Hacker News new | past | comments | ask | show | jobs | submit login

NSA started to move towards "two-man rule" system where system administrators work in pairs when accessing servers with highly classified information only after Snowden leaks. When you know that Russia and China have good track record of long running human intelligence operations in the US, this looks like really gigantic security lapse.

They are not stupid and they must have been discussing it. There must have been strategic decision where they prioritized the expansion of intelligence collection over internal security (effectively cutting the work that skilled people with security clearances can do to almost half must be real cost and resource bottleneck).

If I had to guess the situation, I would say that for every whistle blower there is two spies who spy for Russia or China and they have collected all documents they can. Russians&Chinese spying US spying the world. The cost of setting up good HUMINT must be fraction of the cost of the NSA infrastructure.

> I would say that for every whistle blower there is two spies who spy for Russia or China

That's an exaggeration, IMHO. This is not the Cold War, where many actors were moved by ideological considerations that crossed national borders (like the Cambridge Five, for example). Nowadays, national and cultural lines are extremely well drawn, so motivations for "traitors" boil down to money and/or blackmail, which are usually easier to defend against at the top level.

I think records speak against your IMHO.

1. Ideology has not been the major modus operandi in long time (since 50's). Nowadays idealogical reasons are replaced by cultural and ethnic loyalties. Wast majority of people who spied for China have had Chinese heritage. https://en.wikipedia.org/wiki/Chinese_intelligence_operation...

2. Money and personal problems/reasons seems to be major reason for spying against US and for Soviet Union/Russia during and after cold war (Hanssen, Ames) According to American counterintelligence Russian espionage reached Cold War levels already in in 2007.

>Wast majority of people who spied for China have had Chinese heritage.

Though I also believe this to be true, what we know for sure are that most of the people CAUGHT spying for China had Chinese heritage.

Exactly, its easy to spot a Chinese spy when you investigate your Chinese workers.

The notion that a spy is only someone loyal to a country is just quite frankly, silly.

No one says that spies are always loyal to a country. It's not surprising that made-up positions are silly.

your point 1 proves what I was saying: it's technically very easy to defend against Chinese spies -- just enact more stringent ethnic profiling. I'm not saying this is desirable, but even at very high level it clearly restricts attacking surface quite dramatically. The difficulties are political rather than technical in nature.

I partially agree with your point 2, but "according to American counterintelligence" the sky is falling every other day unless the spooks get more money and less supervision. Relying on government sources in a thread about Snowden feels a bit weird.

Be sure to block all of the white guys with yellow fever, while you're at it.

No, it's not a "political" problem.

Susceptibility to honeytraps is indeed a problem.

The Chinese spies are not in the NSA. They're in the Beltway Bandit and Silicon Valley companies, copying the source code for the drivers used in industrial machinery and weapons systems.

They are smart enough to make spying into a profitable business instead of just a mechanism to move tax dollars to the right people. And with respect to using it as a tool of oppression, we simply don't have anything new to teach them, as they just don't need to know anything about FISA courts or parallel construction.

The Chinese spies are in China. They install malware onto the computers of American engineers in Silicon Valley, which then takes on the task of copying the source code needed for critical software systems.

This is the 21st century. There's no need to put yourself in physical danger by entering the country you wish to spy upon. Everything is done electronically.

I wish people backed their claims with evidence.

Anecdotal evidence of an attack that didn't go as planned http://www.businessweek.com/articles/2013-10-10/thieves-spie...

I hope you find that djinn djar someday. But you should know that just sitting back and saying "citation needed" is implicitly an ad hominem distraction attempting to discredit the speaker, and an invitation for that person to appeal to authority.

I prefer to think that everyone should always question everything I say, and independently verify my claims with their own trusted sources. Then, if they find contradictory information, they are free to share it, so that I might possibly disabuse myself of my prior misconceptions. (As you see, I also have need for wishes.)

Of course, if you have actual research funding for me, that's a different story. I'll give you as much evidence as you can afford.

Talk is cheap, and proof will cost you. If you want evidence, you might have to grab a shovel and start digging.

Here's what's publicly available:


There are plenty more hard-working, tax-paying Chinese engineers and high skilled workers making up for the occasional spying incident. And the high-earning engineers pay much more in taxes to help fund the American counterespionage programs. It seems a worthy trade for US businesses.

You know that the Chinese government can buy secrets from native-born citizens, too, right?

Workers in foreign countries and spying in those countries are not necessarily related in any way, aside from the occasional discount windfall that states get from assets with the right sense of patriotism, personal weakness, or political alignment.

There isn't really a trade happening there. The Chinese spying hurts everyone who is not a state-owned copycat company, regardless of their country of origin. The American spying hurts everyone who conducts business over the Internet or travels internationally. The ordinary Chinese people and American people get screwed both ways, because they're unimportant nobodies to the superpower state actors. So let's not get all defensive and start pointing fingers at each other, ok?

It's not a trade. Those hard-working, tax-paying Chinese engineers would still come to the U.S., and U.S. companies would still gladly pay them for their services if the Chinese government did not embed espionage agents within them.

Neither the companies nor the Chinese engineers profit from this arrangement.

"which are usually easier to defend against at the top level"

I'm not so sure about that - it strikes me that spies motivated purely by ideology are pretty rare and were only created in rather unusual circumstances (e.g. pre-WW2 UK) while those who are motivated by fear/greed/ego could occur anywhere.

The numbers may be off, but China and Russia likely each have at least 1 source in NSA.

And I'm sure the US has 1 or more sources in many other countries' signals intelligence agencies, too.

We would only ever learn about that if there's a CIA leak/whistleblower, though.

> The cost of setting up good HUMINT must be fraction of the cost of the NSA infrastructure.

Considering the fact that the US was completely caught off guard by the scope and effectiveness of ISIS I have to question the effectiveness of SIGINT programs like the NSA. I have to assume honestly that these programs outlandish budgets are not for tracking terrorists but to control the domestic populace.

>Considering the fact that the US was completely caught off guard by the scope and effectiveness of ISIS I have to question the effectiveness of SIGINT programs like the NSA. I have to assume honestly that these programs outlandish budgets are not for tracking terrorists but to control the domestic populace.

I must disagree with this interpretation. I think that only the American public and (some) American media were caught off guard by ISIS. However, the warning signs about ISIS and speculation about the impact of instability in Syria go back a while, for example to early 2013. It would have been difficult to determine the exact sequence of events (in contrast, Lebanon has been more stable than some would have anticipated), but the expansion of ISIS operations is not so much of a surprise given 1) stated goal of ISIS to operate beyond Syria; 2) rising political tensions in Iraq encouraged by Maliki's disregard of opposition; 3) past actions of local Sunni militias and leaders, etc.

Maybe it looks like the US government was caught off guard, but I suspect that is not the case. I think US intelligence must have considered instability spreading out of Syria, and modeled a number of scenarios off of that. I think it is likely that the US gov. has not been so quick to respond because it realizes 1) there is little support in America for further involvement with Iraq; 2) there is limited support in the region for US involvement; 3) Maliki's government has leaned towards Iran, so the US may consider the ability to sustain American influence in Iraq limited.

In short I view this as a matter more of limited policy options than a matter of failed intelligence. I also think the more troublesome matter for intelligence is the Kurdish situation, since it is one thing to predict what ISIS will try to do and another to predict what will happen with the Kurdish autonomous region as a result.

A terrorist organisation has established a caliphate state in a country the US formerly occupied and control. If they are being coy about it they must love taking pie in the face. It doesn't look like it, that is a fact. The US doesn't have an answer to these guys. There is no upside to us losing influence in a region to a terrorist organisation and then letting them embed themselves as a valid government. How did that play out for us last time?

Also, you have it backwards, ISIS started in Iraq, (the second I) and spread to Syria (second S). They started with the instability in Iraq, saw the instability in Syria, and went for it.

1) support at home has never stopped the US military from engaging before. 2) We didn't have much before, we have way less now. 3) you find new friends when your old friends stop taking your phone call.

"There is no upside to us losing influence in a region to a terrorist organisation and then letting them embed themselves as a valid government."

The US and UK never properly seized control in Iraq. We were losing troops on a daily basis. Now we have withdrawn, leaving an entirely predictable power vacuum, things have got so mental that even Iran is collaborating with us, and they are currently the main external force now loosing troops in the area. Also, this new caliphate is completely surrounded by folk who really do not like them. To be honest the whole thing looks like a deliberate trap, that is probably going to be used as a drone proving ground, given the political statements about use of troops.

The huge variable being ignored here: the sustained high price of oil along with technological breakthroughs has made extraction of oil shale economical. The U.S. has the largest reserves of oil shale in the world, over twice the total recoverable oil reserves of Saudi Arabia. My sister is a petroleum geologist: a large proportion of oil production has moved back domestically over the last 5 years.

Most recent geopolitical shifts can be traced back to the Middle East no longer being strategically important to U.S. interests any more. In 2007 we were worried that rising oil prices would trigger a financial crisis that would severely hurt American interests; controlling mid-east oil was critically important. By 2010 the financial crisis had happened, it was clear that gas prices were not coming down, and oil production was moving back domestically. There was no longer any reason for us to be in Iraq, so Obama got us out, and as far as the U.S. is concerned the Middle East can collapse into the Dark Ages and we won't care, as long as they leave Israel alone. So far ISIS has been more anti-Palestine than anti-Israel.

Consider we the public do not know all the details nor do we know the thinking of the defense department all we can do is arm chair quarterback.

for all we know the effect ISIS is having may have been predicted and even worse, allowed to play out. From a military standpoint, they are burning off manpower and munitions that would otherwise be directed towards elements we want to protect or have interests in. Until that changes, like with all those refugees recently, I doubt we would act.

Lately US foreign policy seems vindictive rather than friendly. As in, when someone does not treat the Administration how they think they deserve or do not do what it wants the Administration gets petty.

I'm sure they love the perception they were caught off guard. A critical piece of espionage is to keep the capabilities you do have secret. At the risk of sound conspiracy/fanatical, all this sigint stuff is a red herring, they're just glad the REAL capabilities haven't been revealed.

Oh yes the old, "they know that you don't know that they don't know that you don't know" defense.

This worked brilliantly when the USSR collapsed and we didn't send a crackshot team of experts to secure their nuclear arsenal because we didn't want them to know that we knew they were going to collapse. It was much better to scramble around for the following few years trying to track down all that dangerous inventory.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact