Hacker News new | past | comments | ask | show | jobs | submit login

“The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS’s overall cryptologic mission,” the briefing document states. “Unauthorized disclosure…will cause exceptionally grave damage to U.S. national security. The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”

Maybe they could have not published this one.

I'm very much interested in the Snowden Documents and am a strong advocate for civil liberties (look at some of my other posts, and the ones under the handle 'xnull').

I also repeatedly explain, on Hacker News, and other places, that there is a global cyber intelligence war and that the Snowden Leaks showed us key insights into what was going on, how it's not 'about terrorism' and a great number of other things.

But I'm bewildered by this article. It seems really damaging, and like it doesn't really add very much to the corpus they've already published.

Any ideas?

Edit: Glenn Greenwald, Laura Poitras, Edward Snowden, etc all decide what material to publish and what material not to publish. Greenwald, by his own admission, works with US officials to redact information and to choose which stories make it out of the gate. He's also said that he isn't revealing (paraphrasing) 'the most horrendous material in the Snowden documents, for fear of the fallout'. My question should not be thought of a challenge to revealing Snowden documents as a whole. Contrary to this I think it is of the very highest service. My question is only 'why this document'?




You summarized already in your sentences ("I'm bewildered by this article. It seems really damaging, and like it doesn't really add very much to the corpus they've already published") how you feel and why you feel that way: it appears damaging because it contains the paragraphs that explicitly contain the words "it's damaging." But it's just a general introduction to the "juicy bits" without the bits themselves.

In fact you recognized this too writing: "it doesn't really add very much to the corpus they've already published." Once you attempt to identify the new information, you can recognize that 99.5% of it appeared in some other form before.

The older published documents already were marked "top secret." This markings are given to the content that is considered "damaging" by these who write the documents. You just percieved it differently because these markings were just markings for you, not the sentences spelling out "damaging."

Still, the value to the public of this very document is that it's a single document summarizing nicely the previously disclosed ones in much less words. By its nature though it doesn't contain the details published previously. (Edit: technically, it's a set of the documents but all of them together appear to me just as a big table of contents for the disclosures already published.)

Now let's discuss the new 0.5% of information, even if it's very general.


To clarify I mean that I don't believe it adds much to the corpus of information about domestic and civil rights infractions.

On the other hand it deals a pretty big blow geopolitically/internationally.

The big deal about this article is that it reveals the major tactical capabilities and efforts the NSA has invested in the intelligence war.

Edit: Right now HN is limiting the number of replies I can initiate. Will reply as I can.


> To clarify I mean that I don't believe it adds much to the corpus of information about domestic and civil rights infractions.

As a foreigner, I'm actually more interested in non-domestic stuff.


Of course, but to be honest, that was the previous expectation of the NSA. It's not that apparent that there is anything useful to gain by leaking their attempts to spy on foreign counties like every other country does.


Since when is sabotage an act of spying, or for that matter acceptable behavior in peace time?

Lets say Swedish spies was sent to the US in order to infiltrate and weaken the 911 system, the power grid, or other key infrastructures of the US. Would you shrug at that also, since after all, what should people expect from spies?

Sabotage and spying is two different activities. Sabotage is a tactic employed during war. Spying is a tactic employed during peace. Confusing the two simply states that peace is war, and war is peace, and anything goes so long its against foreigners.


>On the other hand it deals a pretty big blow geopolitically/internationally.

So? For me (Godwin's law be damned) it's like leaked documents about Nazi germany practices. If you were not a German you'd cheer, and if you were a non-Nazi German you'd also cheer.


> The big deal about this article is that it reveals the major tactical capabilities and efforts the NSA has invested in the intelligence war.

It does? What is actually new and specific I fail to see. But it's a really, really nice summary.


SENTRY EAGLE and the 13 page draft (summarized in the article) is new.

SENTRY EAGLE is the protection program outlined jointly by the NSA and the U.S. Strategic Command.

The first line reads:

"SENTRY EAGLE... compartmented program protecting the highest and most sensitive level [by] NSA/JFCC to support the U.S. government's efforts to protect America's cyberspace."

https://firstlook.org/theintercept/document/2014/10/10/natio...

The document goes on to specify the broad U.S. cyber protection strategy broken down into Sentry Hawk, Sentry Falcon, Sentry Osprey, Sentry Raven, Sentry Condor, and Sentry Owl - all of which are new.

Add on top data about infiltration into (allied) South Korea and Germany. Not a good day for the NSA.


The names are certainly new, but AFAIK the names themselves aren't classified. What's behind the names is classified, but more details about such actions were already published. We just learn more names, that is, how they call these actions internally. And we get a nice summary of the previous disclosures. Written by the authorities who otherwise denied the parts of it even as the specific documents were published. It's that everything is written together that's new. The new potential to embarrasment of the officials is in having it all in one document, which makes the denials much harder.


It's like seeing certain plays from a sport team before, and then after a game seeing their notebook with their general game strategy. Yeah everything we saw before 'fits in' to what was released today - for example we already knew from examples that the NSA works to break encryption - but now we also know that it is considered one of six key investments and that it probably has its own leadership separate from the others. This is useful because you know what programs have more overhead talking to each other/partnering. For example to speculate that corporations probably aren't helping very much with the crypto breaking effort.

(The names are most definitely classified.)


Wrong, the names aren't classified, contrary to your claim "the names are most definitely classified." Look in the document, the title "Sentry Eagle Data Sheet" is clearly marked "U" which according to Wikipedia

http://en.wikipedia.org/wiki/Classified_information_in_the_U...

Means "Unclassified."


Well what do you know. U//FOUO

Unclassified. For official use only.

Yup the names are not classified.


One line before the one where you've probably found that combination is just "(U) Sentry Eagle Data Sheet" clearly without the FOUO (which, if existed, would mean "for official use only"). The markings specify the following not the previous content. So the title I quoted as containing the name is just and only "U" unclassified.


So an addendum.

As the terms are not classified there are minimal standards regarding using the names in less secured conversation. If another country has intercepted communications or documents with some mention of SENTRY EAGLE, now that this has been released they know some of the conversation/document context.


It's what the names are for: to allow referring to the projects in unprotected environment without revealing what the projects are.


//FOUO is a classified designation.


Almost correct, FOUO is a designation used to effectively classify the unclassified information from the public (really! [1]) but he looked at the wrong line.

------

[1] "unclassified but which the government does not believe should be subject to Freedom of Information Act requests" (wikipedia)


//FOUO is a classified designation.


It's appears also to be an unclassified designation?

http://en.wikipedia.org/wiki/Classified_information_in_the_U...


Come on, it's been 13 years now of this "grave damage to national security" talk. They claim it for everything.

I'm reasonably sure every thinking person has started, in their mind, to replace any invocation of "national security" with "covering up either incompetence, negligence or breaches of law". Theres zero reasons we should be paying any attention to that label.

(I like to remind people of the case of Ibrahim vs. DHS, where the government spent all its time invoking various secrets related laws and privileges, citing national security, even having Holder sign a declaration to that purpose, and what for? To cover up the clerical error of some lowly FBI agent, who checked a wrong box.)


The "grave damage to national security" wasn't something an official said. It was a warning inside the document.

Certainly there are instances where this is the case. I can think of a few others to add to your example.

But there's no good reason to assume that all invocations of classified and politically or strategically sensitive material are excuses to cover up incompetence, negligence or breaches of law. And in fact in this case I'm not sure what it would be covering up. What's listed here is hardly incompetence nor negligence and the argument for breach of law, while slightly stronger, wouldn't pass a smell test.


Because of this. It's likely the NSA is actively subverting American companies.

"The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).”

It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept."


This article seems a bit speculative. They don't seem to know for sure that "(A/B/C)" means American companies in this case. Everything else just seems like commentary from themselves and other security experts.

As for foreign companies, it's pretty obvious that NSA and CIA have been conducting operations like these for many decades.

I'm not going to argue that the NSA has not subverted American companies before (see DUAL_EC_DRBG), but this does not provide definitive proof that they're actively infiltrating homeland companies with human spies.


It's not all that speculative - it agrees what was in prior leaks that claim that American companies are routinely infiltrated. Also remember that the authors of these articles have read huge volumes of Snowden documents have have not been publicly released and that the security experts (likely referencing Schneier here) are not just guys working in private industry. If you work in the security space you very quickly begin to interoperate with past- and current- military and government personnel. Schneier testifies as an expert witness on these things before congress and Greenwald is an ex-Constitutional lawyer. In short they have the pedigree to make these assertions.

For the record I don't agree with the parent. I think the important thing about this document is that it lays out the broad tactical tools used in US cyberintelligence strategy. It's handing off some major tactical playbook material.


