Hacker News new | past | comments | ask | show | jobs | submit login
Classified tank specs leaked on War Thunder game forums again (ukdefencejournal.org.uk)
299 points by weare138 54 days ago | hide | past | favorite | 218 comments

When Facebook failed to stay online, there was someone who shared a lot of internal info before deleting their Reddit account.

When I worked for company B I had learned through friends some really really juicy intel about competitor A (which I never shared).

Through that experience and seeing all of these other examples, I’ve come to realize that there is an intoxicating effect of having info that can make you a “hero for a day” in the eyes of some audience.

Has anyone else ever felt this allure before?

The traditional model of psychological factors behind leaks is called MICE. Each letter describes a potential reason why one would leak secret information. M stands for money, I stands for ideology, C stands for coercion, and E stands for ego or excitement.

I believe this last one, the E covers what you are talking about. People who know something special can share it and thus appear in the specific circumstanc as special themselves. This strokes their ego which motivates them to share more.

What about accident?

In this case the person just shared a work anecdote that was relevant to the discussion, arguably.

Well, why were they sharing a work anecdote? I'd say that's also because of ego or excitement.

Maybe in rare cases a leak can be by accident -- AMICE then?

It sounds like you are knowledgeable about this topic. Where might I be able to read more?

Thank you, but I’m not. I just play a knowledgeable person for internet points. (Yes :) that is the same Ego we are talking about.)

This is the document I was using: https://cyberwar.nl/d/fromCIA.gov/Burkett-MICE%20to%20RASCAL...

In every intro book on espionage. MICE is the short-hand for why people become traitors / how to turn people into assets.

Very surprised that they never added one that started with R so that the acronym could be CRIME.

"Coercion, Reddit-karma, Ideology, Money, Ego"

MICE has a nice sound to it, because it's what makes people rat.

religion? revenge?

That's just ideology.

Revenge isn't typically an ideology. It can be under certain circumstances (e.g. we will make the filthy Americans pay for all they've done!) but often people want revenge for a specific transgression with no underlying general belief (e.g. Bob banged my wife, now I'll destroy his career, fuck you Bob!).

Money is a social construct, it's ideological too. Let's call it ICE.

Money is not ideology

Being a "social construct" is not the same as being ideology.

Can you please recommend which book should I read about this topic? Don’t remember if I’ve seen any.

so a traitor is one that doesn't share another one's ideology :-)

No, you can share an idealogy but be motivated by money, or coerced. A traitor is a label for actions, not motivations.

I guess in this classification, whistleblowing is idealogoical.

Not sure am fully comfortable with that idea. Not all whistleblowing is idealogoical, some just expose straight up illegal activities or corruption

"Don't do crimes" or "see something, say something" is a good ideology that should be encouraged, but still an ideology. Companies that don't want whistleblowers to leak stuff should consider not doing crimes.

Keeping silent when seeing a crime commited, could make you accessory to it as well. It is not just about what feels right, it also about following the law.

> could make you accessory to it as well

Wouldn't this fall under C, Coercion: the state threatens with prison, unless you "leak" info about the crimes?

(Could be a good kind of coercion? How unusual)

Saying it whistle-blowing is coercion is also an uncomfortable classification !

> Not all whistleblowing is idealogoical

Is it true that not all whistleblowing is idealogoical? In order to be idaealogoical, it must be motivated by idaealeogoy. Whistleblowing is definitionally motivated by opposition to the leaked activities, making it ipso facto idaealogoiacal. Why do you think it's not idaealaogoiacal?

Everything is ideological if you frame it in that context. By your logic, following the law is ideological.

Not whistle blowing on illegal activities in some jurisdictions is in itself illegal and makes you accessory to the crimes being committed. I wouldn't think that kind of whistle-blowing as ideological.

P.S. Yes, I made a spelling mistake while typing a comment on the phone, I regret that and happy to learn when pointed out.

Do keep in mind not everyone's first language is English, making fun of that is not a good way to encourage people to learn the language better, if new speakers stop putting in the effort to improve because the feedback is negative you( and we) don't get to interact with speakers from distant lands , learn new and interesting ideas.

> Everything is ideological

Pizza isn't ideological. Birds aren't ideological. Things that are explicitly in the domain of ideology are, yes, ideological.

There's no such thing as 'no accent' just because you have the dominant accent, and no such thing as 'no ideology' just because you follow the dominant ideology. Your rationale is a bit like people who consider climate change protests to be 'political', but themselves, and their desire to ignore them and go to work, to be ... well, just, normal. Or something like that.

> Do keep in mind not everyone's first language is English

This is fair enough. I wasn't intending to mock your English, I just thought it was a funny accidental property of your message. I've absolutely made the same mistakes myself in the past!

The belief that laws ought to be followed is an ideology. There are also plenty of people who refuse to obey laws for ideological reasons.

There are non-ideological reasons to follow laws as well, such as avoiding punishment, but that would presumably fall under coercion.

If refusing to obey laws for ideological reasons they are doing some form of civil disobedience, that is still obeying the "law"[1]. Even when refusing to follow a specific law you still follow the Law, the point is that you willingly accept the consequence of your (in)action as per that law, i.e. that usually means go to jail. Thoreau's seminal essay or Gandhi or King's(and many others) writings talk about the topic in length . King actually frames civil disobedience as the expression of highest respect for the law.

All behavior is motivated by either seeking gratification/pleasure or for avoiding pain, however such a reductive mental model is not useful work with in this context. Coercion in the context of leak (MICE) usually is understood as unwilling participant who is being blackmailed to leak. Money, Ideology and Ego are voluntary, Coercion is forced is the idea i believe.


[1] I am talking about the conventionally held definition of Civil Disobedience, non-violent and public are generally accepted qualifiers . It is not really required under many definitions.

Ellmann states that covert lawbreaking is just valid way of expressing your morality ( ideology ) as public disobedience. There are similar arguments for revolutionary and violent variations as well. It boils down does common(yours) morality allow deceit or violence under this situation. Morality being more subjective( you may agree violence is justified someone else will not) most popular commentators try to stick to non-violent and public conditions to make their case stronger and widely supported. Whether that public or non-violent is a component or not it doesn't matter.

