Hacker Newsnew | comments | show | ask | jobs | submit login
Snowden distributed encrypted copies of NSA docs around the world (arstechnica.com)
251 points by titlex 700 days ago | 157 comments



I'm just going to leave this here:

“When I was in Hong Kong, I spoke to my partner in [Rio de Janeiro] via Skype and told him I would send an electronic encrypted copy of the documents,” Greenwald noted. “I did not end up doing it. Two days later his laptop was stolen from our house and nothing else was taken. Nothing like that has happened before. I am not saying it’s connected to this, but obviously the possibility exists.”

-----


If I am paying so much money for our awesome military industrial complex, I would AT LEAST expect them to know how to stage the house to make it look like a robbery. Or copy the hard drive and then bug the machine & router to intercept all future communications.

If the government really did break in and just stole his laptop, this is like the least cool spy thriller ever.

-----


> If I am paying so much money for our awesome military industrial complex, I would AT LEAST expect them to know how to stage the house to make it look like a robbery.

On the other hand, if this wasn't done by a government then it really is what a robbery looks like!

-----


Yeah, because jewelry, cash or electronics have no (resale) value so thieves don't touch them ;)

-----


To be fair, exactly this happened to a friend of mine living in Fulham, London. His laptop (a very pricey MacBook) was visible through the window from the street. Someone was in through the (old, poorly-secured) window and back out with the laptop within a couple of minutes whilst my friend was in the shop across the street. Didn't check the bedroom for jewelry, didn't take his expensive decks or TV - just grabbed the laptop and left. It seems some thieves do specialise - either that, or my mate is into some other stuff I don't know about and had just been told he was going to receive an encrypted file...hmmm.

-----


When I was robbed they ransacked my apartment. They went through the couch, luggage, kitchen cabinets, took the TV, my change jar, bed sheets(probably to wrap up their loot). It looked the way it does in movies.

-----


Yes but you work the odds of the robbery happening right after the Skype call and then the thieves taking just the laptop where some of the most valuable pieces of intel are. Anything is possible, but...

On another note, if Snowden wasn't in HK, CIA would have already "paid him a visit" or five. Probably each of them was shadowed by dozens of Chinese ones so they couldn't take the risk.

-----


They may have heard a sound, assume they may be about to be discovered, and just scarpered with what the already had in their hands (which just happened to be the laptop).

-----


I would still consider that more of a freak occurrence than dishonest journalists, and much more than spooks being dumb.

-----


Could've been another journalist, someone working for a news-agency, or someone hoping to sell it to a news-agency / a gov't.

-----


My car was broken into a few years back and all the thief took was my school books sitting in the back seat. My iPod was even sitting in the cup holder on a pile of loose change.

-----


The polite, gentlemanly global surveillance state. They only take what they need. They don't make a mess. How nice.

"We would be happy to replace the laptop too, but we didn't think you'd want to use the new one."

-----


Doesn't make sense. Implication: USG was listening to GG's Skype conversations, heard him say he would send big encrypted file, USG stole laptop. But GG says he never did send the big encrypted file. So they're supposedly spying on him, but not well enough to notice the non-transmission of the encrypted material.

-----


You assume that they have full access to all comms in and out of the system; it's entirely possible that a transmission could have happened outside of a monitorable band (for example, mega.com).

To those without the key, an HTTPS download of a porn video is entirely indistinguishable from a tarball of state secrets.

-----


state secrets steganographically embedded into porn videos. Poor NSA analysts forced to sit through hours of it trying to discover the hidden message.

-----


Perhaps they didn't want to take the risk that the file somehow got past them (they failed to detect/recognize it, or it was sent another way (courier, etc.)).

-----


Maybe there was a transmission of encrypted material (from a third party, something completely unrelated) and since it'd be difficult to determine if it was Snowden's they chose to take it anyways. (this is all, of course, presuming that the USG was responsible)

-----


> If I am paying so much money for our awesome military industrial complex, I would AT LEAST expect them to know how to stage the house to make it look like a robbery. Or copy the hard drive and then bug the machine & router to intercept all future communications.

You forget the fact that the majority of operative work abroad is done by minimum wage hired thugs who don't give a single fuck about the intricacies of the execution of the task at hand; they probably even like the fact that they can help make the US look like a bunch of morons.

-----


"Rio de Janeiro has been rated “Critical” for crime by the State Department for the past 25 years. Crimes statistics for 2012 reflect continued critically high and rising levels of crimes in both the state and city of Rio de Janeiro in the categories of robbery, rape, fraud, and residential thefts." [1]

"The high level of residential burglary has made most residents opt to reside in apartments where the “porteiro” (doorman) ensures 24/7 access control for the building. Having effective access control is critical."

[1] https://www.osac.gov/Pages/ContentReportDetails.aspx?cid=139...

-----


Greenwald wasn't in Rio, his colleague was.

-----


Partner, as in domestic partner.

