
Further ties of NSA to Equation Group hackers - gk1
http://arstechnica.com/security/2015/03/new-smoking-gun-further-ties-nsa-to-omnipotent-equation-group-hackers/
======
ccvannorman
The reason it's a big deal is because as more power accumulates in the hands
on the "adults in the room", the more likely those adults are to become
creepy, overbearing assholes -- There are many examples, the most prominent
one in my mind being that the FBI/Hoover tried to convince MLK to kill
himself, fully backed by the government.

As the NSA et al get more [unchecked] power it will become more corrupt, isn't
this like, the law of nature?

People say "This is exactly what I want the NSA to do -- foreign espionage,
just like always" \-- Sure, there's past precedent for this being a good idea.

How far are you willing to take this? How much power should one [or small
group] employee at the NSA have?

Right now, Right this very minute, I bet if [Employee X] wanted you silenced,
it would happen, and no one would bat an eye. Is that the world you want to
live in? What road are we taking?

No, we shouldn't stop all foreign espionage [anytime soon].

No, I don't want Employee X doing queries on oil activists for the purposes of
muffling them.

My solution? Take them to court, and establish clear oversights. This is what
keeps getting said.

EDIT: CIA changed to FBI/Hoover

~~~
cryoshon
Yes, power corrupts, and the US government is exceptionally powerful and
exceptionally corrupt. The NSA is included in this, of course.

We already know the NSA's power has been extensively abused with "SEXINT"
(stealing people's private photos for personal enjoyment and likely
blackmail), JTRIG (discrediting people not accused or suspected of any crime),
PRISM (monitoring every communication via to/from data and other private
data), not to mention others.

None of these things relate to foreign espionage or generalized signals
intelligence. Snowden said it himself: the NSA is only about SIGINT in their
press releases. Really, their purpose is social control and consolidation of
power. Their spying does not stop at members of the public or foreign publics;
whistleblower Russ Tice said long before Snowden that the NSA had a tap on
Barack Obama as early as 2004.

~~~
arca_vorago
Nice to see someone else remember what Russ Tice said. He wasn't even a
Senator yet when Russ said the papers came across his desk. That means that
they are targeting any potential political candidate of any note.

I would just like to remind everyone that surveillance is about control, not
security. Some may claim it's security through control, but that's not the
social contract I was taught to understand my country worked under.

------
at-fates-hands
From the article:

 _" saying only that the operation had to have been sponsored by a nation-
state with nearly unlimited resources to dedicate to the project."_

Hmmmmmm, you mean like Russia or China?

 _" malware developers endeavor to scrub usernames, computer IDs, and other
text clues from the code they produce. While the presence of the "BACKSNARF"
artifact isn't conclusive proof it was part of the NSA project by that name,
the chances that there were two unrelated projects with nation-state funding
seems infinitesimally small."_

Ironic considering this is almost the same scenario people were using in the
Sony hack. Saying the code was similar in other attacks used by North Korea
while most of the Info Sec community was saying it didn't believe their
findings since malware can be reused, shared and distributed - but apparently
all that goes out the window in this case?

I'm starting to have NSA fatigue for this stuff.

Kaspersky seems to be the only player actively trying to tie EVERYTHING they
find to the NSA. While most of the stuff (flame, stuxnet) have been confirmed
by other companies, I'm starting to wonder if Kaspersky has an axe to grind
here as well - his ties to the FSB and the Russian government are well
documented.

I'm not dismissing this out of hand, but I'm starting to take a lot of their
claims with a few grains of salt.

~~~
lawnchair_larry
Nothing in your post is in line with reality. You've cherry picked statements
out of context to imply that they are not exclusive to the NSA, ignoring the
smoking guns that were presented and failing to link them. There is simply no
question that this is USG malware, and you'll notice that Kaspersky, who, no,
does not have extensive ties to the FSB and Russian government, actually stops
short of attribution, unlike pretty much everyone else.

[http://eugene.kaspersky.com/2012/07/25/what-wired-is-not-
tel...](http://eugene.kaspersky.com/2012/07/25/what-wired-is-not-telling-you-
a-response-to-noah-shachtmans-article-in-wired-magazine/)

~~~
at-fates-hands
>>> Nothing in your post is in line with reality.

Except that part about Kaspersky. Or do you not believe the Wired article from
2012?

