
Chinese “spy” caught with NASA laptop full of porn, not secrets - shawndumas
http://arstechnica.com/tech-policy/2013/05/chinese-spy-caught-with-nasa-laptop-full-of-porn-not-secrets/
======
lolcraft
Whomever wrote that headline missed a much more significant, and painfully
biting, point:

"Jiang, a former contractor at NASA's Langley Research Center in Hampton,
Virginia, had recently been let go by his employer _because of pressure from
Republican congressman_ Frank Wolf of Virginia. Wolf had claimed Jiang _and
other Chinese engineers_ employed by NASA contractors were a security risk."

"But it quickly became apparent that Jiang was _at worst_ guilty of violating
NASA policies. [...] Jiang had _not had clearance to such projects at Langley_
as an employee of the National Institute of Aerospace"

" _A press release issued by Wolf after the arrest and copy of Jiang's arrest
warrant have since disappeared off the the congressman's website._ In the
release (cached by Google here), Wolf had said, 'I am particularly concerned
that (the) information (on Jiang's laptop) may pertain to the source code for
high-tech imaging technology that Jiang has been working on with NASA. This
information could have significant military applications for the Chinese
Peoples Liberation Army.'"

Confirmed, the USA has entered back into full McCarthyism. Request title
change to 'Chinese contractor fired on suspicion by Republican senator'.

~~~
mjn
Political pressure from ignorant Republican congressmen not only resulted in
Jiang being fired over this non-incident, but something even more serious for
science in general: the entire NASA technical-report archive [1], with
documents dating back decades, has been forced offline indefinitely [2]. Frank
Wolf and his ilk are worried [3] that the Red Chinese might be reading some
1970s document in a way that compromises American national security. Never
mind that the Chinese likely have copied a mirror of any documents they find
interesting already. So now it's only _American_ researchers who can't access
it: there are no complete mirrors of which I'm aware, because U.S. libraries
and archives naively assumed that NASA was a reliable long-term host for the
documents, meaning there were no serious mirroring efforts. Maybe we can ask
China to take pity on us and make a mirror available, since ntrs.nasa.gov
being down breaks thousands of references in papers and elsewhere.

[1] <http://ntrs.nasa.gov/>

[2] <http://blogs.fas.org/secrecy/2013/03/ntrs_dark/>

[3] <http://spaceref.com/news/viewpr.html?pid=40365>

~~~
kanzure
> meaning there were no serious mirroring efforts

Unfortunately, this is also the case for the majority of commercially-
published science. And no, JSTOR is not a good response because JSTOR doesn't
even begin to scratch the surface of science. Science is one of the most
important efforts in human history, and we don't have backups, or even
mirrors. Great.

Edit: does anyone know some orgs with deep pockets that would be willing to
accept and host 30-50 terabytes of papers? I can't seem to find anyone that
doesn't wuss out. I know it's risky, but it's also critically important.

~~~
wisty
> Does anyone know some orgs with deep pockets that would be willing to accept
> and host 30-50 terabytes of papers?

The Pirate Bay?

~~~
kanzure
> The Pirate Bay?

Sorry, but TPB doesn't actually host any content.

~~~
maaku
Yes, but if you threw a torrent up with every published paper since Galileo,
there'd be be plenty of people willing to seed.

~~~
rosstafarian
I believe some one already tried something similar, it unfortunately didn't
end well[0]. If some one does throw up such a torrent though I'd be glad to
help seed.

[0]<http://en.wikipedia.org/wiki/Aaron_Swartz>

~~~
jlgreco
Had Aaron successfully seeded it a few times (if indeed that was even his
intention in the first place), not really much would have changed for him.
However I am certain that we would have the entirety of what he seeded.

~~~
kanzure
> However I am certain that we would have the entirety of what he seeded.

You guys are all crazy.. torrents consisting of this type of content already
exist, and they have only _one_ seeder. For example, the excellent Library
Genesis collection. Why should I believe you when you tell me countless people
will come to the rescue _this_ time? Your average seeder doesn't have piles of
terabytes, and evidently doesn't care to seed one or two parts out of
thousands.

~~~
jlgreco
People hoard all sorts of data, if they are made aware of it and want it. I
for one certainly would have seeded the dump Aaron made, had he seeded it
himself first. And who _doesn't_ have piles of terabytes these days?

What is your objective, give it to people that don't want it, or make it
available to people that do? The later is not rocket science, the former
impossible and pointless. If you are telling me that nobody is interested in
your content then I am not going to argue with you... If people are interested
in having your content then the only thing standing in their way is your weird
objection to attempting to distribute it.

If I am so wrong, so what? Nothing ventured, nothing gained.

~~~
kanzure

        > the only thing standing in their way is your weird objection
        > to attempting to distribute it.
    

My point was that people are already trying to host this sort of science
content over torrents and _it's not working_. Nobody seeds it. I gave a very
specific example to confirm this observation. I would love to hear about
possible alternatives.

~~~
maaku
Well, Library Genesis doesn't interest me. A complete history of scientific
papers would though.

~~~
kanzure
libgen has many journals and compilations of papers, how is that not exactly
what you're talking about?

Also, if the collection was only 95%, 98%, 99%, or 99.5% complete, would you
mirror it? Keep in mind that you would also have to purchase/acquire about
$500-$1500 of storage space.

Thank you, it helps me gauge WTF is going on.

------
laurentoget
Pretty clearly, the worse threat to the security of the United States are
republican congresspersons.

~~~
noonespecial
I think we're past the point of needing to prepend "republican" or "democrat"
to that particular noun.

------
coopdog
Why would anyone think a potential spy would physically carry source code over
the border?

If he was going to leak it, it would have been sent months earlier over the
internet, duh!

Especially if he knew that someone was suspicious of him. Someone has been
watching too many movies.

------
joemaller1
"Damnit, he's not guilty of anything. Can we humiliate him or something to
save face?"

So proud.

------
geon
If he wanted data transferred to China, _why on earth_ would he bring a
complete laptop?

The whole thing is so retarded. If he actually wanted to get data to china, he
would have already done so, using the internet. Stopping him on a plane for a
suspicion like that is just absurd.

------
deservingend
LOL pirated movies.

How on Earth will he find such things when he's back in China?

~~~
astrodust
I think NASA's bandwidth is better than what he'd get on some random ISP in
China.

------
droithomme
The secrets thing doesn't even have to matter.

The guy STOLE a computer from NASA.

The "at worst guilty of violating NASA policies" is complete nonsense.

Theft of items exceeding $200 in value is a Grand Theft and is a felony in
Virginia. This person committed a felony which in Virginia has a _minimum_ one
year prison sentence and up to twenty years. He should have been arrested and
it is completely absurd that he wasn't. It's bizarre that the author of the
article believes that a person can just steal a computer and it's not a crime.

~~~
geon
Stealing for $200 gives you one year in prison? Ouch.

~~~
keithpeter
Ouch for the taxpayers who pay for the prison places. According to a freedom
of information request in 2008, it costs just over £200 _per day_ per prisoner
in the UK. About £60 _per day_ is direct costs and the rest is amortisation of
buildings &c.

Made me think... weekend prison like in Scandanavia, alternatives to prison &c

------
tlrobinson
What better material to steganographically hide lots of data in than porn?

------
adrr
Weird that a contractor has a employer provided computer. Providing a computer
could qualify the contractor as a full time employee.

~~~
jrockway
That could be true for private companies, but the government plays by
different rules.

[http://en.wikipedia.org/wiki/Sovereign_immunity_in_the_Unite...](http://en.wikipedia.org/wiki/Sovereign_immunity_in_the_United_States#Federal_sovereign_immunity)

------
X4
Steganography + Porn, that's a really neat idea.. You wouldn't easily get
officials to analyze those files together with a forensics team. That scenario
is awkward.

An error the official did was making his company a public target, by revealing
that they might have sensitive data, without being prepared to an attack. Not
so clever move, sorry.

~~~
jjoonathan
Surely the NSA has hashes of nearly everything on the internet (bloom filters,
perhaps?). Finding images that didn't match would be a simple and automated
task. There isn't even a need for the person doing the scan to know that it's
porn -- from the point of view of the hash database, porn, system files, and
ripped DVDs all fall into the category of "seen before, not interesting."

After the forensics team found files that didn't match the DB, they would have
a good reason to investigate further and officials / the media wouldn't let
nekked bodies stop them from commenting.

Porn would make a poor choice of background media because reverse image search
is ubiquitous. Finding the originals would be easy, and showing that the
differences between the stego'd images and the originals didn't happen via
compression would probably not be too hard either.

If the encryption is good they probably wouldn't get any further than that.
Still, any significant quantity of hidden files would generate a large body of
evidence that would be very difficult to explain away.

Why go to the trouble of hiding info on the hard drive of a guy who was
already under suspicion when a prerecorded skype call or controlled packet
latency system would make for a stego medium that was much harder to detect
and easier to plausibly deny?

~~~
X4
You're correct and personally I would never underestimate the NSA/FBI or any
other organization.

 __Remember Aaron Schwartz.

But there is too much evidence that they might be much less professional and
less equipped with such high-quality hash-databases.

I don't believe that they could allocate enough professional resources (in
such a "low priority" target) to actually give clearance of the case and green
lights to the officers with certainty. If the porn movies are avis and 700mb,
but with SD-quality, then you couldn't notice the difference.

Take 20 porn files porn-a.avi (500MB original or 600MB with hidden data) There
are so many rips or rips of rips that you cannot have a complete porn-
database. And phew 2GB of compressed and hidden Data. Even if he didn't have
used Steganography, he could easily use imageshack.us, imgur.com and other
file-hosting sites, heck even upload to porn-sites to hide the data.
Additionally you could get bad hashes into your database, when they upload the
porn movies themself.

~~~
jjoonathan
How do you figure this is a low priority target? This certainly falls within
their mandate and the guy might have been trying to steal legitimately
sensitive information!

> Take 20 porn files porn-a.avi (500MB original or 600MB with hidden data)
> There are so many rips or rips of rips that you cannot have a complete porn-
> database. And phew 2GB of compressed and hidden Data.

The smallest SSD I own could handily fit that data whole and the bloom filter
would fit in an arduino a thousand times over. The NSA's shiny new Utah
datacenter had a $2B budget for construction alone, do you really think "rips
of rips" are going to be a problem? These guys scrape web traffic by putting a
T on major junctions of the internet and duplicating everything that comes
down the pipes. You could set all of 4chan to making rips with permuted
settings and not begin to stress infrastructure of that capacity.

I don't want to be rude, but you seem to be in denial.

------
nnq
...now they'll assume all the top secret data is stenoed in his porn
collection, so they'll keep him in jail for a long long time until they prove
it isn't ...or was that brit law?

------
rajanikanthr
ROFL I did my MS in computer science from Old Dominion University.. proud of
you :D :D

------
ioanpopovici
Paranoid Americans...

------
cromwellian
Gives new meaning to the term "honey pot" :-p

