> Apple: If we're forced to build a tool to hack iPhones, someone will steal it.
> FBI: Nonsense.
> Russia: We just published NSA's hacking tools
Even popular anti-virus programs on Windows have been jimmied to allow state-sponsored malware through
, and I mean a credible one with evidence, not tinfoil-hat raving.
Yes, we know that three-letter agencies look for, and probably have a stash of, zero-days for covert access. And they also do physical attacks wherever possible (like fiber taps at Google's datacenters). But those are two very different things from backdoors built in with the cooperation of the vendor. And despite how many people on the Internet treat "companies build in gov't backdoors" as just unquestioned fact, I've never actually seen any proof.
Our intelligence apparatus has cried wolf too many times, in terms of denying they do something and then it turns out they do it, to be trusted anymore. They've lost the benefit of the doubt and if they don't want people believing all the tin foil hat things, maybe they should stop doing so many of them.
This is true, but using it as a justification for "And therefore, my theory about what the intelligence community is doing is correct and does not need evidence" is a non sequitur fallacy that has become depressingly common in recent years. You still need evidence for individual allegations.
To show you what I mean, suppose I were to say, "The NSA has a constellation of mind-control satellites built with help from the lizard men!", and then responded to the deserved skepticism with "A lot of things that used to be tinfoil hat theories we now know to be true thanks to Snowden, so this is too!". That's obviously fallacious reasoning, but it's exactly what people are doing when they toss around allegations of backdoors with no proof. Again: there's no shortcut around the need for evidence.
> After Snowden, I no longer doubt the possibility of any realistically imaginable attack ie, assume that if they have the physical ability to do it, you should assume they do it and are not stopped by any ethical concerns.
I agree completely, but that's not what I, or the person I replied to, was talking about. The issue I was addressing in my comment was whether their backdoors are being built with the knowledge and cooperation of the vendors, which is very much unknown. Attacks like taps on cables are orthogonal to what I was saying.
Jimmy: a short crowbar used by a burglar to force open a window or door.
He didn't necessarily say it was collusion but I suppose it's fair to clarify. It seems narrow to suggest it's just a stash of 0-days. I suspect they've been heavily yet covertly involved in the popular software tool-chains and computing hardware.
Mind control satellites and lizard men are both so far away from our current science and technology that even assuming the NSA could be a few years ahead, it's not worth considering. If there really were mind control sattelites or similar precursor technology available or in research today, and there were lizard men who had a history of being good at working with those and willing to sell their skills, then I would agree that it's plausible they're doing it.
Also, I'm more interested in the /practical/ applications of this knowledge of whether the intelligence community does a certain thing X, not the philosophical certainty of whether they do a thing X. You lock your doors because someone /might/ break in /maybe/, not because you're certain John Doe is planning on doing so at 4:30am tonight. Even if no one ever does, it's certainly technically possible, so if locks are cheap it's a reasonable tradeoff, even if you'll never be sure if they really helped.
You're probably right though that I'm moving the goalposts around! :-) I'm not trying to have a formal debate, just idly shooting the shit on the net, so I'm OK with that.
Prepare for that scenario as a possibility, but there should still be a burden of evidence before possibility is accepted as reality.
I think The Puzzle Palace (https://www.amazon.com/Puzzle-Palace-National-Intelligence-O...) made the same argument as far back as 1982
Do a search for "ibm lotus backdoor" or start from http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html
That's a far cry from "Practically every major piece of software and hardware that's not open source has a backdoor embedded."
The pedantry around here can be infuriating sometimes. You take issue with my strictly true comment, and ignore Analemma_'s comment upthread (every product) which is strictly false.
Likewise, . That would be pretty stunning, if true.
The parent poster was suggesting (and I was questioning) this occurred at Google Data Centers, which would prove explicit cooperation by Google.
A whole different ballgame.
The closest I've seen are the PRISM slides which imply cooperation from Google and the other big companies, but this could be bad choice of wording.
Regarding PRISM cooperation, I'm not sure where your doubt is coming from there.
The slide was explicit, and is now many years out of date so without doubt the number of providers has increased. The means by which these provider agreements are reached is well known (National Security Letters) as is the fact that organizations are fully barred from disclosing their existence.