The point I am trying to make is: if is ideological then consequences will be readily accepted, otherwise it just common crime.

I meant more like people smoking a bowl in their own home despite the fact it's technically illegal because they don't really give a shit. Maybe you jaywalk to stick it to the man, but most do it to get across the street faster. Many, I'd wager in fact most people won't do things or avoid doing things simply because it's the law. Consider Kohlberg's stages of moral development[0].

I would say if you're only doing something to avoid being imprisoned or killed, you're an unwilling participant being forced to perform the action. Even if the entity threatening to imprison or kill you has a monopoly on force, it's still a gun to your head. I don't know how it could be called money, ideology, or ego.

[0] https://courses.lumenlearning.com/teachereducationx92x1/chap...

The ideological opposite to corruption is the set of all correct behaviours. This is like a opposition to law and order being seen as a political stance, meanwhile its a society per-requisit.

I was mostly writing this comment just so I could continue the comical tendency for 'ideological' to get more and more misspelt every time it was used.

That said, I don't think I agree with this idea that the dominant ideology is no ideology at all. It seems a bit like the tendency to think that one's own accent is no accent at all.

Many requirements for society are political stances; they just aren’t interesting ones because basically everyone agrees with them.

At the most basic level maybe, but at some point they're not worth talking about at the same level. Saying that someone thinks we should exterminate a race of people may be a "political stance" by the most strict definition of the word, but calling it that casually elevates it out of the heinous area in which it belongs to something similar to people arguing about infrastructure spending priorities.

There are certain "political stances" which cannot coexist with a peaceful, modern society.

But the last two are ideological.

Could add 'F' for frustration ! Either because:

1) Lack of service delivery

2) Lack of corrective action (i.e ignoring for months or years reported security holes)

Sure there are many more examples.

That's I...

That doesn't seem how people usually understand I.

Some people put profit over ethics. This is an ideology.

"investors are counting on us", "people will lose their jobs", are examples of how people fit this ideological stance, into their morals, their ethics.

That still doesn't seem to be how people usually understand I.

Well, it is how I have always understood, I... and others I know. I do not see a discontinuity, when looking at the dictionary either.

Maybe your local area / country has co-opted it, to only mean a subset?

If you look at the dictionary, I think you'll see that it is not defined as 'radical' or 'extremist' only.

What is your objection to my usage? How do you see it misused?

Well, when I try to imagine the mindset of the military people who coined the MICE acronym, and I imagine what they see as "ideology", I don't think that "commercialization" would be in there. Hence why "money" is a separate entry. I'd assume they mean "I" to stand for "religion and things like religions", preachers, holy texts, deep convictions. In my model, they'd understand profit maximization as "just sensible behavior" and "I" as a set of deviations from such behavior.

They could have used a more restrictive term if they desired, yet did not.

And frankly, political stances have caused more losses to state secrets than religion. EG, "commies!", or alternatively state ideological "long live the king, for the kingdom!".

Democracy, and capitalism are alternative ideologies. The means for profit is on the list, and all the nuances in between.

Take profit over health (cigarettes companies), profit over culture/society (facebook), this is an ideological stance.

Profit above all else.

Also, if the above looks like I'm stomping on your def, I'm not, just trying to get across why I see it as more generic...

You miss the possibility that it being leaked professionally, on purpose by the "victim".

This would fall under the "money" part of the abbreviation.

I mean it is released as part of a counterintelligence operation. While it is done professionally (for money), MICE refers to why someone would be lured to do the "wrong" thing.

Then it is not a leak, it is an authorized counterintelligence operation.

Common usage of leak includes deliberate action by the owner of the information, not just misappropriation.

So what? MICE is meant to help with listing the reasons why someone would betray the confidence of the organization, not to match your idea of common usage. You can leak information by mistake and this is also a valid case, but it is not included, because we are talking human resources management, not operational security or counterintelligence practices.

Or "ideology," depending on the motivation.

As you surmise it is not uncommon. It is talked about in some of the security briefings I've been required to watch and FSO's (facility security officers) have a bunch of stories of this effect facilitating a security leak.

When I was at Google a TechStop employee couldn't "help themselves" and shared a picture of an unreleased Android phone. Apparently it wasn't hard to figure out who it was and they were subsequently fired and everyone got a lecture at the Friday meeting.

I have not seen much literature on whether or not there are ways to mitigate that "feeling." (sure there are the 'you'll be fired if you tell anyone') but this comes up in all sorts of scenarios like seeing a VP from your company out on what looks like a romantic date with someone who isn't their spouse.

It's amazing how some people will risk their job, their clearance, and potentially their freedom, just to impress some random dudes online for a few minutes.

I tell people this whenever I'm asked about something I'm not supposed to reveal. "You want me to risk my _ just so you can satisfy your curiosity?"

> It's amazing how some people will risk their job, their clearance, and potentially their freedom, just to impress some random dudes online for a few minutes.

Maybe they just feel alone, depressed, underappreciated and like nobody cares about them?

Revealing it to total strangers somewhat obscures potential negative impact, while still getting them to feel important for a day.

As a formerly alone, depressed, underappreciated TS clearance holder who nobody cared about, there was never a moment in my life where telling classified information to the public ever seemed like anything other than a first class ticket to a tremendous amount of misery.

I only speak for myself, and I no longer have a clearance. But the idea that depression excuses disclosure of classified information... that's not how depression works. That's not how clearances work. It's anathema to me. If depression is an excuse for disclosing classified information, then depression is cause for denying a person a clearance. It is cause for revoking a clearance from a person who seeks mental health assistance. No thank you. It is much better to prosecute depressed people who violate their clearance agreements and to continue to permit depressed people to gain clearances than it is deny a clearance from every depressed person.

I support giving clearances to depressed people, and I support sending depressed people who violate their clearance agreements to prison.

