Maybe they could have not published this one.
I'm very much interested in the Snowden Documents and am a strong advocate for civil liberties (look at some of my other posts, and the ones under the handle 'xnull').
I also repeatedly explain, on Hacker News, and other places, that there is a global cyber intelligence war and that the Snowden Leaks showed us key insights into what was going on, how it's not 'about terrorism' and a great number of other things.
But I'm bewildered by this article. It seems really damaging, and like it doesn't really add very much to the corpus they've already published.
Edit: Glenn Greenwald, Laura Poitras, Edward Snowden, etc all decide what material to publish and what material not to publish. Greenwald, by his own admission, works with US officials to redact information and to choose which stories make it out of the gate. He's also said that he isn't revealing (paraphrasing) 'the most horrendous material in the Snowden documents, for fear of the fallout'. My question should not be thought of a challenge to revealing Snowden documents as a whole. Contrary to this I think it is of the very highest service. My question is only 'why this document'?
In fact you recognized this too writing: "it doesn't really add very much to the corpus they've already published." Once you attempt to identify the new information, you can recognize that 99.5% of it appeared in some other form before.
The older published documents already were marked "top secret." This markings are given to the content that is considered "damaging" by these who write the documents. You just percieved it differently because these markings were just markings for you, not the sentences spelling out "damaging."
Still, the value to the public of this very document is that it's a single document summarizing nicely the previously disclosed ones in much less words. By its nature though it doesn't contain the details published previously. (Edit: technically, it's a set of the documents but all of them together appear to me just as a big table of contents for the disclosures already published.)
Now let's discuss the new 0.5% of information, even if it's very general.
On the other hand it deals a pretty big blow geopolitically/internationally.
The big deal about this article is that it reveals the major tactical capabilities and efforts the NSA has invested in the intelligence war.
Edit: Right now HN is limiting the number of replies I can initiate. Will reply as I can.
As a foreigner, I'm actually more interested in non-domestic stuff.
Lets say Swedish spies was sent to the US in order to infiltrate and weaken the 911 system, the power grid, or other key infrastructures of the US. Would you shrug at that also, since after all, what should people expect from spies?
Sabotage and spying is two different activities. Sabotage is a tactic employed during war. Spying is a tactic employed during peace. Confusing the two simply states that peace is war, and war is peace, and anything goes so long its against foreigners.
So? For me (Godwin's law be damned) it's like leaked documents about Nazi germany practices. If you were not a German you'd cheer, and if you were a non-Nazi German you'd also cheer.
It does? What is actually new and specific I fail to see. But it's a really, really nice summary.
SENTRY EAGLE is the protection program outlined jointly by the NSA and the U.S. Strategic Command.
The first line reads:
"SENTRY EAGLE... compartmented program protecting the highest and most sensitive level [by] NSA/JFCC to support the U.S. government's efforts to protect America's cyberspace."
The document goes on to specify the broad U.S. cyber protection strategy broken down into Sentry Hawk, Sentry Falcon, Sentry Osprey, Sentry Raven, Sentry Condor, and Sentry Owl - all of which are new.
Add on top data about infiltration into (allied) South Korea and Germany. Not a good day for the NSA.
(The names are most definitely classified.)
Unclassified. For official use only.
Yup the names are not classified.
As the terms are not classified there are minimal standards regarding using the names in less secured conversation. If another country has intercepted communications or documents with some mention of SENTRY EAGLE, now that this has been released they know some of the conversation/document context.
 "unclassified but which the government does not believe should be subject to Freedom of Information Act requests" (wikipedia)
I'm reasonably sure every thinking person has started, in their mind, to replace any invocation of "national security" with "covering up either incompetence, negligence or breaches of law". Theres zero reasons we should be paying any attention to that label.
(I like to remind people of the case of Ibrahim vs. DHS, where the government spent all its time invoking various secrets related laws and privileges, citing national security, even having Holder sign a declaration to that purpose, and what for? To cover up the clerical error of some lowly FBI agent, who checked a wrong box.)
Certainly there are instances where this is the case. I can think of a few others to add to your example.
But there's no good reason to assume that all invocations of classified and politically or strategically sensitive material are excuses to cover up incompetence, negligence or breaches of law. And in fact in this case I'm not sure what it would be covering up. What's listed here is hardly incompetence nor negligence and the argument for breach of law, while slightly stronger, wouldn't pass a smell test.
"The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).”
It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept."
As for foreign companies, it's pretty obvious that NSA and CIA have been conducting operations like these for many decades.
I'm not going to argue that the NSA has not subverted American companies before (see DUAL_EC_DRBG), but this does not provide definitive proof that they're actively infiltrating homeland companies with human spies.
For the record I don't agree with the parent. I think the important thing about this document is that it lays out the broad tactical tools used in US cyberintelligence strategy. It's handing off some major tactical playbook material.
The author is also picking quotes from different programs and mashing them together to come up with their speculation. Note how the commercial entities are discussed under the "Sentry Owl" program on page 7, but the "covert or under cover" quote comes from the "Sentry Osprey" section on the last page, which appears to be talking about the NSA working with the CIA. If NSA employees were working with the CIA on anything outside the US, it would make sense that they'd be undercover. Maybe they are infiltrating companies, but the source document doesn't support that assertion.
Schneier isn't name-dropped at all in the article. I find it odd that they would quote Matt Green and Chris Soghoian by name, but mix in the opinions of someone as well-known as Bruce Schneier without mentioning his name anywhere.
Bruce Schneier was given an opportunity to meet and review a large collection of documents but yes its true we don't really know.
There's a Chinese whispers effect to all this where vague assertions are repeated over and over until they become considered definite facts.
"...by exploiting inherent weaknesses in Facebook's security model." - GCHQ
That's Facebook. The Yahoo and Google stuff has been very widely reported and are direct from Greenwald and the Snowden leaks. Other links (in particular the PKH link) contain other information.
When will Americans realize that 96% of the global population are "foreigners", and are still considered human.
Until the public realize that they are themselves the target of those cyber security war activities by their own government, those revelations can not be damaging enough.
Just to support the point: Today the new Snowden movie is all over the news, while practically nobody seems to care bout those revelations you claim being really damaging.
This is entirely true. Us plebes have been caught in the middle. And the surveillance programs are not just about cyber warfare. The NSA/DHS use them for other things as well (handing off to CIA/FBI/DEA, building profiles of people, social manipulation, etc). But this article from firstlook IS about cyber warfare.
The leaked document itself says "U.S. Strategic Command - Joint Function Component Command - Network Warfare".
> Today the new Snowden movie is all over the news, while practically nobody seems to care bout those revelations you claim being really damaging
Isn't that argumentum ad populum? The news media coverage of the Snowden revelations has been horrendous, limited and misleading through and through. In fact the Snowden movie being in the news is a great example of how the public is disconnected with what's going on. It's not a "Snowden documentary" or a "Snowden lecture" or a "Snowden document analysis". It's a short hour and change person story with a bleached narrative devoid of the content of the actual documents.
I'm off to create a few phony shell corporations to get some free NSA money and get paid to surf the web!
Plenty of leaks before on infiltrating companies and backdooring encryption. Was there anything in particular?
Edit: Nothing in particular then I guess... :(
I'm really starting to take an issue with declaring all this stuff as "cyber war" or "cyber warfare" (here and everywhere else in this thread). It's not a war if there is no intend of actually killing people. Even something as intense as the "cold war", had the qualifier cold in it, because there was no open confrontation. And what is now summarized as cyber (intelligence) warfare is orders of magnitude less deadly (though not necessarily less damaging to our civil rights). It's not a war if I steal your trade secrets and undermine your negotiation positions in international treaties.
If you frame it as a "war" you get a whole different solution space. Instead of strengthening the IT security of domestic companies that build your core infrastructure you end up with "offense is the best defense" strategies and undermine the IT security of everyone. If you stop using war rhetoric this kind of statement:
> If you didn't see it, there's a link on another branch of the conversation containing (at least) 37 other countries involved in cyber [espionage].
becomes far less of an existential threat.
Countries are owning each others' communications, power, transportation, energy, food production, etc infrastructure. Sabotaging these can cripple a nation, not to mention kill people (check out damage from the recent Great Northeast Blackout - note here that it is not known whether this was a cyber attack).
The military and defense contractors are targets of attacks as well as industry. Titan Rain, Moonlight Maze and Operation Aurora are some well know geopolitically motivated attacks that breached defense contractors (includingLockheed Martin, Sandia), US internet infrastructure (including Rackspace, Google), aerospace (including NASA) and military (including the DoD).
You may remember this year that Wall Street and JP Morgan was hacked, that the DoD was hacked, that several hundred defense contractors were hacked, and that the list of people with top secret clearance was hacked. You may remember this year that Israel's "Iron Dome" missile defense system schematics were hacked.
In the eyes of the military, these things constitute an attack. They give it the name warfare. It certainly isn't classical warfare. Maybe we need a new term. I do like the "cold" term.
No matter what we call it, it is serious.
As a country we are invested in it.
Really damaging for whom? 99% of the worlds population are victims (them or their countries) to the stuff described in the article, not cheering for its continuation.
It's not easy to see, but damaging others denies them the contributions they could bring, ultimately damaging themselves.
Everybody is hacking everybody. Every major country has a cyberintelligence arm. The NSA is just one actor of dozens.
While there's definitely a cyber war going on, you have to ask, why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves? Why are they instead actively weakening encryption standards? America companies have the most to lose from weak encryption. It just doesn't add up, and the American people have enough confidence to call their government out, unlike countries who have allowed themselves to become pretty enslaved by their government, like China and Russia.
In summary, the NSA should participate in the global cyber intelligence war by educating the American public, instead of weakening them.
In fact, the NSA is disseminating such knowledge. You can find guides to secure operating systems (Windows, Linux, and OS X) and commonly used applications (Chrome, Adobe Reader). To what I assume is the chagrin of the FBI, you can even find guidance on full-disk encryption.
When they can, states prefer to use public exploits, phishing emails and other leverage to break into targets - mostly because 0days are expensive.
> they use their technical abilities to suppress dissent in frightening ways
I'm just going to mention so called "Fusion Centers", which have been used to investigate and disrupt the organization of The Tea Party movement and Occupy Wall Street but spare my usual rant. No it does not compare to Russia or China.
Oh and I'm also going to link this: https://firstlook.org/theintercept/2014/07/14/manipulating-o...
And this: http://minerva.dtic.mil/
> NSA threatening domestic jobs, companies, individuals, and most of all innocents, that leads to an upset.
The NSA's view, and in fact several of the last presidential offices, is that these programs and capabilities are important for the country because they give American companies and domestic jobs a leg up.
"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances." - NSA Mission Statement
A good example is the hacking of Brazilian PETROBOL (PETROBRAS?). Or actually, here's a firstlook link: https://firstlook.org/theintercept/2014/09/05/us-governments...
> While there's definitely a cyber war going on, you have to ask, why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves?
Because it is essentially impossible to secure yourself on the internet. This isn't a fine point. It's a blanket fact.
> Why are they instead actively weakening encryption standards?
They have a concept called "NOBUS" which means that the weaknesses they introduce should only be exploitable by them. DUAL_EC_DRBG, the goto example of an NSA backdoor, is a perfect example of NOBUS.
> In summary, the NSA should participate in the global cyber intelligence war by educating the American public, instead of weakening them.
Oh I agree. Actually if you look back Clinton and first term Bush era they kept proclaiming that there was a cyber intelligence war but it never really caught on. So they made it about 'cyber terrorists'. Nobody caught on. They made it about actual terrorists. Now we listen. I do hope that investments are made in defensive capabilities rather than offensive. The Obama administration released a series of strategic documents funding longer term research into the protection of domestic computer networks, programs and technologies. But right now you can't play the game of cyber intelligence war without attacking. When it comes to hacking, the attacker always wins. Just playing defense is a losing game.
> The NSA's actions since 9/11 have been more consistent with a power grab than any authentic desire to empower & protect Americans.
This has been going on much longer than since 9/11. PREDATOR and MAINWAY are examples of programs that existed years before the 9/11 attacks.
> Oh I agree. Actually if you look back Clinton and first term Bush era they kept proclaiming that there was a cyber intelligence war but it never really caught on.
Interesting point. Now, in the 90s, wasn't the government trying to prevent encryption from being used by the public though?
> When it comes to hacking, the attacker always wins. Just playing defense is a losing game.
Still, there are a lot of defensive measures the public can take from hackers. For instance, using OTR, Tor/VPNs, and moving sites to HTTPS whenever possible.
Bruce Schneier has an interesting metaphor for this period in human evolution. He compares the information revolution to the industrial revolution. At first, people didn't realize how bad pollution could be, amongst other things like food safety. Books like "The Jungle" helped prompt people to stand up for themselves and demand better, and healthier ways of conduct. Overall, humanity evolved to handle the new technologies and their side effects. Snowden's revelations are like "The Jungle" of our time.
Oh yeah. They did before the 90s, during the 90s and are also doing it now. We won some serious ground in the 90s, allowing us to use stronger algorithms. But companies are still required to keep copies of all of your encryption keys at the ready if they want access to your data. If you haven't seen it the FOIA requested document from the CIA posted here a week or so ago has a pretty good history.
> Still, there are a lot of defensive measures the public can take from hackers. For instance, using OTR, Tor/VPNs, and moving sites to HTTPS whenever possible.
These things do help, but minimally. OTR is good if you want some privacy on your chats. Tor is good if you want a little anonymity. Some baseline level of encryption should be standard everywhere. If you look at the extensiveness of the backdoors though these don't really matter. For example take the FBI mass exploitation of Tor this year. In many instances (Apple iPhone/Microsoft Skydrive/etc with PRISM), copies of data are stored directy from a partner's product for inspection, whether it was originally encrypted during transit or no. And computer exploits that target operating systems are able to see everything on your computer that you see.
I love his analogy to Digital Feudalism the most.
Firstly, why only hacking? What is true for a cyber-attack is true for a physical attack as well. Both sides lose resources in both types of attacks.
Secondly, the reason for defending something is because something is worth defending. If it has been defended in an unsuccessful attack, that is a win.
And thirdly, the thing being defended often includes a higher-moral-ground. Resorting to attack is a definite loss for the defending party.
A couple reasons. One is that 0day vulnerabilities have no defense. There is no way to defend against certain vulnerabilities.
The second is that there are no international rules of conduct that apply to cyber warfare. After the Georgia/Russia event there was an effort to pass agreements in NATO but AFAIK nothing came of it.
The third is that that a successful attack usually means the victim remains in a compromised state for months or years (look up advanced persistent threat).
Finally, it's also usually the case that cyber attacks go completely undetected.
> the reason for defending something is because something is worth defending
Right, well the NSA does engage in defense as well. There's just less that can be done. There are hundreds of millions of devices in America with an extremely long tail of software/update state and configuration, saying nothing of networks. There's a ton to protect and even protecting small amounts is costly. This is one of the main reasons companies (and governments) are looking to the cloud - you can consolidate your threat area if you concentrate operations and run broadly the same configuration/state across many systems.
> thing being defended often includes a higher-moral-ground
But this is espionage and sabotage. It's dirty business. I don't think it's a good thing. I don't really advocate for it. I'm just here explaining the broader context of the Snowden disclosures and this article. If you missed it there was a link containing 37 other countries that have cyberwar programs (the list is not exhaustive).
-Warantless surveillance of US citizens (this is bad whether it's by law enforcement, intelligence agencies, or anyone).
-Infiltration of foreign companies in allied or neutral nations purely for economic or geopolitical insight, not for military purposes (Brazil's Petrobras oil company, all sorts of spying in Germany and Norway and other places).
Personally I'm all for the kind of operations they're conducting in Iran and China, as these countries have been doing the same to us and to others for a long time. But they've become far too greedy in their desire for information domination and power, to the point where there is clearly no line that shouldn't be crossed. To them, if anything anywhere in the world is open for exploitation or surveillance, then they feel like they have a right to use it.
Agreed very strongly.
> Infiltration of foreign companies in allied or neutral nations purely for economic or geopolitical insight, not for military purposes (Brazil's Petrobras oil company, all sorts of spying in Germany and Norway and other places).
See this is where the NSA really shines. We (The US) delayed Iran's nuclear program by THREE YEARS with Stuxnet! Three! And after they finally figured out it was sabotage the US and Israel had the director assassinated for further delays.
Having Merkle's cell phone? During the Eurozone crisis? It would have been awful (financially) for the United States not to have that information. It's fun to look back and read the confused reports during the time "European Union suffering considerably from Eurozone crisis; America sees only limited effects."
PETROBRAS? We won offshore oil drilling locations because we had that information. Energy security for the country going forward decades.
Unfortunately geopolitics are important and you can't just not participate. Hacking is (one important way) that modern espionage, surveillance and sabotage are done.
* "the US and Israel had the director assassinated"
* "we won offshore drilling"
* the blase assertion that a nuclear Iran is any worse than the existing nuclear powers (especially Israel!!!)
"Energy security" is oil company nonsense, hilarious considering their tireless efforts to block any kind of clean alternative. The OPEC crisis saved us from gas guzzlers, and now we're back to having SUV's everywhere. We could use some "energy insecurity" but with fracking we're now an exporter. Oil forever!! Climate be damned.
I disagree also with attempts to close off the discussion by saying "geopolitics are important." The US does not have to subvert governments, install dictators across the globe, prop up Saudi Arabia, blindly support Israel, be the muscle for Big Oil (and assassinate and imprison folks at home, too).
The moral hazards that have created this situation are to blame, but it doesn't help that our leaders are as a group paranoid and uncreative, all too willing to let militaristic fascists (accurate, not name-calling here) drive their decision-making.
Edward Snowden is a hero, full stop. You can't do enough damage to the NSA, these types must be resisted at all times.
Nah that's not what I think or believe.
I'm trying to explain broader context. The US is not hacking in a vacuum. It has to make strategic decisions. We can arm chair the US strategic command all we want.
There seems to be a presumption that the US is doing these things 'just because'. What I believe is that the US is making decisions based on incentives, costs, benefits and other tradeoffs. I believe that if we don't participate in cyber intelligence warfare, we'll lose.
There are certain principles I don't want to give up in the process for sure - civil liberties of all people everyone is #1.
Is the previous an ethically valid way of conducting business? Should I not expect to be scrutinized if/when I got caught doing that, because it might imperil my interests? If I do the same, not for me but for a collective (a company, a union), would that be any less unethical? If not, why would it be different if I did it for my country?
Why is it that we consider that sort of behavior pathological for individuals, criminal for organizations and "just the way things are" when talking about (advanced, inter-dependent, presumably-friendly) nations?
So it's damned if you do and damned if you don't.
I guess you can argue that many of these countries rely on allies who perform espionage and sabotage, thus benefiting from those activities despite not doing them themselves. But that still means that closely-aligned countries can survive without spying on each other. I might not have all the facts, but it seems unlikely that Germany or Brazil would be considered an existential threat to the US in the foreseeable future, so why spy on those countries? Slight economic advantages don't seem to justify the breach of ethics.
I guess I can see what you are saying and I don't think we can have a world without spying any time soon. But that doesn't mean all international spying is justified.
The cost of this sort of machiavellian policy is of course the opprobrium of former allies and friends, and a loss of moral standing.
The US loses a lot of soft power if it chooses this route, and the consequences will be felt for decades in mistrust and distance from her allies. A dangerous course both for the US and for the world.
But I will say that the NSA's perspective is that: it is only because of the Snowden leaks if we have lost face with allies. To the NSA, the secrets were kept well enough until Snowden and friends disclosed them.
This is my basic issue with this article. America and the NSA ate mud pie for the actions disclosed in the leaks. This article has the very real possibility of doing a lot more damage. One could say it is good because justice has been served, but one could also suggest that it is bad because similar disclosures of German surveillance programs (a touchy subject given the history), Chinese capabilities, Russian objectives etc haven't been disclosed by a Snowden-like actor.
Really the whole situation is bad. I don't like being at war, cyber or otherwise.
Not because of the leaks, but because of their actions. That's an important distinction.
If you take actions like this, you should be prepared for them to be exposed, and if you use the argument the NSA and you yourself have made here (it would be ok if we were evil and no-one knew about it), you should expect no one to trust you. You've just declared yourself untrustworthy and a bad ally in perpetuity, because you think this is ok as long as no-one knew about it.
Right. I agree with that. There's actually sort of a boolean AND. Because we did them AND we got caught.
My guess is that all major players are doing the same stuff and that if the US doesn't participate it loses. I doubt the US hacked Germany on a whim - I bet it was a pretty labored decision with cost-benefit analysis (one being chance of getting caught).
Of course that's their perspective, as is the perspective of anyone committing an embarrassing or morally unscrupulous act.
"The thing I regret most is getting caught."
Secrets of this nature have a tendency to leak. If it wasn't Snowden, it could've been anyone else.
I don't think all of the NSA's capabilities or actions should be leaked, but reporting of confirmed infiltrations of US and allied companies and systems is fine by my book. All's fair in love and war, but we are not at war with Germany or Brazil or, hopefully, ourselves.
In this instance it was embarrassing because it brought into question how well the US would be able to keep secret strategic information.
And yeah hacking into allies is pretty unscrupulous. A bunch of the Snowden leaks showed that Israel, France, Germany and others have hacked into us.
It's the way it all works.
> Secrets of this nature have a tendency to leak. If it wasn't Snowden, it could've been anyone else
There were many such leaks, e.g. Binney.
> reporting of confirmed infiltrations of US and allied companies and systems is fine by my book
I agree wholeheartedly with this.
Could you elaborate? As far as I know, Germany has some kind of agreement to not spy on the US.
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl... (pg 40/125)
Why the downvote here? The comment contributes to the conversation...
Could you provide direct citations or quotes of allied countries infiltrating our government or private infrastructure? Excluding Israel, because they have the same mindset as the NSA/CIA (in which case I also don't take issue with us hacking Israel).
I don't know where they draw the line.
If you didn't see it, there's a link on another branch of the conversation containing (at least) 37 other countries involved in cyberwarfare.
It's happening. I'm not excusing it. Honestly, it really sucks.
I'm honestly okay with this (except for the assassination part, though it was speculated that was Mossad and not US).
The other things though are simply to gain an unfair advantage in political and economic situations, even against countries that are supposedly our allies. Realistically, these things happen all around the world and have been forever, but ethically I don't think it's a good thing for the NSA or CIA to be doing.
Damned if you do and damned if you don't.
It is on the face of it ridiculous to say "everybody has a blue-water navy." It is equally ridiculous to say "everybody runs surveillance comparable to the NSA."
(on page 16 of the link)
There will be differences in cost and budget for each nation. The United States has 25% of the world GDP (compared to 4%) of the population. That we can afford to fund the Lamborghini of intelligence operations isn't to discount other states that have less well funded capabilities.
You'll see plenty of parallels with traditional warfare: like that countries with smaller budgets ally themselves with countries that have more capabilities.
> Let's say half of them are despotic and don't count
Let's not. Those are some awfully large numbers for one. But more fundamentally why don't the armies and intelligence capabilities of tyrannies count?
> Out of those I'd wager that more than half are have governments too under-resourced to have the ability to put their people in the kind of panopticon Americans live
The nice thing is that surveillance, if done right, is reasonably cheap. Many other countries, especially in the ones you 'don't count' have laws preventing citizen use of any reasonable encryption whatsoever.
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl... (pg 124)
I'm not okay with either, but being blind to others' "suffering" doesn't get my sympathy. In this order of events, your sympathy gets mine. In this case, you pointing the finger at others hacking innocents as a justification for hacking innocents makes me entirely unsympathetic to your "damage". See how that works?
Two wrongs don't make a right. Would be awesome if we could just have secure and private computing and communication machines for the masses.