[http://www.wired.com/2012/07/ff_kaspersky/all/](http://www.wired.com/2012/07/ff_kaspersky/all/)

 _" Kaspersky’s rise is particularly notable—and to some, downright
troubling—given his KGB-sponsored training, his tenure as a Soviet
intelligence officer, his alliance with Vladimir Putin’s regime, and his deep
and ongoing relationship with Russia’s Federal Security Service, or FSB. Of
course, none of this history is ever mentioned in Cancun."_

I'm also glad you actually read my entire post before gang banging your
keyboard with your response. I said I don't dismiss this outright, but I've
become somewhat skeptical of Kaspersky. He's done a good job exposing NSA
activities while seemingly turning a blind eye to Russian state hacking
activities. I think its fair to ask why he's catching all these NSA sponsored
groups, but was totally silent about a Russian group of hackers who have had
access to our critical infrastructure since 2011:

[http://www.washingtontimes.com/news/2014/nov/6/russian-
hacke...](http://www.washingtontimes.com/news/2014/nov/6/russian-hackers-
trojan-horse-malware-inside-us-cri/)

Or maybe the JPMorgan Chase hack?

[http://www.usatoday.com/story/money/business/2014/10/04/jpmo...](http://www.usatoday.com/story/money/business/2014/10/04/jpmorgan-
chase-cyberattack-russians/16717499/)

Again, like I said in my post (which you clearly didn't read) I'm getting NSA
fatigue. If other Info Sec companies came out and said they had found these,
in my eyes, they would have more credibility than Kaspersky. It just seems
like the only stuff he finds are NSA tools and I have to consider his
background before I jump up and say this is a smoking gun. Similarities? Yes.
Like I said in my post, this is the same thing other Info Sec people dismissed
about the Sony Hack, why can't I use the same argument here?

You want a smoking gun? Get the president to admit it like he did with
Stuxnet:

[http://www.businessinsider.com/obama-cyberattacks-us-
israeli...](http://www.businessinsider.com/obama-cyberattacks-us-israeli-
against-iran-2012-6)

 _" Administration officials revealed to Sanger that the Stuxnet virus was
developed by the National Security Agency (NSA) and Israel's Unit 8200 (i.e.
Israel's secretive cyber arm) to "become the attacker from within" Iran's
nuclear facilities."_

------
pnathan
It should be extremely clear: the NSA should be expected - and I don't know of
anyone outside of anarchist circles who doesn't expect - to have extremely
sophisticated targeting operations for espionage.

While I fully support limiting the mass surveillance, stopping the NSL
practice, and indiscriminate data collection being performed (along with other
Star Chamber-esque behaviors), it is pure folly to expect targeted spying to
be limited technically or not take place. It's simply too valuable to be able
to monitor $espionage_target's computations.

~~~
jMyles
Simply put, I don't want the NSA to exist at all. Does that ensure that I run
in "anarchist circles" in your mind? I don't think my view is far from the
mainstream on this matter - many reasonable people are for abolition.

~~~
pnathan
Honestly, yes, I would say that abolishing State espionage departments is
right along anarchist thinking. It's been well known for centuries that
gentlemen in the government business read each others mail as a matter of
course.

~~~
jMyles
Fair enough. In some important ways, I probably am an anarchist. I don't
believe in smashing the state, but I do believe that the internet will
inevitably provide peaceful replacements for the various components of state,
and that this will be a joyous motion.

------
venomsnake
Is this really a big deal?

They were doing exactly what NSA was supposed to do. We moved from NSA should
not spy on everyone to NSA should be toothless ...

~~~
pdkl95
The scope of these activities, especially when combined with the NSA's (and
GCHQ's) indiscriminate "hack everything" attitude. When the NSA attacks so
much infrastructure - including standards they are _supposed_ to be supporting
- at some point they start creating a _reasonable doubt_ about the true actors
behind _any_ network attack.

This could have various consequences, but one obvious one is how it affects a
jury. It would probably be a lot easier to conclude there is a _reasonable
doubt_ the accused did _not_ commit some type of computer or network crime
when the NSA is attacking so much infrastructure. If the NSA was known to be
targeting legitimate targets with _limited, targeted_ activities that did not
affect everybody else, the doubt that any random computer crime could have
been the NSA's responsibility would not be reasonable.

~~~
leereeves
It's unlikely that someone who knows about this would serve on a jury in a
computer crime case, or that evidence of NSA activities would be admitted in
trial.

~~~
pdkl95
Juries don't know about a lot of topics. In an adversarial system, it is the
responsibility of the each party to _inform_ the judge and jury what is
relevant to the case.

~~~
leereeves
Hence the second half of my comment:

> or that evidence of NSA activities would be admitted in trial.

------
teddyuk
Governments spy on their own and other countries citizens.

If you want your data secure and private, use and develop systems to allow
that (pgp for start)

------
josefresco
I found the use of the term "nation-states" to be interesting. They use it in
contrast to cybercriminals, but I would imagine that there's a large gap
between (relatively) paltry cybercriminal activity and full on nation-states.

~~~
Zigurd
Blah blah Hobbes. Blah blah you puny humans would otherwise be "in a state of
nature." Accept your illusion of freedom and shut up. Signed, Levi A. Than.

------
rilita
I would have no problem with the NSA creating crazy intrusive hacking tools if
public citizens were allowed to do the same.

If a regular person created tools such as what the NSA made they would get in
a heap of trouble, even if they did nothing with them.

If the NSA does it; it's ok? This is the kind of logic that leads to abuses of
power. Government are just people, and they are just as likely if not more
likely than the average person to abuse their power.

------
zimbatm
It would be interesting to shift the discussion a bit.

What does the government need to protect users and corporations from that sort
of hacking ? Is the government's role only to attack or in what levels can it
help safeguard our online activities ?

Once the NSA global spying was revealed I was hoping to see more reports of
governments finding and shutting down the monitoring probes that surely need
to be installed.

------
tokenadult
Not an astroturfer or an apologist here. I've never had any employment
connection with NSA or any other intelligence agency of any government. I'm a
United States citizen who has spent six years of my adult life living outside
the United States. I'll agree with a previous lower-level comment here that it
is possible to publicly protest NSA abuses (as I did, with my whole family, in
view of news media cameras and police officers in downtown Minneapolis on the
Restore the Fourth protest evening in 2013) while still thinking that the
United States must, in an imperfect world, have a national signals
intelligence agency with powerful tools. Individual computer users--all over
the world--ought to have access to powerful tools to ensure private
communications and to prevent black-hat hacking of their data or their
computers, but I'm also happy for governments to be informed (within strict
legal limits) about what's going on in the rest of the world, because that
kind of background knowledge actually builds trust and realistic levels of
doubt, and helps prevent hasty decisions to go to war or to promote state-
sponsored terrorism. The world system has been more stable and less lethal to
the common people of the world with strong national intelligence agencies
(especially strong national intelligence agencies operated by democratic
governments) than it was with weak intelligence capabilities that let
countries surprise their adversaries more often.

Anticipating a comment that comes up in threads like this most of the time on
Hacker News, I will mention why I am not overly afraid of NSA controlling the
whole country by blackmailing politicians. I don't believe NSA blackmail can
or will happen in general, for reasons I have mentioned before here on HN. One
of the most common kinds of comments here on Hacker News about issues like
this is a comment that ASSUMES that if government leaders are under pervasive
surveillance they are all afraid of blackmail. But I don't believe that,
because some government leaders and some political candidates are essentially
shameless. Even after they are caught (by old-fashioned journalism, or by a
jilted lover or some unrelated criminal investigation) doing something
unsavory, they are still willing to run for office, and SOME ARE REELECTED.
United States Senator David Vitter was reelected in 2010 even after a scandal
involving behavior that I would consider shameful,[1] and the antics of former
DC mayor Marion Barry[2] are probably still notorious enough that they don't
need further discussion here. In short, I call baloney on the idea that NSA
can keep politicians on its leash simply by knowing their secrets. Some
politicians have PUBLIC lives full of dirt, and still get elected and
influence policy anyway.

The other reason I don't believe this HN hivemind theory of politics is that I
by no means assume that everyone in politics lacks personal integrity. Some
politicians, I am quite sure, could have all their secrets revealed only to
have voters think "Why is that person such a straight-arrow? Why not have some
fun once in a while?" The simple fact is that there is value system diversity
in the United States electorate, and there is personal conduct probity
variance among United States politicians, and there isn't any universal way to
unduly influence politicians merely through even the most diligent efforts to
discover personal secrets. If politicians think that NSA is going too far (as
evidently several politicians from more than one party do think), then they
will receive plenty of support from the general public to rein in the
surveillance. (Obligatory disclaimer: Yes, I am a lawyer, who as a judicial
clerk for my state's Supreme Court used to review case files on attorney
misconduct, and, yes, some of my law school classmates are elected officials,
including one member of Congress. I am absolutely certain that there are
enough politicians ready to mobilize to roll back NSA surveillance programs if
they really think the programs are excessive in their scope.)

[1]
[https://en.wikipedia.org/wiki/David_Vitter#D.C._Madam_scanda...](https://en.wikipedia.org/wiki/David_Vitter#D.C._Madam_scandal)

[2]
[https://en.wikipedia.org/wiki/Marion_Barry#1990_arrest_and_d...](https://en.wikipedia.org/wiki/Marion_Barry#1990_arrest_and_drug_conviction)

~~~
ctchocula
"I am absolutely certain that there are enough politicians ready to mobilize
to roll back NSA surveillance programs if they really think the programs are
excessive in their scope."

This seems a very paternalistic view of politics that assumes politicians
inherently know better than the public and that the people here are
overblowing the dangers of NSA surveillance. I can imagine an alternate
universe where there was no one like Snowden to make public the breadth of
surveillance and the system was allowed to run unchecked. Isn't it a worrying
sign that the system of checks and balances required a whistleblower? Before
that, the government was writing laws that were eroding privacy without the
knowledge and input of the public. That's not how things are meant to work in
a democracy.

~~~
LLWM
We lived in that universe for a long time before the leaks, and many people
still live in that universe today, either out of ignorance or apathy. How are
they worse off for it?