It looks pretty speculative to me. Directly from this article: "The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.”", "It is not clear whether these “commercial entities” are American or foreign or both." and "The document makes no other reference to NSA agents working under cover. It is not clear whether they might be working as full-time employees at the “commercial entities,” or whether they are visiting commercial facilities under false pretenses."

The author is also picking quotes from different programs and mashing them together to come up with their speculation. Note how the commercial entities are discussed under the "Sentry Owl" program on page 7, but the "covert or under cover" quote comes from the "Sentry Osprey" section on the last page, which appears to be talking about the NSA working with the CIA. If NSA employees were working with the CIA on anything outside the US, it would make sense that they'd be undercover. Maybe they are infiltrating companies, but the source document doesn't support that assertion.

Schneier isn't name-dropped at all in the article. I find it odd that they would quote Matt Green and Chris Soghoian by name, but mix in the opinions of someone as well-known as Bruce Schneier without mentioning his name anywhere.


It's not really speculative. Remember that previous leaks showed definitively that the NSA had broken into Google and Yahoo, notwithstanding they had some partnerships/participation from them.

Bruce Schneier was given an opportunity to meet and review a large collection of documents but yes its true we don't really know.


The previous leaks did not definitely show anything like that. In fact its not clear they showed anything beyond an informational briefing on issues with intercepting Google related data.

There's a Chinese whispers effect to all this where vague assertions are repeated over and over until they become considered definite facts.


"This is a major leap forward in the NSA's ability to exploit Facebook using FISA and FAA authorities" - NSA

"...by exploiting inherent weaknesses in Facebook's security model." - GCHQ

http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl...

That's Facebook. The Yahoo and Google stuff has been very widely reported and are direct from Greenwald and the Snowden leaks. Other links (in particular the PKH link) contain other information.

http://www.washingtonpost.com/world/national-security/nsa-in...


It doesn't matter if the companies are American or not.

When will Americans realize that 96% of the global population are "foreigners", and are still considered human.


Right. But that's not new information. Prior Snowden leaks (and leaks by others) have showed conclusively that the NSA targets and infiltrates American corporations and also partners heavily with them.


Somewhat sad to see the cyber security war narrative becoming the top voted comment on hackernews.

Until the public realize that they are themselves the target of those cyber security war activities by their own government, those revelations can not be damaging enough.

Just to support the point: Today the new Snowden movie is all over the news, while practically nobody seems to care bout those revelations you claim being really damaging.


> Until the public realize that they are themselves the target of those cyber security war activities by their own government, those revelations can not be damaging enough

This is entirely true. Us plebes have been caught in the middle. And the surveillance programs are not just about cyber warfare. The NSA/DHS use them for other things as well (handing off to CIA/FBI/DEA, building profiles of people, social manipulation, etc). But this article from firstlook IS about cyber warfare.

The leaked document itself says "U.S. Strategic Command - Joint Function Component Command - Network Warfare".

> Today the new Snowden movie is all over the news, while practically nobody seems to care bout those revelations you claim being really damaging

Isn't that argumentum ad populum? The news media coverage of the Snowden revelations has been horrendous, limited and misleading through and through. In fact the Snowden movie being in the news is a great example of how the public is disconnected with what's going on. It's not a "Snowden documentary" or a "Snowden lecture" or a "Snowden document analysis". It's a short hour and change person story with a bleached narrative devoid of the content of the actual documents.


Did you read it all? It talks about the NSA infiltrating companies and backdooring encryption. It's important to publish this.


I wonder if they're subverting open source encryption software.


Most certainly 100% yes. Here's a pretty swell talk on some of the programs they use to do it.

http://mirror.as35701.net/video.fosdem.org//2014/Janson/Sund...


Fascinating.

I'm off to create a few phony shell corporations to get some free NSA money and get paid to surf the web!


Hahahha. Had the same thought.


While that is an excellent talk, it seems worth pointing out that it's speculative fiction, these things aren't necessarily happening (though it is quite plausible).


the really excellent part of this presentation is that he calls attention to the exceptionally poor nature of openssl's code months before heartbleed


What happened in the jump cut at 44m50s?


Yup.

Plenty of leaks before on infiltrating companies and backdooring encryption. Was there anything in particular?

Edit: Nothing in particular then I guess... :(


> global cyber intelligence war

I'm really starting to take an issue with declaring all this stuff as "cyber war" or "cyber warfare" (here and everywhere else in this thread). It's not a war if there is no intend of actually killing people. Even something as intense as the "cold war", had the qualifier cold in it, because there was no open confrontation. And what is now summarized as cyber (intelligence) warfare is orders of magnitude less deadly (though not necessarily less damaging to our civil rights). It's not a war if I steal your trade secrets and undermine your negotiation positions in international treaties.