The math doesn't add up.
That argument is not true. Spy non-fiction taught me that intelligence services sort of rate their capabilities on what intel they can bring plus how secret they must remain. The idea being a capability might be so good and so hard to replace that you only use it on highest-risk cases that nothing else works on. Additionally, lower clearances will have greater number of infiltrators. They should see less than higher clearances to reduce damage of leaks. Further, I predicted that the tools themselves were developed in Special Access Programs (SAP's) that compartmentalized away from even TS clearances then selectively released to them. Sentry Eagle et al confirmed my prediction.
You can actually see the bullshitting in progress if you look at that. Each level of clearance is told something different with the lower levels often getting lied to with only highest getting the truth. In one case, it was implied they were attempting to use supercomputers against crypto then TS/SCI version said they got companies to backdoor it. Quite the difference. ;)
What you describe is how intelligence services actually work to develop and protect real tools for access. What the GP claims is a fantasy in which such work is not necessary.
I agree that's a crap claim. Tried to provide alternative that showed situation is almost as bad as crap claims like that with 0-days. What overlap I did see was the emanation threat. That secrets leak out of any device and TEMPEST protection of them is illegal means that they are all backdoored for that in practice. Good news is it's a highly-specialist attack only a few countries know how to do that requires targeting and close proximity. Other good news is that smartcards and EM compatibility testing reinvented some defensive practices.
iOS already, today, for no other reason than to prevent downgrades, verifies every firmware upgrade/restore with an Apple server, which sends back a per-device signature. Technically, it would not be difficult for Apple to have that same server authorize a special spy firmware only for specific device IDs. The only way this could result in a mass compromise is if Apple were hacked, but hacking Apple already gets you that - the hard part isn't writing code to spy on people (especially if you've hacked them and thus have full iOS source code), it's signing it.
This is different from exploits for code vulnerabilities, where there's always at minimum a secret (the location of the bug) that can't get out, and in some cases going from there to a working exploit is also difficult.
At worst, if Apple went beyond compromising that one phone and set up an ongoing process to compromise phones as requested by law enforcement - then there might be some sort of online portal, and maybe it could be hacked either directly or by stealing a legitimate agency's credentials. Maybe then the spy system could be used by unsympathetic governments against their enemies, though only by stealthily submitting individual requests; there would be no way to exfiltrate something from law enforcement that would compromise everyone. I don't think that's what most people are thinking when they talk about a back door "getting out" or whatnot.
Personally, I agree with Apple's refusal to create and sign a spy firmware on ethical as well as pragmatic grounds. But there's a lot of misinformation about the issue.
Are we pretending now that the government couldn't MITM and fake the response? I think they've proven they can MITM pretty much ANYTHING their hearts desire.
Only if they have Apple's private keys or can break RSA...
Further, if people are paranoid of this, a crowdsource based mitm restore server could be setup (similar to saurik's) to watch the hashes and block restore + alert the user if a firmware file is about to be installed with a different hash than what it should be.
So I don't think this was the strongest argument for Apple. A better one is that once the US can compel Apple to do this, what's to stop Russia, China from demanding the same thing?
It is so simple to steal software, just like NSA's hacking tools were stolen.
If NSA cannot keep software safe, why can you think that Apple can? I think it's unreasonable to require Apple to have a higher level of security than NSA effectively has.
If the "backdoor" in question is a malicious signed OS update, then it can absolutely be destroyed. There are plenty of reasons to avoid backdoors without imbuing them with mystical qualities like the inability to delete them.
And then recreate, and redestroy it for each of the >100 law enforcement requests in NY alone. Etc. Etc. Though the FBI says that, Apple pointed out in their brief that the reality of what that kind of situation would look like was absurd.
What's to stop the FBI from repeating the same process in the future? Fighting future orders would be much harder after precedent is established.
Remember that after James Comey talked about spending "a lot" to get into the San Bernadino phone, he wanted a way into the phones that "doesn't involve spending tons of money in a way that's un-scaleable."
Right. So if there is a backdoor, they won't commit the code to a repo, but write it from scratch every time FBI calls them.
Yes, very realistic.