-----


But thieves don't just take a laptop once in

-----


So, NSA supposedly has access via PRISM to direct access to Microsoft servers, and yet they supposedly have to go steal a laptop to get access to sent files ?

-----


Perhaps they didn't want access so much as they wanted to remove possession of the files from Greenwald's partner?

The NSA presumably already knows what's in the archive.

-----


Yes. Are you trying to imply that that is odd? "Sent files" as a general case don't live on Microsoft servers.

-----


No the key of that phrase was:

> I did not end up doing it.

It's implying had he sent it the laptop wouldn't have been stolen.

-----


The machine could have been shutdown before they had the opportunity to slurp the file.

-----


ASK HN: How Does Edward's Dead Man Switch(EDMS) Function?

How?

So, there are these remote backups/sites out there, encrypted. Say, every week ES has somebody Bob post a keyword somewhere, a forum, pastebin, etc. The owner(s) Alice, Doreen, Glen, etc... of these backup sites manually or 'auto-crontab' for this keyword, or coded sequence of keywords, if so, fine, steady as Edward goes.

If not, .... ES released his hand(See hyperventilated Dyson's DMS in Terminator II film) sprung trigger. NOT good:

This interrupts the auto-cron periodic keyphrase(word) update and the toothpaste tubes are vigorously flattened, and you can't get the toothpaste back in.

(How? ie, How does EDMS trigger release become known to remote system trigger manager Bob or crontab daemon?)

Neighbor Bob check's local lampposts for Ed's new white tape once a week?

Can Bob be automated?

-----


This is needlessly complex. Just find people that you trust to hold onto the key, and a few other people to hold onto the file. People who's priorities are aligned properly and are use to being leaned on (journalists and/or activists). When they read in the New York Times that Edward Snowden is dead, some or all of them publish.

If you are worried about one of those people colluding with another to get the secret sauce too early, then split the secret. Give it to 50 people and require any 10 of them to release their material. Or whatever, you can tune it how you like depending on how many people you trust and how much you trust them. Automation is unnecessary.

-----


  # cat /etc/cron.daily/dead-man-switch

  #!/bin/bash
  wget -O latest https://raw.github.com/asdf/feab/data.txt
  if [ ! grep `date +%m%d%Y` latest ] ; then
    echo "The key is uRYB9vCT53jCSkjzaf9b" | mail -s "I'm dead." glenn.greenwald@...
  fi
Wouldn't be hard to run this on a few random computers around the world pretty anonymously. The NSA getting the key isn't too big of a deal.

Of course, you'd want to test this and make it more fault tolerant.

-----


Assuming, of course, that you don't experience a network partition. MTAs are partition-tolerant; wget is not.

Whoops, that Github service outage just threw the world into political chaos. :)

-----


It could work, but I know that if I were in Snowden's place I would be more keen on relying on people, and not having to "phone home" (I am fairly confident that news of his demise or "disappearance" would eventually become public).

-----


Rubber Hose Cryptanalysis:

"Good morning Mr Snowden? How was your sleep last night? Oh yes, that's right, you didn't get any.

So to begin with, No I will not get that light out of your face, What was this you or Mr Greenwald mentioned about having your distributed files securely backed up, and have you a deadman switch Mr Snowden, you understand, in case of your demise? .... a bash shell script? Why the hell you didn't you use python?! This is going to be a problem. How are we going to fix it?"

-----


Find one, know the page, obtain the logs who accessed the page, find all. Or catch Snowden and keep updating the page yourself. Not that it can not be done in a similar way but it is non-trivial to get it right.

-----


  | it is non-trivial to get it right.
But malware writers / botnet owners have been doing it for a while.

-----


POST EDMS triggered launch, a simmering autonomous viral botnet, foisting ES plaintext onto infected email address lists, pastebin, etc., anything else it can fool CAPTCHA registration, with generating SHA256 signatures, new passwords, the whole open source kitchen sink of paranoidal-crypto-craft to effect public-at-large propagating whistle-blaring incriminating secrets, successfully leaked.

-----


If you are worried about one of those people colluding with another to get the secret sauce too early, then split the secret. Give it to 50 people and require any 10 of them to release their material. Or whatever, you can tune it how you like depending on how many people you trust and how much you trust them. Automation is unnecessary.

This is, in fact, practical to do with Reed Solomon codes.

-----


I don't know if it is the state of the art, but there is also Shamir's Secret Sharing: http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

There is a nice implementation in Debian called 'ssss'.

Edit: nifty demo: http://point-at-infinity.org/ssss/demo.html

-----


That is much better solution than the one that I thought of.

-----


Um, well, er... no, I prefer crontab. It has let me down far fewer times than mortals.

EDIT: An agent running on some VM somewhere isn't that tough to implement. You could do it from a friggin' R-Pi. If the "all clear" isn't posted where it is supposed to be, let the monkeys loose. (Kids in the Hall" reference, fwi)

-----


> I prefer crontab. It has let me down far fewer times than mortals.

This opens lifestyle guidance for our aspiring youth:

Prefer crontab. It will let you down far fewer times than mortals.

Choose bitcoin over any Ben Bernake or Alan Greenspan currency.

Believe Snowdenspeak over Clapperspeak, Kieth Alexander's mouth moving, or any Obama-ism.

Go to lunch with Richard Stallman before that mean looking bald-headed angry man with that desperate hunted rictus fixed to his face, who works at Microsoft, but not for much longer.

-----


Give group A the encrypted data. Give group B the encryption keys. Give group C the email addresses of group A and group B. Give them all their instructions on when to "pull the trigger", either through a period of lack of communication or events in the media or something else.

-----


Yep, group C is a good addition. Ideally they would also have a way of authenticating themselves with groups A and B as authentic members of group C.

-----


You could just have all of them as pre-canned messages that have been digitally signed by the primary person.

-----


Its too complicated.

I believe any organization worth its salt that has NSA/CIA as enemy would have thought of something better and easier for a fail-safe device, an insurance on their lives if you will. Wikileaks has an insurance of this form.

Post encrypted file to everyone. Probably there is several VMs checking in or even scraping most news sites for "Assange dead", and if that happens, pastebin the keys. And even this is complicated.

If I would need a dead-man switch, Id include people I trust to release the keys, or parts of the keys in case I need to trust several people to be in agreement at the same time.

A technological solution in case I cant trust anyone, then I would run several php scripts on those free hosting sites, or get a plan with heroku or redhats openshift, all of which check for updates from my sock puppet accounts on facebook, g+ and email, weekly or so. Say every other update on at least one of the public services must contain a secret codeword in hidden form like first letter of each sentence or rot3 of those. If no updates are found for three weeks on all the sites, or if the codeword is not there two times, pastebin the keys all over the internets.

-----


>... like first letter of each sentence or rot3 of those.

After all these years, that is the first interesting application I have seen of rot13(I think you intended?). ty

-----


I agree this is wayyy complicated. All you do is send the encrypted data to whomever you want and then have some servers check an email every day to see if it got an email from snowden indicating the date. If its there repeat tomorrow else email key to journalists/publish on the internet.

-----


ES is vulnerable if physically must be connected. Ideally, if he does a single-bit "I'm alive today" `annnuciator flag', say, once a week, and if this get's interrupted, his total autonomous bot wakes up swinging email, postings, and HWALL w3-wide `Guardian-class Bombshells'.

-----


Reminds me of the time the house I was renting with a bunch of other international students was broken into and obviously searched, but nothing was taken, not even cash.

-----


Wait, what? This dudes gay?

-----


I'm starting to think the freakout we've seen in the media up to now is for much more than the Prism disclosure. This guy is the real thing, he's got serious insurance to bargain for his life & he's taken all precautions to safeguard it. No wonder they're scared shitless.

-----


Want to bet on Snowden's bright future? I don't :-(

-----


The "freakout" in the "media" outside of the HN/reddit/internet bubble is mostly obsessed with "Where in the World is Carmen, I mean Edward, Snowden?" and not so much in the whole PRISM, constant universal wiretapping scandal.

-----


I'm in two minds about this. Focussing on this issue is obviously important but I think the general public gets bored of it after a few days. They are much more interested in the human story. Keeping them hooked on that with the obvious regular explanation of who Snowden is and why he's in the news might get people to want to look into the actual story more. And if there is a big 'break' in the story (Snowden captured, makes it to Ecuador, etc.) people will be hooked and then the story of the spying will hold their attention. People (and I include myself) are much more interested in a story about other humans than a computer hacking/spying story that doesn't really involve many specific people directly.

-----


I agree. Outside of Hacker News, no one is talking about PRISM at all.

The drama regarding Edward Snowden's whereabout is the only thing keeping the story going.

For most people, PRISM was one of 100 stories on their newsfeed that day.

-----


Amazingly happy to see that HN and /r/news|politics|worldnews now looks like /r/conspiracy exploded all over them.

I am happy that the worries of echelon, which was treated as rumour, hearsay and conspiracy theory are now 100% proven to the entire world.

I am looking forward to seeing what further revelations Snowden's files will show.

-----


Not sure if you're using sarcasm[1] or not, but Echelon is accepted fact and has been for many years.

The European Parliament held reports on the capabilities of Echelon. Industrial espionage has been linked to Echelon.

The purpose of Echelon (intercept communications data) is the stated purpose of GCHQ. Really, it's on their website and in their recruiting material. They monitor all communications, anywhere in the world, from DC to light.

Echelon isn't fantastic weird conspiracy theory.

[1] Sarcasm is not useful in text and it's especially not useful on a forum like HN, where there tends to be a higher number of users who are more literal than the regular population.

-----


No sarcasm at all.

For the majority of the population, they have either never heard of echelon, never took it seriously or have outright dismissed it as a crazy conspiracy irrespective of the previous proof.

I think of all these things are coming out now as an opportunity to have a serious discussion about wtf the US (and humanity) is doing.

It's time to work as a global civilization. Our resources are squandered on creating truly a prison planet (no reference or credit to Alex jones).

-----


I guess sam can chime in but I didn't really see anything sarcastic in his reply.

-----


Exactly.

Focus on the man, and not the issue. That is the "freak out".

-----


Because that lets them play the distraction game (and shoot the messenger at the same time).

-----


I hope Glenn has also thought about what should happen if he has a sudden car accident.

-----


Just for the uninformed that may not know what your referencing.

http://www.theblaze.com/stories/2013/06/21/email-sent-by-mic...

-----


Thanks to LA's high concentration of paparazzi there's video of (allegedly) him blowing through a red light moments before the crash: https://www.youtube.com/watch?v=gNhqKRugk8Q as well as video of the burning wreck minutes later: https://www.youtube.com/watch?v=3LSY3wVuASg (possibly disturbing video)

Also, interview with an eyewitness: https://www.youtube.com/watch?v=fweyFCFKcp0

-----


Related: a presentation by DARPA about car cyberattacks http://www.youtube.com/watch?feature=player_embedded&v=3D6jx...

-----


NYTimes article: http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0

Richard Clarke says it's possible: http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...

-----


I spent a few min reading the referenced paper, and they do seem to demonstrate that there's the possibility of electronically compromising car electronics, including brakes.

However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car), and cannot be electronically overridden. The steering wheel is connected directly to the wheels, and can't be controlled by the electronics. Electronics can activate the brakes, but can't cause the brakes to not activate because the pedal is connected hydraulically to the calipers. Even if the engine is racing, braking force is greater than the engine's force. [2]

If his car was vulnerable, all-electronic attack doesn't seem like a good way to assassinate someone if they can simply step on the brakes to stop the car. Changing the mechanics to allow remote control might be possible, but that's a lot of physical evidence to add to the car.

[1] http://www.autosec.org/pubs/cars-usenixsec2011.pdf [2] http://www.keacher.com/672/title-fight-brakes-versus-engine/

-----


The Mercedes C250 (like almost all cars) has anti-lock brakes. The hydraulic (as you refer to them 'mechanical') brake cylinders are controlled by one of the cars ECUs based on data from the brake pedal, emergency brake, and rotational sensors on each wheel hub.

Everything in newer model cars is connected to the CAN bus (basically a broadcast serial protocol), radio, airbags, brakes, etc.

Your XM Satellite Radio could in theory detect that you are traveling over 70 mph and trigger just the right front brake cylinder. Any time you detect braking on other wheels, fire one of the 9 drivers side airbags to disrupt the operator.

-----


The C250 definitely has an option that can sort of steer just by application of the brakes on individual wheels like you described. Their marketing name for it is "active lane keeping assist."

http://www4.mercedes-benz.com/manual-cars/ba/cars/w166/en/ov...

-----


Agree with everything you said as possibilities. There are clear proofs of concept that an accident can be caused by a compromised electronics, and multiple ways to do it. We can come up with endless possibilities, but I was trying to establish likely vs unlikely.

In his particular case, an attacker would require Hastings to be traveling at a high rate of speed to have a high probability of a fatal injury. Highland Ave is a 35 mph surface street. So the attacker would either need to speed the car up, or have him already traveling at a high rate of speed. If it's the former, Hastings could have just used the brakes. If it's the latter, there are lots of reasons why he could crash on a two-lane city street lined with trees and parked cars at 4 am. As you point out, it's possible a sophisticated attack could have also provided all kinds of distractions to prevent him from braking effectively.

I think the most likely explanation was that he was speeding and lost control, but feel free to disagree.

-----


I was simply correcting your authoritative statement: However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car)

You are dismissing it as unlikely, because you keep assuming that some subsystems would work as designed or intended.

I'm not comfortable discussing details on this point, but "just use the brakes" might not have been an option had the malicious payload been properly designed. I have maybe a basic to mid level of experience reverse engineering automotive firmware, and it would not be hard for me to pull off. God only knows what a state actor could come up with.

-----


Can you recommend any automotive firmware reversing resources or published work?

Thanks.

-----


This is a good intro and overview of security issues: http://embedded.communities.intel.com/community/en/applicati...

If you want to just hack around on CAN bus, check this project out: http://www.gadgetgangster.com/news/54/556

To get at actual firmware, you'll want to identify the ROM chips and wire up an appropriate reader. You might be able to get by with a bus pirate. Once you have the actual firmware, you should be able to identify the processor (get ready to learn old obscure Motorola instruction sets) and you're off to the races. If you luck out with an x86 or ARM processor I highly recommend the Hex Rays Decompiler.

I was working as a generalist on the team, so the HN expert collective may be able to give you better pointers on specific items.

-----


> Electronics can activate the brakes, but can't cause the brakes to not activate because the pedal is connected hydraulically to the calipers

right, because ABS does not work by pulsating the pads off and back on...

What I would do if it was a spy movie:

    1. plant bomb underneath.
       maybe just a small (hard to find) fuse in the gas tank.
       make it activated by airbag sensors.
    2. hijack car electronics
    3. when target is inside, locks door.
       accelerate and mess with brakes
    4. he can turn as he wish. by the time he realizes what's going on,
       all he can do is try to avoid a high speed crash by then.
    5. with doors still locked, car crash and goes boom,
        just like they do in hollywood.
all the evidence left would be a burnt fuse in the exploded gas tank, and the firmware on the burnt electronics.

-----


> right, because ABS does not work by pulsating the pads off and back on

So ABS can fully cut off brake pressure? My understanding is that it relieves extra pressure and that regardless of the valve position, either full force of the pedal (including locking the brakes) or reduced relieved pressure is still sufficient to stop a vehicle.

> What I would do if it was a spy movie

All posible. My comment was really just a response to Richard Clarke's comment that it could have been an "untraceable" "car cyberattack."

-----


This Nova Science Now episode gives a demonstration where Prof. Yoshi Kohno of the University of Washington hacks a car and remotely slams on the breaks....

http://www.pbs.org/wgbh/nova/tech/can-science-stop-crime.htm...

Quite a nice segment.

-----


>However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car), and cannot be electronically overridden.

about ABS brakes (and thus absence of direct mechanical control by the driver) other people have already explained. The speed is controlled by electronic throttle control. Mercedes was among the first and brought drive-by-wire decade ago.

>The steering wheel is connected directly to the wheels, and can't be controlled by the electronics.

ever heard about electric assist steering? Mercedes does have it on the C250.

And btw, the modern cars don't explode. Poor Mercedes when guys like this will come into play http://www.usautoinjurylaw.com/types-of-accidents/explosions...

The reputation and perception is half the price of a Mercedes and this accident makes a dent in it (on the related topic - how much Toyota suffered for a runaway acceleration).

-----


> ABS brakes

Correct me if I'm wrong: ABS doesn't cut off pressure to the brakes but instead relieves extra pressure. At no point can the ABS module ever fully cut off brake pressure that's being hydraulically applied by the driver. Incorrect?

> electronic throttle control

Yes, but my point was that regardless of what the throttle was doing, brakes can counter. If he was alert, he should have had reasonable time to start braking as the throttle opened up.

> ever heard about electric assist steering? Mercedes does have it on the C250.

Thanks -- this is a good catch.

> And btw, the modern cars don't explode

Agreed.

-----


>Correct me if I'm wrong: ABS doesn't cut off pressure to the brakes but instead relieves extra pressure. At no point can the ABS module ever fully cut off brake pressure that's being hydraulically applied by the driver. Incorrect?

if relief valves are kept open (instead of open/close/open/close/... like during normal ABS operation) i don't think there will be any effective braking force.

-----


This is one of the reasons I can see Google Glass becoming more prevalent...security of one's well being through live streaming...even though I'm concerned about privacy, sometimes security through obscurity is not viable.

-----


Yes give the regime more eyes, why don't you.

-----


It would work the same way police car cameras work now: if it caught the government breaking the law the footage would simply get lost somehow. If you stream it to some service, the PRISM group would see it and force the site to remove it.

-----


Woah. The scene of that accident looks straight out of a movie scene, looks too unreal to be a normal car accident!

-----


Michael Hasting's friend was just interviewed on TV:

"His friends and family that know him, everyone says he drives like a grandma, so that right there doesn't seem like something he'd be doing, there's no way that he'd be acting erratic like that and driving out of control"

https://www.youtube.com/watch?v=ZEIjna7672Q

-----


Do people who drive like grandmas spend bread on a 200 hp Mercedes coupe?

According to this article [1], Hastings describes himself as a "a recovering drunk/addict/screw-up." In another True/Slant piece, he says, "I have smoked crack." He crashed a car in a drunk-driving accident at 19.

It's funny how geeks, who pride themselves on rationality, throw Occam's Razor out the window at the drop of a hat.

[1] http://www.breitbart.com/Big-Journalism/2013/06/21/LA-Weekly...

-----


FWIW, 200 HP is not a lot and is, as far as I can tell, Mercedes' least powerful engine (201 HP 4-cylinder). In a 3,500 lb. car, it will not be especially fast.

(I used to have a 3,500 lb. coupe, a Pontiac GTO. Now that was fast. It had a 400 HP V8.)

-----


>Do people who drive like grandmas spend bread on a 200 hp Mercedes coupe?

I know a guy with at least a dozen cars, including a McLaren F1, drives way more cautiously than most grandmothers I know.

-----


In point of fact, my grandma drives a Mercedes coupe. So the answer to your question is yes.

-----


Yes, it's a common frustration in the US that when you see a 911, Ferrari, Dodge Viper or whatever it's usually being driven slightly below the speed limit by some (presumably rich) old man.

And P.S. Occam's Razor is just a guide line. Many things happen every day that violate it. The US government has murdered people before and tried to cover it up, so it's not beyond the realm of believably or possibility.

-----


There seems to be some evidence directly contradicting this statement.

-----


People are speculating that the controls in his car may have been compromised. [e.g. [1]]

I'm not saying this is true; just that it is what people are speculating. Frankly I don't know whether or not it's possible to remotely take over that particular car's steering/acceleration mechanisms.

[1] - http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...

-----


Sigh.

No, that car hit that tree. It wasn't dropped off by a flatbed truck or something. And yes, cars can catch fire during high-speed collisions.

Not to toot my own horn, but... https://news.ycombinator.com/item?id=5936521

-----


who said that NSA is limiting themselves only to reading your emails.

"Bush advisor: Hastings crash ‘consistent with a car cyberattack’"

http://rt.com/usa/michael-hastings-cyber-car-218/

-----


I remember, years ago when I was working for BMW, reports that security researchers had been able to gain control over a vehicle by compromising the wifi that the Tire Pressure Sensors used to communicate with the central onboard computer. If a few security researchers could develop that capability, I'd be stunned if intelligence organizations weren't doing the same.

-----


Please don't use Wifi. Wifi doesn't refer to all radio communications, Wifi specifically refers to IEEE standard 802.11.

The TPMS systems do not use Wifi, nor do they generally transmit in the 2.4 GHz band. The system from the paper you mention sits at 315 MHz.

The paper is available here: http://www.winlab.rutgers.edu/~Gruteser/papers/xu_tpms10.pdf

-----


It's not an important distinction, but I still appreciate the clarification.

-----


Describing Richard Clarke as a "Bush advisor" is a case of technically true, but sort of an unusual label for the man and somewhat misleading in the impression it might give of who he is.

His counter-terror position was a holdover from the Clinton administration, and he eventually left the Bush administration on very bitter terms; I've seen the term "character assassination" used to describe the way he was treated by the administration on numerous ocassions.

-----


I am not denying the possibility that there was fowl play. I am denying that "the wreck looks like something from a movie" is evidence of anything at all. Keen difference there.

-----


I am not denying the possibility that there was fowl play.

So you think chicken sabotage is a possibility then?

-----


Ha! In fact, I find it rather likely that birds were involved.

-----


You do realize that RT is a directly funded by the Russian Government don't you? There is a great incentive for them to paint the US in a bad light.

-----


That doesn't make it all false. The best propaganda is also true.

-----


But it also doesn't make it true

-----


That property exists for all news media.

-----


Here you go: http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...

-----


I'm not trying to say that its impossible, not by any means, but the RT article presents the statement as something that is assumed to be true, whereas the HuffPo article presents it among a large list of conspiracy theories. The RT article is clearly written to act a propaganda, and the article from the post gives a more objective view, where there is a slim possibility that the car was hacked, but it is just as unlikely as any other.

-----


sorry, man, just grabbed a link about Clarke.

-----


It seems pretty clear that this isn't an insurance policy for his personal well-being, but rather an insurance policy for the data eventually being published.

-----


+1 insightful. The people doing this aren't worried about personal sacrifice, or they wouldn't be doing it. I think perhaps what they are worried about is their efforts being in vain.

-----


As he's mentioned several times, Glenn Greenwald is not the only one with access to all the material Snowden has released. There are several other people at the Guardian and perhaps elsewhere, so targeting him in that way makes little sense.

Instead, they've wisely chosen the strategy of trying to discredit him.

-----


> so targeting him in that way makes little sense.

The fact that others have the same info means that it makes a lot of sense.

Not a lot of people have the backbone to carry on after someone has been made an example. And those that do, well, they can also be made examples.

-----


Ideally most of the various people in possession of part of the key or the encrypted data are secret (actually, more ideally, the encrypted data is publicly available). One anonymous tweet over Tor could spill the secret with relatively little risk to the individual.

There is a certain safety in numbers too, if you are one of dozens of people in possession of the key, if you have a little backbone you can leak the key and be reasonably confident that they are not going to kill several dozen people purely out of a sense of revenge.

This is why Glenn is so keen on pointing out that he is not the only person with the data/key.

-----


This is definitely the only reason I think he is still alive. The NSA has probably done forensic analysis on the workstation that he utilized to transfer the intel...and as Snowden has noted, he does not want to be careless with the information or it's distribution in contrast to Manning.

To make it simple, I think he released to the public the appetizer, and has withheld any main course or desert (sorry for the analogies...lunch time).

-----


Wikileaks made their "insurance" available to everyone via torrent... in other words they have safety in numbers. Snowden having distributed to file to "many different " people is vague and if the # is small could put them in real danger.

-----


On the other hand, he's been to both Hong Kong and China now. Government officials from either country may be among those people with the encrypted data. Whether or not they release the encrypted data when/if the key is publicized doesn't really matter.

Publicly distributing the encrypted data does seem to be better to me, but making it ambiguous as to whether or not foreign governments have it seems like it could be a decent second best.

-----


I wonder to what degree Wikileaks held Snowden's hand through all of this? For those who remember, Assange's organization distributed a large encrypted archive through bittorrent around the diplomatic cable leaks, presumably with a dead-man's switch [1] set up to reveal the key. I'm sure that Snowden had some procedures in place before departing to Hong Kong, but I also recall Assange saying they were trying to reach out to Snowden a week or two ago, and perhaps (hopefully!) they were able to give him some insurance tips, including potential pitfalls that Snowden may not have thought of.

[1] http://en.wikipedia.org/wiki/Dead_man's_switch

-----


A wikileaks activist flew out to Hong Kong to advise him.

http://www.nytimes.com/2013/06/24/world/offering-snowden-aid...

-----


If it's at all true that Assange had foreknowledge of Snowden's attempt to re-penetrate NSA via B-A-H, that would be very bad news for Wikileaks IMHO.

-----


Not saying it goes back that far, but referring to more recent times. Like over the past couple weeks. I don't think anybody in the world other than Snowden himself knew of his plans to penetrate BAH. But even if they did, who cares? As long as they didn't help him, I do not believe that knowledge of an impending crime is in-and-of itself a crime (someone please correct me if I'm wrong). What are they gonna do? Trump up some sexual assault charges?

-----


Well it would be conspiracy to commit a felony for starters. And how do you think the American people would handle the idea of a foreign-born spymaster using his acolytes to infiltrate the national security apparatus, however angelic he claims his motives to be?

-----


Plenty of other countries around whose residents are happy to find out in what kind of ways we rightless non-residents are being informationally manhandled by you.

-----


Then feel free to try to spy on us like all the other foreign countries do. In the meantime if you have better ways to detect and track violent extremists that could be literally anywhere in the world without accidentally scavenging data belonging to our allies then I'm sure the NSA is all ears; you could probably make your suggestions on any web forum, in fact.

Perhaps there's an RFC forcing AQ to set the "evil bit" on their IP packets? That's a feasible technical solution, I suppose, as long as AQ is RFC-compliant.

-----


So all anyone that wants access to the whole of what he has recovered needs to do is kill him and then it will all be released? That doesn't seem like a good position to put ones self in.

-----


Snowden isn't carrying military secrets or anything. Details about internet/phone surveillance are of relatively little consequence to foreign governments, who certainly have a good idea of what's going on already.

-----


He's no ordinary system administrator. This whole thing seems very well thought through.

-----


If you were going to put your life in jeopardy and go on the run, you would probably think it through very carefully as well.

-----


Well, obviously. How many sys admins do you know that used to work for the CIA and contract for the NSA? :)

-----


This is the kind of thing which may help keep him physically safe, but massively hurts him both in the court of public opinion (which matters a lot, if his actions are to have any positive effect for the public), and should he stand trial in the United States (although, one could argue that if it gets to that he's lost either way). It puts the people arguing for a pardon for him in a much tougher position.

-----


Why? The data is encrypted so unless he divulges the key, it's useless to whomever has it.

Also, we don't know what the data contains. So even if he does give out the key and the media start publishing, who's to say what comes out wont be in the public interest?

I think it's a bit early to say this strategy has massively hurt him.

-----


It doesn't matter what the data is at this point, since it's encrypted, but what it says, to a disinterested observer, is that Snowden is the sort of person who would gladly wield the threat of disseminating classified US information as a way of protecting his own skin. This directly contradicts the falling-on-my-sword, leaving-my-girlfriend-and-highly-paid job martyr/hero positioning he's been going for.

Snowden is coming to light as a complex character, not some altruistic idealist who expects a pardon and a ticker-tape parade. Phrases that come to mind are "David vs. Goliath," "Catch me if you Can," and "John Le Carre." I love it because it's a more interesting story this way.

-----


But he's already on record saying "The information is coming out, no matter what happens to me".

This isn't his ace-in-the-hole insurance for him as much as it is insurance that killing him can't stop the release of the information. That makes him far less valuable as a target for "extralegal field maneuvers".

By distributing the file, he's announced that the information has become a hydra - cutting off its head won't kill it. This won't stop the US from pursuing him, but it guarantees that his goals will be met regardless of his personal safety.

-----


I see your point. I guess I feel that the majority of people _are_ capable of realising real life doesn't imitate Hollywood and Snowden quite rightly needs to take some sensible precautions if he is to have any hope of sustaining this story and effecting the public debate and ensuing policy changes he's fighting for.

-----


No, this is in fact real life imitating Hollywood -- Snowden has turned himself into a Doomsday device! I am hooked on this story like some people are hooked on "Keeping Up With The Kardashians."

-----


No, this is a guarentee the information gets out regardless of what happens to him. Snowden is going to get the information out. Or, if they kill him, the information gets out. This puts those who don't want that information getting out in a difficult position, but it doesn't change his own situation very much.

-----


I think there is room for a distinction between saving my own skin, and making sure that even if I am killed the information gets out.

-----


> but massively hurts him both in the court of public opinion

How? Oh, look he isn't an idiot and he knew the CIA would try to assassinate him to silence him.

-----


Headline should be CIA burgles house in Brazil?

“When I was in Hong Kong, I spoke to my partner in [Rio de Janeiro] via Skype and told him I would send an electronic encrypted copy of the documents,” Greenwald noted. “I did not end up doing it. Two days later his laptop was stolen from our house and nothing else was taken. Nothing like that has happened before. I am not saying it’s connected to this, but obviously the possibility exists.”

-----


That would be a terrible headline based on that quote. Speculative, sensationalized headlines are undesirable even if they push an agenda you support.

Makes it very easy to dismiss.

-----


Speculative, sensationalized headlines are undesirable

Oh, I agree completely! Unfortunately, copywriters for almost every popular newspaper in the world do this by rote.

I added a question mark. :)

-----


Your title suggestion is too much of an assumption and accusation.

While the disclosure of Prism has confirmed what many tech minded people I know have always assumed, it does not stand to reason that other countries do not monitor chatter and would not act on intel that is valuable.

Basically, what I'm saying is to keep our minds open while reading these articles...an example of why would be if you remember Huawei Routers not being allowed in certain US infrastructure [0], or Clinton lobbying China to remove it's firewall [1].

Open minds can then start speculating past motivations in old articles.

[0] http://www.dailytech.com/Huaweis+CEO+and+Former+PLA+Officer+...

[1] http://www.salon.com/2010/01/22/hillary_clinton_internet_fre...

-----


Sure! Nobody knows what happened. What amuses me is that you instigate for open minds whilst referencing nationalism.

-----


I hope I didn't come off nationalistic...esp given my criminal record.

Why I linked those old articles, I imply that the US didn't want China to do what it was doing (which is what PRISM revealed) to have a backdoor into US infrastructure through Huewei routers, and that the administration wanted to possibly make it easier to monitor China's chatter by pushing for it to tear down the "Great Firewall."

-----


The point is not that your comment was itself nationalistic, rather that you fell in to the trap of interpreting everything from the standpoint of a world divided in to nations. Why is this an issue? The totalitarian trajectory at issue here is one of importance globally, which will affect the future of all humanity. (Contrast: Einstein famously defined nationalism as an infantile disease; the measles of mankind.)

-----


What do you people think intelligence agencies do? I'm surprised how far some people are taking the feigned ignorance/outrage. The NSA is reading the traffic from the biggest web communities in the world? Major shocker there. And now we're trying to make a scandal of an intelligence agency discreetly taking an object that may contain data that compromises national security? Things like that are why clandestine services exist in the first place: making sure we have a way into major communication channels when necessary, and making sure sensitive information is kept from prying eyes. These are basic functions for meaningful intelligence. Do we think the CIA just sits around in Langley all day?

I don't get it, is all.

-----


And just like Wikileaks the trickle of information will gradually dry up and we never hear anything again. The thing I hate most about these leakers is that they have huge stores of documents but only release a tiny fraction.

-----


That makes sense. As Snowden said in one of the interviews, the reason he doesn't want to release everything is so that other countries don't have a blueprint from which to develop their own PRISM.

-----


Is Snowden still focused on PRISM alone? The blueprint to that is already out, it's called FISA and FISA Amendments perhaps sprinkled with a bit of Ruby on Rails and web services magic.

-----


I just assumed he was talking about the technical, not legal, blueprint. I highly doubt a full stack web framework would be the right hammer to spy on the world's communications!

-----


PRISM doesn't spy on the world's communications. It automates FISA warrant compliance, you're probably thinking of one or more of the many other NSA systems out there.

-----


Probably! It's easy to lose track!

-----


This is double-edged sword! While USA/NSA does not want Snowden dead to keep secrets for as long as possible - suddenly half of the world might become more interested in exactly that to happen rather sooner than later.

-----


If it was known (assumed) that Snowden sent Greenwald files, don't you think every intelligence group in the world with an interest in obtaining US classified information would be very motivated to obtain that chip?

-----


I wish Greenwald would share these documents that are so shocking and revealing. I would like to see what all this fuss has really been about.

-----


wasn't this kind of assumed? to go this far and not cover all bases would be incredibly stupid and he doesn't strike me as such.

-----


Agreed and I think the move to travel through China and Russia had to have been part of his plans at the start as this just drags all of the International parties into the fray whether they want to keep it quiet or not. It also then behooves everyone to keep him safe so they don't get escalate the finger pointing game on who might have had him killed.

I'd personally like to see less focus on the guy and more on the message though.

-----


Interesting view. Hadn't thought about it like that :) For now China seems to be pretty happy about Snowden.

-----


I wonder how he was able to amass thousands of documents within two months of being in his current position while still screening them for information beyond the scope of what he was trying to leak. The possibility that there is confidential information about foreign operations outside of the internet surveillance makes me lose a great deal of respect for him. I also don't trust someone who wasn't even able to manage a GED to read through thousands of intelligence documents... just putting that out there. I feel like many have been too quick to give this guy a free pass.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: