
Rejection Letter - cstross
http://www.antipope.org/charlie/blog-static/2017/05/rejection-letter.html
======
gorhill
If "Zero Day: The story of MS17-010" is meant to be an accurate report of
facts regarding MS17-010, then there is at least one inaccuracy in it:

> someone calling themselves "the Shadow Brokers" leaks a huge trove of
> classified NSA documents to WikiLeaks, who in turn dump it on the internet.

Shadow Brokers didn't leak to Wikileaks. Shadow Brokers uploaded the trove of
NSA documents to `mega.nz`, and someone else downloaded the trove to
GitHub[1]. Wikileaks merely tweeted about this after it happened.[2]

 _Correction:_ As per well-sourced Wikipedia article[3], this was not the
`mega.nz` leak, this was another subsequent one. The main point still stand:
Wikileaks has nothing to do with publishing the MS17-010 vulnerability.

Would be nice to stop pushing the false narrative that Wikileaks was involved
in that one NSA leak.

[1] [https://github.com/x0rz/EQGRP](https://github.com/x0rz/EQGRP)

[2]
[https://twitter.com/wikileaks/status/850783902616625152](https://twitter.com/wikileaks/status/850783902616625152)

[3]
[https://en.wikipedia.org/wiki/The_Shadow_Brokers#Fifth_Leak:...](https://en.wikipedia.org/wiki/The_Shadow_Brokers#Fifth_Leak:_.22Lost_in_Translation.22)

~~~
cxseven
As someone who's somewhat neutral on the subject, it's amazing how much FUD
I've noticed about Wikileaks.

~~~
TillE
It's generally people with an agenda to downplay something they've published,
often by insinuating without evidence that the documents have been faked.

Wikileaks has problems, but they have a surprisingly good record for a small,
amateur operation.

~~~
celticninja
They used to have a very good position as an independent source of data but
they have started editorialising with their releases and they certainly seem
to take some political positions regarding their releases, which calls into
question their impartiality. I am still a fan but not as much as I used to be.

~~~
tripzilch
You could say that but when it's impartiality to Russia or North Korea (not so
much by Wikileaks, the MSM already covered that market) nobody gives a bleep,
but when it's towards the USA it's suddenly questionable? Most of the world
(including Wikileaks) is not the USA, and for them it's three external parties
to look at from outside (and yes, hold a mirror to their own, if they're
honest).

Yes RU/NK are doing worse things. But the USA just elected Trump. And unlike
RU or NK, who sort of keep it to themselves, the USA's election spectacle has
been broadcast on worldwide media, there was no escaping seeing the USA dig
its way further down through rock-bottom every week, for over half a year.
Everybody has been _made_ to look and the USA's gov doesn't really look good
or even sane at all right now, from any outside point of view.

Just a question, are they going to let Trump rule for these whole four years?
Or will someone say "ok enough's enough, this guy is crazy as fuck, let's get
rid of him"? Surely, before it's too late? How does this process work? AFAIR
Clinton got impeached for _way_ less than what Trump has already done on
public record (not literally the same, but it's not far either, and frankly
the other offenses--ignorance and stupidity in the light of global politics,
not just a little, also not political-discourse "fake ignorance", he honestly
doesn't seem to be aware of basic 20th century history facts--way worse from a
political POV)

Sorry that's a bit off topic cause what you refer to is not really about Trump
--much (it was about the elections a little, though). The point is, one of the
largest powers in the world just put a crazy person in charge. Trump's
probably not really dumb, no he's very _savvy_ , but the people should expect
more from their political leaders. It's not supposed to be an easy job.

I get the feeling that complaints about Wikileaks' editorialising also just
contains a lot of saying what it is, and people don't like to hear that when
it's about them. Because they love America. Thing is, it's not really about
them, so don't worry. It's not like the people got a lot of democratic choice
in the matter. Could they have done more? Maybe but the system's big and
complex and controlled by other parties than the people. Even before, when it
was between Hillary or Trump, you gotta wonder, out of all the population,
were these the two best candidates in the country?

~~~
Chris2048
> Yes RU/NK are doing worse things. But the USA just elected Trump

Funny you mention Trump. Trump wasn't involved in prism, Snowden, or Assange.
The establishment that predates Trump is the real worry.

------
montyboy_us
Absolutely fabulous. Best part: "NSA hoard their knowledge of weaknesses in
Microsoft Windows, a vitally important piece of their own nation's
infrastructure, in case they'll come in handy againt some hypothetical future
enemy. (I'm sorry, but this just won't wash; surely the good guys would
prioritize protecting their own corporate infrastructure?"

Yep - way too implausible, even for hacker fiction.

Anyway, sounds like your book was Nostradamus-esque in depicting recent
events. Maybe a bit too good :D

~~~
johan_larson
I'd say it's plenty possible. The mission of the NSA is collecting information
and providing that information to the government and military. They are not in
the business of defending infrastructure, whether public or private. It makes
perfect sense that they would collect information about back doors they could
use later against identified targets.

More about the NSA's mission here: [https://www.nsa.gov/news-features/press-
room/statements/2013...](https://www.nsa.gov/news-features/press-
room/statements/2013-08-09-the-nsa-story.shtml)

"NSA's mission is to help protect national security by providing policy makers
and military commanders with the intelligence information they need to do
their jobs."

For the NSA to hand over information about identified back doors in Windows to
Microsoft directly would be clearly outside this mission. That said, the NSA
should have informed someone in the government of these back doors, at least
in a general sense, so policy makers could have decided whether it would have
been better to convey it to Microsoft or to let the NSA continue to keep them
secret. Maybe they did. Who knows?

~~~
CamperBob2
To the extent their mission doesn't involve making us more secure, why are my
taxes paying for them? The NSA sounds like a swamp that needs draining, in the
parlance of our times. They're breeding mosquitoes.

~~~
Gaelan
The argument is probably that it supports national security, which is good for
your personal safety.

------
HONEST_ANNIE
"Truth is stranger than fiction because fiction has to make sense to the
author. Truth doesn't have anybody to answer to." – S. John Ross

------
ricardobeat
I still have vivid memories of, as a kid, stumbling upon this network of
GeoCities pages about "Echelon" and how the US could read _all of the worlds
email_ and search for trigger words - and how absurd and tinfoil-hat-y it was
made to sound by the rest of the internet.

Having this memory absolutely changed the way I've been viewing NSA related
leaks in the past few years.

~~~
rinze
For years, I added this header to my outgoing mail:

> X-Echelon-header: Al-Qaeda bomb Bin Laden decrypt terror CIA Enfopol

~~~
kobeya
Why? What's the upside?

~~~
bigiain
If you value the needles, increase the haystack...

------
gumby
> surely the good guys would prioritize protecting their own corporate
> infrastructure?"

Let us not forget the used to be part of the NSA's mission. A part that was
essentially abandoned early in the 21st century.

For example, the NSA required mysterious changes to be made to the DES s-box;
many assumed at the time (as did I) that the agency wanted to weaken security,
but it turned out, to quote Bruce Schneier, "It took the academic community
two decades to figure out that the NSA 'tweaks' actually improved the security
of DES."

[https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.2...](https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27s_involvement_in_the_design)

------
gumby
It's astonishing that Brunner was not only prescient about this event in The
Shockwave Rider, but also predicted sophisticated high-tech terroristic
attacks in Stand on Zanzibar and The Sheep Look Up.

If you haven't read this trio of dystopian novels (you can read them in any
order) you really should. Still mind blowing today.

(Admittedly he wrote them at a time, unlike today, when the US appeared to
face an existential threat from terrorism. A threat that of course never
materialized).

~~~
ChuckMcM
Of the three "The Sheep Look Up" was the most interesting to me. Read that and
then read Benford's "Timescape". You won't be able to sleep for at least a
week :-)

------
iiv
I usually like satire, but this felt too obvious. Subtlety is in my opinion a
key part of good satire. Otherwise it feels too forced or too in-your-face.

But as the specialist external reader said: "Stross can clearly write
workmanlike, commercial prose". I can definitely agree with that!

~~~
kbenson
How do you satirize something subtly when the point is that real life is so
outrageous that it beggars belief?

I like subtle satire too, but that doesn't mean it works in every instance.

~~~
pleboidal
Interesting, though, that the concepts expressed in this narrative, had they
been written in 2010, and promptly rejected, might have provided all the more
grist for the paranoia mill.

------
simonw
I found this explanation pretty convincing as to why there was such a dumb
kill switch embedded in the malware:

"I believe they were trying to query an intentionally unregistered domain
which would appear registered in certain sandbox environments, then once they
see the domain responding, they know they’re in a sandbox the malware exits to
prevent further analysis"

From [https://www.malwaretech.com/2017/05/how-to-accidentally-
stop...](https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-
global-cyber-attacks.html)

~~~
bmon
Didn't it also have to respond to a http request though? Why not register the
domain anyway and just leave it unhosted?

------
jseliger
A funny allusion: "E. S. Blofeld, Editorial Director" likely refers to "Ernst
Blofeld," a villain from the James Bond novels.

~~~
JorgeGT
Ernst _Stavro_ Blofeld.

------
616c
It is funny to me no one ever talks about Mark Russinovich of Sysinternals
fame and now reigning engineer of Azure cloud systems wrote a novel about such
doomsday scenarios before the trend in the last 5 years or so.

[https://www.amazon.com/gp/aw/d/1250007305/](https://www.amazon.com/gp/aw/d/1250007305/)

That he wrote premier system introspection tools for Windows makes me think he
must have been privy to the complexity of such things by colleagues discretely
long before DREAD and SDLC fruits were born out in the Vista/7 era.

------
mcguire
" _ETERNALBLUE was part of a release of code that also gave us such
interesting names as EDUCATEDSCHOLAR, ETERNALROMANCE, and ERRATICGOPHER. Oh to
be a fly on the wall at the classified NSA committee meetings discussing the
deployment of their weaponized ERRATIC GOPHER ..._ "

Any one know what the E means in code names? There's a list somewhere, but I
can't remember where now.

~~~
tgsovlerkhgsel
I read somewhere that codename "namespaces" (aka starting letters) are
assigned to agencies, but not sure if that applies to this sort of codename.

------
BugsJustFindMe
This is fake, right? I'm pretty sure this is fake.

~~~
saidajigumi
No, it is not _fake_. The article is _satire_ playing off of _true_ real-world
current events.

~~~
erikpukinskis
Is it satirizing publishers?

It seemed more like a device for mocking people who are unwilling to consider
conspiracy theories, but... Somehow it didn't feel like satire to me. Can't
put a finger on why.

~~~
smacktoward
It is satirizing current events. The joke is that the story of the WannaCrypt
ransomware attack is so full of improbable developments that, if it had been
written as fiction, no publisher would accept it.

 _This has been another episode of the Hacker News Joke Explainer™_

~~~
JorgeGT
That's the good thing about reality: it doesn't have to conform to plausible
narrative norms.

------
wbillingsley
You know that technical reviewer's past it. Thirty years ago he was planning
world war three from bunkers underneath volcanos, and holding the world to
ransom with diamond-encrusted lasers in space. Whereas last year all he could
come up with was a grand scheme to become a multinational government IT
contractor, while moonlighting a side business clearing derelict buildings for
redevelopment.

------
csours
In case anyone else was wondering if ETERNALBLUE was a code name from the
Laundry Files, here's the list:
[http://thelaundryfiles.wikia.com/wiki/Category:Code_names](http://thelaundryfiles.wikia.com/wiki/Category:Code_names)

~~~
Mtinie
Here's the list you will find ETERNALBLUE on:

[http://electrospaces.blogspot.com/p/nsas-tao-division-
codewo...](http://electrospaces.blogspot.com/p/nsas-tao-division-
codewords.html?m=1)

~~~
csours
Cool. The list above is from a fictional series called "The Laundry Files" by
Charles Stross, the same author as the linked Antipope article/story.

------
tempodox
> ... However, instead of helping Microsoft fix them, we are supposed to
> believe that the NSA hoard their knowledge of weaknesses in Microsoft
> Windows ...

> I'm sorry, this is just silly.

This only goes to show that reality doesn't have to make sense to a literature
critic. Only novels do.

------
CamperBob2
_And in a matter of hours, the new malware, known as Wanna Decryptor, infects
the entire British National Health Service, a Spanish cellphone company,
FedEx, and over a third of a million computers whose owners had lazily failed
to enable automatic security updates from Microsoft._

Besides the false association of TSB and Wikileaks that others have mentioned,
I have a huge problem with this. Someone who gets kidnapped by pirates (The
Shadow Brokers) while running from a press gang (Microsoft) is still a victim.
Calling them "lazy" is an easy way to avoid the hard work of apportioning
blame correctly.

A _hell_ of a lot of that blame goes to Microsoft themselves, for turning an
important security update service into a marketing channel. Maybe Stross gets
around to pointing that out, but I stopped reading there.

------
collinmanderson
> lazily failed to enable automatic security updates from Microsoft.

I hope the author knows that this isn't true. You don't just "lazily" not
enable automatic updates. It's highly intentional.

------
ComodoHacker
I must admit I agree with the publisher's review as a whole. What's the point
in publishing a fiction hacked together so quickly that it can't withstand any
artistic criticism?

Or was it an experiment aiming to show that fiction and documentary are two
very different genres? Well than it was successful.

~~~
Mtinie
You may be aware of this by now, but there was no publisher. This is a short
form dramatization of the events leading up to yesterday's Wanna Crypt attack.

The "criticism" was Stross imagining how absurd the truth of the whole
situation played out and how if it was instead a work of fiction it wouldn't
be well received for the reasons state in the work.

