
Google’s NSA alliance: Deals between Silicon Valley and the security state - doctorshady
http://www.salon.com/2014/11/16/googles_secret_nsa_alliance_the_terrifying_deals_between_silicon_valley_and_the_security_state/
======
WestCoastJustin
Going out on a limb here, as I posted a pretty lengthy comment on Nation State
attacks in the past [1], but does this Google/NSA relationship qualify as
_terrifying_? Google finds out it has been targeted by a Nation State, who is
actively siphoning off user data and company crown jewels, so they enter into
an agreement with the NSA to share information about the attack, and develop
technology and methods to prevent future attacks. I would argue that Google
_must_ share knowledge of Nation State APTs with the US Government, and other
Silicon Valley firms, once they found out the scope included Symantec, Yahoo,
and Adobe, Northrop Grumman, etc. NSA/Google/Facebook/Apple/Microsoft/Amazon
_should_ be trying to advance countermeasures and leveling up the industry as
a whole, because they arguably have some of the most exposed attack surfaces,
host most of our data, and have the financial resources and in house expertise
to deal with it best. I would be _terrified_ if Google did not have a
relationship where it shared intrusions of this scope with the US Government.

[1]
[https://news.ycombinator.com/item?id=8316430](https://news.ycombinator.com/item?id=8316430)

~~~
azakai
You've interpreted the data in the most positive way possible. Yes, that is
one of many ways in which things could have unfolded.

But as the article says, this is all secret. We don't know what exactly Google
and the NSA built together in that first agreement shortly after the Chinese
hacking scandal. And we don't know what else has happened since then.

Maybe it's all innocuous stuff, as you said. Maybe it isn't. To just assume it
is all good or all bad seems unjustified by the amount of actual facts that
are public.

~~~
TeMPOraL
The problem is, of course, most people will assume "all bad" because of the
ongoing narrative.

~~~
adventured
It's a really bad narrative. Given the extreme, illegal erosion in privacy at
the hands of the State, it sure seems a lot safer to bet on "all bad" or
"pretty bad" when it comes to these tech giants doing deals with the NSA.

------
mikegioia

        The NSA helps the companies find weaknesses in their
        products. But it also pays the companies not to fix some
        of them. Those weak spots give the agency an entry point
        for spying or attacking foreign governments that install
        the products in their intelligence agencies, their
        militaries, and their critical infrastructure.
    

That's probably the most frightening thing imaginable, but where is this info
coming from? What are the sources on all of these accusations because it feels
like a pretty casual mention that all of the hardware/software manufacturers
in the US intentionally leave in back doors.

~~~
tdullien
As someone who has been very closely involved with Infosec and who has
followed all the vulnerability market rumors, I have never heard of "pays the
companies to not fix them" before, and I _strongly_ doubt the veracity of that
statement.

~~~
cpleppert
I agree, I think the author is confusing mandatory monetary compensation for
FISA/warrants etc with just straight up paying for a company to comply.
Companies don't want to be paid especially because the monetary gains aren't
worth it and the reputation risks are enormous.

------
thrownaway2424
I assume the book has a lot better sourcing and footnotes than this excerpt
has, because the excerpt has none of either. The only part of this article you
need to read is "It’s not clear what the NSA and Google built after the China
hack. But [thousands of words of speculation and innuendo follow]" It's not
clear, as in the author doesn't know.

------
lawnchair_larry
Once again the meme that China was hacking to find dissidents was a lie for
propaganda purposes, and the actual motivation was to see who the USG had
wiretap orders on, to see if any of China's own spies had been burned.

But, it makes China sound evil when you tell the public that they are doing it
for human rights reasons.

[http://www.washingtonpost.com/world/national-
security/chines...](http://www.washingtonpost.com/world/national-
security/chinese-hackers-who-breached-google-gained-access-to-sensitive-data-
us-officials-say/2013/05/20/51330428-be34-11e2-89c9-3be8095fe767_story.html)

~~~
ArtDev
If you know anything about China activities in Tibet, you would know that
China IS evil.

Its important to remember that unlike China or Russia, the US government is
tame in comparison with how it handles dissidents.

Guantanamo is bad but nothing in comparison to the political prison camps
across China.

No one wants to live in a county where something as simple as an online
comment will make you disappear in the middle of the night. This is what we
want to keep America from becoming.

There is a list of over one million "missing" Tibetans. A common crime:
possessing a picture of the Dalai Lama.

~~~
yskchu
<quote> There is a list of over one million "missing" Tibetans. </quote>

I'm going to call BS on this one.

The population of Tibet is only 2.91 million.

[http://en.wikipedia.org/wiki/Tibet_Autonomous_Region#Demogra...](http://en.wikipedia.org/wiki/Tibet_Autonomous_Region#Demographics)

Are you saying they "disappeared" 1/3 of the population?