From that we learn two things, both bad and which tells us not to listen to or work with FBI if possible:
1) FBI is stupid and doesn't know how these things work
2) FBI is malicious and is lying
> 1). FBI is stupid...
While the tech industry like to cast aspersions about the FBI and how idiotic they are, I think this perception is wrong. I don't think they could possibly have access to the resources they do and be stupid. They may not always understand fully the technology they're working with, but I'm quite sure there are resources within their reach that would quickly set them straight where required. I'm sure at the very least they could create a GUI interface using Visual Basic to track their IP address.
> 2). The FBI is malicious and lying...
I'd like to believe they're neither but the more time goes on, the more my goodwill towards them fades... and while they're not the NSA, the doubt the NSA has cast on Government Agencies has tainted that with the "guilty by association."
I can't believe they're incompetent, I do believe they (largely) do what they do with good intent, I think their strategy is short sighted.
That leaves me asking the question: Have they lost sight of the future repercussions of the actions they take today or are they actively considering the future repercussions when making policy today?
If they're actively considering the future repercussions of policies they're making today, that is the greater cause for concern because they're actively making policy that ensures the state's ability to monitor (and in effect, censor) the future population - counter to the first and fourth amendments.
I responded to an FBI call for recruits to staff up their cybercrime divisions after 9/11, and was in their recruitment pipeline for two and a half years.
Based on my experiences during that period, I have no problem believing that they are stupid.
Dude! Just nine more months and they would have completed your SSBI and you could have been forwarded to the next stage!
God, it's like you don't want to put your life on hold for multiple years while an impersonal bureaucracy methodically sorts through your entire personal history.
Ethics aside, this seems like a very lucrative gig for software companies that bill by the hour
As a multinational company, it's in Apple's interests to maintain a 'no backdoors' strong privacy stance, or it will both lose foreign markets (that are afraid of US/other nation's backdoors) and have to contend with increased requests from various governments for backdoors/audits (they got backdoor access, why can't we?), and the associated revenue lose.
I'm not saying Apple is evil, merely that multinational corporations don't have to care about political boundaries.
I'm also saying that (or at least putting the idea out to test drive it) it's a good time for us to shift our language to talk about things that, in some deeper way, are politically and civically just.
I would tend to concur, but we don't know that.
Also - intentions are not that important. Manning's motivations I surmise were probably innocent, but his incredible naivte of releasing gigabytes of information of information when he didn't even know what the contents were ... were seriously damaging. Tons of undredacted cables in there meaning a number of Afghan and Iraqi citizens helping the US were needlessly put at risk, for example.
> Tons of undredacted cables in there meaning a number of Afghan and Iraqi citizens helping the US were needlessly put at risk, for example.
...reads to me like a celebration of opposite day in the bizarro world.
Manning did nothing to put these people at risk; the state put them at risk with its murderous and greedy tendencies and foreign policy errors.
Announcing someone's name and affiliations, in the case of a decent, non-violent, dare I say "everyday" person does not in any way put them at risk.
It is only because these people are touched by the long finger of empire that the appearance of their name in a text file is compiled into danger.
Manning's heroism tends toward ending that empire and making these people (and those in a similar role in generations to come) safer and freer.
This is ideolgically anarchist and ridiculous.
There is no 'Empire'. There is just 'stuff you, as a citizen vote for'.
Have you ever been outside the Western World + Japan? Do you know how crazy it is out there?
Do you know how instantly things would collapse without the international framework we have today?
Are you too young to remember the Cold War? Do you realize that it's still going on, that Russians are grabbing territory and they still have 3 000 nuclear weapons pointed at us and, just a few months ago Putin bragged, over dinner, that he could 'wipe out the USA' in 45 minutes?
This is not a video game.
US foreign services do extremely important work in the world, and if you'd read the cables that Manning released, you'd see how true that is, and also how mundane most of it is relative to your anarchist hyperbole.
Manning swore an oath to serve the interests of his people selflessly, instead, he naively, and selfishly released information which caused a lot of damage and could have caused a lot more damage.
It would be one thing if Manning were some intellectual, knew what he was doing with conscience, but he was a very low level private - with severe social and identity problems, thinking that somehow he had 'answers'. I think that he thought he was doing the right thing, but he's severely deluded.
And by the way - I am not American.
Also - I should add - that the person who released the photographs from Abu Gharib - and caused the big scandal/uproar was definitely in the category of 'whistle blower' and did the right thing.
I remember the cold war. And I thought that the government did the best thing it was able to do. Did the governments of both the USA and USSR behave childishly? Yes. Were they operating in a short-term feedback loop? They sure were. Did they, perhaps against the odds, avert a nuclear holocaust, at least for 40 years? Yes in fact they did.
But that's really not the point.
As I've said elsewhere, my argument (and I think the argument you see coming from much of the HN community) is not that government has always been unnecessary, but that it is being deprecated.
It doesn't matter that this one human leaked these troves of information; the internet will always tend toward making them available regardless of which individuals happen to be involved with the particulars.
Government secrets aren't merely immoral, they're increasingly impossible.
So all of your nostalgia about worldwide wars being "the international framework we have today" is just completely irrelevant. The internet will not abide government, and human evolution will continue to be the internet.
Yes, Snowden did 'something' that was right.
But Snowden also did 'other things' that were wrong.
Snowden released information on how the NSA spies on adversaries, like Putin, who has 3 000 nuclear warheads pointed at us.
There is no 'public good' in that information, it's basically treason.
Which is the odd paradox about the Snowden revelations - there was a lot of info that arguably was in the 'public good'.
But if you save a baby and kill a baby in the same day ... you still go to jail.
The fact that Snowden released tons of data that had little to do with NSA domestic surveillance really changes the tone and nature of his crime, and it's not good to see so many come to his defence because he also 'saved a baby' the time that he 'killed a baby'. It really ads an odd dimension to the story.
I see nothing but good intentions. Forward-thinking? Maybe you're right there, at least in terms of her own well-being. Perhaps she was counting on us for more than we're willing to do in terms of rescuing her from a life of torture at the hands of the state.
I think the handling of the Snowden leak was also irresponsible and, from the vantage point of doing the most public good with the disclosure, has for the most part been a fiasco (notice how much more we learn about the contents of these documents after attacks and incidents become public?). But Snowden's leak handling was surgical compared to the shitshow surrounding the Manning leak.
When they reveal evidence of war crimes (or even just everyday corruption and slop), then I think the disclosure is all the more to be celebrated.
Naive and misguided, perhaps, but you really can't argue she didn't risk (and lose) far more while basically trying to do the right thing.
But the point is not to redeem Manning's actions in a utilitarian sense. The facts are that she saw something (war) she found unconscionable, she wanted to do something about it, and she sacrificed about as much as she possibly could without dying-- maybe more, now that she's one of the least free people on the planet. It's not that hard to comprehend a moral philosophy where she does actually deserve points for effort.
If you're asking me to just look at utility, it's very hard for me to get around the fact that the book is still being written. I can see the argument that indiscriminate leaking causes damage, and damage to well-functioning systems is bad, but I can also see the argument that the historical record is full of state secrets kept for banal or evil reasons and the proper functioning of the current intelligence apparatus may be doing more harm in a human sense than could possibly be justified, if we just knew it were happening.
The irony is that ultimately, I just have to trust that there are enough people with good hearts working in the system that if something unconscionable is going on, it won't stay secret for long. So in these circumstances I'm actually much more worried about not judging by intentions enough, lest the well-intentioned decide to stay home.
Edit, I guess I'm thinking of the opposing question: Is there information that someone in Manning's position could get which, if it exists, any system which created it or kept it secret should not be allowed to exist, let alone have the authority of law?
Intentions matter, then. But maybe we're talking past each other?
The second sentence may not be true, but is unrelated to the first, which illustrates more that we need to be careful about judging actions solely by accord with the alignment to the actors' view of "the right thing" than anything else.
This is completely false.
The information Manning released absolutely did not belong in the public domain. Period.
Governments, like any other private entity are allowed to keep confidential information.
Much of what manning released was private conversations between state department officials and their counterparts in the Middle East. The damage could have been much worse.
It's really sad to see so manny people think that 'individual privacy is paramount' but then can't grasp that other actors, including state actors, don't have reasonable rights to privacy.
It's beyond naive.
And there's a slight difference; government employees (including the military) are paid by the taxpayer, and government operations (such as military strikes) are also tax-funded, and a degree of transparency is supposed to come with that. If the government was a for-profit entity, you might have a point, but at least right now, it (officially) is public, and the above case and FOIA are there because of it.
I understand that there are cases where the government cannot release stuff to the public, and I'm not disputing that Manning overstepped her bounds, but I don't think it's naive to expect some degree of transparency from public, (not private) entities.
The entire essence of the concept of a Republic (vs. e.g., a Monarchy) is that government is literally a public matter (Latin: res publica) not a private entity or someone's private property.
But, for my part, I will go even further. I think that:
> Governments, like any other private entity are allowed to keep confidential information.
Is just wrong. I don't think that, in this day and age, it's a good idea for governments to keep anything secret. At all. And I'm pretty absolutist about that. And I think that's a reasonable information-age policy. And I think that governments will begin to adopt it or look silly for refusing to do so.
> It's really sad to see so manny people think that 'individual privacy is paramount' but then can't grasp that other actors, including state actors, don't have reasonable rights to privacy.
This is exactly my belief. I cannot grasp - or rather have grasped and cast away in disgust - the idea that "state actors [have] reasonable rights to privacy." They don't.
is the government really a "private entity"... and if it can be described as such, is it "like others"?
(assuming you mean "do have") in what way does the state have "reasonable rights to privacy"? who determines what's "reasonable"? doesn't state privacy hamstring the citizenry's oversight and regulation of their own government?
Uninformed consent is hardly consent at all, and our elected class ought often be reminded that it is we that they answer to, and not the other way around.
This is completely false - and there is not a single state in all of the history of the world wherein this was the case.
Oversight - yes.
All public information - no.
If you have ever worked with a team of more than 5 people, you'd realize that your statement cannot hold true. Do you really think that every email, every correspondence, every bit of government data should be public?
Should Barack Obama have to do everything on a 'live cam' so that every citizen can see his every move and word?
Should the Nuclear Launch codes be 'public information' ???
Of course not!
Government agencies have absolutely no obligation to release any information unless it falls under the auspices of 'freedom of information' (which is a good bit of data) - and then various levels of clearance.
We have other people in government: elected officials, oversight committees, and judiciary, NSA, FBA - to keep an eye on one another.
The information released by Manning was 100% within the bounds of information that the government can keep private.
Private conversations between state officials and diplomats are definitely not something that should be published.
In 40-50 years or so, the US eventually releases pretty much everything, you can read what the US Diplomat to Libya said to Gaddafi if you want then. But not in real time.
This doesn't sound unreasonable to me. I'll be surprised if a state doesn't try this in the next 50 years.
> Should the Nuclear Launch codes be 'public information' ???
I think it's a safe bet that many of us don't believe that the government is right to have nuclear weapons in the first place.
Governments are not 'private entities' but they certainly can have 'private information'.
It's really quite difficult to debate this with you guys.
If you can't imagine that diplomats can't have private conversations with their counter parts, that bureaucrats can't have private conversations with employees - then I have nothing to say to you.
Once you accept that there is a lot of information that should not be publicly available, both 'secret' and 'mundane' (HR records etc..) - then you accept the government can keep private information - and then it becomes a matter of how that is regulated: oversight by congress, committee, judiciary - and access to information wherein it's appropriate.
And once you accept that - you accept that Manning's release was totally immoral and unlawful. There is nothing in his cable releases that should have been released - though you could debate the release of the video of reporters dying in friendly fire.
Just to be clear: I think many people here believe that "diplomats" and "bureaucrats" are subject to deprecation. You are holding on to the notion that the government is going to keep existing (and bungling society, economy, and environment) alongside the internet, but it's perfectly reasonable to surmise that this is not so.
Government has been a necessary evil for a stage of human evolution that is now coming to a close. And it will wither with a whimper, not a bang.
So, per your directive, it may just be that you have nothing to say to us.
As long as we're all stuck in the "Breakfast Club" for veering away from "the facts" might as well read something relevant: http://www.openculture.com/2015/03/huxley-to-orwell-my-helli...
Seems more likely to me that the ANT leak gave the auctioneers an idea what to look for to exfiltrate once they got hold of an NSA staging server.
It was taken years ago, and just now found its way to the auction block. I think there is an interesting story about the intervening years we are missing.
The prevailing narrative, one echoed by Snowden himself, was that this was likely taken from a staging server: a machine somewhere out on the Internet used as a pivot point for attacks. Snowden claims (I don't know with how much authority) that a compromise of one of those staging servers is not without precedent.
Nothing in this entire piece refutes or even engages with that narrative.
Proof by narrative is the slippery slope whereby the state becomes a religion.
It's borrowed from religion and used in the modern state. In the old testament, whenever the chosen people were defeated, the only reason could be that someone was making sacrifices to the wrong god somewhere. The proof was that god would have been with them on the battlefield otherwise.
It's why, in Stalinist show trials, political enemies are made to confess for crimes of sabotaging production, because the narrative says that the production process is perfect in the Soviet Union and the only way that quotas would fail to be met is because of reactionary saboteurs. Fallacious or not, each additional conviction reinforces the state's narrative.
"How is NSA changing the equities process now that "someone stealing the NSA's tools" has to be explicitly included in the threat model? Previously, equities calculations generally relied on the probability that someone else might independently discover and exploit a vulnerability. How does this calculation change when the NSA's own tools might be stolen, without detection? Is there a policy on what to do when the NSA knows that their tools are compromised?"
Most on hacker news or security twitter or slashdot or whatever would agree that the NSA has serious vulnerabilities and have terrible policies/practices, but the narrative being pushed to the average american via the usual channels is most assuredly that the NSA is infallible (or that it's only fallible due to pesky things like privacy).
This article is on Reuters, which means it wasn't meant for people who know what elliptic curves are, it was meant for people who still call Comcast to restart their router. Given that, I think it's safe to say there's a distinct narrative being pushed here where it's heavily implied that leakers are the main threat to the NSA's security.
> "The NSA is impenetrable" is not and was not the prevailing narrative, to say the least.
Our opinions about key escrow have nothing to do with whether Russia hacked an NSA staging server, or another leaker inside NSA is behind the leak.
tptacek: "The NSA is impenetrable" is not and was not the prevailing narrative, to say the least."
me: I disagree; it's part of the narrative that pro-surveillance people use to support things like "collect it all" and key escrow
tptacek: I don't understand what our beliefs about key escrow have to do with the narrative
me: explains again what you're missing about how this relates to the pro-key-escrow (and more generally pro-mass-surveillance) narrative
tptacek: everybody agrees key escrow is stupid, and our opinions about key escrow have nothing to do with things that you weren't discussing like where the leak came from
me: hmm ...
It's almost like you're trying not to hear what I'm saying.
OK, one more try.
If all the experts you talk to are against key escrow, why do pro-mass-surveillance folks keep proposing it? They see the tradeoffs differently. And why's that? One reason is that the stories they tell about why it's a net positive have the underlying assumption that there's not a significant risk of they keys being compromised. Conversely and when opponents of key escrow tell stories about the potential downsides if the keys are compromised, proponents downplay this as a risk.
Perhaps because what you're saying is/sounds off-topic? Basically it amounts to "some (pro-mass-surveillance) folks propose X because Y". Even if that's true, so what? To repeat the GP, this has nothing to do with whether Russia hacked an NSA staging server, or another leaker inside NSA is behind the leak.
Really? That's interesting (and funny!). Can you elaborate? What in particular regarding NSA points towards clownshoes?
I blame Hollywood.
Do we have any polls on this? I don't trust people involved in the computer industry to necessarily have views that conform to the average person with regard to this, and the media all have narratives they would like to put forth, but none of them necessarily have to conform to reality.
What is relevant is that they are demonstrably _not_ competent.
And your comment about religion is simply false, this is reaching way too far and cynically.
You're now rebutting a point that the article isn't making by saying it's rebutting a point no one is making!
Nobody implied Snowden released it or was even suspected of releasing it, including Bamford. He is challenging the narrative that it was Russian hackers, because of the other, non-Snowden leak evidence.
