observation:

The exfiltration protocol described in the "misdirection" section has "Dated:
24 Feb 98" in the bottom right corner.

That it's being regarded as reasonably novel is a good measure of just how
broken the collective security discussion is.

Just as broken as the PGP situation, thinking about it; in which case
everything is operating as intended... moving on...

~~~
justanotheranon
nice catch. that date of 1998 is a Big Fucking Deal. the Patriot Act was
passed in October 2001. the narrative we have all be lead to believe is that
NSA only ramped up domestic mass surveillance in 2001. but why would NSA have
a protocol for exfil across passive sensor hops in 1998? passive exfil only
works if you have sensors mirroring backbone traffic at all the biggest
upstream meetme rooms. but NSA supposedly wasnt legally allowed to install
Boeing Narus mirror routers at ISPs until 2001.

what this 1998 date means is that NSA TURMOIL--passive sensor ingest, had to
exist PRIOR TO 2001.

this even screws Bill Binney's narrative that the system he designed--
THINTHREAD, which he says would spy on all traffic without violating our
privacy laws, was built in 1999-2000. THINTHREAD was ultimately canceled and
Hayden chose STELLARWIND instead.

but this screencap show FASHIONCLEFT already existed in 1998. therefore NSA
has been spying on the whole Internet for waaaay longer than the official
narrative says.

i was one of those conspiracy theorists ranting on USENET about ECHELON back
in 1998. turns out, we were RIGHT.

~~~
nyolfen
>passive exfil only works if you have sensors mirroring backbone traffic at
all the biggest upstream meetme rooms. but NSA supposedly wasnt legally
allowed to install Boeing Narus mirror routers at ISPs until 2001.

you're assuming this is intended for american infrastructure. they were
probably violating the civil rights of americans before 9/11, but this is an
inconclusive piece of evidence.

------
raxxorrax
I think the intelligence community made a bit of a joke of themselves
honestly. Especially on the topic of electoral manipulation. They deserve it.

Although there was large political influence, it really doesn't shine a good
light on them and their capabilities or more probable what they make of them.

That said, I think restricting their abilities is the way forward, otherwise
you just get a new form of a cold war, which in hindsight was just stupid.
Their current capabilities cannot be justified with security concerns and if
so, they should at least be able to fix the IT of prominent political actors.

They scared the right people to get privileges to data that is formally
protected in most western countries. So not only do they do a bad job, they
are also criminals.

------
waihtis
_2\. You thought they were someone else_

Attribution in the cyberspace is still pretty shaky, even though there have
been some high profile accusations flying around lately. Sometimes you see
links being drawn to GRU on the basis of things like some executable having a
compile time matching to a Russian time zone or a file being last modified by
a user called "Dmitry."

Seeing as the IC cyber business is already murky as hell, who knows which
party is actually doing what. I think only the PLA plays with slightly more
open cards, mostly because they just don't give a damn about being caught.

~~~
bonestamp2
> I think only the PLA plays with slightly more open cards, mostly because
> they just don't give a damn about being caught.

This tactic was invented by the KGB. It's not that they don't care, it's that
if it looks like you did it, and there was no apparent attempt to conceal that
it was you, then it actually seems more like you were framed by someone else
and you didn't do it. In other words, the truth acts like its own
disinformation campaign because people often assume the real criminal would
try to conceal themselves.

~~~
White_Wolf
I'm not sure your average Joe with no tech knowledge thinks that far. I'd say
that most people that this sort of information at face value and don't bother
to delve into it.

------
ThinkBeat
I think that the most severe vulnerabilities that are found have been known
about for a long time by our intelligence community and likely others.

I doubt much of anything off the shelf for companies even if they open their
wallets a lot can be realistically expected to defeat against advanced well
funded nation state intrusions.

I would not add North Korea or Iran to that list. I think they are far behind.
Maybe North Korea gets some scarps from China

The US has without a doubt the most powerful position. All major operating
systems are made here. GitHub is for the most part here. A lot of equipment
comes from there or at least in warehouses or just pass through. Given ample
opportunities for modification. We have the FAANG. Twitter and lots of other
worldwide platforms that have millions of users. All slurped Up by the NSA (at
least if they want to).

The US has a very coveted position.

Presumably China possibly is next. So much manufacturing happens there on
whole equipment or parts for it. Should give them rich opportunity to modify
products they are interested inn.

~~~
reactchain
The US has a very coveted position in the West, but the reach of this is
getting smaller every year. Having root access to FAANG for instance is pretty
useless in China, Apple is the only one of those five with any presence to
speak of. And anything supply chain related China would be in the more
powerful position.

------
agumonkey
One thing I'm curious is what's the source of energy behind all this. NSA
failed to stop many important accidents (9/11, covid) .. Is it a survival bias
and they're still keeping people safe without saying it or is it some
finance/intelligence blackhole spinning due to some political quicksand ?

~~~
Cthulhu_
Both 9/11 and covid are a case of human error (the latter more incompetence
and inaction though); at 9/11 they HAD all the information they needed, where
the terrorists had been, their communications, etc (see
[https://en.wikipedia.org/wiki/September_11_attacks#FBI](https://en.wikipedia.org/wiki/September_11_attacks#FBI)),
but they apparently didn't connect the dots, failed to act, failed to not
grant them entry into the country, etc.

Mind you, a lot of these projects are post-9/11 so I'm confident a lot of it
has been a result of it and the massive financial injections that the US
government put into counter-terrorism since then.

Finally, I like to think that the NSA and co don't want to advertise how much
attempts they thwart; if they, for example, stop an attack every day, the
people will become afraid of terrorists because incidents happen so often. But
I'm not sure if they are being kept silent.

~~~
lilbaine
Also in the 9/11 commission report the one hijacker, Zacarias Moussaoui was
under investigation by the FBI in Minnesota and their FISA warrant was denied.
The dispute was supposedly also over a "lack of communication/cooperation"
between the FBI and CIA in active investigations.

Coleen Rowley was the whistle-blower on this event, and testified to congress.
Everything on the laptop had the evidence of the 9/11 attacks, but was blocked
by the FISA court.

[https://en.wikipedia.org/wiki/Coleen_Rowley](https://en.wikipedia.org/wiki/Coleen_Rowley)

Ironically great investigators with 2001 tech could have prevented the 9/11
attacks. Appallingly then the FISA court approved the whole sale surveillance
of any Verizon customer. The wholesale Verizon order was the 1st and one of
the biggest important information leaks from the Snowden documents.

A court that was set up to protect the civil liberties of Americans during the
abuses of the 1960's-1970's failed in the protection of the largest terrorist
attack in US history, but was then used to circumvent the civil liberties and
privacy rights of a massive numbers of American citizens.

Then the government used the pretext of 9/11 to create these technologies by
for the NSA to surveil the large majority of its own citizens, when all that
was needed was 1 FISA warrant approval.

[https://en.wikipedia.org/wiki/Thomas_A._Drake](https://en.wikipedia.org/wiki/Thomas_A._Drake)

[https://en.wikipedia.org/wiki/William_Binney_(intelligence_o...](https://en.wikipedia.org/wiki/William_Binney_\(intelligence_official\))

It's appalling, with the loss of our rights and the digital world now being
used to further deteriorate these rights when it can be used in such better
and positive ways.

Also a 20+ year war, Trillions of dollars, and millions of deaths could have
prevented from not blocking this warrant. While right now, with COVID, we
could use Trillions of dollars to help keep US citizens safe and use it for
small business support during these tough times.

------
WarOnPrivacy
Takeaways:

1) If the NSA interacts with you, you are a victim. It's possible there are no
meaningful exceptions to that.

2) The NSA interacts with Americans (not suspected of a crime) as if we were a
hostile foreign actor.

3) It is both sound and safe to presume that the IC community has lost it's
way. This is true during every administration. It may be somewhat less true,
for a time, after a bit of IC wrongdoing is outed.

4) IC chiefs lie to the public to the point where it's unclear if they ever
tell a meaningful truth.

5) The National Security portion of NSA's title implies that the interests
served by the agency are US Gov's but not the public's.

6) The NSA does not even pretend to defend the _Constitution_ of the United
States against all enemies [to the Constitution], foreign and domestic; or to
bear true faith and allegiance to the same [Constitution].

------
andy_ppp
I’m really interested in how low level the hacking is, specifically network
card and hard disk firmware. Does anyone have breakdowns of how these work or
copies seen in the wild?

I particularly liked the bit in the article about hiding data in packets
intended for other hosts and harvesting them through passive relays. Is there
a way to detect this sort of thing?

Is everything really compromised?

~~~
Liquix
> Is everything really compromised?

Given the documents and budgets which have leaked so far - it seems more
sensible to assume that all hardware & software is compromised until proven
otherwise. From the limited information provided so far we can see that if you
use any Intel CPU, any Seagate/Hitachi/Fujitsu/Samsung hard drive, any version
of windows, most commercially available routers, notepad++, or VLC - the NSA
has access. Their scope is ridiculous.

~~~
jmholla
Forgive my ignorance, but notepad++ and VLC?

~~~
Liquix
[https://wikileaks.org/ciav7p1/cms/page_26968090.html](https://wikileaks.org/ciav7p1/cms/page_26968090.html)

[https://notepad-plus-plus.org/news/v733-fix-cia-hacking-
npp-...](https://notepad-plus-plus.org/news/v733-fix-cia-hacking-npp-issue/)

My bad, that one was the CIA.

------
azinman2
Yet somehow Russian / China are hacking the US left and right. If the NSA is
so good, then at some point dont they have the responsibility to actively
defend?

~~~
harry8
But are they really though?

Could well be a threat there but I want actual evidence when the threat
bogeyman is invoked in the name of more power. I believed the WMD lie. I hope
I have learned from that.

If we believe the NSA then your question is exactly the right one to ask and
has some obvious implications.

~~~
jialutu
I think this might interest you:

[https://en.wikipedia.org/wiki/Nayirah_testimony](https://en.wikipedia.org/wiki/Nayirah_testimony)

So pretty much all of US's wars in Iraq has been based on lies.

~~~
jjcon
I think you mean US, UK, Spain, Australia, Poland war's. Also, the war would
have happened with or without her testimony so I'm not sure your point holds.

[https://en.m.wikipedia.org/wiki/Multi-
National_Force_%E2%80%...](https://en.m.wikipedia.org/wiki/Multi-
National_Force_%E2%80%93_Iraq)

------
manzu
We knew about mass surveillance via Echelon in Romania in the early 2000s...
Mobile phones were just ramping up, best internet we had was PPPOE
neighborhood networks.

------
ed25519FUUU
It's still amazing to me that the mainstream media is _insisting_ that
incumbent politicians and power players weren't spying on their rivals using
the full strength and force of the American intelligence community.

This isn't a red vs blue issue here. It's about whether or not we're going to
allow the powerful to pick and choose election winners.

------
daodedickinson
"Skilled adversaries operating under cover of a rioting mob is hardly a new
tactic".

It's also hardly an old tactic.

All I will say is that when I was forced by personal experience to inexorably
learn the scope of what can be covered up is at least two orders of magnitude
beyond what I'd thought possible... it gave me and still gives me waking
nightmares and sleep deprivation.

------
yc3po
The Snowden revelations were a God send to our industry.

Imagine if we all were still using insecure protocols like plain HTTP today.

~~~
DethNinja
It doesn’t matter whether you use encryption or not. State got backdoors at
cpu level. So long as you are connected to Internet you have to assume that
data is not secure against state surveillance.

Encryption is against lower level non-state actors.

State-level surveillance can be eliminated through physical data diodes but it
is would be very capital intensive.

------
raincom
There are some dialogical strategies people use to avoid any discussion. One
such is "conspiracy theory". Next time, when TPTB don't want to have a
discussion, they will have their media buddies call their opponents conspiracy
theorists. That way, there will never have any dialogue, thereby preventing
any accountability of TPTB.

------
gnur
The hiding of the malicious code in arm processors of ssds and in the BIOS
seem like this is mainly targeted at people running their own hardware.

Does this mean running in a public cloud might actually be more secure? Or do
we just have to assume that the NSA has their hardware in place in any cloud
provider and that there actually is no security possible in the cloud?

~~~
luckylion
> Does this mean running in a public cloud might actually be more secure?

If that public Cloud is from an American company: obviously no. And whether
you prefer some Chinese intelligence service having access to your data
probably depends on what you want to do.

~~~
nix23
Not just because of Intelligence services but also because of the CLOUD Act /
Data Residency.

------
throwaway_dcnt
The tools and techniques to defend against such attacks are constantly under
attack themselves. The latest round of mozilla layoffs targeting large swaths
of rust team is one such example. The way these attacks are orchestrated, it
is difficult to pinpoint their origin or even to establish if these are indeed
attacks.

------
ThinkBeat
I knew about this prior to 2000

Within my hacking community it was well know. We used to do that thing were
you send out massive amounts of email with trigger words to cause problems. I
think it created 0 problems.

It was an open secret. Well I guess at the time a conspiracy theory. One that
has been proven true and it was much worse than we thought

------
schoen
(2015)

~~~
mjevans
Yet, still as scary and relevant today.

~~~
panny
More scary is how people in tech circles still call you paranoid when you call
Intel ME/AMD PSP a backdoor.

>We are also always open for ideas but our focus is on firmware, BIOS, BUS or
driver level attacks.

Anyone on WiFi AC or up are backdoored right now by NSA. All of them are
compromised, no doubt in my mind. All the LTE. All the x86 hardware on the
market. All of it.

If you aren't running fully free software, you're affected. And if you are a
rare case running fully free software, you're an easy target for
interdictions, since there's so few of you.

~~~
SlavikCA
How does "running fully free software" helps alleviate "compromised x86"?

~~~
panny
If you're running fully free software, you're not running x86, since it can't
boot without backdoored binary blobs.

~~~
Thorrez
What about Libreboot? Doesn't that allow booting x86 without binary blobs?

~~~
numpad0
They still need some parts of blobs to configure/initialize the system and
that “some” now means full MINIX kernel along its userland

~~~
daffy
Are you saying a librebooted machine is still probably backdoored?

~~~
dannyw
Precisely.

------
linhchi
Hey, does anybody have that documents from Spiegel? I clicked the link but it
says not found. Probably it is from 5 years ago so they take down the pdf
documents.

~~~
justanotheranon
that sucks that link rot is slowly erasing the news reports of Snowden's
leaks. how are younger people supposed to defend themselves if the past is
erased?

there are 2 sites which archive the complete Snowden leaks:

[https://search.edwardsnowden.com/search?utf8=%E2%9C%93&q=spi...](https://search.edwardsnowden.com/search?utf8=%E2%9C%93&q=spiegel)

[https://snowdenarchive.cjfe.org/greenstone/cgi-
bin/library.c...](https://snowdenarchive.cjfe.org/greenstone/cgi-
bin/library.cgi)

------
atlgator
Remember when it was just a conspiracy theory that the NSA was eavesdropping
on Americans?

------
justcomments12
In practice Indian/Chinese bot networks control the Google rankings and thus
entire industries, not Google/NSA.

It's not just corona crisis that's hurting western economies.

edit: why down vote? We can pretend negative SEO networks don't exist on a
massive scale, but that wouldn't be truth.