If you frame it as a "war" you get a whole different solution space. Instead of strengthening the IT security of domestic companies that build your core infrastructure you end up with "offense is the best defense" strategies and undermine the IT security of everyone. If you stop using war rhetoric this kind of statement:

> If you didn't see it, there's a link on another branch of the conversation containing (at least) 37 other countries involved in cyber [espionage].

becomes far less of an existential threat.


> I'm really starting to take an issue with declaring all this stuff as "cyber war" or "cyber warfare" (here and everywhere else in this thread). It's not a war if there is no intend of actually killing people.

Countries are owning each others' communications, power, transportation, energy, food production, etc infrastructure. Sabotaging these can cripple a nation, not to mention kill people (check out damage from the recent Great Northeast Blackout - note here that it is not known whether this was a cyber attack).

The military and defense contractors are targets of attacks as well as industry. Titan Rain, Moonlight Maze and Operation Aurora are some well know geopolitically motivated attacks that breached defense contractors (includingLockheed Martin, Sandia), US internet infrastructure (including Rackspace, Google), aerospace (including NASA) and military (including the DoD).

You may remember this year that Wall Street and JP Morgan was hacked, that the DoD was hacked, that several hundred defense contractors were hacked, and that the list of people with top secret clearance was hacked. You may remember this year that Israel's "Iron Dome" missile defense system schematics were hacked.

In the eyes of the military, these things constitute an attack. They give it the name warfare. It certainly isn't classical warfare. Maybe we need a new term. I do like the "cold" term.

No matter what we call it, it is serious.

As a country we are invested in it.

http://www.washingtonpost.com/wp-srv/special/national/black-...


>But I'm bewildered by this article. It seems really damaging, and like it doesn't really add very much to the corpus they've already published.

Really damaging for whom? 99% of the worlds population are victims (them or their countries) to the stuff described in the article, not cheering for its continuation.


It is really damaging, but that's from a perspective that, as a superpower, they were benefiting from control and domination. The same perspective implies that the target was being damaged by these actions. Targets that are not always adversaries. Targets that could contribute if not being controlled, dominated, and damaged.

It's not easy to see, but damaging others denies them the contributions they could bring, ultimately damaging themselves.


Are you saying it's retribution for participating in the global cyber intelligence war?

Everybody is hacking everybody. Every major country has a cyberintelligence arm. The NSA is just one actor of dozens.


Right, and I hope nobody thinks Russia or China are saints, because they use their technical abilities to suppress dissent in frightening ways.

While there's definitely a cyber war going on, you have to ask, why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves? Why are they instead actively weakening encryption standards? America companies have the most to lose from weak encryption. It just doesn't add up, and the American people have enough confidence to call their government out, unlike countries who have allowed themselves to become pretty enslaved by their government, like China and Russia.

In summary, the NSA should participate in the global cyber intelligence war by educating the American public, instead of weakening them.


> why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves?

In fact, the NSA is disseminating such knowledge. You can find guides to secure operating systems (Windows, Linux, and OS X) and commonly used applications (Chrome, Adobe Reader). To what I assume is the chagrin of the FBI, you can even find guidance on full-disk encryption.

https://www.nsa.gov/ia/mitigation_guidance/index.shtml


[deleted]


There's a huge market with governments for selling 0day vulnerabilities.

When they can, states prefer to use public exploits, phishing emails and other leverage to break into targets - mostly because 0days are expensive.


>While there's definitely a cyber war going on, you have to ask, why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves?

https://www.nsa.gov/research/selinux/


Oh nobody thinks they are saints. I hope not.

> they use their technical abilities to suppress dissent in frightening ways

I'm just going to mention so called "Fusion Centers", which have been used to investigate and disrupt the organization of The Tea Party movement and Occupy Wall Street but spare my usual rant. No it does not compare to Russia or China.

Oh and I'm also going to link this: https://firstlook.org/theintercept/2014/07/14/manipulating-o...

And this: http://minerva.dtic.mil/

> NSA threatening domestic jobs, companies, individuals, and most of all innocents, that leads to an upset.

The NSA's view, and in fact several of the last presidential offices, is that these programs and capabilities are important for the country because they give American companies and domestic jobs a leg up.