The article didn't say Snowden is behind it, nor did it pretend anyone else said that. No idea where you're getting that from.
File times just a few months away from when Snowden fled is interesting. It is still too close to the date that looks suspicious.
One way to interpret is that Snowden inspired someone else there who was dissatisfied with the job or the what NSA was doing. The other is that Snowden try to modify the files to make it seem like it was not him.
Him mentioning that "staging servers have been compromised" before can also be interpreted as him preparing the stage of releasing this and hoping everyone would read that statement at face value.
You typically don't run your exploits from your own machine, both because you don't want a single network hop between you and your target, and because your tools may be inconvenient to run on your own machine.
Then look at the unbelievably shoddy quality of these tools. Are you arguing also that they might themselves not be part of NSA's repertoire? Because I could make the same "opposite of tailored" argument about the tools themselves.
Why would this be bad for Russians (if this was indeed the Russians)? We can/should assume that Russia has it's own methods of infiltrating systems. The value of this data to them would be knowledge of how it's done, not necessarily hoarding and replicating how the NSA does it. If anything, having vendor's patch exploits that they're not using, but their enemy is, would be a great chess move.
They get nothing from exposing it, hacktivists on the other hand get a lot more, and are more boastful about their exploits.
The Russians do not use the exact same set of tools that the NSA does. Sure, they may have discovered some of the same exploits, but the two do not have the same "toolbox" strictly speaking. Releasing a set of tools used by the NSA doesn't mean that Russia loses access to the systems that they have compromised...
Your bank heist analogy doesn't apply here.
"Right. It's not yours?"
"Well it becomes ours."
"How is that not stealing?"
Plus, for a USA agency, it goes without saying that when shit hits the fan it's either Russians, Chinese or Aliens not necessarily in that order.
If the Russians knows NSAs tools they know what to look for when trying to figure out what NSA is up to. That's hugely valuable information.
Perpetuating the meme that this is a serious auction is dangerous and faulty journalism. It is a publicity stunt to embarrass the NSA. Let's not get hysterical and pretend that some third world terrorist country could obtain the NSA's cyber capability by bidding all of their petro-dollars in this farce.
The question is: who are they working for?
Snowden was working for the American People, and upholding the US Constitution.
To draw from some relevant if non-US history, Kim Philby's interests did not lie with his nation's subjects, despite his aristocratic pedigree.
(What is "our side?" I, similarly, have refused to work for defense industry, TLA agencies, etc, because I see them as net negatives to our society - this is the side I'm on)
He related the story of talking to a friend in national intelligence. The FoaF: "You've got more data on people than we do."
"China's Internet" (Bloomberg video)
The War on Cash:
(Also discussed at HN.)
But the strong assumption of the time was that it did.
Who Snowden is/was working for really is likely not of much importance. What matters is what impact he had, which at least to me, is not that clear.
Snowdon showed us there's this agency, with a virtually unlimited budget that can control the politicians that control the world... and they are beholden to no one, the law is a rubber stamp.
Worse, even when it was demonstrated that they outstepped the boundaries of our laws... things have remained unchanged.
Snowdon showed us the truth, then left it up to us to do something about it. Unfortunately, no group of people has so far mustered up any change. That's our own failing.
"US cloud computing firms could lose between $22 billion and $35 billion in overseas business over three years. [Following Snowden leaks.]"
If you determined whether an article was clickbait or not based on HN comments, you wouldn't read anything, ever.
I'm skeptical that this community has a handle on what "click-bait" is. Anything that isn't written in the precise style the commentor enjoys, or isn't as information dense as a commentor would like seems to gain the label.
There seem to be two plausible explanations for the Shadow Brokers release.
1. The doctrine of the US govt in cyberwar is proportionate response. This is either preemption or escalation on behalf of Russia. This assumes the attribution of Russia for Democratic political hacks are accurate.
2. This is further activity by whomever leaked the ANT catalog to Applebaum.
The Shadow Brokers are going to be difficult to attribute technically. Attribution is based more on your theory about what's happening the Russian covert escalation.
My guess is that the NSA has excellent methods for detecting DNS exfiltration and the recent tools are at least a decade old technology.
What's interesting is the disinformation value of intentionally releasing the tools, but to understand that we'd have to know who the intended adversary was.
No not all Russia was recently accused of hacking the DNC in the US, so it would a perfectly logical for one state actor to say to another "you do it too and here is evidence." Is that not so obvious?
What are the plagiarism charges against him? I'm only aware of the sexual harassment/assault/rape allegations.
Given that, I'd effectively be googling and then picking the articles that best suited my current beliefs on the topic, so honestly you'd be better informed by googling and then reading until you have your own beliefs. (this is not meant to be a disguised lmgtfy, I genuinely think you'd come out worse informed if I tried)
I'm surprised Appelbaum hasn't been directly suggested as a potential source[1,2].
If there's anyone still questioning the results of Snowden's move, here you have it. The Reuters opinion is stating that this data is potentially being using against us. If the perception that the NSA doesn't collect for the public good becomes broadly accepted, change can be achieved at a political level.
- If it's not possible, then the only strategy is to bid as late as possible: Suppose Group A bids $1000, Group B bids $1001. To win the auction Group A would have to transfer another $1002, making a total investement of $2003. Group C on the other hand only has to commit a total investement of $1002 to win at this point. Since the duration of the auction isn't known you would wait for everyone else to make a bid first, since the person to bid last is in the advantage. If everyone does that, this becomes the ultimate waiting game.
- If on the other hand it is possible to increase one's bid by just transfering the difference, then this is a tullock auction: a classical example from game theory where the only rational strategy is not to bid at all (unless you are completely sure that nobody else will bid. As soon as you have two bidders, both behaving rationally would lead to both committing an infinite amount of money, one of them losing it all).
So just from a game theory standpoint nobody would actually bid in this auction. Add to this the very likely possibility that the public leak contains all data they have and that this auction is a scam, and this isn't attractive at all.
: https://en.wikipedia.org/wiki/Dollar_auction (Dollar auctions are a two-player example of Tullock auctions)
Edit: you've been posting a lot of unsubstantive, inflammatory comments about political topics. That's not what this site is for, so please stop.
Let's not get on a high horse about rhetoric in the comments?
Absurdum is right.
They probably spent a lot of time on the message. Coded words or phrases. Embedded keys. Resistance to identification analysis.
Its some 4chan racist idiot's idea of a red herring.
Its a racist idiot's idea of a joke.
Here's an example of an open-source project designed to counter stylometric analysis:
With how much caution they are taking against a nation-state adversary, I think it a bit short-sighted to think that this is just "a racist idiot's idea of a joke".
If he hadn't fled it's quite likely he would have faced the same kind of treatment as Thomas Drake and William Binney, if not harsher.
Someone should write a book or make a movie about those two men the modern equivalent of All the President's Men.
The DNC is claiming a Russian Hack with wonderful support from the media. Reuters, for instance, gave over $1m to the Clinton Foundation.
When the FBI accused the N. Koreans of the Sony hack, at least there was some credible evidence conjoured up. Obama used an executive order to apply more sanctions on NK even though there were voices saying it was still inconclusive.
But now we are expected to believe the DNC has been hacked by the Russians in partnership with Trump.
Seth Rich, supposed DNC leaker gets shot in the back.
And now this.
The DNC stabs Russia in the back - Bill was happy to accept $500,000 for a speech in Moscow and the Clinton Foundation $millions just before Hillary authorized a major Uranium deal.
I sound crazed writing this, like I'm something from InfoWars. This election cycle is standing the world on its head. Be very careful who you believe.
Russians have been known for a long time (whole Cold War) for being able to sacrifice one, less important spy to distract enemy's attention from more valuable one.
Now think about Snowden in this context: few years ago NSA must had been sniffing around, looking for a leak.
Suddenly, one of their employes takes few laptops with secret data and runs, ending up in Russia. NSA is furious, but on the other hand their alertness goes down. Few years later it turns out that there's still someone leaking their secrets.
Seth Rich was shot by the FBI, in order to make it _look_ like the DNC shot him.
"supposed leaker" is really stretching it. there has been zero evidence to it other than wikileaks insinuating he was, which is a bit of a shitty thing for them to have done considering now everyone is focused on that aspect rather than about who actually murdered him.