Since then, with the advent of the likes of Stuxnet, the NSA's ubiquitous surveillance apartus, and the Great Firewall of China, we've been taught a hard lesson that governments are perfectly capable of developing technology expertise or contracting it out, if need be.
It's even a truism now that computer defence against a well funded nation state is hopeless. This was not the case back in the old Steve Jackson Games days, when it seemed that the entirety of computer power rested in the hands of a relatively small number of idealist academics.
Rember John Perry Barlow's A Declaration of the Independence of Cyberspace?
"Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather."
What once sounded almost like prophecy has come to sound more like a sad, deluded joke.
Unfortunately it can still be both at the same time. The NSA can hire some smart hackers at the same time as OPM gets breached and legislators pass laws putting all of everybody's data into the hands of the likes of Equifax which then also gets breached.
>It's even a truism now that computer defence against a well funded nation state is hopeless.
Which definitely agrees with your example. The pentagon officially operates on a doctrine that says "We may be able to have a whelming advantage in cyberspace, but we will never be able to operate with the overwhelming advantage that we enjoy in the physical space"
It seems like governments have gotten good at cyber attacks but not so good at cyber defense.
This was arguably true (in the case of targeted attacks) even back then. That some civilian law enforcement agencies (and apparently the Secret Service) were clueless about SIGINT back then, doesn't mean that the same was ever really true for major spy agencies.
Here is 1945's Stuxnet, for example: https://en.wikipedia.org/wiki/The_Thing_(listening_device)
It's interesting how many of those same early hackers  went on to working for those same governments or selling them exploits/offensive tools to make sure this stay true. None of that could have been accomplished by any gov without real legitimate talent joining on. Especially in the early days.
Largely because the governments of the world decided they were far, far more interested in the offensive side because of the mountains of intelligence they were getting. Which then filtered down to industry to where all the money, fun, and very importantly, how much easier it is to break something than to protect it. Or maybe it was a side-effect of all the vast majority of talent/money going into the intelligence community and defence contractors instead of just the "government" in general. Probably a combination of both.
The talent that did end up working on the defensive side (that was actually useful) was, and is, usually some super complicated and expensive systems that only big companies could afford. And/or you have a major budget to hire, or pay consultancies, with equal/superior talent than the adversary. Which leaves out the vast majority of companies and almost all civilians with useless or negative utility anti-virus software, or nothing at all besides the odd operating system, software, and public crypto progress.
That's not to say great strides haven't been made on the civilian side in recent years, since the public has caught on to the true scale of the surveillance/offensive stuff and the implications that has given the general weakness of the technology we use everyday.
The significance of WhatsApp adopting Signal's E2E, Telegrams popularity, and people moving to iMessage and other encrypted non-SMS text, emailing properly adopting transit encryption, and the Google TLS charts  reaching ~90% from around 40-60% only 7yrs ago is a really, really big deal IMO.
Even black hats were eager to spread their knowledge around, from 2600 and Phrack to the thousands of filez on BBS's and the early internet.
That in turn was a consequence of both the open hacker ethos, born in the cradle of academia, and of "information wants to be free".
As a result, those in the security and surveillance parts of the government who had an interest could easily learn pretty much whatever they wanted from the mouths of the very people they wanted to survey.
Not that I'd have it any other way, being a fan of the free flow of information, but it's interesting to see what unintended consequences this has.
Of course, this information flow was mostly one way.
Every man’s got a price.
You do sell your soul, but.. you get to test your black hat skills with the backing of state resources and immunities afforded to it all the while learning how to really not make that one mistake. Steady paycheck is just a bonus.
It is a price and a high one, but I can understand the motivations behind it.
But working for a government? I can't. I put that on the same ethical scale as murder.
No. Never. For no price whatsoever.
For some, it is still worthwhile to harden defenses against nation-state threat actors. Raising the cost for those nation-states is sufficient justification on its own.
