Synopsis is that the UAE hires ex-NSA employees as "penetration testers" and when they enter the country for cybersecurity work, some are pulled aside to be briefed to an opportunity called "Project Raven" to assist Emirati intelligence with targeting, allegedly in the interest of counter-terrorism. The thing is, only Emiratis have "hands on keyboard" while the US engineers sit beside them and guide them, which supposedly dodges any legal concerns. Those who Jack interviewed decided to leave Project Raven when it became clear they were targeting dissidents, human rights activists, and later, Americans. As you might imagine, ex-NSA employees who target US citizens for a foreign government are breaking the law. I do wonder if it's these ex-Project Raven engineers that have led prosecutors down the road to where we are now.
You’re Wrong About is an incredible podcast. Spot on about information density and humor. I love it
From a purely pragmatic perspective of a UAE royal family member worried about domestic dissent I can see why they would do that, not that I agree with it in the slightest.
Porque no los dos?
so yeah, you want your agents to have a principal stake so havi g a nsa agen direct your staff brings more surety than some random third party like nso doing your dirty work even if its just handing over software. we all know it matters the route your hardware and software comes from if you are involved in national security.
No security apparatus in the world has the capability to build and execute everything they want to on their own. Hardware and software is always procured from multiple sources.
Money is probably not the only factor.
perfect principal-agent problem
Running an intelligence service is a lot more than hacking a random phone once in a while. They buy lots of products from lots of vendors, develop some things in house, and hire a lot of talent from overseas.
Initially the work sounded interesting and good: find and observe terrorists.
And Jack's sophomoric exaggeration of the otherwise banal often echoes of chicken little.
If anything it highlights a need for better podcasts in this domain.
People telling it to children are trying to silence their kids. They’re not focused on improving transparency, or on systemic outcomes, they just want to regulate individuals. So they are in fact the selfsame bad authorities.
The target of blame in the story is not the chicken.
If you have an early warning device with a high false positive rate, you don’t avoid catastrophe by ignoring the warning.
If your only early warning device has a sufficiently high false positive rate, scrap it, or find another early warning device with a sufficiently different set of false positives and then require both of them to alert, before you pay attention.
It's been awhile since I saw the film, but that's what I remember. Regardless, even taking my comment less literally and more like "it feels like a children's show" would still be an accurate take.
Slightly OT, but you might want to clarify that you are talking about a film rather than the classical story.
If you haven't had the pleasure of reading it, it might be worthwhile to check it out, the version I read as a child had a suprisingly morbid ending for a children's book.
Only an asshole blames the chicken. You had a high sensitivity early warning device, and muted it because you couldn’t handle the false positive rate? That is not the fault of the device.
Also, don’t go around tempering children; “seen but not heard” is dark ages, Victorian values nightmare fuel.
BwCW is a little better in the abstract, but still inapt for this.
I find it pretty hard to believe any judge would buy this.
If your company offers some service - consulting to set up their infrastructure, or helping them navigate AWS - necessary to the running of the company, and that company goes on to commit a crime are you at fault? They couldn't have done it with out you, after all.
The more general answer here is that the criminality of exploitation depends a lot on your state of mind (a property of law that something HN always has a hard time with). A professor teaching a class to an anonymous group of students is not at all the same thing, in criminal law, as that same professor standing behind foreign intelligence operatives coaching them on a targeted attack.
The confounder here is that there are statutes you can theoretically violate by providing some specific exploitation tools to foreign nationals.
The MIT professor, in an MIT classroom, is never going to be charged (same almost certainly goes for a consultant teaching an exploit class at Black Hat USA).
The judge isn't going to let that slide. In both cases, you are an accessory.
If you are a direct participant in the murder you might just get charged with it (perhaps as a conspirator which I think often has roughly the same penalties).
It's one thing to teach general skills and another to help do the actual hacking
If they are being guided through the actual hacking then that's saying that only the driver in pair programming is producing code
Is a professor at MIT teaching cyber security exploit development guilty of the same crime?
What about a consultant teaching how to use a particular tool or how to look for a particular family of exploits? (Potentially legally dodgy, depending on the client, but probably ok in a lot of grey areas)
What about a consultant which performs a passive audit of a target for a 3rd party? (Starting to get pretty dodgy, but probably depends both on the 3rd party and the target and the nature of the audit)
It's... probably not so cut-and-dry. Though I agree that it doesn't sound like a get-out-of-jail-free card.
Looking thru the feed, 8/10 of the recent casts I've listened to are only about 1/4 the way thru before I had to go into work, answer a call, etc. Then it's too hard to get back into, and two more eps have been released by the time I get another itch for DD.
Of course, real life is complicated and isn't a movie with a plot, and DD's format rewards knowledge and listening. More of a "doing dishes" podcast. Highly recommend!
- The one about Pirate Bay if you want to hear what a collosal, confused prick one of the guys behind it is
99 - The Spy
95 - Jon and Brian's Big Adventure
90 - Jenny
Jack knows how to tell a good physical pentest story, and these are all awesome.
Snowden just denounced ExpressVPN because of their CIO involvement in this
+1 for anyone who hasn’t listened to him. Defo worth your time