"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances." - NSA Mission Statement

A good example is the hacking of Brazilian PETROBOL (PETROBRAS?). Or actually, here's a firstlook link: https://firstlook.org/theintercept/2014/09/05/us-governments...

> While there's definitely a cyber war going on, you have to ask, why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves?

Because it is essentially impossible to secure yourself on the internet. This isn't a fine point. It's a blanket fact.

> Why are they instead actively weakening encryption standards?

They have a concept called "NOBUS" which means that the weaknesses they introduce should only be exploitable by them. DUAL_EC_DRBG, the goto example of an NSA backdoor, is a perfect example of NOBUS.

> In summary, the NSA should participate in the global cyber intelligence war by educating the American public, instead of weakening them.

Oh I agree. Actually if you look back Clinton and first term Bush era they kept proclaiming that there was a cyber intelligence war but it never really caught on. So they made it about 'cyber terrorists'. Nobody caught on. They made it about actual terrorists. Now we listen. I do hope that investments are made in defensive capabilities rather than offensive. The Obama administration released a series of strategic documents funding longer term research into the protection of domestic computer networks, programs and technologies. But right now you can't play the game of cyber intelligence war without attacking. When it comes to hacking, the attacker always wins. Just playing defense is a losing game.

> The NSA's actions since 9/11 have been more consistent with a power grab than any authentic desire to empower & protect Americans.

This has been going on much longer than since 9/11. PREDATOR and MAINWAY are examples of programs that existed years before the 9/11 attacks.


Thanks for the response. Sorry for editing mine while you were writing yours.

> Oh I agree. Actually if you look back Clinton and first term Bush era they kept proclaiming that there was a cyber intelligence war but it never really caught on.

Interesting point. Now, in the 90s, wasn't the government trying to prevent encryption from being used by the public though?

> When it comes to hacking, the attacker always wins. Just playing defense is a losing game.

Still, there are a lot of defensive measures the public can take from hackers. For instance, using OTR, Tor/VPNs, and moving sites to HTTPS whenever possible.

Bruce Schneier has an interesting metaphor for this period in human evolution. He compares the information revolution to the industrial revolution. At first, people didn't realize how bad pollution could be, amongst other things like food safety. Books like "The Jungle" helped prompt people to stand up for themselves and demand better, and healthier ways of conduct. Overall, humanity evolved to handle the new technologies and their side effects. Snowden's revelations are like "The Jungle" of our time.


> Now, in the 90s, wasn't the government trying to prevent encryption from being used by the public though?

Oh yeah. They did before the 90s, during the 90s and are also doing it now. We won some serious ground in the 90s, allowing us to use stronger algorithms. But companies are still required to keep copies of all of your encryption keys at the ready if they want access to your data. If you haven't seen it the FOIA requested document from the CIA posted here a week or so ago has a pretty good history.

http://www.foia.cia.gov/sites/default/files/DOC_0006231614.p...

> Still, there are a lot of defensive measures the public can take from hackers. For instance, using OTR, Tor/VPNs, and moving sites to HTTPS whenever possible.

These things do help, but minimally. OTR is good if you want some privacy on your chats. Tor is good if you want a little anonymity. Some baseline level of encryption should be standard everywhere. If you look at the extensiveness of the backdoors though these don't really matter. For example take the FBI mass exploitation of Tor this year. In many instances (Apple iPhone/Microsoft Skydrive/etc with PRISM), copies of data are stored directy from a partner's product for inspection, whether it was originally encrypted during transit or no. And computer exploits that target operating systems are able to see everything on your computer that you see.

Re: Schneier:

I love his analogy to Digital Feudalism the most.


Will check that out, thanks


> When it comes to hacking, the attacker always wins. Just playing defense is a losing game.

Firstly, why only hacking? What is true for a cyber-attack is true for a physical attack as well. Both sides lose resources in both types of attacks.

Secondly, the reason for defending something is because something is worth defending. If it has been defended in an unsuccessful attack, that is a win.

And thirdly, the thing being defended often includes a higher-moral-ground. Resorting to attack is a definite loss for the defending party.


> why only hacking? What is true for a cyber-attack is true for a physical attack as well.

A couple reasons. One is that 0day vulnerabilities have no defense. There is no way to defend against certain vulnerabilities.

The second is that there are no international rules of conduct that apply to cyber warfare. After the Georgia/Russia event there was an effort to pass agreements in NATO but AFAIK nothing came of it.

The third is that that a successful attack usually means the victim remains in a compromised state for months or years (look up advanced persistent threat).

Finally, it's also usually the case that cyber attacks go completely undetected.

> the reason for defending something is because something is worth defending

Right, well the NSA does engage in defense as well. There's just less that can be done. There are hundreds of millions of devices in America with an extremely long tail of software/update state and configuration, saying nothing of networks. There's a ton to protect and even protecting small amounts is costly. This is one of the main reasons companies (and governments) are looking to the cloud - you can consolidate your threat area if you concentrate operations and run broadly the same configuration/state across many systems.

> thing being defended often includes a higher-moral-ground

But this is espionage and sabotage. It's dirty business. I don't think it's a good thing. I don't really advocate for it. I'm just here explaining the broader context of the Snowden disclosures and this article. If you missed it there was a link containing 37 other countries that have cyberwar programs (the list is not exhaustive).


I actually condone a lot of the NSA's activities, but I take serious issue with:

-Warantless surveillance of US citizens (this is bad whether it's by law enforcement, intelligence agencies, or anyone).

-Infiltration of foreign companies in allied or neutral nations purely for economic or geopolitical insight, not for military purposes (Brazil's Petrobras oil company, all sorts of spying in Germany and Norway and other places).

Personally I'm all for the kind of operations they're conducting in Iran and China, as these countries have been doing the same to us and to others for a long time. But they've become far too greedy in their desire for information domination and power, to the point where there is clearly no line that shouldn't be crossed. To them, if anything anywhere in the world is open for exploitation or surveillance, then they feel like they have a right to use it.


> Warantless surveillance of US citizens (this is bad whether it's by law enforcement, intelligence agencies, or anyone).

Agreed very strongly.

> Infiltration of foreign companies in allied or neutral nations purely for economic or geopolitical insight, not for military purposes (Brazil's Petrobras oil company, all sorts of spying in Germany and Norway and other places).

See this is where the NSA really shines. We (The US) delayed Iran's nuclear program by THREE YEARS with Stuxnet! Three! And after they finally figured out it was sabotage the US and Israel had the director assassinated for further delays.

Having Merkle's cell phone? During the Eurozone crisis? It would have been awful (financially) for the United States not to have that information. It's fun to look back and read the confused reports during the time "European Union suffering considerably from Eurozone crisis; America sees only limited effects."

PETROBRAS? We won offshore oil drilling locations because we had that information. Energy security for the country going forward decades.

Unfortunately geopolitics are important and you can't just not participate. Hacking is (one important way) that modern espionage, surveillance and sabotage are done.


It seems you've decided that US hegemony is a "good thing" regardless of the moral implications for ourselves and the world. However, some find actions like the following to be dangerous, immoral, unnecessary:

* "the US and Israel had the director assassinated"

* "we won offshore drilling"

* the blase assertion that a nuclear Iran is any worse than the existing nuclear powers (especially Israel!!!)

"Energy security" is oil company nonsense, hilarious considering their tireless efforts to block any kind of clean alternative. The OPEC crisis saved us from gas guzzlers, and now we're back to having SUV's everywhere. We could use some "energy insecurity" but with fracking we're now an exporter. Oil forever!! Climate be damned.

I disagree also with attempts to close off the discussion by saying "geopolitics are important." The US does not have to subvert governments, install dictators across the globe, prop up Saudi Arabia, blindly support Israel, be the muscle for Big Oil (and assassinate and imprison folks at home, too).

The moral hazards that have created this situation are to blame, but it doesn't help that our leaders are as a group paranoid and uncreative, all too willing to let militaristic fascists (accurate, not name-calling here) drive their decision-making.

Edward Snowden is a hero, full stop. You can't do enough damage to the NSA, these types must be resisted at all times.


> It seems you've decided

Nah that's not what I think or believe.

I'm trying to explain broader context. The US is not hacking in a vacuum. It has to make strategic decisions. We can arm chair the US strategic command all we want.

There seems to be a presumption that the US is doing these things 'just because'. What I believe is that the US is making decisions based on incentives, costs, benefits and other tradeoffs. I believe that if we don't participate in cyber intelligence warfare, we'll lose.

There are certain principles I don't want to give up in the process for sure - civil liberties of all people everyone is #1.


Presumably, I could better my negotiation position on pretty much any deal by spying or sabotaging the other party. Say I am negotiating a salary offer from a company, having access to the CEO email and that of other key decision makers (even just the prospective team and the HR reps) would presumably give me information I can use to secure a higher comp package, no? Without disrupting their operations in general, if I don't make a mistake in the process.

Is the previous an ethically valid way of conducting business? Should I not expect to be scrutinized if/when I got caught doing that, because it might imperil my interests? If I do the same, not for me but for a collective (a company, a union), would that be any less unethical? If not, why would it be different if I did it for my country?

Why is it that we consider that sort of behavior pathological for individuals, criminal for organizations and "just the way things are" when talking about (advanced, inter-dependent, presumably-friendly) nations?


These are all really good questions and I don't have answers other than to say there's a 'prisoner's dilemma'/'tragedy at the commons'/'cold war' situation. If you do no espionage and no sabotage, even though it is a higher moral ground, you don't exist for very long as a country.

So it's damned if you do and damned if you don't.


Except I suspect many countries actually do without effective espionage or sabotage, if only because they lack the capability.

I guess you can argue that many of these countries rely on allies who perform espionage and sabotage, thus benefiting from those activities despite not doing them themselves. But that still means that closely-aligned countries can survive without spying on each other. I might not have all the facts, but it seems unlikely that Germany or Brazil would be considered an existential threat to the US in the foreseeable future, so why spy on those countries? Slight economic advantages don't seem to justify the breach of ethics.

I guess I can see what you are saying and I don't think we can have a world without spying any time soon. But that doesn't mean all international spying is justified.


Having Merkle's cell phone? During the Eurozone crisis? It would have been awful (financially) for the United States not to have that information.

The cost of this sort of machiavellian policy is of course the opprobrium of former allies and friends, and a loss of moral standing.

The US loses a lot of soft power if it chooses this route, and the consequences will be felt for decades in mistrust and distance from her allies. A dangerous course both for the US and for the world.


I fluxuate with how I feel about it (it = 'machiavellian policy'). I'm not going to defend US policy in this case, nor claim to understand all of the nuances required to make global strategic geopolitical decisions.

But I will say that the NSA's perspective is that: it is only because of the Snowden leaks if we have lost face with allies. To the NSA, the secrets were kept well enough until Snowden and friends disclosed them.

This is my basic issue with this article. America and the NSA ate mud pie for the actions disclosed in the leaks. This article has the very real possibility of doing a lot more damage. One could say it is good because justice has been served, but one could also suggest that it is bad because similar disclosures of German surveillance programs (a touchy subject given the history), Chinese capabilities, Russian objectives etc haven't been disclosed by a Snowden-like actor.

Really the whole situation is bad. I don't like being at war, cyber or otherwise.


This is my basic issue with this article. America and the NSA ate mud pie for the actions disclosed in the leaks. This article has the very real possibility of doing a lot more damage.

Not because of the leaks, but because of their actions. That's an important distinction.

If you take actions like this, you should be prepared for them to be exposed, and if you use the argument the NSA and you yourself have made here (it would be ok if we were evil and no-one knew about it), you should expect no one to trust you. You've just declared yourself untrustworthy and a bad ally in perpetuity, because you think this is ok as long as no-one knew about it.


> Not because of the leaks, but because of their actions. That's an important distinction.

Right. I agree with that. There's actually sort of a boolean AND. Because we did them AND we got caught.

My guess is that all major players are doing the same stuff and that if the US doesn't participate it loses. I doubt the US hacked Germany on a whim - I bet it was a pretty labored decision with cost-benefit analysis (one being chance of getting caught).


>But I will say that the NSA's perspective is that: it is only because of the Snowden leaks if we have lost face with allies. To the NSA, the secrets were kept well enough until Snowden and friends disclosed them.

Of course that's their perspective, as is the perspective of anyone committing an embarrassing or morally unscrupulous act.

"The thing I regret most is getting caught."

Secrets of this nature have a tendency to leak. If it wasn't Snowden, it could've been anyone else.

I don't think all of the NSA's capabilities or actions should be leaked, but reporting of confirmed infiltrations of US and allied companies and systems is fine by my book. All's fair in love and war, but we are not at war with Germany or Brazil or, hopefully, ourselves.


> the perspective of anyone committing an embarrassing or morally unscrupulous act

In this instance it was embarrassing because it brought into question how well the US would be able to keep secret strategic information.

And yeah hacking into allies is pretty unscrupulous. A bunch of the Snowden leaks showed that Israel, France, Germany and others have hacked into us.

It's the way it all works.

> Secrets of this nature have a tendency to leak. If it wasn't Snowden, it could've been anyone else

There were many such leaks, e.g. Binney.

> reporting of confirmed infiltrations of US and allied companies and systems is fine by my book

I agree wholeheartedly with this.


> ... Germany and others have hacked into us.

Could you elaborate? As far as I know, Germany has some kind of agreement to not spy on the US.


Found the reference to Israel/France, looking for Germany references.

http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl... (pg 40/125)

Why the downvote here? The comment contributes to the conversation...


This PDF does not appear to have searchable text.

Could you provide direct citations or quotes of allied countries infiltrating our government or private infrastructure? Excluding Israel, because they have the same mindset as the NSA/CIA (in which case I also don't take issue with us hacking Israel).


If your excuse for doing plainly immoral things is 'geopolitics is important', where do you draw the line? Your excuse can be used to justify pretty much any form of self-serving barbarity. How about if we just don't do evil shit and deal with the lack of an ill-gotten advantage? Works well enough in everyday life (assuming you aren't a mafioso). Why hold people who work for government agencies to such a pitifully lower standard of decency?


It's not my excuse. It's the NSA's (really the US Gov's) excuse.

I don't know where they draw the line.

If you didn't see it, there's a link on another branch of the conversation containing (at least) 37 other countries involved in cyberwarfare.

It's happening. I'm not excusing it. Honestly, it really sucks.


>See this is where the NSA really shines. We (The US) delayed Iran's nuclear program by THREE YEARS with Stuxnet! Three! And after they finally figured out it was sabotage the US and Israel had the director assassinated for further delays.

I'm honestly okay with this (except for the assassination part, though it was speculated that was Mossad and not US).

The other things though are simply to gain an unfair advantage in political and economic situations, even against countries that are supposedly our allies. Realistically, these things happen all around the world and have been forever, but ethically I don't think it's a good thing for the NSA or CIA to be doing.


It's one of those catch 22's.

Damned if you do and damned if you don't.


No, "everybody" doesn't do it.

It is on the face of it ridiculous to say "everybody has a blue-water navy." It is equally ridiculous to say "everybody runs surveillance comparable to the NSA."


Page 123 of the documents released in Glenn Greenwald's "No Place To Hide" lists at least 37 countries (that the United States has cyber partnerships with).

http://cryptome.org/2014/05/npth-docs-compare.pdf

(on page 16 of the link)


Of those 37 countries, only a minor fraction have the budget to operate the way NSA does. That leaves approximately 160 other sovereign entities. Let's say half of them are despotic and don't count. That leaves 80. Out of those I'd wager that more than half are have governments too under-resourced to have the ability to put their people in the kind of panopticon Americans live in. In other words there may be hundreds of milllions of people who are more free than Americans. Who are not fearful Hobbeseans suckling at NSA'a teat. Somehow, those people have not yet succumbed to "terrorism" of whatever the scare du jour is.


>Of those 37 countries, only a minor fraction have the budget to operate the way NSA does.

There will be differences in cost and budget for each nation. The United States has 25% of the world GDP (compared to 4%) of the population. That we can afford to fund the Lamborghini of intelligence operations isn't to discount other states that have less well funded capabilities.

You'll see plenty of parallels with traditional warfare: like that countries with smaller budgets ally themselves with countries that have more capabilities.

> Let's say half of them are despotic and don't count

Let's not. Those are some awfully large numbers for one. But more fundamentally why don't the armies and intelligence capabilities of tyrannies count?

> Out of those I'd wager that more than half are have governments too under-resourced to have the ability to put their people in the kind of panopticon Americans live

The nice thing is that surveillance, if done right, is reasonably cheap. Many other countries, especially in the ones you 'don't count' have laws preventing citizen use of any reasonable encryption whatsoever.


Addendum: we help fund partners programs.

http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl... (pg 124)


I'm not saying it's retribution, I'm saying it's shortsighted to consider it damaging to themselves and be okay with the damage that was detailed in the leaks.

I'm not okay with either, but being blind to others' "suffering" doesn't get my sympathy. In this order of events, your sympathy gets mine. In this case, you pointing the finger at others hacking innocents as a justification for hacking innocents makes me entirely unsympathetic to your "damage". See how that works?


Oh yeah, I get that. And I agree - I really do wish we could all 'just get along'.

Two wrongs don't make a right. Would be awesome if we could just have secure and private computing and communication machines for the masses.


There is nothing damaging in these latest documents. The documents reference programs that if revealed (which they were not) would be extremely harmful to national security.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: