
US physically hacks 100,000 foreign computers - kostyk
http://www.aljazeera.com/news/americas/2014/01/us-physically-hacks-100000-foreign-computers-20141154313871671.html
======
ForHackernews
> monitor units of the Chinese and Russian armies

Isn't this what they're supposed to be doing? I don't really have a problem
with intelligence gathering against non-allied nation state actors.

[http://www.youtube.com/watch?v=cryMVK1PwuQ](http://www.youtube.com/watch?v=cryMVK1PwuQ)

~~~
pvarangot
> Isn't this what they're supposed to be doing? I don't really have a problem
> with intelligence gathering against non-allied nation state actors.

Shouldn't you have a problem with them getting caught then?

I don't understand this defense of the NSA, no, its not what they are supposed
to be doing. At least not anymore.

If you are in favor of the US bullying and spying everyone they don't consider
an ally then you should be outraged they can't do it efectively. They got
outed by a lone contractor and your "potential enemies", or however you get to
call every single other country in the world to justify the spying, now have
most of the technical details they need to thwart the NSA's efforts and hence
make it spend lots of your taxpayer dollars in coming up with other forms of
spying.

~~~
ForHackernews
> I don't understand this defense of the NSA, no, its not what they are
> supposed to be doing. At least not anymore.

What _are_ they supposed to be doing, then? Should the US just not have any
spy agencies? Should it shift away from signals intelligence and focus on
human intelligence like Israel does?

~~~
drzaiusapelord
>Should the US just not have any spy agencies?

Absolutely. The US should interact with foreign governments via the diplomatic
process, pull up all its foreign bases, and stop playing "world policeman."

Not sure why this is so hard to understand. The justifications for actions
like these either fall into "but we can't be world's policeman without these
intel programs" or "the other guy does it" which are both morally bankrupt.

Being a citizen of a nation state does not require me to approve of that
nation's foreign policy or military actions. In fact, I'm compelled to be
extra critical of these things as they are often abused and cause not only
domestic issues (large tax load, dead soldiers, blowback, etc) but worldwide
issues as well.

We have yet to see any evidence that these dangerous and provocative technical
programs have actually resulted in anything used to thwart attacks or other
justifications from the usual defenders of the status quo. If anything, from a
dollars per result perspective its a major tax dollar waste and a massive
opportunity cost. If we had a Russian-like military budget my tax load would
be lower and arguably allow me and others to invest and do things that can
actually help domestic life, instead of watching my dollars get burned up in
spy games and the slaughtering of completely innocent Iraqi and Afghani
civilians over the last 10 years.

~~~
aet
It sounds like you have a specific policy recommendation. Do you mind stating
it?

~~~
eric_cc
Imagine all the people...

------
dmix
...And sentators are still debating bulk phone records (the first Snowden leak
from six months ago) and can't even decide whether or not the NSA should
require rubber-stamp court orders to access them.

What are the odds senators will debate the privacy implications of hacking
routers all over the world (let alone stop them from doing it)? I'd bet almost
zero.

~~~
srl
The article didn't say they hacked routers.

> The NSA calls the effort an "active defence" and has used the technology to
> monitor units of the Chinese and Russian armies, drug cartels, trade
> institutions inside the European Union, and US allies including Saudi
> Arabia, India and Pakistan, the Times reported.

From the viewpoint of an American: hacking the EU trade institutions, and
India, bothers me. The rest is exactly what the NSA et al /should/ be doing.
Saudi and Pakistan are "allies" out of necessity -- there is no history of
genuine mutual trust and support.

There certainly needs to be more control of who the NSA targets, and better
constraints keeping them from targeting others, but pretending that all spying
is bad is silly.

~~~
mkaziz
Cool, let's bomb their women and children, blow up their weddings and
funerals, and then let's hack their computers because they don't "trust" us.

~~~
abduhl
As long as we are appealing to emotion here, let's not forget that Saudis
composed nearly 80% of the 9/11 hijackers that killed our women and children
and blew up our workplaces.

Saudi Arabia has done little to engender trust.

~~~
loup-vaillant
Let's count.

On the one hand, put every non-US citizen killed by the US.

On the other hand, put every US citizen killed by all other countries and
terrorists combined.

Guess which number is vastly bigger than the other. 5-10 thousand dead in
9/11? That's _peanuts_ , compared to the disproportionate responses that
ensued. _(I 'm not saying it's peanuts in an absolute sense. It's still a
tragedy, of course. Any death is.)_

~~~
abduhl
Yes, let's. You take care of the non-US citizen part and I'll give you a low-
ball for the US citizens killed by other countries number.

If we use this handy wikipedia page shown below we can see that US military
casualties are at a touch over 1.3 million.

Let me know when you're done being facetious and/or have an answer for your
number of non-US citizens killed.

[http://en.wikipedia.org/wiki/United_States_military_casualti...](http://en.wikipedia.org/wiki/United_States_military_casualties_of_war)

~~~
loganu
That's 1.3 million since 1775. In the last 50 years, we're around 7 thousand.

~~~
mkaziz
In Iraq alone >10x that number have been killed since the invasion.

~~~
loganu
I was referring to American numbers, as sourced in the Wiki article above. 10x
that number in Iraqi/ Afghani numbers? Sure, I'd buy that.

~~~
loup-vaillant
From my point of view, it was clear your comment and the GP both supported my
insinuation that the US has killed far more people than it has lost.

------
aet
Why post an Al Jazeera summary of an NYT article that has already been posted:
[https://news.ycombinator.com/item?id=7061012](https://news.ycombinator.com/item?id=7061012)

~~~
krelian
I think the NYT article didn't hit the top spot. This one has a more
sensationalized title and will probably perform better. I guess you have to
know your audience.

------
john_b
> _The NSA calls the effort an "active defence"_

Newspeak is real.

Even if the NSA is telling the truth about this only being deployed against
foreign targets, the scale of this effort is impressive.

~~~
sliverstorm
That's hardly newspeak. A key part of any good defense is information. Infosec
to protect your own information is not sufficient.

Thus, information gathering is an active part of defensive operations.

Imagine you are an antimalware company (a real one, a good one). Maintaining a
virus tank, actively trawling the internet for brand-new viruses, and studying
them as they appear, would be part of an active defense against malware.

~~~
john_b
I'm not saying it's not prudent or useful, just that the NSA is framing their
own malicious, self-interested actions as an innocent defensive program.

Also, spying on viruses is very different than spying on people.

~~~
sliverstorm
Ok, and you are welcome to feel that way. I'm just taking issue with what I
took to be the suggestion that the phrase "active defense" is inherently a
newspeak/doublespeak sort of thing.

------
PaulRobinson
"Weeeeeeeeee!"

The sound of Dell, Intel and other hardware tech stocks of US firms plummeting
over the next 12 months as they realise they can now only sell domestically as
nobody else in the World trusts them any more.

Tens of thousands of jobs lost here. And of course, they'll blame it on
Snowden. It was classified in part because tens of thousands of jobs relied on
it.

But you have to wonder if there isn't just a little bit of an air of the two-
faced about this...

~~~
relic
So it is your understanding that the US has only now just started spying on
foreign countries? Capable nations have been spying on friends and foes for a
long time, and they will continue to do so, exposed attempts will only change
implementation. If countries decided they were not going to buy foreign
technology, the majority of those countries would have no technology. You
think Saudi, for example, will just start manufacturing their own hardware?

~~~
PaulRobinson
I think Silicon Valley thrived for being the centre of the best technology in
the World and the assumption that as a free and liberal nation it would not be
as encumbered with spyware as hardware from say, China (which last year gave
us the bluetooth malware clothes iron!).

That perception is now gone. The valley will suffer. Why buy Intel when I can
license the blueprints for ARM, build my own chip-fab plant for less than $1
billion and build a processor myself? And if I can do that, how much more
investment do I need to build my own motherboards, displays and other
components?

$10 billion? Saudi makes that in oil money in a week.

You really think they're going to keep buying US tech? The golden age for US
tech firms is now over, and the idea that "of course" the US was spying is
laughable: the assumption was always that the spying was targeted and not
carte blanche over entire populations.

------
danielharan
Wow, these talking points are hilarious:

"We do not use foreign intelligence capabilities to steal the trade secrets of
foreign companies on behalf of - or give intelligence we collect to - US
companies to enhance their international competitiveness or increase their
bottom line.''

~~~
timdiggerm
Why is that hilarious? The Chinese DO that.

~~~
ItendToDisagree
Are you implying that the Chinese are more transparent than the "Most
Transparent Administration In History"? Or are you taking the claim at face
value? Perhaps I misunderstand?

------
pinaceae
The biggest fuckup here is that the NSA allowed this kind of info about their
core work, which is fully in line with their defined agenda, to leak out into
the open.

The damage through the Snowden leaks is massive, he did not concentrate on the
misuse of the NSA against US citizen, this reveals core assets in their spying
ablities. What a setback. Might as well invite foreign entities a tour of the
NSA data centers.

My guess is the next guy that tries such a thing gets treated very
differently, too late for Snowden, he is too famous now. The next one
disappears if there is only a whiff of a leak. Ms Manning might be a better
example of things to come.

The people overseeing Snowden's work/access should be tried though. Gross
negligence, massive impact on national security.

~~~
ItendToDisagree
It is not unthinkable that this was an approved and planned 'leak' for any
number of reasons.

Also this doesn't appear to have been a leak associated with Snowden. But it
is certain that the Snowden leaks even being possible is a huge f'up on the
part of the NSA who is supposed to be all about secrecy and data security.

------
stordoff
I don't believe that the NYTimes article [1] supports Al Jazeera's title of
"US physically hacks 100,000 foreign computers". That seems to be the total
number of CNE operations, not just those using hardware devices.

> [NSA] has implanted software in nearly 100,000 computers around the world
> [...] While most of the software is inserted by gaining access to computer
> networks, the N.S.A. has increasingly made use of [covert radio channels]

[1] [http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-
open-c...](http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-
computers-not-connected-to-internet.html?partner=rss&emc=rss&smid=tw-
nytimesworld&_r=0)

------
waterside81
Anecdotal evidence, but here goes. We sell software to countries worldwide -
just recently we've had new customers state that they will not buy from us if
we're hosting things on Amazon EC2 (which we do). They're insisting we
distribute our software in such a way that it can be hosted internally on
their own infrastructure.

------
higherpurpose
And yet they have very little to show for it. I'd say that at the very least
there needs to be a discussion about how cost-effective this whole operation
is.

~~~
jbigelow76

        >And yet they have very little to show for it
    

You mean they "possibly" have very little to show for. This article is about
bugging other nations, not terrorists. There is a lot of value to the NSA if
they can claim they thwarted a terrorist attack. However there is no value to
the NSA to declare that they are actively monitoring, in theory, advancements
in Chinese stealth research just to prove to the citizens the tax dollars are
well spent.

Without knowing more about how the information was leaked and what was leaked
there is no way to determine if this particular NSA activity was "worth it" or
not.

------
belluchan
None of these articles about this say the source of this information was
Snowden. It also doesn't seem to be his M.O. to leak about non-privacy
invading bits. Like nothing here really pushes any buttons for me other than
it was leaked. A separate leak?

~~~
unreal37
Agree this goes against the Snowden trend. Probably not him.

But since they're claiming to hack the Chinese, Russians, Saudis, and
Pakistanis, this very well could be an "authorized leak" to counter the
Snowden leaks. Like, the NSA actually does go after their enemies (as well as
their friends). Very few Americans would oppose to them hacking Chinese Army
computers.

------
rolandukor
The way I see this is that it is pretty much business as usual. I think that
anyone who sincerely believes that capable states do not employ similar
tactics within their spy apparatus is engaging in self delusion.

States have historically spied on each other (allies and enemies). I can
understand the sensationalist aspect of this as 'news', but IMHO there is
nothing new here; move on.

Perhaps, someone here with a much better command of history than I do could
help out with the latest time in history where the relevant technologies of
the day were not key parts of nation states' intelligence gathering systems.

------
justin66
I'll be more inclined to believe this specific claim (tiny circuit boards,
100,000 of them) once we start seeing pictures of them, teardowns, analysis,
etc. 100,000 is a lot of units to keep completely secret and one assumes that
the people who've been hacked don't all have an incentive to not say anything.

~~~
javajosh
Yes, I'm inclined to take this news with a grain of salt (a very tiny one,
mind, given the incredibleness of this entire situation) until we see some
examples. As you say, you can't keep 100k devices secret.

(Although the truly paranoid might doubt the veracity of a claimed "tear
down". It has become incredibly easy to accuse the NSA of doing _anything_ ,
and at least be partly believed. Which, ironically, is actually a pretty good
cloak of secrecy in itself!)

------
pnathan
A question - how long of a lifetime would this sort of operation expect to
even have? If you're shipping units en masse out, it seems rational to expect
that eventually the cover would be blown when supply chain analysts send
components to a reverse engineering company and get a report back.

------
curmudgeoned
How many personnel does it require to physically compromise 100,000 machines?

1,000 people gaining access to 100 machines a piece? 100 people, breaking into
1,000 machines? Is that per year or in general?

If one targeted individual owns 10 machines, then it's 10,000 people targeted
by the program.

If this includes organizations, bussinesses, institutional computer labs and
offices, then maybe it's 1,000 offices with 100 work stations each.

So, perhaps a rough estimate of the scope of the program 100 to 1,000 staff
attacking between 20,000 and 1,000 targets?

~~~
Aqueous
More likely no personnel was required because they simply paid off American
manufacturers to implant these circuit boards in computers they knew were
going to be shipped and used overseas.

The bottom line, though? This isn't surprising. Nations spy on each other. A
lot of nations have been engaging in a lot of phony outrage over our NSA
spying who are doing the _exact same thing_ , but have managed to keep it
secret. Any nation who is using imported computers in sensitive operations
should know enough to check those computers for possible spy hardware.

~~~
kingkawn
I would be surprised if they didn't simply have them installed in all machines
and only have them activated in 100,000 devices overseas. Logistically seems
simpler to coordinate if component-cost is a non-issue for the agency.

~~~
w_t_payne
That is the logical implication.

~~~
grkvlt
No, that is an insane implication.

~~~
w_t_payne
If they have access to the manufacturers, it would be the simplest, minimum-
effort, minimum-risk approach. It is also what I would do, given the chance.

Taking into account what we have learned this year about the extent of the
activities of the intelligence services, I think we have to assume that
_somebody_ (Whether the NSA, the FSB or somebody else) has compromised the
manufacture of at least part of the electronics and/or software supply-chain.

I am not too sure what it would take to audit the software and hardware
components in common use today?

------
FrankenPC
On the upside, my 5 year old PC probably doesn't have this tech. I bet old
PC's are going to become valuable because of this.

------
ajuc
"We do not use foreign intelligence capabilities to steal the trade secrets of
foreign companies on behalf of - or give intelligence we collect to - US
companies to enhance their international competitiveness or increase their
bottom line."

Right.

------
at-fates-hands
>>> and has used the technology to monitor units of the Chinese and Russian
armies, drug cartels

And how is that going for the Drug Cartels? Doesn't seem to have an effect on
them, considering they continue to operate with imprudence.

~~~
josefresco
Gathering intelligence and taking action based on that info are two vastly
different things each with their own pros and cons.

Sure the US could take military or covert action against the drug cartels, but
then where would American and other customers get their drugs? Who would then
supply them? Sounds like a recipe for a new turf war (simply replace the
existing cartels with newer, and possibly more ruthless groups) I'm not saying
the US is allowing this, just that dismantling the cartels may bring a whole
host of unwanted side effects.

~~~
dailyrorschach
Indeed, I’m reminded of a great Season 2 episode of the West Wing, and though
fictional, points out that to go up against and wipe our a drug cartel in the
jungles of Colombia would require a 10 to 1 troop ratio to secure victory.
Many of these narcoarmies have over 20,000 soldiers, so we’re talking quite a
large expeditionary force. Certainly something to think about.

Not to mention it would be a jungle war and likely resemble insurgencies. And
as you note, someone will fill that void.

~~~
josefresco
Mexico isn't Columbia, and 20K poorly equipped and trained "civilian" fighters
are no match for well trained, well equipped US military personal. We've heard
the same arguments for years about the terrain in Afghanistan and our (I'm
from the US) guys seem to do quit well even on a level playing field (see the
early days after 911 when the US dropped in small groups of CIA special
forces).

I loved the West Wing but feel they relied too heavily on the "Vietnam/Jungle"
angle when proposing the feasibility of an actual "drug war" in Columbia.
Also, the West Wing was aired before many of the US's major military actions
in the middle east, which have arguably proven that the US can combat an
insurgency (if they care enough to that is) and can operate in an
"unconventional" manor.

I think the worries of getting sucked into another Vietnam, or getting bogged
down like the Soviets in Afghanistan have been debunked. As long as the
political will is there, the US military can operate successfully in almost
all combat scenarios.

~~~
angersock
_" I think the worries of getting sucked into another Vietnam, or getting
bogged down like the Soviets in Afghanistan have been debunked. As long as the
political will is there, the US military can operate successfully in almost
all combat scenarios."_

You must pick your definitions of "operate", "successfully", and "combat
scenarios" very carefully here to be a useful statement.

~~~
josefresco
How exactly has the US military been unsuccessful in it's recent military
actions? Nation building and playing peacekeeper to a civil war is one thing,
straight up military action (eliminate enemy and hold ground) is quite
another. I don't think anyone would argue the US sucks at the former, and
kicks ass at the latter.

------
whatevsbro
> The NSA said the technology has not been used in computers in the US.

But of course not. The NSA wouldn't spy on _Americans_ , would it?

~~~
declan
>The NSA wouldn't spy on Americans, would it?

How about domestic U.S. law enforcement? FBI, DEA, U.S. Marshals, etc.? It
would be interesting to know what technologies they're using, especially when
there's a long-running surveillance operation.

------
icantthinkofone
Still they're about 100,000 computers behind the Chinese.

