
The CIA Says It’s Time to Up Its Cyber Game - jgrahamc
http://recode.net/2015/03/07/the-cia-says-its-time-to-up-its-cyber-game/
======
pdkl95
How about we talk about the CIA's next projects _after_ we finish the
prosecution of those in the chain of command that are responsible for
_torture_.

Or are attention spans so short and/or the agency so completely removed from
the rule of law that we're going to let them get away with their crimes? If
we're not even going to bother with the _trial_ \- acknowledging that we won't
even _bother_ trying to maintain the rule of law - then I guess that's
sufficient proof that we have lost our republic, as we let it be replaced with
feudalism.

~~~
shit_parade
meanwhile Obama gives pretty speeches about fighting extremism and tries to
drum up more support for killing people an ocean away. American Democracy is a
farce.

~~~
happyscrappy
It is too bad it does not seem like Europe will ever get its act together
enough to be a balance against the US.

~~~
psykovsky
EU == USA lackey

------
kissickas
> In the wake of last year’s attack by North Korea against Sony Pictures
> Entertainment and numerous other breaches, the urge to hack back, or at
> least build up the means to do so when and if needed, has increased.

So this is just casually accepted as fact now?

~~~
Zikes
It's sad that Mutually Assured Destruction is the first place they go.

They could get a better understanding of security and enforce, research, and
advise standards of protection on consumer data, making everyone in the
country better off, or they can "hack back".

I don't really see how knowing what the average Joe in North Korea is Googling
is supposed to help when my data is leaking like a sieve, but whatever.

~~~
Kalium
They could, and then they'd be fighting an endless losing war over security.
They'd rather like to have their own information attack capabilities.

~~~
Zikes
Security will always be cat and mouse, but in the case of information security
a good offense does not at all make for a good defense. Those holes in our
information security system will still be there, to be exploited by whomever
finds them. The only reasonable course of action is to devote resources to
penetration testing ourselves and implementing strong security standards,
along with developing good disaster recovery and damage minimizing plans.

~~~
Kalium
Whether or not offense makes for defense depends somewhat on the actor. For
some, deterrence does work.

For the rest, we have the basic problem that defense is much harder than
offense. Also, the US seems to be far more vulnerable than most.

Those aside, offensive capabilities are needed. It's just a question of
balancing them against defensive capabilities. I know firsthand that
significant effort is going into defense, it just doesn't get the press that
offensive capabilities do.

~~~
Zikes
Their desire for a government accessible backdoor in everything consumers own
says something different.

~~~
Kalium
Yes, some of the top-level political efforts are pretty damn ugly... and
likely to backfire.

Those shouldn't be mistaken for the whole of ongoing defensive efforts,
though. Many of the others are much more practical.

------
jnewland
Step 1: Stop saying "cyber"

~~~
josefresco
What's wrong with "cyber"? - does it not relate to computers?

~~~
hellbanner
I thought cyber meant systems, like cybernetics.

~~~
lotsofmangos
Cyber means to steer and cybernetics is self-steering systems based on
feedback and goes back to Norbert Wiener in the the 1940s.

------
rqebmm
If the NSA hadn't been systematically weakening encryption and security
processes, maybe we wouldn't be quite so vulnerable!

------
aluhut
So with all the attention (advertisement/panic) the NSA has generated, the CIA
wants a cut of the cake for themselves?

That whole agency disco in the US is so confusing that I have the feeling this
has to be the plan all the way or it's some kind of old cold war virus
spawning divisions and agencies. Don't they all overlap? Is there enough
reality for all of them to spy on?

~~~
eatbuckyballs
The NSA is primarily charged with Signals Intelligence, Where as the CIA is
Human Intelligence. So it's actually a pretty clear line. They also have their
own security clearance process (though they tend to recognize each others in
join work).

The Department of Homeland security is a bit different, they're charged with
domestic operations and support (TSA).

The FBI is a Domestic Detective agency for lack of a better description.
They're charged with being the Federal investigative force vs relying on
varying state and city groups.

So yes, theres plenty for all of them to spy on / work on. Each have their own
laws and limitations. That's why they're incestuous and work together on many
projects.

~~~
kabdib
Add to this list the Secret Service for financial fraud related things (as
well as protecting government officials), including credit card fraud, phone
fraud (at least in the 80s), and the odd whatever-the-hell-we-feel-like-doing
fear-based thing (e.g., Steve Jackson Games).

Rule of thumb: If something contains the word 'Cyber' in it, it's gonna be
clueless, bureaucratic and political, and utterly incompetently done.

~~~
drzaiusapelord
>Rule of thumb: If something contains the word 'Cyber' in it, it's gonna be
clueless, bureaucratic and political, and utterly incompetently done.

Yet somehow Chinese and Russian cyberwar programs are pretty effective. Sounds
like the US needs to catch up.

~~~
bediger4000
_Yet somehow Chinese and Russian cyberwar programs are pretty effective._

1\. That vaunted "effectiveness" may be Just Another Missile Gap, i.e. a
realistically non-existent threat used to drum up fear in the USA, to get
greater funding from a terrorized public.

2\. Lots of analysts say that both China and Russia tolerate unofficial
hacking/cyberwar groups, as long as the targets are outside of China and
Russia respectively. With some small amount of guidance done surreptitiously,
the governments take advantage of a huge number of semi-criminals to serve
"national security" needs without attribution.

3\. Because of (2), ISO-9001, CMM level N don't apply. Faster coding.
Similarly, Script Kiddies, Honkers and Nationalist Hackers don't do
clearances, much less compartmentalized projects
([http://en.wikipedia.org/wiki/Security_clearance#Compartmente...](http://en.wikipedia.org/wiki/Security_clearance#Compartmented))
- this means that more people are available, from very diverse backgrounds,
and they can collaborate and communicate as necessary.

Unless the USA is willing to quit being bureaucratic to the point of
paralysis, it will never catch up.

------
balabaster
"They will not, he said, work on behalf its corporate interests"

Unless it's the RIAA, MPAA, MAFIAA or American Oil Interests... in which case,
it's business as usual.

~~~
AndrewKemendo
At least in the RIAA and MPAA cases, aren't the feds just enforcing piracy
laws that are on the books?

I mean we can argue that RIAA/MPAA were the ones who got them into the books
in the first place, but it's not like corporations can approach the CIA to
perform economic espionage, despite what some may think.

~~~
Zikes
The way they handled the MEGA thing it sure seemed like they were acting as
mere hired guns.

~~~
balabaster
I imagine it was less like them acting as hired guns and more like _"
someone"_ convincing them that if they didn't act they'd look like idiots who
have no power to uphold "the law."... the end game is the same, but the
politics that got it there were a lot muddier I'm sure.

------
kevin_thibedeau
Sounds like they're jealous that the NSA gets all the cool toys and they want
to play too.