~~~
logfromblammo
The Axis powers of World War 2 killed at least 7 million _outside_ of "legal"
warfare. Ukraine, Anatolia, Congo, Cambodia, and Nigeria have all experienced
genocides of 1 million people or larger.

Do not make the mistake of thinking that _anything_ is too monstrous for a
national government, particularly one that cannot be held to account by anyone
except a strong alliance of other national governments: China, Russia, or the
U.S.

The population of "Tibet" includes Han occupiers. It is entirely possible that
someone has "vanished" _more_ than 1/3 of Zang (Tibetan) in that region. But
some Zang also live outside the nominal political borders of Tibet. And due to
forced displacement, and the manner in which Beijing handles China's ethnic
minorities, like Zang and Uighurs, or even Han peasants, it is also possible
that the "missing" people are still alive, but shoved into a bureaucratic
black hole that prevents them from communicating with anyone connected to the
rest of the world.

------
junto
It would be ironic if the original attack was actually the NSA pretending to
be China as a false flag.

Google then willingly accepts the NSA's 'tailored solution', which was simply
a trojan horse to monitor Google assets (I.e. users) from inside the network.

Unlikely but would make a good fictional story nevertheless!

~~~
throwawayaway
Yep fictional, ironic.

> The only things Google seemed certain of was that the campaign was massive
> and persistent, and that China was behind it. And not just individual
> hackers, but the Chinese government, which had the means and the motive to
> launch such a broad assault.

Are we all still so certain that it was the Chinese government? Google must
have pulled off some top notch detective work to work that one out, with their
extensive overseas network of men on the ground.

------
acqq
The article describes two NSA systems almost as something made for Google:

"The cooperative agreement and reference to a “tailored solution” strongly
suggest that Google and the NSA built a device or a technique for monitoring
intrusions into the company’s networks. That would give the NSA valuable
information for its so-called active defense system, which uses a combination
of automated sensors and algorithms to detect malware or signs of an imminent
attack and take action against them. One system, called Turmoil, detects
traffic that might pose a threat. Then, another automated system called
Turbine decides whether to allow the traffic to pass or to block it. Turbine
can also select from a number of offensive software programs and hacking
techniques that a human operator can use to disable the source of the
malicious traffic."

But if you followed all the news since Snowden appeared, you'd know that the
TURMOIL is simply the NSA's global passive internet (and more!) monitoring
system and the TURBINE one cog of the global active "attack on the internet"
one.

[https://robert.sesek.com/2014/9/unraveling_nsa_s_turbulence_...](https://robert.sesek.com/2014/9/unraveling_nsa_s_turbulence_programs.html)

"TURMOIL is a “high-speed passive collection systems intercept [for] foreign
target satellite, microwave, and cable communications as they transit the
globe"

"The TURBINE system “provides centralized automated command/control of a large
network of active implants”"

~~~
spacefight
So $random chinese hackers seen from chinese/taiwanese IP space duped Google
into allowing the installation of these systems?

Mission accomplished!

------
drderidder
The fact that nobody blinks when agencies openly admit doing this for
_economic interests_ is the part I find terrifying. Could there be a more
blatant admission of the unethical nature of military-industrial complex?

------
cwisecarver
The two things I got from this story:

\- If anyone of us, that didn't work for Google, had cracked into a sever that
breached our servers and just looked around, not destroying data. Wouldn't
that be illegal?

\- The NSA is getting access to software and hardware back doors before the
public is made aware so they can try and catch Chinese hackers. Doesn't this
also give them the access they would need to route all our traffic to their
giant datacenter and mine it? Aren't the 'Chinese' hackers giving them a
convenient excuse?

------
justcommenting
kudos to shane harris for shedding light on our industry's modern story of
_Gleichschaltung_
([https://en.wikipedia.org/wiki/Gleichschaltung](https://en.wikipedia.org/wiki/Gleichschaltung))

instead of representative democracies regulating, protecting, and/or
supporting technology firms and citizens through systems governed by laws and
regulations, we're entering an era of opaque and voluntary "partnerships"
where all tech companies are equal, but some are more equal than others.

this sort of _coordination_ outside of legal and especially democratic
processes has implications for everyone, and should concern us all.

perhaps unsurprisingly, moxie portended these developments in 2010:
[https://www.youtube.com/watch?v=Uxz7r4E2li8](https://www.youtube.com/watch?v=Uxz7r4E2li8)

------
hindsightbias
Multinationals that give preference to one nation's TLAs have no right to
complain when they're penalized for being preferential.

------
notlisted
Not mentioned in the article, but I believe that around that time Google
switched developers 'en masse' to the Mac platform.

~~~
EmployedRussian
Not quite correct.

Before the incident, developers could use Windows, Linux or Mac laptop for
remote access. After, only Linux and Mac remain as options.

In addition, a mandatory two-factor authentication was introduced.