For example, opaque binary distributions are more easily compromised than either source code distributions or verifiable reproducible builds. As an industry we should migrate away from opaque binaries, and major open source organizations should bear that in mind while designing their processes.
Why do people specifically state 'nation state' in these circumstances? What do you think makes a nation state a particularly notable adversary relative to countries which aren't nation states like the UK or the US, which seem to have more capability in this area not less?
1 - https://twitter.com/Pinboard/status/1121893376557633537
Do you have any creative alternatives that don’t step on the traditional use?
When they say nation state, the mean a government.
That's not what 'nation state' means at all - a nation state is an international state that is also a nation. So pretty much orthogonal as to whether they're a competent cyber force or not.
I favor APTs as a term, since it denotes any actor with lots of technical means and a political/strategic rather than financial agenda. Many APTs belong to nation states, but that's not always true!
But this isn’t unique to nation states.
They are, as the term is usually used; the United Kingdom and U.S. are nations. In the former case, it is sometimes argued that the constituent countries of the UK are nations rather than the UK itself; they certainly are historically nations and may be so presently, but nationhood isn't exclusive; the UK definitely has a national identity whether or not England, Scotland, Wales, and/or Northern Ireland also do.
The US is a more clear case of a Nation with a strong national identity and without anything even arguably competing the way the constituent countries of the UK do; yes, it's people have many ancestral nationalities (which is true in many nation-states), but that's hardly relevant to whether it's a nation-state. Since the advent of the idea of nation-states as a general norm, many polities have built national identities to form nations that coincided with the State and displaced ancestral nationalities as the locus of attachment for subjects of the state, often as deliberate projects.
However, what I was responding to seemed to imply that they weren't under some self-consistent definition that everyone really should use.
I'm sure a lot of people from the UK would pedantically insist on the multiple nations point, based on my past experience on the internet. On the other hand, in the US, people declare it to be "one nation..." and so saying it is not a nation suggests that the determination is made more from an outside vantage point than a traditional American one.
The Wikipedia page on Taiwan has some information on how people there view themselves. It seems that basically, people may be largely divided between those who came from mainland China after WWII, those who came in earlier waves of immigration, like the 19th century, and "aborigines" who came much longer ago (but it seems there were people from China on the island even before them) These may not seem like large differences, but it seems like they are tied up with the overarching question of the status of the ROC as being separate from China or not, of whether people are Chinese, Taiwanese, or both. And the question remains, do people determine for themselves if they are a nation, or do outsiders do it "objectively"?
A definition can be stated without it being practical to use.
which was actually a multi-year hacker crackdown in the early 1990's.
-pours one out for all the homies-
To a large extent, it never really ended.
The media were absolutely rabid through most of the 80s and early 90s. I distinctly remember them acting like hackers were worse than terrorists, worse than anything humanity had ever had to deal with.
Looking back, it’s almost funny, except many lives were ruined and hackers raided and/or imprisoned because of media hype and fear.
If you sent a security expert from today back in time to the 90s, they could basically pull the same ridiculous shenanigans that the characters did in that movie
> This raid is often wrongly attributed to Operation Sundevil, a nationwide crackdown on illegal computer hacking activities that was occurring about this time.
Then on the other end of the RPG spectrum, Fantasy based RPGs that dealt with magic, supernatural, demons, etc were similarly taken seriously by some in the religious community as actual guides to such activity.
Are there any RPG topics I'm missing here that had the same type of treatment from their respective antogonists believing the RPG content authentic material?
But there is a transition in both areas from just RPG to reality. People playing cyberpunk hackers often want to be able to hack and crack in the real world. And some games did at least teach some basic concepts about hacking.
And from the fantasy area lots of people got into real paganism, witchcraft, occultism.
(even though no one did succesfully invocated a major demon as far as I know ...)
There's a Trump joke in there somewhere. :)
Well, in that book(from 1975), there is an old demon trapped in the pentagon. And when terrorists blew a hole in the pentagon, he came out ... so, 9/11? And the ever lasting war on terror that followed? In other words Trump would be just a minor puppet of the grand demon behind ...
Yeah, the Secret Service should have been savvy enough to figure out that it was a harmless game, but they were still playing catch-up. Given Blankenship's history and the cross-section of criminal hackers and the SJG BBS, it doesn't surprise me that they raided them.
During the glory days of 80s hacking, groups like LoD and a handful of others had access to things that would scare the hell out of the public today. Imagine what a huge news story it would be today if it was announced that a single group of hackers had access to systems that control power grids, telcos, credit bureaus, banks, military bases, and all manner of other corporate and government entities. That's really what it was like back then; a bunch of teenagers infiltrating everything plugged in.
Most hackers back then were just exploring and learning. I'm not suggesting that Blankenship or LoD did anything all that nefarious; they certainly weren't out to bring the system down, and they didn't take advantage of their access for any financial gain that I'm aware of (discounting theft of services to the tune of a few hundred thousand dollars worth of phreaked phone calls).
It's a funny story about an interesting time. I'm inclined to cut the gov't a little slack for overreacting because the potential for harm (from hackers) was high, even if few of them harmed anything. If Blankenship had been a known criminal in meatspace, and was hanging out with his criminal buddies at their social club, you might not be surprised if the feds raided them once in a while.
Untrue. The BBS the hackers all hung out on was the one I ran called the Phoenix Project. There may have been a couple of people who were also gamers that hung out on IO, but they were there for the dice.
Source: Hi, I'm Loyd.
I'm not sure if you and I ever interacted back in the 80s, but it's possible. I was active on lutz, QSD, and a bunch of more closed systems/BBSen whose names escape me. I wasn't a member of any group, but ended up deep into that scene and others related to NYC's 2600 scene (MoD and other affiliates).
Right around when SJG was raided, the home of our tabletop gaming group's GM was raided, primarily for more pedestrian phreaking and wardialing activity. I managed to avoid ever getting into any legal trouble myself, although I don't know how.
It was a fun time to be a hacker. Ultimately, despite thinking of myself as a badass cyberpunk cowboy, I was just in it for the Unix. Between the availability of GNU/Linux (obviating the need to break into other systems for a Unix fix), the spread of Internet availability (obviating the need to phreak and hack into X.25/Internet gateways), other legal venues, and being busy in college, I got out of the scene in the early 90s.
Did anyone else find a BBS file or get passed a disk copy of Jolly Rogers Cookbook back in the day? Something that seemed so innocent at the time has got people locked up for terrorism offences recently.
I can see why modern games (hopefully wise from the mistakes of their predecessors) ignore that part.
I disagree a little on the split-party aspect but that requires careful DMing: it can be an interesting goal to synchronize real-world activities or need to protect someone who is completely exposed while they work. If you don’t overuse that and have a good mechanic for why the hacker needs to be in the combat zone it can work, but it’s easy to fall short.
Bush might have been President but this was Reagan-era stuff.
Compared to ATF, FBI, DHS, ICE, etc, the Secret Service seems to run a pretty tight ship. When you hear about them doing dumb things it's usually just unprofessional shenanigans as opposed to completely neglecting to do their jobs properly and killing or imprisoning people in the process which is what the others are known for.
I feel like it didn't used to have bad associations for virtually anybody, but like an unwanted immune reaction, first someone says it makes them uncomfortable, and then another person who is antagonized by everything being attacked as racist or fascist declares that they think it's fine, and then a third, possibly just a troublemaker, defends the person who thinks it's ok and associates it with fascism as if that should be positive.
I never say anything though, because really it's the correct term for what they're describing.
I would sue the government for the unlawful acquisition of jelly beans.
This is why the police are always going to seem dumb and literal, because if something is "obviously" a joke, it can be used as cover, and even if most criminals are more conventional, it will look particularly bad if they ignore something obvious when it was real.