No one was saying depression was a valid excuse for the behavior, just a reason someone might do it. Attempting to understand a motivation doesn't automatically mean excusing it.

"I support giving clearances to depressed people, and I support sending depressed people who violate their clearance agreements to prison."

I see your point, in not trying to worsen things for depressed people - but don't you think on a general base, a mentally unstable person is more liklely to disclose something? And when you are really, deeply depressed - you don't care about anything anymore, except if it makes you feel better in that moment.

I don't think you should make prejudiced generalisations or finger in the air guesses about how depression affects people's behavior.

Well, maybe I do not make finger in the air guesses, but know something about the subject?

My good sir. I presume that you don't mean to be offensive, and I am not the kind of person that is offended by unintentional gaffs, but let me clarify for you why your line of speaking, is, in fact offensive.

First, reread everything that you wrote, and substitute "depressed person" for some racial minority. Most of what you have said is still valid and there is a possibility that it is even true. However, you must see that this would be so offensive that your post would be flagged.

Instead of fostering predjudice against people of a racial minority, you are (probably unintentionally) fostering predjudice against people with mental health problems. Do you not see why this is offensive?

Mental health problems, as said, is not a race. And not everything is prejudice. Racism is supposed to be prejudice because "You can't say there's causal relationship between the race and another specific trait". It is prejudice because it is deemed IRRATIONAL i.e. logical conclusions involving race fail at their very foundational base, race, and are thus logically incorrect. Mental instability though? It is the trait itself. It IS a valid base for logical conclusions regarding the human affected by one. You can claim one does not know enough of a mental illness to make conclusions for one's behavior. But one who does know, can then judge (not pre-judge) accordingly, and logic and truth are by definition not offensive.

Erm no. Not everything is racism.

Lack of caring for elemental things, including life, is a common trait of depression, not race.

But I did not say, depressed people should not have any clearance. I say, mentally not stable persons can simply not be trusted with every tasks. No generalisation. It depends on the task. So I doubt, you would offer the guarding of the red button for example, a suicidal person. And deep depression, is mostly combined with suicidal thoughts. There was a pilot some years ago, piloting a full plane to join him along his suicide. So much for extreme examples.

And as for the secret new release of the hot new game console x? I don't care about their security. But I see, that companies would want stable persons there, too.

My guess is that it's merely the common human trait of valuing immediate emotional desire over the intellectual knowledge of future consequences. People do it all the time when they eat, cheat on their spouses, press the snooze button, drink, or spend time posting on Hacker News.

You assume all choices are rational and wilful

Perhaps I miscommunicated? I'm saying it's often emotional. But yes, you make a choice - not a carefully examined, systematic one, but you make a choice to hit snooze, commit adultery, etc.

It begs the inclusion of "How much time do you spend online? And how much do you value the opinions of online communities?" as security clearance questions. Are they, now?

Historically, they'd be very interested in what you'd say to your friends, family, etc. But the allure of internet fame would seem to have a more pursuasive effect.

If you read some historical accounts of spies, I think you'll notice there is already a massive ego/excitement boost to be had, without involving Internet fame... It's not ay l clear whether online activity would move the needle, in terms of predicting leakers.

But more importantly... Participating in online communities, and caring about one's online presence, is statistically normal behavior for working-age people in first world countries with Internet access... Moreso the younger you get. But the point is, it's massively normal behavior.

So if you tried to use your questions to predict potential leakers, you're just playing the "Most serial killers eat bread" game.

In order for your question to be a useful predictor, it would have to have low rates of both false positives, and false negatives. That doesn't seem very likely.

> "And how much do you value the opinions of online communities?"

Seems a more difficult question, but a more indicative one, which is why I included it.

Per my experience, you can easily find individuals who spend similar amounts of clock time in online communities, but are very different in how much the community can influence them.

F.ex. HN could offer me dang's karma count, and I wouldn't feel any compulsion to leak classified information here.

> Are they, now?

They're not included in Standard Form 86, latest revision November 2016: https://www.opm.gov/forms/pdf_fill/sf86.pdf

That's not to say it's excluded from polygraph questions; I can imagine a world where online associations are very relevant to an agency in need of a CI or full scope poly for compartment access.

SF-86 doesn’t ask any questions like this. They’ll send out agents to collect more in-depth questions that may probe situations like this. They’ll also ask friends, neighbors, family etc about all sorts of things. This isn’t really the kind of question a self-reported form can answer (except for the most obvious questions like debt problems). It takes a human who can synthesize various statements to get pictures like “this person could be blackmailed” or “this person can’t keep a secret.”

Wait. Some people still get put through a complete nonsense pseudoscience polygraph test for clearance?

It’s a polite way of saying that you’ll be randomly interrogated.

It’s like the FAANG interview process. Everyone knows it’s suboptimal, but nobody knows how to do better at that scale.


It's similar because there are lots of false negatives, but few false positives.

My understanding is that it's used as an "interrogation" technique and that they don't really care what the machine tells them.

They do, I had a clearance rejected because the examiner was convinced I had previous involvement in drug manufacturing. I don’t. I’ve never even used them. Hell, I barely drink. I ended up getting a much better non-clearance job offer elsewhere so it didn’t ultimately negatively affect my career, but it’s still irritating.

It’s a standard practice for a tier of Top Secret security clearance.

Is this a rhetorical question?

And of course your family gets checked too like for the anti-bribery check. E.g. how likely is it that your siblings can cause you to get bribed. Had a few of those as a sibling

It's a good reminder to be realistic about our security models. People sometimes do things without thinking them through that clearly (or they just think very differently than you might hope).

An intelligence agency get more intel per dollar spent goading active duty people into revealing military secrets on obscure forums than you do with traditional bribery.

Source on the intelligence agency thing? Sounds really interesting

If it would be real information, he would leak classified information, to boost his importance, too ...

Reminds me of the Google SRE who got literally frog-marched out of the Kirkland office for reading the messages of a female acquaintance. He got busted, because creep that he was, he tried to impress her by revealing that he did. And the Internet never forgets[1]. Persons, especially young persons, really need to be cautioned about the stupidity and consequences of this kind of behavior.

[1] https://www.ecampusnews.com/2010/09/15/google-engineer-fired...

How did he think that conversation would go?

Option 1, he thought he was some cassanova and that she'd be impressed by the effort he put into stalking her. Women who fall for this... exist, but not without significant childhood trauma. The relationships (two) I've seen form under such conditions have been passionate, short-lived, abusive, and eventually involve the police.

Option 2, he has a humiliation/degradation kink and got exactly what he wanted.

Folk like that always see themselves the hero.

Getting a date and maybe more later?

Hey, not just "impress", that's tons of upvotes!

Upvotes have limited utility for an account that stands a good chance of being deleted.

We'll always have the screenshot

wouldn't being in possession of the screen shot be evidence?

Of course. My point is the mind of the actor is like "hurr durr, I did it for the lulz"

In really important environments, just the last part is good enough to be useful to an adversary. Someone now knows you know something and all they need is the leverage. Go with “no idea”

The only upside to anything more than that is to impress or feel important.

Sure. I work in game dev, we work with highly NDAd stuff that a lot of people would love to know about(things like console devkits way before anything about the hardware is made public, or just details on unannounced games). The temptation to "be the hero" as you said is always there but it would literally cost you your job and most likely your entire career as I can't imagine you'd ever find employment after doing such a thing. It's really hard to resist when you read comments and someone says "oh I bet Sony would never do X in their next console" and you actually know the truth but can't say.

Rest assured, if it gets leaked the vocal internet gamers that spend more time on Twitter and reddit will rarely be happy, and instead will use the leak to make it look bad. It's too bad we live in the digital age where you can't just tell someone "sora is the next character in smash, nobody is going to believe you." And then walk away. Everything's recorded and saved somewhere.

Yeah, I think in game dev there was also a culture of understanding that leaking that stuff just hurt whoever was working directly on it.

Back when I was in industry we all knew what everyone else was working on including big IPs and next gen console stuff. That might have also been a factor of how small and tight nit of an industry it was.

I've definitely been in that position before (though the stakes were much lower) and spilled the beans to my personal audience. It was so very exciting! Then I regretted it. Not because I was caught or suffered any consequences, but because I felt childish and attention seeking. The allure is gone for me now. I wonder if others come to the same conclusion?

Same here. Posting an exclusive online is not satisfaying anymore. Maybe because I grew up on times where other websites used to link to your website as Source? Now "influencers" will copy your exclusive on Twitter and Instagram without giving any credit.

There's an intoxicating effect of just contributing to a conversation, saying something interesting to other people.

But there's also shyness and paranoia: what if whatever I say makes me look bad? What if it comes back to screw me over later?

The Internet dilutes the latter a bit because you're anonymous. But you can still get caught e.g. if someone goes through your post history and recognizes you.

Some people are very paranoid and don't like to share anything because they're afraid somehow it will affect them later. I guess on the other hand, there are people willing to share confidential information for attention without protecting themselves adequately (or at all!).

Think of how many legal rights you sign away by participating on Facebook/Twitter/etc. everything you say becomes IP of a for-profit company and you get paid zero.

Why do it? Because people like sounding off.

I know (from a forum) a guy who is VERY paranoid.

His ideas are strange.

His conversational style is combative.

He published a book. He used his forum nick as the author name.

He won't let anybody even know his age. Forget occupation or nation.

Par. A. Noid.

I wonder how much you could find by correlating subjects and way of writing. Not so many people hide their writing style as well.

There’s some folks who will run their sentences through google translate and back between languages with poor translation coverage to strip identifying writing styles.

>There’s some folks who will run their sentences through google translate and back between languages with poor translation coverage to strip identifying writing styles.

Hi Google! It's Robert Hackerman, here with the County Search Engine Inspector Office.

Google: Hi Bob! How can I help you?

Robert: I have a bunch of phrases passed through your Google Translate, can you help me find the IP that submitted them? Thanks.

Well, if they can get through to Google Support, what can a mere Human do to hide? ;)

On a more serious note, if you're going to that level of security, you're probably using something like TOR anyway (otherwise they simply ask the site the text was posted on for the IP). Additionally, you can use multiple services for each translation, obscuring the trail further. Good luck getting that data from Yandex.

Lastly, I'm not sure whether Google (and others) really log every sentence entered, but as described before, you can easily avoid that. Or read the privacy policy.

I wonder if you could ask GPT-3: "rephrase ...".

Absolutely. However, if I were to do this I'd go more direct. If you have an NN that assesses writing style then you can do a "style-transfer"-type GAN that ensures that it will classify as some chosen style other than your own.

Oh no doubt. The technology definitely already exists. A wonderful algorithm that all the security agencies use.

This is how they caught the unabomber

That story is wild!

First: this leaker simply mailed a packet to a random foreign government address which allowed usps to flag it?! Otherwise seems pretty shot in the dark they found it. 1234 Russia KGB, Russia ;)

Second: the FBI either got the cooperation of said unknown country, or was able to somehow make a signal looking like it originated from their embassy (maybe as comical as we'll fly our countries flag, which happens to always be flying). Maybe it's an ally?

Third: this person had a good amount of access? It sounds like schematics/info on the small nuclear reactors in the subs? Maybe that's not super valuable info?

So much I want to know! Would make a good dramedy someday if it's as dumb as it sounds.

Definitely need the Coen brothers to make that movie. It's like something right out of Burn After Reading.

> 1234 Russia KGB, Russia

The foreign country has not been identified, but Russia is not the one on most rumor-mongering lips. There's precedent (Pollard, Nozette) for Israeli intelligence interest in US Naval secrets.

I was making a joke! But I would LOVE to know what country it is?! What's the rumor you're hearing?

From the thread about it, France seems like the most likely possibility.


> Toebbe allegedly asked for $100,000 in cryptocurrency, saying “I understand this is a large request. However, please remember I am risking my life for your benefit and I have taken the first step. Please help me trust you fully.”

Well, that not not even funny, more of cringeworthy.

> “Your thoughtful plans indicate you are not amateur,” the FBI wrote to Toebbe. “This relationship requires mutual comfort.”

LOL, I like to play with salespeople because I know their responses are scripted. So although I like being commended on my intelligence, I change my job title and pedigree just to see if that gets the same accolades

“You’re a lightbulb repairman so I know you’re smart, you can see this offer is the best for you” says the person making an offer that is not the best for me.

Helps me keep a clearer head in negotiating

>You’re a lightbulb repairman so I know you’re smart

If you can provide for your family by JUST repairing light bulbs, you are probably REALLY good at it.

You might be surprised to learn that a lot of meth smokers are into very basic glassblowing.

A perspective, but the sales person really wants the financing commission from the shadiest high interest rate lender instead of whatever they’re actually selling, if you cant afford full upfront payment. So if by provide you mean how miraculous it is for someone to be approved for subprime credit and make the interest payments for awhile, then sure, ok, low bar but ok.

Exactly. Note that the same analysis can work in reverse, too. The lack of leaky corroboration for a juicy, tempting-to-believe theory is a really high quality prior that it just isn't true. (With, maybe, an exception for very tightly controlled intelligence organizations. But in general anything juicy in the civilian world isn't going to stay hidden.)

For example: this is my #1 for why COVID Was Not A Lab Leak. The incentives for someone involved to blab are just way too high. If there was an incriminating email anywhere, we'd know. (Edit: and right on cue multiple people want to storm in arguing why this principle is not applicable in this particular situation. That's how you know it's "juicy", not how you know it's true!)

It depends on a) how many people know about it b) how much they have to lose if the information gets out. The latter is a particularly powerful deterrent if it will hurt the person who shares it even if the leak isn't traced to them.

For the tank manuals a) is likely hundreds of thousands of people, and b) is zero unless the leak is traced to them, and they possibly don't expect much even if it is.

For the lab leak, b) is a strong deterrent - every virologist working on even moderately risky research would face trouble (in the form or stricter restrictions and possibly bans on the category of research) if the theory got confirmed, and for the people working in the Chinese lab, embarrassing the Chinese govt is probably pretty far up on the "mistakes you don't get to make twice" list. a) is less clear: They might not even be aware of a lab leak if it was one. However, one piece of sensitive info that could leak would be "we worked on something that was more similar to SARS-CoV-2 than the previously known sample", and I'd expect that to be reasonably well known at a research institute.

However, that adds a third aspect: Verifiability of the leak. Even if a drunk scientist sat in a pub in Wuhan, telling his friends that it totally was a lab leak, and someone overheard that - what then? They post on Twitter "I heard some people talking that it totally was a lab leak"? Even if their friends say "hey, I know someone from the place and it totally is a lab leak", it'd at best be yet another unconfirmed and unconfirmable rumor that would be unlikely to make it far.

Just because there are many leaks, doesn't mean there isn't also a lot of spicy information that never becomes public. These leaks are news because they're rare, even when hundreds of thousands of people have access to a piece of info. Reduce the circle of people in the know to 100, and the probability of a leak drops drastically.

I don't buy that. The kid who leaked those tank manuals is likely going to jail. Anyone with evidence of a cultured covid ancestor gets a free ticket to any academic position in the west they want. Remember that all those folks at WIV aren't cloistered prisoners of a totalitarian system, they're educated scientists in a worldwide community. Most of them probably hold degrees from western institutions. They're extremely mobile and well connected.

But tank kid is going to jail for sure.

They need to get out of country first to apply for academic position. I would not be surprised that anyone with first hand knowledge (and their close relatives) is already under 24/7 surveillance with limited mobility and strictly controlled Internet access. Are you not surprised that there are no interviews with employees at facility?

If they somehow escape from country (very unlikely) China government may threaten/disappear/imprison/kill their relatives in the country. China can also take hint from Russia and kill them abroad.

Stakes for leaker are much much higher than short prison sentence like in west.

Besides no major western university will touch this person - there are consequence for crossing China. (from protest from Chinese students to economic consequences).

> is already under 24/7 surveillance with limited mobility and strictly controlled Internet access

You're deflecting by invoking another juicy, tempting-to-believe conspiracy that, by this same principle, would seem to be trivially easy to verify because someone who knows about it would have said so...

I once attended a press briefing, as a supporting demo engineer, that started with a very stern “Under NDA” warning, followed by some pretty mundane technical disclosures.

Not 10 minutes later, one of the attending journalists was blabbing about it on Reddit under a user name that was linked to his publication.

Another 10 minutes later, said journalist was walked out of the room, well before the really interesting stuff was talked about.

I wonder how he explained that to his editor. What an idiot…

Quite the opposite. People naturally feel more “important” and “knowing” when they have access to internal or “secret” information, while in fact they perform the work of a cog in the system. In 100 years — often much less than that — none of that secret stuff would matter, and it will become clear that someone's life was wasted on transitory things for the benefit of some bureaucracy or corporation.

Every cog is required in order for the system to run. Even when parts of the system are not materially utilized, i.e. tanks that never see action, they have important strategic value in terms of deterrence and optionality.

It's probably understandable that people want to 'feel important' for a moment, but if they had the 'big picture' they'd realize that 'doing their job' is the most important thing they could do. It's easy for regular people to lose sight of that, just as it's easy for some people in power to take their roles a bit too seriously.

>When Facebook failed to stay online, there was someone who shared a lot of internal info before deleting their Reddit account.

back in the day you would be tainted if you had read any of this material. today those lines have been blurred and even my employer, who was known to viciously keep tainted people out of the kernel, is nowhere near as strict

"back in the day you would be tainted if you had read any of this material"

For most jobs, if you've worked in the industry for 20 years, you have seen 'secret sause' of several companies. They often look remarcably similar. Indeed thats kind of the value of an experienced hire?

How would a company reasonably enforce a rule against no tainted applicants? Ask Reddit for admin logs on the applicant's account(s)? Honor system?

What do you mean by "tainted" and "the kernel"?

Tainted = aware of non-public information that must not be incorporated into the product, so it's easiest to just not let those people work on it at all.

By only allowing people who don't know anything secret to work on a product, you keep the product safe from allegations (justified or not) of illegally incorporating third party material.

If you don't do it, you risk that a competitor claims "your product contains our proprietary material, pay us royalties or we'll sue your customers". Even if you're 100% in the right, until you've had that decided in court, your customers have to worry about getting sued, and you'll lose business (and also spend a lot of money on lawyers).

The model is particularly known/used in reverse engineering: One team (that is not tainted with knowing any NDA'd materials, I assume) looks at the product you're trying to reverse engineer, and writes a specification. Another team (not tainted by NDA'd knowledge or knowldege of the code of the original product) then implements the spec. https://en.wikipedia.org/wiki/Clean_room_design

Wouldn't the liability only be with the company that allegedly stole the secrets? How would the customers be implicated?

Many avenues lead directly to the customer. Linksys used gpl code illegally and when they were found out they had to release updates across all of their products, causing some of their lines to be end-of-lifed earlier than expected. Customers are definitely impacted by that.

How about security secrets which directly impacts the customer?

The question wasn't how could the customer be impacted. None of those scenarios have to do with the customer being held legally liable for the IP violations of a vendor whose product they use.

That's a reference to clean room design - you don't want to be accused of stealing a competitor's design, so anyone with knowledge of that design is considered "tainted" and not allowed to work on your core systems ("kernel").


SIS (MI6) literally have a page on their website for sharing dirt with them "securely"


imagine sharing classified information via an https webform. Yikes!

Just take a picture with your phone and text it to me.

I believe that's exactly how intelligence agencies will compel people to spy for them and betray their own nations: they make them feel smart and special for sharing information.

Yes, it is incredibly alluring to share something only I know and either see people be amazed, surprised or not believe it, which gives the best feeling imo. Really hard to stop myself sometimes, especially when drunk.

I've spent an inordinate amount of my life chasing that high, not by leaking information but by trying to be the guy who finally remade the game everyone liked.

I liked the game http://flythrough.space/


Yes. Quite a few times I’ve had some exciting inside info from my industry and I would love to spill it in my pseudo anonymous online hangouts! But then when I compose something that doesn’t give anything away I realize I’ve said nothing and don’t submit.

Yup. I work in health research, but as a software developer. I know I'm not a scientist or a doctor so I shouldn't shoot my mouth off about medical issues and pretend I'm an authority on the matter, but it gets hard.

I suppose I'm the opposite.

I feel excited by the trust and camaraderie that goes with having secrets. I'm protecting something with real value, that we all worked hard for, rather than destroying it.

When I snitched on Google for doing messed up things in the name of "equity" I felt much better about taking on the project in the first place.

Yes, when I was 12 I spoiled someone's secret.

Isn't preying on that allure the mark of successful journalism? Getting info from unofficial channels etc.

I can imagine many other motives and methods. Many people are torn between risking their careers, freedom, and/or safaety, and doing the right thing by blowing the whistle.

it's in human nature and in every industry. It's just a variation of gossip, which is what the majority of the news industry is based on. Almost all the news is "sources" giving a peek behind the curtain for everybody else, or at least the illusion of a real glimpse

humans are curious by nature

Yup. Video game "leakers" are some of the thirstiest clout chasers I've ever seen.

I think you get accustomed to it. Just fight the urge the first few times.

The adult version of ‘my dad work at Nintendo’

I have only been in that position once or twice, but yeah, knowing some secrets can be exciting.

“Guys its not funnny to leak classified Documents of modern equipment you put the lives of many on stake who work daily with the Vehicles! Keep in Mind that those documents will be deleted immediately alongside sanctions. Thanks for reading!”

I always think it is amazing how many buy into the lifes at risk hyperbole. Even if we assume that the content in the document isn't already known to all the "players" in the field, how much "advantage" can be gained from the manual (I suspect if it really was that important they would not put it in the manual). Moreover, if leaking the manual really puts the lifes of the crew at risk, would not leaking also put lifes at risk, i.e. the one of the people fighting the tanks?

"Moreover, if leaking the manual really puts the lifes of the crew at risk, would not leaking also put lifes at risk, i.e. the one of the people fighting the tanks?"

Thats the point. No military is interested in making it easier for its enemies to fight you.

And with irregular conflicts, you cannot assume everyone knows everything anyway. If you would have to fight this tank for real, don't you think, you want any information possible? Weak spots, sensors,.. or even getting enough knowledge to take over the tank. Military secrets have their reason, no matter how you judge the stance of said military.

>No military is interested in making it easier for its enemies to fight you.

Is this game made by the military?

I could be wrong but I don’t think Gaijin was created or contracted by the military to make the game.

I dunno, in effect it's military propaganda. I know the game America's Army was funded and promoted by the US army at the time.

I think it's the other way around : due to past propaganda, Russians really like tanks. As a result, tank games come from Russia.

I think there is probably a genuine desire for people to play a realistic game w here you're in large, heavily armoured weapons of war. The game in question has tanks from almost every nation that has ever produced tanks, so I'd wager it's either a consequence of propaganda rather than propaganda for military per se.

> Military secrets have their reason...

These reasons are only tangential to the public good, which is better served by transparency and democracy.

I believe it would be better for an army to put its manuals on the internet publicly so its soldier could read them easely than to have them semi-secret. What good does reading a tank manual do the enemy?

"Oh, the armor is weak in the back?"

I have seen the same problem in companies, where manuals and reports are hardly accessible and thus effectively lost in the name of confidentiality ...

> What good does reading a tank manual do the enemy?

"Oh, we can recreate this, only better or more of them"

"Oh, this missile uses IR, we can come up with a counter"

"Oh, this device uses such and such chip, our hackers know an exploit for that one"

Come on, use some imagination.

I think any competent nation is able to obtain this type of information - but it will require doing some work. I feel the point is, why give the other parties information for free, where we could easily make them burn money to get it?

I'm thinking back to the Cold War - one way of seeing the rivalry between the US and USSR is as a game of making the other side spend more and more money, in hopes the enemy's economy will give out and collapse before yours does.

The known vulnerabilities of a tank (e.g. X% will be defeated by weapon Y in situation Z) will usually be classified higher than the operator manual (which however may contain technical or tactical work-arounds). E.g. the existence of a defensive aid suite on a tank system may be unclassified (because it is plainly visible in photographs), what it does may be restricted, how it does it may be secret and how well it does it may be top secret.

Excluding the IR that info would not be in the operators manual. Also, capabilities such as type of missile systems on the tank are in practice not secret and present in 3rd party catalogues.

The only real downside I can see of public manuals are the risk for adhoc use of captured equipement. However I believe the upside of having the operators being able to use the equipment properly easier is greater.

Every tank crewman gets a copy of the TM for their vehicles, at least in the US Army. I doubt this is actually classified, unless for some reason the UK is vastly different. You can at least view the entry for the M1A2 TM for the US Army here: https://armypubs.army.mil/ProductMaps/PubForm/Details.aspx?P...

You can't actually view it on the Internet, because as it notes, it has a dissemination restriction to US government agencies and contractors only, but it is unclassified and the soldiers on the crew are employees of a US government agency and entitled to read these. Reading paper is fine. In fact, when you're actually on a tank, it's your only option. You're not usually going to have a ruggedized computer that can access the Internet with you, if there's even a network at all serving wherever you happen to be. Information needs to be available in the absence of connectivity.

I have a hard time imagining that any nation state that operates its own tanks, wouldn't have a thick dossier about each tank type that a potential adversary might field.

So these leaks in all likelyhood are not militarially damaging in anyway, but may weaken public perspective of the military (incompetent with keeping 'vital' information safe for instance).

I see no particular reason though to openly share these documents from first sources either. Security through obscurity is bad security on its own, but can be an extra layer when combined with other tactics.

If the army is relying on security through obscurity for a device that hundreds if not thousands of people will be using /maintaining and thus have access to this document then the only people putting lives at risk are the army imo.

I keep wondering how Codemasters, and Sony/Psygnosis before them, obtained any kind of accurate info about F1 cars. Well, sure they have the license, but do the teams share numbers? Codemasters have mentioned on the forums that they have some real-life measurements that serve as basis for the game physics, so at least it's not pure fantasy (iirc the discussion was about the speed of gear shifting—players complained they can't click through five gears as fast as they want).

Could the rivals conceivably peek in the game at some behavior they can't really discern through binoculars at testing and races? The sport had its moments of hide-and-seek in the past, with both FIA and competitors—e.g. the chassis that changed its height after driving out of the pits.

Granted, the F1 series isn't spectacularly realistic, and Codies admitted some of the cars' behavior is softened relative to the reality, to not be too hard on the players (again, the gears).

No, F1 20xx remains an arcade sim with inaccurate driving dynamics. See Assetto Corsa for more accurate data sources.

Well I have trouble taking advice from you, because you're obviously not a real sim racer: you haven't even told me to buy a wheel.

Thing is for a game you can control the cars performance by changing the laws of physics. For example, you don't have to know that this aerodynamic device causes a vortex at such and such a speed -- you can just say they're driving in a vacuum and 'this is how fast the car can go around this corner'.

you can tell a lot about a racecar (estimate power, friction coefficient, aero coefficients) by just observing speed vs. time on a known racetrack, and that data is certainly publicly available.

Although as others have said the F1 series isn't known for its physics.

Tip to anyone who is trying to prevent sharing information: don't blur text. Black it out completely, at 100% opacity. It's not that hard to decipher the blurred text.

Also, make sure you black it out on the same layer. Plenty of people add a black box over something in a PDF and you can get the data just by selecting it, copying it, and pasting it.

Also also: black it out with an overly large box, otherwise it's possible to infer information from the length or height of the box. Eg, is the number two digits or ten? Box length might tell you.

The instructions we've used for years

1) Print it out 2) Cut out the parts you want to redact 3) Scan the paper

This might be more work, but 1) It's easy enough for anyone to understand 2) It's really, really hard to get wrong

A bit easier but more or less as effective is

redact on pc -> print -> scan

Pretty much as infallible and saves a huge amount of scissor time.

I saw someone recommend screenshotting the PDF to images, then converting those back to a PDF to ensure that you've scrubbed all non-visible artifacts.

macOS’s Preview (Big Sur and up) has a Tools / Redact menu item that automates this process.

And in this particular case the underlying text is visible even with naked eye.

What type of classified information was leaked?

From the screenshot provided it appears that the argument may have been about the turret rotation speed (probably as listed on Wikipedia?), whether it is 9 or 12 seconds for full rotation of the turret? The 9 second rotation speed was added to Wikipedia 5 years ago[1] and the 12 second rotation speed information added 8 years ago[2]. It appears the original information was perhaps sourced from a book titled "Char Leclerc - De la guerre froide aux conflits de demain" by author Marc Chassillan and published 16 years ago[3].

I find it hard to believe turret rotation speed would warrant classification given how readily observable this metric would be to an enemy. The chance of a tank operator accidentally demonstrating maximum turret rotation speed during a training exercise, public display or otherwise would also be very high, even if tank operators were instructed to never operate the turret at maximum rotation speed to avoid showing off a better metric than what may be known publicly.

I would assume the concern, if warranted, would be for some other type of information that may be less observable e.g. a statement to the effect of "If you rotate the turret at maximum rotation speed for more than X cumulative seconds, the turret will enter a safety mode and only operate at maximum speed of X% of the normal maximum rotation speed. Maintenance procedure XYZ will need to be conducted to restore full performance of the turret."

[1] https://en.wikipedia.org/w/index.php?title=Leclerc_tank&diff...

[2] https://en.wikipedia.org/w/index.php?title=Leclerc_tank&diff...

[3] https://en.wikipedia.org/wiki/Special:BookSources/978-272689...

Back in the day I went to Dragon Gunner school and knowing the rotational capabilities of a tank was fairly important since it was wire guided and if they can turn and shoot before you hit them…

Pretty low battlefield survival probability with being a dragon gunner since they were relatively slow compared to the Soviet era tanks ability to get a shot off at the big puff of smoke you just created.

Perhaps it was a metric many years ago which countries thought could be kept relatively unknown before everyone had cameras, instant communication, etc?

The US seems to be happy showing off the turret rotation speed of the M1 Abrams at public demos as shown in [1], [2], [3] and [4]. There is no rotation speed listed on the Wikipedia page for this tank but elsewhere on the Internet appears to state 9 seconds for full rotation, which appears to match up with what the videos show.

I find it hard to believe there is much benefit if any in classifying turret rotation speeds, or for that matter, most other parts of a tank in 2021. The underlying technology is ancient and readily described in all manner of books and videos. The overwhelmingly important factor in tank warfare today would be whether another platform with better visibility of surrounds (UAV, satellite, etc) has communicated enemy positions to the tank crew.

[1] https://www.youtube.com/watch?v=pKHcKEc_2Nc

[2] https://www.youtube.com/watch?v=UxLWb2AHLzw

[3] https://www.youtube.com/watch?v=f5XUQ2beGfM

[4] https://www.youtube.com/watch?v=u1mH-_h3_1Q

It's hard to see how leaking this kind of info matters...

Everyone who actually cares about French tank turret turn rates and might get a very slight advantage from being able to train their tankers on slightly more accurate simulators (e.g. the Russians) already knows jt.

As admins, they probably don't want to put themselves in a position where they're making judgment calls about what matters and what doesn't. It's reasonable to have a bright line policy.

That’s why this article worrying about blurring stuff seems so silly. China, if they already didn’t know, are fully capable of re-finding it from the forum. The only ones who don’t know are the regular public so this veil of secrecy on French tank turn rates is entirely for ego.

More to limit any government reaction than anything else.

If they didn't do some of this , their site may get blocked or get sued by the government.

Discussion of the previous leak: https://news.ycombinator.com/item?id=27857636

"War Thunder is a vehicular combat multiplayer video game developed and published by Gaijin Entertainment.

Despite the fact that Gaijin Entertainment lists itself as a Cyprus-based studio,

it was originally founded in Moscow, Russia, where it still has offices today."

How come tankers seem to have loose lips? Haven't heard of similar leaks in World of Warships or DCS. Planes/Ships/Subs have more opsec because more important?

Could just be a numbers game, e.g. the US has built about 10,000 M1 Abrams tanks in the last 40 years but only about 1,000 F-15s in the same time period.

This (https://www.polygon.com/2019/5/15/18623545/eagle-dynamics-f-...) happened w.r.t. DCS, and the most recent stuff in WoW is late WWII, s if something was to be revealed, it would interest military historians more than intel agencies :)

Is there a naval game with modern hardware? I remember watching a multiplayer game on Twitch with SSNs and modern carriers. I feel like these communities are probably good places to bait active service people for classified info. Every once in a while on defense forums, there's deleted posts and reminders not to reveal capabilities indicating there's definitely folks out there eager to talk.

>>>Is there a naval game with modern hardware?

Command: Modern Operations is your best bet. It's a $70 game. They sell the "Professional Edition" to the military for $20,000 per license.



It wouldn't make for a very exciting or visually impressive game. Much of modern naval warfare is conducted at long range, sometimes even beyond the horizon.

You don't see many submarine warfare simulators either, for essentially the same reason.

War Thunder has some more modern units.

In the DCS case there's no sign of anything secret there - looks like the manuals were public, the charges were about ITAR.

Tanks are cheaper and are run by only 4 people. This means that a tank squad is basically expected to know all of the attributes of their tank.

That's not the case for other vehicles: no one person understands a Nimitz carrier from top to bottom.

World of Warships is at most 50ies tech.

I think the most recent ship in game is Colbert, a French AA cruiser commissioned in 1959. And in game, she doesn't feature her missile conversion in the 70ies.

Plus most of the "high tier" designs are paper ships with a varying level of fantasy from the game devs.

Lastly the game is far from a simulation, it's extremely arcady.

War Thunder is more realist than WoT, so people will want even more realism.

Cheaper and more plentiful weapons systems will have more people (jr) working on them.

The French Leclerq tank had the specs revealed. Previously they leaked the specs of the British Challenger Tank:


Probably the worst thing you can do if you see classified information or data out in the open is to call attention to it (publicly) and comment on it being classified or in some way 'notable'. Just because some information is public doesn't mean it's not classified.

The blurred text is still readable (somewhat). How do you arrive at 31° per second if a full turn takes 11s?

There's probably a slower acceleration phase at first?

Rounding, perhaps? 31.45 * 11.45 ~= 360.

Omg somebody posted obvious info for general soldiers from manual that is already in possess of every other army in the world including taliban since its first print. By knowing rotation speed anyone on the forum who attack erm france can erm run faster around it and force it to erm surrender? Of course fat cats and war mongers that sits on taxpayers’ war money will never allow anything regarding they precious war secrets to be published. But then, imagine world of open sourced weapons...

Open sourced weapons would benefit rich countries disproportionately.

Even if poor countries have all the access to classified information, they can't do anything with it, as you said.

However, the information can be sold.

The OP is right, if half the army has it in a manual, then this info is not a secret for anyone relevant.

For all intents and purposes the AK is the opensource weapon. Hard to see how open source weapons would benegit rich countries, they already have the designs.

Reminds me of the Nth Country Experiment https://www.atomicheritage.org/history/nth-country-experimen...

There's a difference between knowing how to do something (even without classified information) and being able to pull it off.

xkcd/386 urge is strong

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact