Nuclear weapons secrets exposed via flashcard apps article insta-dead?

hfjgltkrlrm · on May 28, 2021

> Q: what are the authenticators on the Restricted Area Badge?

> A: VOLKEL is missing the first L

I find this funny, the badges have typos on purpose.

The funniest thing is that I googled "restricted area badge" to read more about what they are, and the second result on google is a link to these flash cards. Article says they were all removed, so not sure what this means.

unanswered · on May 29, 2021

> I find this funny, the badges have typos on purpose.

It's not a bad strategy. Just as uncareful attackers may introduce accidental typos to documents, attackers who are taking care to avoid that pitfall are likely to remove assumed-accidental typos.

aww_dang · on May 28, 2021

Look at the submissions from that domain. A large amount are marked as [dead]. I would assume the filter is by domain name. I've seen similar activity with other domain names.

I'm not familiar with this site, so I can't guess as to why.

https://news.ycombinator.com/from?site=bellingcat.com

jasonwatkinspdx · on May 28, 2021

Bellingcat themselves are... for lack of a better word, good. They do open source intelligence investigations into current world conflicts. They're pretty solid about transparency and showing how they arrived at various views.

But their audience can be problematic. They tend to attract the crowd that screams "false flag" after every banal news event, so it's not surprising it'd be default spam suspect here, irrespective of the site itself.

Also, I doubt this is a hnews concern, but for folks currently holding clearances just reading that story could put them in hot water.

mhh__ · on May 28, 2021

I've seen a lot of contrarianism here wrt Bellingcat - i.e. this is the only place outside Tankie forums where the benefit of doubt was given to the FSB/GRU rather than Bellingcat during the Skripal affair, regardless of whether you think that's appropriate or not, I think it should be categorically stated that just because hackernews is more civil than Reddit it is not subject to bias and groupthink: In particular I would like to challenge an undercurrent I've felt here since the day I started commenting, that just because hackernews is a good forum to discuss things properly that one's beliefs shouldn't be challenged or put on a pedestal by virtue of where they are said.

quercusa · on May 28, 2021

> for folks currently holding clearances just reading that story could put them in hot water.

Can you elaborate on your last point - why?

jasonwatkinspdx · on May 28, 2021

It's part of how classification law works in the US DoD.

Note: I do not hold a clearance, but I've had to sign affidavits for others, so I know a bit about how it works.

Basically, the rules put the burden on the holder of a clearance to not expose themselves to information they shouldn't. If and when it does happen, you need to report it. The way the system works is of course horridly bureaucratic, but on the whole if you report things with honesty early it'll be handled without being a big deal.

In any case, this means when you participate in forums/venues where open source intel and clearance holders are likely to interact, you'll see people giving that sort of warning as a courtesy, so that the clearance holders can just dodge the issue. It's sort of like putting a content warning in one of your early slides if you're going to discuss something that could be highly distressing to some people.

Probably the most glaring example of this sort of content is the snowden archive. As a clearance holder you would not want to get noticed holding onto some of the documents that are in there, no matter their veracity.

bradknowles · on May 30, 2021

During Desert Shield/Desert Storm in the 1990s, when I was working for the Defense Information Systems Agency in the basement of the Pentagon, there were occasionally papers that were banned from the building. Usually just one particular day, but sometimes on multiple occasions.

Just because something is printed in a newspaper doesn’t mean that the thing in question is unclassified. And if you have classified material in your possession and you don’t treat it properly (like locking it up in an appropriate safe when it’s going to be out of your hands, even for just a few minutes), then that can get you into some really serious trouble.

If the publication in question contains a classified code word used in code word context and you don’t treat it appropriately, well then you’re probably done for.

Feel free to try to guess which GURPS book from Steve Jackson Games that would be, but you would almost certainly be wrong.

jasonwatkinspdx · on May 30, 2021

> Feel free to try to guess which GURPS book from Steve Jackson Games that would be, but you would almost certainly be wrong.

I love this comment so much :P

quercusa · on May 28, 2021

Very useful - thank you!

lumpa · on May 28, 2021

> Also, I doubt this is a hnews concern, but for folks currently holding clearances just reading that story could put them in hot water.

How would that work for folks holding clearances that, following one of several paths other than directly reading the article discussion (like reading some random user's comments page), get exposed to significant bits of the article?

Come to think of it, how safe in general for folks with clearances is browsing HN, with its many discussions of military tech, intelligence topics, spycraft and security breaches news?

salawat · on May 28, 2021

As long as you report a breach, you're fine.

Good luck figuring out who you're supposed to report to about that thing you aren't supposed to know about though.

Thus is the Catch 22 of Quality Controlling. Information classification systems.

aww_dang · on May 28, 2021

Imagine dropping a few hundred hidden iframes of controversy on someone like that.

mcint · on May 28, 2021

Even though bellingcat reports resolution, re: reporting to NATO and removal of cards?

I suppose trusting an outside org to have properly handled a NatSec breach would not be a part of NatSec procedures

lumpa · on May 28, 2021

Ah, thanks, the simplest explanation didn't occur to me: all articles from domain start as dead and a few are vouched. So it seems like a normal outcome for an article a dozen of HN users would submit from such a domain.

ChrisArchitect · on May 28, 2021

what does that mean 'going dead'? like you even said, other articles from 'bellingcat' seem fine, so just wait for it to be upvoted if it's actually interesting

lumpa · on May 28, 2021

You can go into your profile, then set "showdead" to "yes". Once you look at bellingcat's domain submissions, you'll see they're mostly "dead" and that makes them hidden from unlogged and most logged users, so it's like they're automatically taken out of the pool of articles available to receive votes. Only once someone "vouches" for a dead post can it be voted on again.

Usually posts go dead when downvoted enough, but it seems posts from that domain are automatically set to dead, and a few of them are resurrected.

Btw, the best place to find dead posts is the newest page, as they are uncommon in other places.

Edit: sorry if I sounded condescending, I might have misread that as you not understanding what "dead" meant, rather than "why would that be an issue".

ChrisArchitect · on May 29, 2021

fairplay, yeah, never ever noticed that option on the profile. or heard anyone reference things 'going dead'. There's no downvoting on the site at the top level of posts tho. So things rise up only based on upvotes. Dead = noninterest or perhaps numerous flags?

Just getting at that it's probably just the ebb and flow of system and not some conspiracy. Well, other than maybe being singled out by bad faith actors for flagging but what can you do. It did eventually get going/upvoted

ChrisArchitect · on May 28, 2021

but also, let's wait for a proper news source rather than belling cat

lnwlebjel · on May 29, 2021

Is there a difference? https://www.npr.org/2021/03/02/972837924/how-bellingcats-onl...